Page 1 of 3 123 LastLast
Results 1 to 10 of 25

Thread: Windows Firewall Bypass and Virtumonde infection

  1. #1
    Junior Member
    Join Date
    Apr 2009
    Posts
    12

    Default Windows Firewall Bypass and Virtumonde infection

    Hello,

    Recently when running the Spybot scan, it finds a security error entitled "Microsoft.WindowsSecurityCenter.FirewallBypass" as well as several entries of the Virtumonde and Virtumonde.prx trojan. I have tried to fix problems several times, and although it apparently removes the problem, they keep coming back. In addition, when Windows starts up and the desktop appears, usually a message appears saying "Rundll error: c:\windows\system32\lupuwufe.dll (or some other random .dll) . the system module could not be found" this seems to have a connection with Virtumonde. Even when remove my internet connection and before the scan and restart afterward, it still reappears. Also, the security breach is also a problem, as when I check my security center, Windows Automatic Update is turned off, and no matter how many times i turn it back on, it soon goes back to "Off." I have already checked the box to alert me when a change happens to the Automatic Updates, but it is to no avail. I cannot get to Windows Update through online means either. I have run ERUNT after "removing" the problems with spybot and restarting. The following is my HJT log.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 1:12:48 PM, on 4/7/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16791)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Memeo\AutoBackup\MemeoService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\Program Files\GameSpot\DownloadManager_Win32.exe
    C:\Program Files\Sony\Giga Pocket\shwserv.exe
    C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
    C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe
    C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
    C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\Program Files\Linksys\WUSB300N\WLService.exe
    C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe
    C:\Program Files\Linksys\WUSB300N\WUSB300N.exe
    C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WUSB54GSC.exe
    C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
    C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
    C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
    C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
    C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
    C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Sony\Giga Pocket\RM_SV.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\System32\ezSP_Px.exe
    C:\program files\support.com\client\bin\tgcmd.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    C:\WINDOWS\system32\hphmon05.exe
    C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe
    C:\Program Files\Linksys Wireless-G Print Server\PSDiagnosticM.exe
    C:\Program Files\Lexmark X5100 Series\lxbabmon.exe
    C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe
    C:\Program Files\NSLU2 Flash Map Utility\StorageLink.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe
    C:\Program Files\QuickTime\QTTask.exe
    D:\Program Files\iTunes\iTunesHelper.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    C:\Program Files\Plaxo\2.12.1.1\PlaxoHelper.exe
    C:\Program Files\Backup4all\Backup4all.exe
    C:\Program Files\Google\Google Talk\googletalk.exe
    C:\Program Files\Backup4all\Backup4all.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    C:\WINDOWS\System32\HPZipm12.exe
    C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
    C:\Documents and Settings\henry yeghyayan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    C:\Program Files\Sony Handheld\HOTSYNC.EXE
    C:\Program Files\PIXELA\ImageMixer 3 SE\CameraMonitor.exe
    C:\Program Files\sony\usbsircs\usbsircs.exe
    C:\Program Files\Sony\Giga Pocket\ReserveModule.exe
    C:\Program Files\GameSpot\GDM_TrayApp.exe
    C:\Program Files\Sony\Giga Pocket\gps.exe
    C:\Program Files\Memeo\AutoBackup\MemeoBackup.exe
    C:\WINDOWS\system32\mspaint.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.google.com/"); (C:\Documents and Settings\HENRY YEGHYAYAN\Application Data\Mozilla\Profiles\default\c7mknx6f.slt\prefs.js)
    N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\HENRY YEGHYAYAN\Application Data\Mozilla\Profiles\default\c7mknx6f.slt\prefs.js)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll (file missing)
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
    O2 - BHO: (no name) - {EF89D4A9-905E-433E-A98B-EC020F2131C3} - C:\WINDOWS\Web\sisafx.dll (file missing)
    O2 - BHO: (no name) - {fc3c2db0-9767-4d0e-9bff-77e5b39e8274} - C:\WINDOWS\system32\nizedage.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (file missing)
    O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
    O4 - HKLM\..\Run: [ZTgServerSwitch] "c:\program files\support.com\client\bin\tgcmd.exe" /server
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
    O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
    O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"
    O4 - HKLM\..\Run: [PSDiagnosticM] "C:\Program Files\Linksys Wireless-G Print Server\PSDiagnosticM.exe"
    O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe"
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
    O4 - HKLM\..\Run: [NSLU2 Flash Map Utility] C:\Program Files\NSLU2 Flash Map Utility\StorageLink.exe
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [StxTrayMenu] "C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [hokajofini] Rundll32.exe "C:\WINDOWS\system32\pasaburi.dll",s
    O4 - HKLM\..\Run: [CPM4798d2e4] Rundll32.exe "c:\windows\system32\lupuwufe.dll",a
    O4 - HKLM\..\Run: [44abe178] rundll32.exe "C:\WINDOWS\system32\wodapahi.dll",b
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.12.1.1\PlaxoHelper.exe -a
    O4 - HKCU\..\Run: [Backup4all] C:\Program Files\Backup4all\Backup4all.exe /s
    O4 - HKCU\..\Run: [Backup4all OTB Agent] C:\Program Files\Backup4all\B4AOTB.exe
    O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
    O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
    O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    O4 - HKCU\..\Run: [igndlm.exe] D:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\henry yeghyayan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - HKUS\S-1-5-19\..\Run: [hokajofini] Rundll32.exe "C:\WINDOWS\system32\pasaburi.dll",s (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [hokajofini] Rundll32.exe "C:\WINDOWS\system32\pasaburi.dll",s (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [PlayNC Launcher] (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [PlayNC Launcher] (User 'Default user')
    O4 - S-1-5-18 Startup: AutoBackup Launcher.lnk = C:\Program Files\Memeo\AutoBackup\MemeoLauncher.exe (User 'SYSTEM')
    O4 - S-1-5-18 Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE (User 'SYSTEM')
    O4 - S-1-5-18 Startup: GameSpot Download Manager.lnk = C:\Program Files\GameSpot\GDM_TrayApp.exe (User 'SYSTEM')
    O4 - S-1-5-18 Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'SYSTEM')
    O4 - .DEFAULT Startup: AutoBackup Launcher.lnk = C:\Program Files\Memeo\AutoBackup\MemeoLauncher.exe (User 'Default user')
    O4 - .DEFAULT Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE (User 'Default user')
    O4 - .DEFAULT Startup: GameSpot Download Manager.lnk = C:\Program Files\GameSpot\GDM_TrayApp.exe (User 'Default user')
    O4 - .DEFAULT Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Default user')
    O4 - Startup: AutoBackup Launcher.lnk = C:\Program Files\Memeo\AutoBackup\MemeoLauncher.exe
    O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
    O4 - Startup: GameSpot Download Manager.lnk = C:\Program Files\GameSpot\GDM_TrayApp.exe
    O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE
    O4 - Global Startup: ImageMixer 3 SE Camera Monitor.lnk = ?
    O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
    O4 - Global Startup: Remocon Driver.lnk = ?
    O4 - Global Startup: Timer Recording Manager.lnk = C:\Program Files\Sony\Giga Pocket\ReserveModule.exe
    O4 - Global Startup: VPN Dialer (OnStartup).lnk = ?
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Convert for CLIÉ - C:\Program Files\Sony\Image Converter\menu.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
    O15 - Trusted Zone: http://locator.cdn.imageservr.com
    O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
    O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - https://www.plaxo.com/down/latest/PlaxoInstall.cab
    O16 - DPF: {22D82B43-FF26-455A-A96D-A6C61F056ED7} (Gif89 xLite Class) - http://64.213.196.143/xplugxLiteTW.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/ca..._2.3.6.108.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/content.info...TunesSetup.exe
    O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/...lMgr_v01_5.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1164941180765
    O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pu...sh/swflash.cab
    O16 - DPF: {E39EFE5A-58CC-4C5D-8966-D9BD2FA27F41} (WebForm Launch Server) - http://files.stf.com/Downloads/WebFormServer_v1.cab
    O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download...basetup145.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O20 - AppInit_DLLs: c:\windows\system32\yopameyi.dll c:\windows\system32\lupuwufe.dll,C:\WINDOWS\system32\jizejaho.dll
    O20 - Winlogon Notify: sisafx - C:\WINDOWS\Web\sisafx.dll (file missing)
    O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\lupuwufe.dll (file missing)
    O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\lupuwufe.dll (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AutoBackup (BMUService) - Memeo - C:\Program Files\Memeo\AutoBackup\MemeoService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    O23 - Service: DNADownloader - CNET Networks - C:\Program Files\GameSpot\DownloadManager_Win32.exe
    O23 - Service: Giga Pocket Hardware Detector - Sony Corporation - C:\Program Files\Sony\Giga Pocket\shwserv.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
    O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
    O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
    O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
    O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
    O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
    O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\Giga Pocket\halsv.exe
    O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\Giga Pocket\RM_SV.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
    O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe
    O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
    O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
    O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
    O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
    O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
    O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
    O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
    O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
    O23 - Service: WUSB300NSvc - Unknown owner - C:\Program Files\Linksys\WUSB300N\WLService.exe
    O23 - Service: WUSB54GSCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe

    --
    End of file - 23505 bytes

  2. #2
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    Hi eternalb

    To access the Uninstall Manager you would do the following:

    1. Start HijackThis
    2. Click on the Config button
    3. Click on the Misc Tools button
    4. Click on the Open Uninstall Manager button.

    You will now be presented with a screen similar to the one below:



    5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply.
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

  3. #3
    Junior Member
    Join Date
    Apr 2009
    Posts
    12

    Default

    Thanks for replying. Here is the list. Just to let you know, I installed Spywareblaster since the last post. Also, for some reason, I cannot get to the Malware Removal Forum using Firefox or Chrome anymore... I had to use Opera. Strange

    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    Abacast Client
    Adobe Download Manager 2.0 (Remove Only)
    Adobe Flash Player 10 Plugin
    Adobe Flash Player ActiveX
    Adobe Photoshop Album 2.0 Starter Edition
    Adobe Reader 6.0.1
    AGEIA PhysX v7.09.13
    Agere Systems AC'97 Modem
    AnswerWorks 4.0 Runtime - English
    AnswerWorks 5.0 English Runtime
    Apple Mobile Device Support
    Apple Software Update
    ATI Catalyst Control Center
    ATI Display Driver
    avast! Antivirus
    Backup4all OTB Edition 2.3.1 OEM
    BASIC Stamp Editor v2.2
    BlackBerry Desktop Software 4.3
    BlackBerry Desktop Software 4.3
    Bonjour
    Cisco Systems VPN Client 3.6.3 (C)
    City of Heroes (remove only)
    Click to DVD 1.3
    Compact Wireless-G USB Network Adapter with SpeedBooster
    Data Export
    Drag'n Drop CD+DVD
    DVgate Plus
    ERUNT 1.1j
    FaxTools
    FreeAgent Pro Tools
    FTDI USB Serial Converter Drivers
    Game Maker 7.0
    GameSpot Download Manager
    Giga Pocket 5.5
    Giga Pocket Demo Movie
    Giga Pocket Hardware Library 5.5
    Go Introduction 2000
    Google Earth
    Google Talk (remove only)
    Google Toolbar for Internet Explorer
    Google Video Player
    GTK+ Runtime 2.12.8 rev a (remove only)
    HijackThis 2.0.2
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB961118)
    HP Software Update
    HydraVision
    IGN Download Manager 2.2.2
    Image Converter 1.1
    ImageMixer 3 SE
    ImageMixer for Sony
    Intel(R) Extreme Graphics Driver
    Intel(R) PRO Network Adapters and Drivers
    Interactive Forms 2004
    InterVideo WinDVD 5 for VAIO
    ItsDeductible Express
    iTunes
    Java 2 Runtime Environment, SE v1.4.2_01
    Lexmark X5100 Series
    Linksys Bi-Admin
    Linksys Wireless-G Print Server
    Linksys Wireless-N USB Network Adapter WUSB300N
    Memory Stick Formatter
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Hotfix (KB928366)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 3.5 SP1
    Microsoft ActiveSync 3.5
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office FrontPage 2003
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Web Publishing Wizard 1.52
    Microsoft Works 7.0
    MicroStaff WINASPI
    Mobile Connection Wizard
    MovieShaker 3.1 for MICROMV
    Mozilla Firefox (3.0.8)
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 6 Service Pack 2 (KB954459)
    Music Visualizer Library 1.4.00
    Narbacular Drop version 1.4
    Netscape (7.02)
    Nikon Scan
    NSLU2 Flash Map Utility
    NVIDIA Windows 2000/XP Display Drivers
    Oblivion
    Oblivion - The Fighter's Stronghold
    OpenMG Secure Module 3.3.01
    Opera 9.52
    Palm Desktop
    Peggle Deluxe 1.0
    PhotoImpact Pro
    Photosmart 140,240,7200,7600,7700,7900 Series
    Pidgin
    Plaxo Toolbar for Outlook and Outlook Express
    PlayNC Launcher
    Print Server Driver
    Project64 1.6
    Python 2.5.1
    Quicken 2004
    QuickTime
    RealOne Player
    RealProducer Basic 8.5
    Roxio Easy Media Creator 8 Suite
    Roxio Media Manager
    Security Update for 2007 Microsoft Office System (KB951550)
    Security Update for 2007 Microsoft Office System (KB951944)
    Security Update for 2007 Microsoft Office System (KB958439)
    Security Update for CAPICOM (KB931906)
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft Office Excel 2007 (KB958437)
    Security Update for Microsoft Office OneNote 2007 (KB950130)
    Security Update for Microsoft Office PowerPoint 2007 (KB951338)
    Security Update for Microsoft Office Publisher 2007 (KB950114)
    Security Update for Microsoft Office system 2007 (KB954326)
    Security Update for Microsoft Office system 2007 (KB956828)
    Security Update for Microsoft Office Word 2007 (KB956358)
    Security Update for Step By Step Interactive Training (KB898458)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Visio 2007 (KB947590)
    Security Update for Windows Internet Explorer 7 (KB928090)
    Security Update for Windows Internet Explorer 7 (KB931768)
    Security Update for Windows Internet Explorer 7 (KB933566)
    Security Update for Windows Internet Explorer 7 (KB937143)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB939653)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 10 (KB936782)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    SonicStage 1.6.00
    Sony Certificate PCH
    Sony USB Driver
    Sony Video Shared Library
    Spybot - Search & Destroy
    Spybot - Search & Destroy 1.4
    SpywareBlaster 4.1
    Starcraft
    System Requirements Lab
    TheSpringBox
    TMPGEnc 4.0 XPress
    TurboTax 2005
    TurboTax 2008
    TurboTax 2008 wcaiper
    TurboTax 2008 WinPerFedFormset
    TurboTax 2008 WinPerProgramHelp
    TurboTax 2008 WinPerReleaseEngine
    TurboTax 2008 WinPerTaxSupport
    TurboTax 2008 WinPerUserEducation
    TurboTax 2008 wrapper
    TurboTax Deluxe 2003
    TurboTax Deluxe 2004
    TurboTax Deluxe 2007
    TurboTax Deluxe Deduction Maximizer 2006
    TurboTax ItsDeductible 2005
    TurboTax ItsDeductible 2006
    Update for Microsoft Office Outlook 2007 (KB952142)
    Update for Office 2007 (KB946691)
    Update for Outlook 2007 Junk Email Filter (kb962871)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    VAIO BrightColor Wallpaper
    VAIO Help and Support
    VAIO Media 2.6
    VAIO Media Integrated Server 2.6
    VAIO Media Redistribution 2.6
    VAIO Registration
    VAIO Remote Commander Utility 6.2
    VAIO Support
    VAIO Survey Standalone
    VAIO System Information
    Viewpoint Manager (Remove Only)
    Viewpoint Media Player
    WexTech AnswerWorks
    Windows Media Format Runtime
    Windows Media Player 10
    Windows XP Service Pack 3
    WinRAR archiver
    Yahoo! Browser Services
    Yahoo! Install Manager
    Yahoo! Internet Mail
    Yahoo! Messenger

  4. #4
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

    http://www.bleepingcomputer.com/comb...o-use-combofix

    * Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log.
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

  5. #5
    Junior Member
    Join Date
    Apr 2009
    Posts
    12

    Default

    Thanks for the reply.

    ComboFix 09-04-04.01 - henry yeghyayan 2009-04-09 10:18:45.1 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1535.803 [GMT -7:00]
    Running from: c:\documents and settings\henry yeghyayan\Desktop\ComboFix.exe
    AV: avast! antivirus 4.8.1335 [VPS 090409-0] *On-access scanning disabled* (Updated)
    * Created a new restore point
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
    c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
    c:\program files\INSTALL.LOG
    C:\test.txt
    c:\windows\system32\_000005_.tmp.dll
    c:\windows\system32\delutaha.dll
    c:\windows\system32\ezewepah.ini
    c:\windows\system32\hapeweze.dll
    c:\windows\system32\mcrh.tmp
    c:\windows\system32\poyeyoyu.dll
    c:\windows\system32\tchlmmne.ini
    c:\windows\system32\wenifalo.dll
    c:\windows\system32\zahasila.dll

    ----- BITS: Possible infected sites -----

    hxxp://77.74.48.105
    .
    ((((((((((((((((((((((((( Files Created from 2009-03-09 to 2009-04-09 )))))))))))))))))))))))))))))))
    .

    2009-04-09 10:09 . 2009-04-09 10:09 61,440 --ah----- c:\windows\system32\BIT26.tmp
    2009-04-09 10:09 . 2009-04-09 10:09 2,713 ---hs---- c:\windows\system32\guteheso.exe
    2009-04-08 17:52 . 2009-04-08 17:52 2,713 ---hs---- c:\windows\system32\yibulura.exe
    2009-04-07 23:22 . 2009-04-07 23:22 2,713 ---hs---- c:\windows\system32\pibiyuvi.exe
    2009-04-07 23:06 . 2009-04-07 23:09 <DIR> d-------- c:\program files\SpywareBlaster
    2009-04-07 23:06 . 2009-04-09 10:11 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
    2009-04-07 12:15 . 2009-04-07 12:15 <DIR> d-------- c:\program files\Trend Micro
    2009-04-07 12:10 . 2009-04-07 12:11 <DIR> d-------- c:\program files\ERUNT
    2009-04-07 11:22 . 2009-04-07 11:22 2,713 ---hs---- c:\windows\system32\wipekoka.exe
    2009-04-05 17:10 . 2009-04-05 17:19 <DIR> d-------- c:\program files\Spybot - Search & Destroy
    2009-04-05 17:04 . 2009-04-05 17:04 <DIR> d-------- c:\program files\TeaTimer (Spybot - Search & Destroy)
    2009-04-05 17:04 . 2009-04-05 17:04 <DIR> d-------- c:\program files\SDHelper (Spybot - Search & Destroy)
    2009-04-05 17:04 . 2009-04-05 17:04 <DIR> d-------- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
    2009-04-05 17:04 . 2009-04-05 17:04 <DIR> d-------- c:\program files\File Scanner Library (Spybot - Search & Destroy)
    2009-04-01 23:33 . 2009-01-09 12:19 1,089,593 -----c--- c:\windows\system32\dllcache\ntprint.cat
    2009-04-01 18:32 . 2009-04-01 18:32 <DIR> d-------- c:\program files\Common Files\AnswerWorks 5.0
    2009-04-01 00:27 . 2009-04-01 00:27 <DIR> d-------- c:\windows\system32\LogFiles
    2009-04-01 00:15 . 2009-04-01 00:15 <DIR> d-------- c:\windows\system32\XPSViewer
    2009-04-01 00:15 . 2009-04-01 00:15 <DIR> d-------- c:\program files\Reference Assemblies
    2009-04-01 00:14 . 2009-04-01 00:24 <DIR> d-------- c:\windows\SxsCaPendDel
    2009-04-01 00:14 . 2008-07-06 05:06 1,676,288 --------- c:\windows\system32\xpssvcs.dll
    2009-04-01 00:14 . 2008-07-06 05:06 1,676,288 -----c--- c:\windows\system32\dllcache\xpssvcs.dll
    2009-04-01 00:14 . 2008-07-06 03:50 597,504 -----c--- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
    2009-04-01 00:14 . 2008-07-06 05:06 575,488 --------- c:\windows\system32\xpsshhdr.dll
    2009-04-01 00:14 . 2008-07-06 05:06 575,488 -----c--- c:\windows\system32\dllcache\xpsshhdr.dll
    2009-04-01 00:14 . 2008-07-06 05:06 117,760 --------- c:\windows\system32\prntvpt.dll
    2009-04-01 00:14 . 2008-07-06 05:06 89,088 -----c--- c:\windows\system32\dllcache\filterpipelineprintproc.dll
    2009-03-31 23:05 . 2009-03-31 23:05 <DIR> d-------- c:\windows\system32\scripting
    2009-03-31 23:05 . 2009-03-31 23:05 <DIR> d-------- c:\windows\system32\en
    2009-03-31 23:05 . 2009-03-31 23:05 <DIR> d-------- c:\windows\l2schemas
    2009-03-27 18:11 . 2009-03-27 18:11 <DIR> d-------- c:\program files\Alwil Software
    2009-03-27 16:14 . 2009-03-27 16:14 0 --a------ c:\windows\system32\mapisvc.inf
    2009-03-20 19:54 . 2009-03-26 12:07 <DIR> d--h----- C:\$AVG8.VAULT$
    2009-03-20 00:34 . 2009-03-20 00:34 <DIR> d-------- c:\documents and settings\henry yeghyayan\Application Data\LEAPS
    2009-03-20 00:32 . 2009-03-20 00:32 <DIR> d-------- c:\documents and settings\henry yeghyayan\Application Data\Pegasys Inc
    2009-03-19 23:50 . 2009-03-27 16:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
    2009-03-19 23:12 . 2009-03-19 23:12 <DIR> d-------- c:\program files\Pegasys Inc

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-04-07 07:28 --------- d-----w c:\program files\Bonjour
    2009-04-06 00:19 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-04-02 01:30 --------- d-----w c:\program files\Common Files\Intuit
    2009-04-02 01:30 --------- d-----w c:\documents and settings\All Users\Application Data\Intuit
    2009-04-02 01:26 --------- d-----w c:\program files\TurboTax
    2009-04-01 07:15 --------- d-----w c:\program files\MSBuild
    2009-03-28 01:16 --------- d-----w c:\program files\Eset
    2009-03-11 10:03 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
    2009-03-05 07:34 --------- d-----w c:\documents and settings\henry yeghyayan\Application Data\.purple
    2009-03-05 06:29 --------- d-----w c:\documents and settings\henry yeghyayan\Application Data\AdobeUM
    2009-03-05 05:33 --------- d-----w c:\documents and settings\henry yeghyayan\Application Data\gtk-2.0
    2009-03-05 05:14 --------- d-----w c:\program files\Pidgin
    2009-03-05 04:26 --------- d-----w c:\program files\Crossword Weaver
    2009-02-18 04:07 --------- d-----w c:\program files\Starcraft
    2009-02-18 03:18 94,208 ----a-w c:\windows\ScUnin.exe
    2007-02-01 01:54 307,046,786 ----a-w c:\program files\Microsoft Works.zip
    2006-10-11 01:26 23,510,720 ----a-w c:\program files\dotnetfx.exe
    2006-10-06 03:57 2,983 ----a-w c:\program files\install_wizard.log
    2006-06-01 05:54 24,192 -c--a-w c:\documents and settings\henry yeghyayan\usbsermptxp.sys
    2006-06-01 05:54 22,768 -c--a-w c:\documents and settings\henry yeghyayan\usbsermpt.sys
    2004-05-03 02:22 520,192 ----a-w c:\documents and settings\henry yeghyayan\chatlnk.exe
    2007-05-06 21:40 1,369,847 --sha-w c:\windows\Web\xfasis.bak1
    2008-03-28 19:09 274,818 --sha-w c:\windows\Web\xfasis.bak2
    2008-03-29 08:13 278,467 --sha-w c:\windows\Web\xfasis.ini2
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
    "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\WCESCOMM.EXE" [2002-01-07 401496]
    "PlaxoUpdate"="c:\program files\Plaxo\2.12.1.1\PlaxoHelper.exe" [2006-11-16 183367]
    "Backup4all"="c:\program files\Backup4all\Backup4all.exe" [2005-02-22 1814528]
    "Backup4all OTB Agent"="c:\program files\Backup4all\B4AOTB.exe" [2005-02-14 161280]
    "googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-21 68856]
    "Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2006-11-30 4662776]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
    "FreeRAM XP"="c:\program files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [2007-04-21 1591808]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
    "igndlm.exe"="d:\program files\IGN\Download Manager\DLM.exe" [2007-03-05 1103480]
    "Google Update"="c:\documents and settings\henry yeghyayan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-07 133104]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ezShieldProtector for Px"="c:\windows\System32\ezSP_Px.exe" [2002-08-20 40960]
    "ZTgServerSwitch"="c:\program files\support.com\client\bin\tgcmd.exe" [2003-06-23 1409024]
    "IgfxTray"="c:\windows\System32\igfxtray.exe" [2003-04-07 155648]
    "HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-04-07 114688]
    "NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-08-18 4841472]
    "VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-19 28672]
    "HPDJ Taskbar Utility"="c:\windows\System32\spool\drivers\w32x86\3\hpztsb09.exe" [2004-05-04 176128]
    "HPHUPD05"="c:\program files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe" [2004-04-01 49152]
    "HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
    "HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2003-12-05 49152]
    "HPHmon05"="c:\windows\system32\hphmon05.exe" [2004-05-05 491520]
    "Lexmark X5100 Series"="c:\program files\Lexmark X5100 Series\lxbabmgr.exe" [2003-03-04 86100]
    "PSDiagnosticM"="c:\program files\Linksys Wireless-G Print Server\PSDiagnosticM.exe" [2007-02-27 315392]
    "RoxioDragToDisc"="c:\program files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe" [2005-09-19 1687552]
    "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-08-16 236016]
    "NSLU2 Flash Map Utility"="c:\program files\NSLU2 Flash Map Utility\StorageLink.exe" [2005-05-10 249856]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
    "StxTrayMenu"="c:\program files\Seagate\SystemTray\StxMenuMgr.exe" [2007-01-18 190008]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
    "iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
    "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
    "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2002-08-28 59392]
    "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-28 455168]
    "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-28 455168]
    "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
    "AGRSMMSG"="AGRSMMSG.exe" [2003-05-23 c:\windows\AGRSMMSG.exe]

    c:\documents and settings\henry yeghyayan\Start Menu\Programs\Startup\
    AutoBackup Launcher.lnk - c:\program files\Memeo\AutoBackup\MemeoLauncher.exe [2007-02-08 211992]
    ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
    GameSpot Download Manager.lnk - c:\program files\GameSpot\GDM_TrayApp.exe [2007-08-28 237568]
    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    HotSync Manager.lnk - c:\program files\Sony Handheld\HOTSYNC.EXE [2002-08-09 299008]
    ImageMixer 3 SE Camera Monitor.lnk - c:\program files\PIXELA\ImageMixer 3 SE\CameraMonitor.exe [2008-07-25 253952]
    Quicken Scheduled Updates.lnk - c:\program files\Quicken\bagent.exe [2003-10-02 57344]
    Remocon Driver.lnk - c:\program files\sony\usbsircs\usbsircs.exe [2004-01-21 229376]
    Timer Recording Manager.lnk - c:\program files\Sony\Giga Pocket\ReserveModule.exe [2004-01-21 262144]
    VPN Dialer (OnStartup).lnk - c:\windows\Installer\{3E5562ED-69AB-4CEC-91E2-64E18EC5ACC6}\Icon3E5562ED.exe [2005-12-02 12288]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\system32\jizejaho.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.dvsd"= c:\progra~1\COMMON~1\SONYSH~1\VideoLib\sonydv.dll
    "MSACM.CEGSM"= mobilev.acm

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "UpdatesDisableNotify"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "c:\\Program Files\\Sony Handheld\\HOTSYNC.EXE"=
    "c:\\Program Files\\Sony\\Giga Pocket\\gps.exe"=
    "c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
    "c:\\Program Files\\support.com\\client\\bin\\tgcmd.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\NSLU2 Flash Map Utility\\StorageLink.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\Program Files\\Starcraft\\StarCraft.exe"=
    "c:\\Program Files\\Python\\pythonw.exe"=
    "c:\\WINDOWS\\system32\\LEXPPS.EXE"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "d:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Documents and Settings\\henry yeghyayan\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
    "c:\\Program Files\\Pidgin\\pidgin.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\Program Files\\Linksys\\WUSB300N\\WUSB300N.exe"=
    "c:\\Program Files\\Linksys Wireless-G Print Server\\PSDiagnosticM.exe"=
    "c:\\Program Files\\Roxio\\Easy Media Creator 8\\Digital Home\\RoxUpnpServer.exe"=

    R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-03-27 114768]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-03-27 20560]
    R2 CVPNDRV;Cisco Systems Inc. IPSec Driver;c:\windows\system32\drivers\CVPNDrv.sys [2003-03-05 263749]
    R2 DNADownloader;DNADownloader;c:\program files\GameSpot\DownloadManager_Win32.exe [2007-08-28 708608]
    R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [2008-10-10 13088]
    R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-10 24652]
    R2 WUSB300NSvc;WUSB300NSvc;c:\program files\Linksys\WUSB300N\WLService.exe [2008-02-01 53307]
    R2 WUSB54GSCSVC;WUSB54GSCSVC;c:\program files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe [2007-04-15 53307]
    R3 lknuhst;Linksys Network USB Host Controller;c:\windows\system32\drivers\lknuhst.sys [2007-04-29 11136]
    R3 LKNUHUB;Linksys Network USB Root Hub;c:\windows\system32\drivers\lknuhub.sys [2007-04-29 37248]
    S2 DP1112;DP1112;\??\c:\windows\System32\Drivers\DP.sys --> c:\windows\System32\Drivers\DP.sys [?]
    S3 LKNUCMP;Linksys Network USB Composite Device;c:\windows\system32\drivers\lknucmp.sys [2007-04-29 11648]
    S3 scsiscan;SCSI Scanner Driver;c:\windows\system32\drivers\scsiscan.sys [2006-09-09 11520]

    --- Other Services/Drivers In Memory ---

    *NewlyCreated* - GTNDIS5

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1d9cde1c-0e5a-11dc-ab7b-001a70379404}]
    \Shell\AutoRun\command - "L:\Install FreeAgent Tools.exe" /run
    .
    Contents of the 'Scheduled Tasks' folder

    2009-04-04 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

    2009-04-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1718566590-3565836092-3449285601-1005.job
    - c:\documents and settings\henry yeghyayan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-07 00:04]

    2009-04-09 c:\windows\Tasks\HP Usg Daily.job
    - c:\program files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\pexpress\hphped05.exe [2004-04-01 18:05]

    2004-03-06 c:\windows\Tasks\Registration reminder 1.job
    - c:\windows\System32\OOBE\oobebaln.exe [2008-04-13 17:12]

    2009-04-09 c:\windows\Tasks\User_Feed_Synchronization-{7AD24477-73DC-4BCB-8002-76E1CCD803F0}.job
    - c:\windows\system32\msfeedssync.exe [2006-10-17 11:58]

    2006-04-15 c:\windows\Tasks\XoftSpy.job
    - c:\program files\XoftSpy\XoftSpy.exe []

    2009-04-08 c:\windows\Tasks\{188DAFEA-C018-4C2F-8414-83E2CBE13BA2}_HENRY_henry yeghyayan.job
    - c:\windows\system32\mobsync.exe [2008-04-13 17:12]

    2009-04-03 c:\windows\Tasks\{602C8341-A511-4901-B00E-16556381B9FB}_HENRY_henry yeghyayan.job
    - c:\windows\system32\mobsync.exe [2008-04-13 17:12]

    2009-04-09 c:\windows\Tasks\{AF45AD99-FFB9-4785-9D2D-F2DA418715BC}_HENRY_henry yeghyayan.job
    - c:\windows\system32\mobsync.exe [2008-04-13 17:12]
    .
    - - - - ORPHANS REMOVED - - - -

    BHO-{EF89D4A9-905E-433E-A98B-EC020F2131C3} - c:\windows\Web\sisafx.dll
    BHO-{fc3c2db0-9767-4d0e-9bff-77e5b39e8274} - c:\windows\system32\nizedage.dll
    HKCU-Run-BitTorrent - c:\program files\BitTorrent\bittorrent.exe
    HKLM-Run-hokajofini - c:\windows\system32\pasaburi.dll
    HKU-Default-Run-PlayNC Launcher - (no file)
    Notify-sisafx - c:\windows\Web\sisafx.dll


    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uDefault_Search_URL = hxxp://www.google.com/ie
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
    IE: Convert for CLIÉ - c:\program files\Sony\Image Converter\menu.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
    IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
    IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
    Trusted Zone: imageservr.com\locator.cdn
    Trusted Zone: turbotax.com
    DPF: {22D82B43-FF26-455A-A96D-A6C61F056ED7} - hxxp://64.213.196.143/xplugxLiteTW.cab
    DPF: {E39EFE5A-58CC-4C5D-8966-D9BD2FA27F41} - hxxp://files.stf.com/Downloads/WebFormServer_v1.cab
    FF - ProfilePath - c:\documents and settings\henry yeghyayan\Application Data\Mozilla\Firefox\Profiles\nro4hygh.default\
    FF - prefs.js: browser.startup.homepage - www.google.com
    FF - plugin: c:\documents and settings\henry yeghyayan\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll
    FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
    FF - plugin: c:\program files\Java\j2re1.4.2_01\bin\NPJava11.dll
    FF - plugin: c:\program files\Java\j2re1.4.2_01\bin\NPJava12.dll
    FF - plugin: c:\program files\Java\j2re1.4.2_01\bin\NPJava13.dll
    FF - plugin: c:\program files\Java\j2re1.4.2_01\bin\NPJava14.dll
    FF - plugin: c:\program files\Java\j2re1.4.2_01\bin\NPJava32.dll
    FF - plugin: c:\program files\Java\j2re1.4.2_01\bin\NPJPI142_01.dll
    FF - plugin: c:\program files\Java\j2re1.4.2_01\bin\NPOJI610.dll
    FF - plugin: c:\program files\Opera\program\plugins\npdrmv2.dll
    FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nppl3260.dll
    FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprjplug.dll
    FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprpjplug.dll
    FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
    FF - plugin: d:\program files\IGN\Download Manager\npfpdlm.dll
    FF - plugin: d:\program files\iTunes\Mozilla Plugins\npitunes.dll
    .

    **************************************************************************

    catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-04-09 10:28:13
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(1320)
    c:\windows\system32\Ati2evxx.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\ati2evxx.exe
    c:\windows\system32\ati2evxx.exe
    c:\program files\Alwil Software\Avast4\aswUpdSv.exe
    c:\program files\Alwil Software\Avast4\ashServ.exe
    c:\windows\system32\LEXBCES.EXE
    c:\windows\system32\LEXPPS.EXE
    c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\Memeo\AutoBackup\MemeoService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Cisco Systems\VPN Client\cvpnd.exe
    c:\program files\Sony\Giga Pocket\shwserv.exe
    c:\program files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
    c:\program files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
    c:\windows\system32\wdfmgr.exe
    c:\program files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe
    c:\program files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
    c:\program files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
    c:\program files\Linksys\WUSB300N\WUSB300N.exe
    c:\program files\Compact Wireless-G USB Network Adapter with SpeedBooster\WUSB54GSC.exe
    c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
    c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
    c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
    c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
    c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
    c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
    c:\program files\Sony\Giga Pocket\RM_SV.exe
    c:\program files\Lexmark X5100 Series\lxbabmon.exe
    c:\windows\system32\HPZipm12.exe
    c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\windows\system32\wscntfy.exe
    c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    c:\program files\Sony\Giga Pocket\gps.exe
    c:\program files\Memeo\AutoBackup\MemeoBackup.exe
    .
    **************************************************************************
    .
    Completion time: 2009-04-09 10:36:46 - machine was rebooted
    ComboFix-quarantined-files.txt 2009-04-09 17:36:13

    Pre-Run: 23,599,276,032 bytes free
    Post-Run: 28,154,306,560 bytes free

    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

    Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4
    332 --- E O F --- 2009-04-02 09:44:37


    This is the HJT


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:39:39 AM, on 4/9/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16791)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Memeo\AutoBackup\MemeoService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\Program Files\GameSpot\DownloadManager_Win32.exe
    C:\Program Files\Sony\Giga Pocket\shwserv.exe
    C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
    C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe
    C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
    C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\Program Files\Linksys\WUSB300N\WLService.exe
    C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe
    C:\Program Files\Linksys\WUSB300N\WUSB300N.exe
    C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WUSB54GSC.exe
    C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
    C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
    C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
    C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
    C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
    C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
    C:\Program Files\Sony\Giga Pocket\RM_SV.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\program files\support.com\client\bin\tgcmd.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe
    C:\Program Files\Linksys Wireless-G Print Server\PSDiagnosticM.exe
    C:\Program Files\Lexmark X5100 Series\lxbabmon.exe
    C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe
    C:\Program Files\NSLU2 Flash Map Utility\StorageLink.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\WINDOWS\System32\HPZipm12.exe
    C:\Program Files\QuickTime\QTTask.exe
    D:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    C:\Program Files\Plaxo\2.12.1.1\PlaxoHelper.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Backup4all\Backup4all.exe
    C:\Program Files\Backup4all\Backup4all.exe
    C:\Program Files\Google\Google Talk\googletalk.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    C:\Documents and Settings\henry yeghyayan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    C:\Program Files\Sony Handheld\HOTSYNC.EXE
    C:\Program Files\PIXELA\ImageMixer 3 SE\CameraMonitor.exe
    C:\Program Files\sony\usbsircs\usbsircs.exe
    C:\Program Files\Sony\Giga Pocket\ReserveModule.exe
    C:\Program Files\GameSpot\GDM_TrayApp.exe
    C:\Program Files\Sony\Giga Pocket\gps.exe
    C:\Program Files\Memeo\AutoBackup\MemeoBackup.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Opera\opera.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.google.com/"); (C:\Documents and Settings\HENRY YEGHYAYAN\Application Data\Mozilla\Profiles\default\c7mknx6f.slt\prefs.js)
    N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\HENRY YEGHYAYAN\Application Data\Mozilla\Profiles\default\c7mknx6f.slt\prefs.js)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll (file missing)
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (file missing)
    O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
    O4 - HKLM\..\Run: [ZTgServerSwitch] "c:\program files\support.com\client\bin\tgcmd.exe" /server
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
    O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
    O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"
    O4 - HKLM\..\Run: [PSDiagnosticM] "C:\Program Files\Linksys Wireless-G Print Server\PSDiagnosticM.exe"
    O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe"
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
    O4 - HKLM\..\Run: [NSLU2 Flash Map Utility] C:\Program Files\NSLU2 Flash Map Utility\StorageLink.exe
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [StxTrayMenu] "C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.12.1.1\PlaxoHelper.exe -a
    O4 - HKCU\..\Run: [Backup4all] C:\Program Files\Backup4all\Backup4all.exe /s
    O4 - HKCU\..\Run: [Backup4all OTB Agent] C:\Program Files\Backup4all\B4AOTB.exe
    O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
    O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    O4 - HKCU\..\Run: [igndlm.exe] D:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\henry yeghyayan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - S-1-5-18 Startup: AutoBackup Launcher.lnk = C:\Program Files\Memeo\AutoBackup\MemeoLauncher.exe (User 'SYSTEM')
    O4 - S-1-5-18 Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE (User 'SYSTEM')
    O4 - S-1-5-18 Startup: GameSpot Download Manager.lnk = C:\Program Files\GameSpot\GDM_TrayApp.exe (User 'SYSTEM')
    O4 - S-1-5-18 Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'SYSTEM')
    O4 - .DEFAULT Startup: AutoBackup Launcher.lnk = C:\Program Files\Memeo\AutoBackup\MemeoLauncher.exe (User 'Default user')
    O4 - .DEFAULT Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE (User 'Default user')
    O4 - .DEFAULT Startup: GameSpot Download Manager.lnk = C:\Program Files\GameSpot\GDM_TrayApp.exe (User 'Default user')
    O4 - .DEFAULT Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Default user')
    O4 - Startup: AutoBackup Launcher.lnk = C:\Program Files\Memeo\AutoBackup\MemeoLauncher.exe
    O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
    O4 - Startup: GameSpot Download Manager.lnk = C:\Program Files\GameSpot\GDM_TrayApp.exe
    O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE
    O4 - Global Startup: ImageMixer 3 SE Camera Monitor.lnk = ?
    O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
    O4 - Global Startup: Remocon Driver.lnk = ?
    O4 - Global Startup: Timer Recording Manager.lnk = C:\Program Files\Sony\Giga Pocket\ReserveModule.exe
    O4 - Global Startup: VPN Dialer (OnStartup).lnk = ?
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Convert for CLIÉ - C:\Program Files\Sony\Image Converter\menu.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
    O15 - Trusted Zone: http://locator.cdn.imageservr.com
    O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
    O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - https://www.plaxo.com/down/latest/PlaxoInstall.cab
    O16 - DPF: {22D82B43-FF26-455A-A96D-A6C61F056ED7} (Gif89 xLite Class) - http://64.213.196.143/xplugxLiteTW.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/ca..._2.3.6.108.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/content.info...TunesSetup.exe
    O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/...lMgr_v01_5.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1164941180765
    O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pu...sh/swflash.cab
    O16 - DPF: {E39EFE5A-58CC-4C5D-8966-D9BD2FA27F41} (WebForm Launch Server) - http://files.stf.com/Downloads/WebFormServer_v1.cab
    O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download...basetup145.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O20 - AppInit_DLLs: C:\WINDOWS\system32\jizejaho.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AutoBackup (BMUService) - Memeo - C:\Program Files\Memeo\AutoBackup\MemeoService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    O23 - Service: DNADownloader - CNET Networks - C:\Program Files\GameSpot\DownloadManager_Win32.exe
    O23 - Service: Giga Pocket Hardware Detector - Sony Corporation - C:\Program Files\Sony\Giga Pocket\shwserv.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
    O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
    O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
    O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
    O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
    O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
    O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\Giga Pocket\halsv.exe
    O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\Giga Pocket\RM_SV.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
    O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe
    O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
    O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
    O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
    O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
    O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
    O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
    O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
    O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
    O23 - Service: WUSB300NSvc - Unknown owner - C:\Program Files\Linksys\WUSB300N\WLService.exe
    O23 - Service: WUSB54GSCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe

    --
    End of file - 21732 bytes

  6. #6
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    Open notepad and copy/paste the text in the codebox below into it:

    Code:
    File::
    c:\windows\system32\guteheso.exe
    c:\windows\system32\yibulura.exe
    c:\windows\system32\pibiyuvi.exe
    c:\windows\system32\wipekoka.exe
    c:\windows\Web\xfasis.bak1
    c:\windows\Web\xfasis.bak2
    c:\windows\Web\xfasis.ini2
    c:\windows\system32\jizejaho.dll
    
    DDS::
    Trusted Zone: imageservr.com\locator.cdn
    
    Registry::
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=-
    Save this as "CFScript"

    Then drag the CFScript into ComboFix.exe as you see in the screenshot below.



    This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

    Combofix should never take more that 20 minutes including the reboot if malware is detected.
    If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
    If that happened we want to know, and also what process you had to end.
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

  7. #7
    Junior Member
    Join Date
    Apr 2009
    Posts
    12

    Default

    Combofix did not ask me to reboot this time. Here is the log.

    ComboFix 09-04-04.01 - henry yeghyayan 2009-04-09 12:54:02.2 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1535.803 [GMT -7:00]
    Running from: c:\documents and settings\henry yeghyayan\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\henry yeghyayan\Desktop\CFScript.txt
    AV: avast! antivirus 4.8.1335 [VPS 090409-0] *On-access scanning disabled* (Updated)
    * Created a new restore point

    FILE ::
    c:\windows\system32\guteheso.exe
    c:\windows\system32\jizejaho.dll
    c:\windows\system32\pibiyuvi.exe
    c:\windows\system32\wipekoka.exe
    c:\windows\system32\yibulura.exe
    c:\windows\Web\xfasis.bak1
    c:\windows\Web\xfasis.bak2
    c:\windows\Web\xfasis.ini2
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\system32\guteheso.exe
    c:\windows\system32\pibiyuvi.exe
    c:\windows\system32\wipekoka.exe
    c:\windows\system32\yibulura.exe
    c:\windows\Web\xfasis.bak1
    c:\windows\Web\xfasis.bak2
    c:\windows\Web\xfasis.ini2

    .
    ((((((((((((((((((((((((( Files Created from 2009-03-09 to 2009-04-09 )))))))))))))))))))))))))))))))
    .

    2009-04-09 10:09 . 2009-04-09 10:09 61,440 --ah----- c:\windows\system32\BIT26.tmp
    2009-04-07 23:06 . 2009-04-07 23:09 <DIR> d-------- c:\program files\SpywareBlaster
    2009-04-07 23:06 . 2009-04-09 12:52 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
    2009-04-07 12:15 . 2009-04-07 12:15 <DIR> d-------- c:\program files\Trend Micro
    2009-04-07 12:10 . 2009-04-07 12:11 <DIR> d-------- c:\program files\ERUNT
    2009-04-05 17:10 . 2009-04-05 17:19 <DIR> d-------- c:\program files\Spybot - Search & Destroy
    2009-04-05 17:04 . 2009-04-05 17:04 <DIR> d-------- c:\program files\TeaTimer (Spybot - Search & Destroy)
    2009-04-05 17:04 . 2009-04-05 17:04 <DIR> d-------- c:\program files\SDHelper (Spybot - Search & Destroy)
    2009-04-05 17:04 . 2009-04-05 17:04 <DIR> d-------- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
    2009-04-05 17:04 . 2009-04-05 17:04 <DIR> d-------- c:\program files\File Scanner Library (Spybot - Search & Destroy)
    2009-04-01 23:33 . 2009-01-09 12:19 1,089,593 -----c--- c:\windows\system32\dllcache\ntprint.cat
    2009-04-01 18:32 . 2009-04-01 18:32 <DIR> d-------- c:\program files\Common Files\AnswerWorks 5.0
    2009-04-01 00:27 . 2009-04-01 00:27 <DIR> d-------- c:\windows\system32\LogFiles
    2009-04-01 00:15 . 2009-04-01 00:15 <DIR> d-------- c:\windows\system32\XPSViewer
    2009-04-01 00:15 . 2009-04-01 00:15 <DIR> d-------- c:\program files\Reference Assemblies
    2009-04-01 00:14 . 2009-04-01 00:24 <DIR> d-------- c:\windows\SxsCaPendDel
    2009-04-01 00:14 . 2008-07-06 05:06 1,676,288 --------- c:\windows\system32\xpssvcs.dll
    2009-04-01 00:14 . 2008-07-06 05:06 1,676,288 -----c--- c:\windows\system32\dllcache\xpssvcs.dll
    2009-04-01 00:14 . 2008-07-06 03:50 597,504 -----c--- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
    2009-04-01 00:14 . 2008-07-06 05:06 575,488 --------- c:\windows\system32\xpsshhdr.dll
    2009-04-01 00:14 . 2008-07-06 05:06 575,488 -----c--- c:\windows\system32\dllcache\xpsshhdr.dll
    2009-04-01 00:14 . 2008-07-06 05:06 117,760 --------- c:\windows\system32\prntvpt.dll
    2009-04-01 00:14 . 2008-07-06 05:06 89,088 -----c--- c:\windows\system32\dllcache\filterpipelineprintproc.dll
    2009-03-31 23:05 . 2009-03-31 23:05 <DIR> d-------- c:\windows\system32\scripting
    2009-03-31 23:05 . 2009-03-31 23:05 <DIR> d-------- c:\windows\system32\en
    2009-03-31 23:05 . 2009-03-31 23:05 <DIR> d-------- c:\windows\l2schemas
    2009-03-27 18:11 . 2009-03-27 18:11 <DIR> d-------- c:\program files\Alwil Software
    2009-03-27 16:14 . 2009-03-27 16:14 0 --a------ c:\windows\system32\mapisvc.inf
    2009-03-20 19:54 . 2009-03-26 12:07 <DIR> d--h----- C:\$AVG8.VAULT$
    2009-03-20 00:34 . 2009-03-20 00:34 <DIR> d-------- c:\documents and settings\henry yeghyayan\Application Data\LEAPS
    2009-03-20 00:32 . 2009-03-20 00:32 <DIR> d-------- c:\documents and settings\henry yeghyayan\Application Data\Pegasys Inc
    2009-03-19 23:50 . 2009-03-27 16:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
    2009-03-19 23:12 . 2009-03-19 23:12 <DIR> d-------- c:\program files\Pegasys Inc

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-04-07 07:28 --------- d-----w c:\program files\Bonjour
    2009-04-06 00:19 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-04-02 01:30 --------- d-----w c:\program files\Common Files\Intuit
    2009-04-02 01:30 --------- d-----w c:\documents and settings\All Users\Application Data\Intuit
    2009-04-02 01:26 --------- d-----w c:\program files\TurboTax
    2009-04-01 07:15 --------- d-----w c:\program files\MSBuild
    2009-03-28 01:16 --------- d-----w c:\program files\Eset
    2009-03-11 10:03 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
    2009-03-05 07:34 --------- d-----w c:\documents and settings\henry yeghyayan\Application Data\.purple
    2009-03-05 06:29 --------- d-----w c:\documents and settings\henry yeghyayan\Application Data\AdobeUM
    2009-03-05 05:33 --------- d-----w c:\documents and settings\henry yeghyayan\Application Data\gtk-2.0
    2009-03-05 05:14 --------- d-----w c:\program files\Pidgin
    2009-03-05 04:26 --------- d-----w c:\program files\Crossword Weaver
    2009-02-18 04:07 --------- d-----w c:\program files\Starcraft
    2009-02-18 03:18 94,208 ----a-w c:\windows\ScUnin.exe
    2009-02-09 11:13 1,846,784 ----a-w c:\windows\system32\win32k.sys
    2007-02-01 01:54 307,046,786 ----a-w c:\program files\Microsoft Works.zip
    2006-10-11 01:26 23,510,720 ----a-w c:\program files\dotnetfx.exe
    2006-10-06 03:57 2,983 ----a-w c:\program files\install_wizard.log
    2006-06-01 05:54 24,192 -c--a-w c:\documents and settings\henry yeghyayan\usbsermptxp.sys
    2006-06-01 05:54 22,768 -c--a-w c:\documents and settings\henry yeghyayan\usbsermpt.sys
    2004-05-03 02:22 520,192 ----a-w c:\documents and settings\henry yeghyayan\chatlnk.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
    "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\WCESCOMM.EXE" [2002-01-07 401496]
    "PlaxoUpdate"="c:\program files\Plaxo\2.12.1.1\PlaxoHelper.exe" [2006-11-16 183367]
    "Backup4all"="c:\program files\Backup4all\Backup4all.exe" [2005-02-22 1814528]
    "Backup4all OTB Agent"="c:\program files\Backup4all\B4AOTB.exe" [2005-02-14 161280]
    "googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-21 68856]
    "Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2006-11-30 4662776]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
    "FreeRAM XP"="c:\program files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [2007-04-21 1591808]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
    "igndlm.exe"="d:\program files\IGN\Download Manager\DLM.exe" [2007-03-05 1103480]
    "Google Update"="c:\documents and settings\henry yeghyayan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-07 133104]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ezShieldProtector for Px"="c:\windows\System32\ezSP_Px.exe" [2002-08-20 40960]
    "ZTgServerSwitch"="c:\program files\support.com\client\bin\tgcmd.exe" [2003-06-23 1409024]
    "IgfxTray"="c:\windows\System32\igfxtray.exe" [2003-04-07 155648]
    "HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-04-07 114688]
    "NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-08-18 4841472]
    "VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-19 28672]
    "HPDJ Taskbar Utility"="c:\windows\System32\spool\drivers\w32x86\3\hpztsb09.exe" [2004-05-04 176128]
    "HPHUPD05"="c:\program files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe" [2004-04-01 49152]
    "HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
    "HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2003-12-05 49152]
    "HPHmon05"="c:\windows\system32\hphmon05.exe" [2004-05-05 491520]
    "Lexmark X5100 Series"="c:\program files\Lexmark X5100 Series\lxbabmgr.exe" [2003-03-04 86100]
    "PSDiagnosticM"="c:\program files\Linksys Wireless-G Print Server\PSDiagnosticM.exe" [2007-02-27 315392]
    "RoxioDragToDisc"="c:\program files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe" [2005-09-19 1687552]
    "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-08-16 236016]
    "NSLU2 Flash Map Utility"="c:\program files\NSLU2 Flash Map Utility\StorageLink.exe" [2005-05-10 249856]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
    "StxTrayMenu"="c:\program files\Seagate\SystemTray\StxMenuMgr.exe" [2007-01-18 190008]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
    "iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
    "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
    "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2002-08-28 59392]
    "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-28 455168]
    "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-28 455168]
    "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
    "AGRSMMSG"="AGRSMMSG.exe" [2003-05-23 c:\windows\AGRSMMSG.exe]

    c:\documents and settings\henry yeghyayan\Start Menu\Programs\Startup\
    AutoBackup Launcher.lnk - c:\program files\Memeo\AutoBackup\MemeoLauncher.exe [2007-02-08 211992]
    ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
    GameSpot Download Manager.lnk - c:\program files\GameSpot\GDM_TrayApp.exe [2007-08-28 237568]
    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    HotSync Manager.lnk - c:\program files\Sony Handheld\HOTSYNC.EXE [2002-08-09 299008]
    ImageMixer 3 SE Camera Monitor.lnk - c:\program files\PIXELA\ImageMixer 3 SE\CameraMonitor.exe [2008-07-25 253952]
    Quicken Scheduled Updates.lnk - c:\program files\Quicken\bagent.exe [2003-10-02 57344]
    Remocon Driver.lnk - c:\program files\sony\usbsircs\usbsircs.exe [2004-01-21 229376]
    Timer Recording Manager.lnk - c:\program files\Sony\Giga Pocket\ReserveModule.exe [2004-01-21 262144]
    VPN Dialer (OnStartup).lnk - c:\windows\Installer\{3E5562ED-69AB-4CEC-91E2-64E18EC5ACC6}\Icon3E5562ED.exe [2005-12-02 12288]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.dvsd"= c:\progra~1\COMMON~1\SONYSH~1\VideoLib\sonydv.dll
    "MSACM.CEGSM"= mobilev.acm

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "UpdatesDisableNotify"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "c:\\Program Files\\Sony Handheld\\HOTSYNC.EXE"=
    "c:\\Program Files\\Sony\\Giga Pocket\\gps.exe"=
    "c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
    "c:\\Program Files\\support.com\\client\\bin\\tgcmd.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\NSLU2 Flash Map Utility\\StorageLink.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\Program Files\\Starcraft\\StarCraft.exe"=
    "c:\\Program Files\\Python\\pythonw.exe"=
    "c:\\WINDOWS\\system32\\LEXPPS.EXE"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "d:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Documents and Settings\\henry yeghyayan\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
    "c:\\Program Files\\Pidgin\\pidgin.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\Program Files\\Linksys\\WUSB300N\\WUSB300N.exe"=
    "c:\\Program Files\\Linksys Wireless-G Print Server\\PSDiagnosticM.exe"=
    "c:\\Program Files\\Roxio\\Easy Media Creator 8\\Digital Home\\RoxUpnpServer.exe"=

    R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-03-27 114768]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-03-27 20560]
    R2 CVPNDRV;Cisco Systems Inc. IPSec Driver;c:\windows\system32\drivers\CVPNDrv.sys [2003-03-05 263749]
    R2 DNADownloader;DNADownloader;c:\program files\GameSpot\DownloadManager_Win32.exe [2007-08-28 708608]
    R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [2008-10-10 13088]
    R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-10 24652]
    R2 WUSB300NSvc;WUSB300NSvc;c:\program files\Linksys\WUSB300N\WLService.exe [2008-02-01 53307]
    R2 WUSB54GSCSVC;WUSB54GSCSVC;c:\program files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe [2007-04-15 53307]
    R3 lknuhst;Linksys Network USB Host Controller;c:\windows\system32\drivers\lknuhst.sys [2007-04-29 11136]
    R3 LKNUHUB;Linksys Network USB Root Hub;c:\windows\system32\drivers\lknuhub.sys [2007-04-29 37248]
    S2 DP1112;DP1112;\??\c:\windows\System32\Drivers\DP.sys --> c:\windows\System32\Drivers\DP.sys [?]
    S3 LKNUCMP;Linksys Network USB Composite Device;c:\windows\system32\drivers\lknucmp.sys [2007-04-29 11648]
    S3 scsiscan;SCSI Scanner Driver;c:\windows\system32\drivers\scsiscan.sys [2006-09-09 11520]

    --- Other Services/Drivers In Memory ---

    *NewlyCreated* - GTNDIS5

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1d9cde1c-0e5a-11dc-ab7b-001a70379404}]
    \Shell\AutoRun\command - "L:\Install FreeAgent Tools.exe" /run
    .
    Contents of the 'Scheduled Tasks' folder

    2009-04-04 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

    2009-04-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1718566590-3565836092-3449285601-1005.job
    - c:\documents and settings\henry yeghyayan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-07 00:04]

    2009-04-09 c:\windows\Tasks\HP Usg Daily.job
    - c:\program files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\pexpress\hphped05.exe [2004-04-01 18:05]

    2004-03-06 c:\windows\Tasks\Registration reminder 1.job
    - c:\windows\System32\OOBE\oobebaln.exe [2008-04-13 17:12]

    2009-04-09 c:\windows\Tasks\User_Feed_Synchronization-{7AD24477-73DC-4BCB-8002-76E1CCD803F0}.job
    - c:\windows\system32\msfeedssync.exe [2006-10-17 11:58]

    2006-04-15 c:\windows\Tasks\XoftSpy.job
    - c:\program files\XoftSpy\XoftSpy.exe []

    2009-04-08 c:\windows\Tasks\{188DAFEA-C018-4C2F-8414-83E2CBE13BA2}_HENRY_henry yeghyayan.job
    - c:\windows\system32\mobsync.exe [2008-04-13 17:12]

    2009-04-03 c:\windows\Tasks\{602C8341-A511-4901-B00E-16556381B9FB}_HENRY_henry yeghyayan.job
    - c:\windows\system32\mobsync.exe [2008-04-13 17:12]

    2009-04-09 c:\windows\Tasks\{AF45AD99-FFB9-4785-9D2D-F2DA418715BC}_HENRY_henry yeghyayan.job
    - c:\windows\system32\mobsync.exe [2008-04-13 17:12]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uDefault_Search_URL = hxxp://www.google.com/ie
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
    IE: Convert for CLIÉ - c:\program files\Sony\Image Converter\menu.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
    IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
    IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
    Trusted Zone: turbotax.com
    DPF: {22D82B43-FF26-455A-A96D-A6C61F056ED7} - hxxp://64.213.196.143/xplugxLiteTW.cab
    DPF: {E39EFE5A-58CC-4C5D-8966-D9BD2FA27F41} - hxxp://files.stf.com/Downloads/WebFormServer_v1.cab
    FF - ProfilePath - c:\documents and settings\henry yeghyayan\Application Data\Mozilla\Firefox\Profiles\nro4hygh.default\
    FF - prefs.js: browser.startup.homepage - www.google.com
    FF - plugin: c:\documents and settings\henry yeghyayan\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll
    FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
    FF - plugin: c:\program files\Java\j2re1.4.2_01\bin\NPJava11.dll
    FF - plugin: c:\program files\Java\j2re1.4.2_01\bin\NPJava12.dll
    FF - plugin: c:\program files\Java\j2re1.4.2_01\bin\NPJava13.dll
    FF - plugin: c:\program files\Java\j2re1.4.2_01\bin\NPJava14.dll
    FF - plugin: c:\program files\Java\j2re1.4.2_01\bin\NPJava32.dll
    FF - plugin: c:\program files\Java\j2re1.4.2_01\bin\NPJPI142_01.dll
    FF - plugin: c:\program files\Java\j2re1.4.2_01\bin\NPOJI610.dll
    FF - plugin: c:\program files\Opera\program\plugins\npdrmv2.dll
    FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nppl3260.dll
    FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprjplug.dll
    FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprpjplug.dll
    FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
    FF - plugin: d:\program files\IGN\Download Manager\npfpdlm.dll
    FF - plugin: d:\program files\iTunes\Mozilla Plugins\npitunes.dll
    .

    **************************************************************************

    catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-04-09 12:55:47
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(1320)
    c:\windows\system32\Ati2evxx.dll
    .
    Completion time: 2009-04-09 12:58:58
    ComboFix-quarantined-files.txt 2009-04-09 19:57:51
    ComboFix2.txt 2009-04-09 17:36:48

    Pre-Run: 28,133,056,512 bytes free
    Post-Run: 28,109,905,920 bytes free

    Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4
    273 --- E O F --- 2009-04-02 09:44:37

    This is the HJT log

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 1:00:02 PM, on 4/9/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16791)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Memeo\AutoBackup\MemeoService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\Program Files\GameSpot\DownloadManager_Win32.exe
    C:\Program Files\Sony\Giga Pocket\shwserv.exe
    C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
    C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe
    C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
    C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\Program Files\Linksys\WUSB300N\WLService.exe
    C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe
    C:\Program Files\Linksys\WUSB300N\WUSB300N.exe
    C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WUSB54GSC.exe
    C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
    C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
    C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
    C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
    C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
    C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
    C:\Program Files\Sony\Giga Pocket\RM_SV.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\program files\support.com\client\bin\tgcmd.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe
    C:\Program Files\Linksys Wireless-G Print Server\PSDiagnosticM.exe
    C:\Program Files\Lexmark X5100 Series\lxbabmon.exe
    C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe
    C:\Program Files\NSLU2 Flash Map Utility\StorageLink.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\WINDOWS\System32\HPZipm12.exe
    C:\Program Files\QuickTime\QTTask.exe
    D:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    C:\Program Files\Plaxo\2.12.1.1\PlaxoHelper.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Backup4all\Backup4all.exe
    C:\Program Files\Backup4all\Backup4all.exe
    C:\Program Files\Google\Google Talk\googletalk.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    C:\Documents and Settings\henry yeghyayan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    C:\Program Files\Sony Handheld\HOTSYNC.EXE
    C:\Program Files\sony\usbsircs\usbsircs.exe
    C:\Program Files\Sony\Giga Pocket\ReserveModule.exe
    C:\Program Files\Memeo\AutoBackup\MemeoBackup.exe
    C:\WINDOWS\system32\notepad.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.google.com/"); (C:\Documents and Settings\HENRY YEGHYAYAN\Application Data\Mozilla\Profiles\default\c7mknx6f.slt\prefs.js)
    N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\HENRY YEGHYAYAN\Application Data\Mozilla\Profiles\default\c7mknx6f.slt\prefs.js)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll (file missing)
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (file missing)
    O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
    O4 - HKLM\..\Run: [ZTgServerSwitch] "c:\program files\support.com\client\bin\tgcmd.exe" /server
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
    O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
    O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"
    O4 - HKLM\..\Run: [PSDiagnosticM] "C:\Program Files\Linksys Wireless-G Print Server\PSDiagnosticM.exe"
    O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe"
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
    O4 - HKLM\..\Run: [NSLU2 Flash Map Utility] C:\Program Files\NSLU2 Flash Map Utility\StorageLink.exe
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [StxTrayMenu] "C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.12.1.1\PlaxoHelper.exe -a
    O4 - HKCU\..\Run: [Backup4all] C:\Program Files\Backup4all\Backup4all.exe /s
    O4 - HKCU\..\Run: [Backup4all OTB Agent] C:\Program Files\Backup4all\B4AOTB.exe
    O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
    O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    O4 - HKCU\..\Run: [igndlm.exe] D:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\henry yeghyayan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - S-1-5-18 Startup: AutoBackup Launcher.lnk = C:\Program Files\Memeo\AutoBackup\MemeoLauncher.exe (User 'SYSTEM')
    O4 - S-1-5-18 Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE (User 'SYSTEM')
    O4 - S-1-5-18 Startup: GameSpot Download Manager.lnk = C:\Program Files\GameSpot\GDM_TrayApp.exe (User 'SYSTEM')
    O4 - S-1-5-18 Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'SYSTEM')
    O4 - .DEFAULT Startup: AutoBackup Launcher.lnk = C:\Program Files\Memeo\AutoBackup\MemeoLauncher.exe (User 'Default user')
    O4 - .DEFAULT Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE (User 'Default user')
    O4 - .DEFAULT Startup: GameSpot Download Manager.lnk = C:\Program Files\GameSpot\GDM_TrayApp.exe (User 'Default user')
    O4 - .DEFAULT Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Default user')
    O4 - Startup: AutoBackup Launcher.lnk = C:\Program Files\Memeo\AutoBackup\MemeoLauncher.exe
    O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
    O4 - Startup: GameSpot Download Manager.lnk = C:\Program Files\GameSpot\GDM_TrayApp.exe
    O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE
    O4 - Global Startup: ImageMixer 3 SE Camera Monitor.lnk = ?
    O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
    O4 - Global Startup: Remocon Driver.lnk = ?
    O4 - Global Startup: Timer Recording Manager.lnk = C:\Program Files\Sony\Giga Pocket\ReserveModule.exe
    O4 - Global Startup: VPN Dialer (OnStartup).lnk = ?
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Convert for CLIÉ - C:\Program Files\Sony\Image Converter\menu.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
    O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
    O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - https://www.plaxo.com/down/latest/PlaxoInstall.cab
    O16 - DPF: {22D82B43-FF26-455A-A96D-A6C61F056ED7} (Gif89 xLite Class) - http://64.213.196.143/xplugxLiteTW.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/ca..._2.3.6.108.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/content.info...TunesSetup.exe
    O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/...lMgr_v01_5.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1164941180765
    O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pu...sh/swflash.cab
    O16 - DPF: {E39EFE5A-58CC-4C5D-8966-D9BD2FA27F41} (WebForm Launch Server) - http://files.stf.com/Downloads/WebFormServer_v1.cab
    O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download...basetup145.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AutoBackup (BMUService) - Memeo - C:\Program Files\Memeo\AutoBackup\MemeoService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    O23 - Service: DNADownloader - CNET Networks - C:\Program Files\GameSpot\DownloadManager_Win32.exe
    O23 - Service: Giga Pocket Hardware Detector - Sony Corporation - C:\Program Files\Sony\Giga Pocket\shwserv.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
    O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
    O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
    O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
    O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
    O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
    O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\Giga Pocket\halsv.exe
    O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\Giga Pocket\RM_SV.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
    O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe
    O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
    O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
    O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
    O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
    O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
    O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
    O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
    O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
    O23 - Service: WUSB300NSvc - Unknown owner - C:\Program Files\Linksys\WUSB300N\WLService.exe
    O23 - Service: WUSB54GSCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe

    --
    End of file - 21404 bytes

  8. #8
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    Please go to Kaspersky website and perform an online antivirus scan.

    Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select ''Run as administrator'' to perform this scan.

    1. Read through the requirements and privacy statement and click on Accept button.
    2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
    3. When the downloads have finished, click on Settings.
    4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      • Spyware, Adware, Dialers, and other potentially dangerous programs
        Archives
    5. Click on My Computer under Scan.
    6. Once the scan is complete, it will display the results. Click on View Scan Report.
    7. You will see a list of infected items there. Click on Save Report As....
    8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
    9. Please post this log in your next reply along with a fresh HijackThis log.


    If you need a tutorial, see here
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

  9. #9
    Junior Member
    Join Date
    Apr 2009
    Posts
    12

    Default

    Thanks. Here is the Kaspersky log. It asked me to update my Java version before I could use it, so I did. Also, once we take care of the virus problem, I was wondering if you could tell me how to remove some of my startup programs, as many of them seem unnecessary.

    --------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER 7.0 REPORT
    Friday, April 10, 2009
    Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
    Kaspersky Online Scanner version: 7.0.26.13
    Program database last update: Friday, April 10, 2009 18:43:30
    Records in database: 2032144
    --------------------------------------------------------------------------------

    Scan settings:
    Scan using the following database: extended
    Scan archives: yes
    Scan mail databases: yes

    Scan area - My Computer:
    A:\
    C:\
    D:\
    E:\
    F:\
    G:\
    H:\
    I:\
    J:\

    Scan statistics:
    Files scanned: 168611
    Threat name: 1
    Infected objects: 1
    Suspicious objects: 0
    Duration of the scan: 03:14:48


    File name / Threat name / Threats count
    C:\Program Files\GameSpot\uninstall.exe Infected: not-a-virus:AdWare.Win32.BetterInternet.alu 1

    The selected area was scanned.

    This is the HJT log.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 2:01:45 PM, on 4/10/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16791)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Memeo\AutoBackup\MemeoService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\Program Files\GameSpot\DownloadManager_Win32.exe
    C:\Program Files\Sony\Giga Pocket\shwserv.exe
    C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
    C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe
    C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
    C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\Program Files\Linksys\WUSB300N\WLService.exe
    C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe
    C:\Program Files\Linksys\WUSB300N\WUSB300N.exe
    C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WUSB54GSC.exe
    C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
    C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
    C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
    C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
    C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
    C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
    C:\Program Files\Sony\Giga Pocket\RM_SV.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\System32\ezSP_Px.exe
    C:\program files\support.com\client\bin\tgcmd.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    C:\WINDOWS\system32\hphmon05.exe
    C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe
    C:\Program Files\Linksys Wireless-G Print Server\PSDiagnosticM.exe
    C:\Program Files\Lexmark X5100 Series\lxbabmon.exe
    C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe
    C:\Program Files\NSLU2 Flash Map Utility\StorageLink.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe
    C:\Program Files\QuickTime\QTTask.exe
    D:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\System32\HPZipm12.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    C:\Program Files\Plaxo\2.12.1.1\PlaxoHelper.exe
    C:\Program Files\Backup4all\Backup4all.exe
    C:\Program Files\Backup4all\Backup4all.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Google\Google Talk\googletalk.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Documents and Settings\henry yeghyayan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    C:\Program Files\Sony Handheld\HOTSYNC.EXE
    C:\Program Files\PIXELA\ImageMixer 3 SE\CameraMonitor.exe
    C:\Program Files\sony\usbsircs\usbsircs.exe
    C:\Program Files\Sony\Giga Pocket\ReserveModule.exe
    C:\Program Files\GameSpot\GDM_TrayApp.exe
    C:\Program Files\Sony\Giga Pocket\gps.exe
    C:\Program Files\Memeo\AutoBackup\MemeoBackup.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Opera\opera.exe
    D:\Program Files\iTunes\iTunes.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    N3 - Netscape 7: # Mozilla User Preferences
    // This is a generated file!

    user_pref("browser.activation.checkedNNFlag", true);
    user_pref("browser.bookmarks.added_static_root", true);
    user_pref("browser.download.dir", "C:\\Documents and Settings\\henry yeghyayan\\My Documents");
    user_pref("browser.history.last_page_visited", "http://www.google.com/");
    user_pref("browser.history_expire_days", 1);
    user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src");
    user_pref("browser.startup.homepage", "http://www.google.com/");
    user_pref("browser.startup.homepage_override.mstone", "rv:1.0.2");
    user_pref("browser.tabs.forceHide", true);
    user_pref("editor.history_title_0", "blah");
    user_pref("editor.history_title_1", "Games");
    user_pref("editor.history_title_2", "best games");
    user_pref("editor.history_url_0", "file:///C:/Documents%20and%20Settings/henry%20yeghyayan/My%20Documents/blah.html");
    user_pref("editor.history_url_1", "file://///MATTHEW/Shared
    N3 - Netscape 7: # Mozilla User Preferences
    // This is a generated file!

    user_pref("browser.activation.checkedNNFlag", true);
    user_pref("browser.bookmarks.added_static_root", true);
    user_pref("browser.download.dir", "C:\\Documents and Settings\\henry yeghyayan\\My Documents");
    user_pref("browser.history.last_page_visited", "http://www.google.com/");
    user_pref("browser.history_expire_days", 1);
    user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src");
    user_pref("browser.startup.homepage", "http://www.google.com/");
    user_pref("browser.startup.homepage_override.mstone", "rv:1.0.2");
    user_pref("browser.tabs.forceHide", true);
    user_pref("editor.history_title_0", "blah");
    user_pref("editor.history_title_1", "Games");
    user_pref("editor.history_title_2", "best games");
    user_pref("editor.history_url_0", "file:///C:/Documents%20and%20Settings/henry%20yeghyayan/My%20Documents/blah.html");
    user_pref("editor.history_url_1", "file://///MATTHEW/Shared
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll (file missing)
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (file missing)
    O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
    O4 - HKLM\..\Run: [ZTgServerSwitch] "c:\program files\support.com\client\bin\tgcmd.exe" /server
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
    O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
    O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"
    O4 - HKLM\..\Run: [PSDiagnosticM] "C:\Program Files\Linksys Wireless-G Print Server\PSDiagnosticM.exe"
    O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe"
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
    O4 - HKLM\..\Run: [NSLU2 Flash Map Utility] C:\Program Files\NSLU2 Flash Map Utility\StorageLink.exe
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [StxTrayMenu] "C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.12.1.1\PlaxoHelper.exe -a
    O4 - HKCU\..\Run: [Backup4all] C:\Program Files\Backup4all\Backup4all.exe /s
    O4 - HKCU\..\Run: [Backup4all OTB Agent] C:\Program Files\Backup4all\B4AOTB.exe
    O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
    O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    O4 - HKCU\..\Run: [igndlm.exe] D:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\henry yeghyayan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - S-1-5-18 Startup: AutoBackup Launcher.lnk = C:\Program Files\Memeo\AutoBackup\MemeoLauncher.exe (User 'SYSTEM')
    O4 - S-1-5-18 Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE (User 'SYSTEM')
    O4 - S-1-5-18 Startup: GameSpot Download Manager.lnk = C:\Program Files\GameSpot\GDM_TrayApp.exe (User 'SYSTEM')
    O4 - S-1-5-18 Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'SYSTEM')
    O4 - .DEFAULT Startup: AutoBackup Launcher.lnk = C:\Program Files\Memeo\AutoBackup\MemeoLauncher.exe (User 'Default user')
    O4 - .DEFAULT Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE (User 'Default user')
    O4 - .DEFAULT Startup: GameSpot Download Manager.lnk = C:\Program Files\GameSpot\GDM_TrayApp.exe (User 'Default user')
    O4 - .DEFAULT Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Default user')
    O4 - Startup: AutoBackup Launcher.lnk = C:\Program Files\Memeo\AutoBackup\MemeoLauncher.exe
    O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
    O4 - Startup: GameSpot Download Manager.lnk = C:\Program Files\GameSpot\GDM_TrayApp.exe
    O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE
    O4 - Global Startup: ImageMixer 3 SE Camera Monitor.lnk = ?
    O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
    O4 - Global Startup: Remocon Driver.lnk = ?
    O4 - Global Startup: Timer Recording Manager.lnk = C:\Program Files\Sony\Giga Pocket\ReserveModule.exe
    O4 - Global Startup: VPN Dialer (OnStartup).lnk = ?
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Convert for CLIÉ - C:\Program Files\Sony\Image Converter\menu.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
    O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
    O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - https://www.plaxo.com/down/latest/PlaxoInstall.cab
    O16 - DPF: {22D82B43-FF26-455A-A96D-A6C61F056ED7} (Gif89 xLite Class) - http://64.213.196.143/xplugxLiteTW.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/ca..._2.3.6.108.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/content.info...TunesSetup.exe
    O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/...lMgr_v01_5.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1164941180765
    O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pu...sh/swflash.cab
    O16 - DPF: {E39EFE5A-58CC-4C5D-8966-D9BD2FA27F41} (WebForm Launch Server) - http://files.stf.com/Downloads/WebFormServer_v1.cab
    O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download...basetup145.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AutoBackup (BMUService) - Memeo - C:\Program Files\Memeo\AutoBackup\MemeoService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    O23 - Service: DNADownloader - CNET Networks - C:\Program Files\GameSpot\DownloadManager_Win32.exe
    O23 - Service: Giga Pocket Hardware Detector - Sony Corporation - C:\Program Files\Sony\Giga Pocket\shwserv.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
    O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
    O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
    O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
    O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
    O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
    O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\Giga Pocket\halsv.exe
    O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\Giga Pocket\RM_SV.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
    O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe
    O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
    O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
    O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
    O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
    O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
    O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
    O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
    O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
    O23 - Service: WUSB300NSvc - Unknown owner - C:\Program Files\Linksys\WUSB300N\WLService.exe
    O23 - Service: WUSB54GSCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe

    --
    End of file - 23735 bytes

  10. #10
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    Sure

    I am not convinced that kaspersky finding is real deal:

    I'd like you to check a file for malware.

    C:\Program Files\GameSpot\uninstall.exe
    • Copy/Paste the first file on the list into the white Upload a file box.
    • Click Send/Submit, and the file will upload to VirusTotal/Jotti, where it will be scanned by several anti-virus programmes.
    • After a while, a window will open, with details of what the scans found.
    • Save the complete results in a Notepad/Word document on your desktop.
    • Post back results here, please.
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •