HELP!! Severe Problems with Pop Ups & freezing

P

panicden

New member
Please help, My PC has slowed to a crawl and is nearly unusable. the sypmtoms I am facing are:
  • Powered by Zedo Pop Ups along with many other pop ups
  • A Server Busy prompt that pops up when I try to access web pages that says "this action cannot be completed, perhaps the other program is busy. Choose 'Switch to' to activate the busy program & correct the problem" it then gives a "switch to" button and a "retry" button
  • inernet script error prompt that reads "an error has occured in the script on this page" error: no such interface supported, local settings\temp\NDr9.Tmp.html
  • total system freeze
------------
HJT Log:
Logfile of Trend Micro HijackThis v2.0.2
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\DOCUME~1\ROBERT\MYDOCU~1\FNTS~1\alg.exe
C:\Program Files\??sembly\??rvices.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Sony\USBSircs\usbsircs.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Sony\Giga Pocket\ReserveModule.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Sony\Giga Pocket\gps.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Sony\Giga Pocket\shwserv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\Program Files\Sony\Giga Pocket\RM_SV.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [VAIO Recovery] C:\Windows\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe Version Cue CS2] C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [Iinl] "C:\DOCUME~1\ROBERT\MYDOCU~1\FNTS~1\alg.exe" -vt yazb
O4 - HKCU\..\Run: [Ztt] "C:\Program Files\??sembly\??rvices.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Remocon Driver.lnk = ?
O4 - Global Startup: Timer Recording Manager.lnk = C:\Program Files\Sony\Giga Pocket\ReserveModule.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe (file missing)
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O21 - SSODL: OleExport - {C777CF73-124F-3562-44AC-E685D962C63C} - C:\WINDOWS\Media\CertMgr.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Giga Pocket Hardware Detector - Sony Corporation - C:\Program Files\Sony\Giga Pocket\shwserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\Giga Pocket\halsv.exe
O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\Giga Pocket\RM_SV.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
End of file - 10259 bytes
---------------------------

KASPERSKY ONLINE SCANNER REPORT:
-------------------------
Saturday, October 06, 2007 8:52:32 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.1
Kaspersky Anti-Virus database last update: 6/10/2007
Kaspersky Anti-Virus database records: 428195
----------------------------------------------------------------
NOTE: O.L.& S. stands for "Object is locked skipped"
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer: C

Scan Statistics:
Total number of scanned objects: 207886
Number of viruses found: 6
Number of infected objects: 13
Number of suspicious objects: 2
Duration of the scan process: 03:04:20

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log O.L.& S.
C:\Documents and Settings\All Users\Application
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WebBuyingAssistant.zip/v1.8.5/wbuninst.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WebBuyingAssistant.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\LocalService\Cookies\index.dat O.L.& S.
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat O.L.& S.
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG O.L.& S.
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat O.L.& S.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat O.L.& S.
C:\Documents and Settings\LocalService\NTUSER.DAT O.L.& S.
C:\Documents and Settings\LocalService\ntuser.dat.LOG O.L.& S.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat O.L.& S.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG O.L.& S.
C:\Documents and Settings\NetworkService\NTUSER.DAT O.L.& S.
C:\Documents and Settings\NetworkService\ntuser.dat.LOG O.L.& S.
C:\Documents and Settings\ROBERT\Cookies\index.dat O.L.& S.
C:\Documents and Settings\ROBERT\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat O.L.& S.
C:\Documents and Settings\ROBERT\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG O.L.& S.
C:\Documents and Settings\ROBERT\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\ROBERT\Local Settings\History\History.IE5\MSHist012007100620071007\index.dat O.L.& S.
C:\Documents and Settings\ROBERT\Local Settings\Temp\FFSAR12FG.tmp O.L.& S.
C:\Documents and Settings\ROBERT\Local Settings\Temp\MKJ42FG.tmp O.L.& S.
C:\Documents and Settings\ROBERT\Local Settings\Temp\Perflib_Perfdata_710.dat O.L.& S.
C:\Documents and Settings\ROBERT\Local Settings\Temp\~DF78CC.tmp O.L.& S.
C:\Documents and Settings\ROBERT\Local Settings\Temporary Internet Files\Content.IE5\index.dat O.L.& S.
C:\Documents and Settings\ROBERT\ntuser.dat O.L.& S.
C:\Documents and Settings\ROBERT\ntuser.dat.LOG O.L.& S.
C:\Program Files\Adobe\Adobe Version Cue CS2\config\configuration\org.eclipse.core.runtime\.manager\.tmp28191.instance O.L.& S.
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\data\ibdata1 O.L.& S.
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\data\ib_logfile0 O.L.& S.
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\data\ib_logfile1 O.L.& S.
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\data\versioncue\bhasset.ibd O.L.& S.
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\data\versioncue\bhassetcacheitem.ibd O.L.& S.
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\data\versioncue\bhassetversioncacheitem.ibd O.L.& S.
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\data\versioncue\bhlabel.ibd O.L.& S.
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\data\versioncue\bhlabeltoversion.ibd O.L.& S.
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\data\versioncue\bhmessage.ibd O.L.& S.
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\data\versioncue\bhpqentry.ibd O.L.& S.
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\data\versioncue\bhpublishlog.ibd O.L.& S.
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\data\versioncue\bhpublishserver.ibd O.L.& S.
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\data\versioncue\bhpublishstateitem.ibd O.L.& S.
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\data\versioncue\bhresult.ibd O.L.& S.
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\data\versioncue\bhreview.ibd O.L.& S.
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\data\versioncue\bhreviewcomment.ibd O.L.& S.
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\data\versioncue\bhrole.ibd O.L.& S.
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\data\versioncue\bhschemaversion.ibd O.L.& S.
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\data\versioncue\bhsequence.ibd O.L.& S.
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\data\versioncue\bhserverglobals.ibd O.L.& S.
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\data\versioncue\bhsettings.ibd O.L.& S.
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\data\versioncue\bhsettingssection.ibd O.L.& S.
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\data\versioncue\bhthumbnail.ibd O.L.& S.
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\data\versioncue\bhuser.ibd O.L.& S.
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\data\versioncue\bhuserrole.ibd O.L.& S.
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\data\versioncue\bhxmpmetadata.ibd O.L.& S.
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\data\versioncue\bhxmpproperty.ibd O.L.& S.
C:\Program Files\Adobe\Adobe Version Cue CS2\logs\VersionCue.log O.L.& S.
C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\MailBuddy.log Object is locked skipped
C:\System Volume Information\_restore{543848E5-A971-4387-BA47-9852573A650F}\RP45\A0023122.exe/file004 Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\System Volume Information\_restore{543848E5-A971-4387-BA47-9852573A650F}\RP45\A0023122.exe Inno: infected - 1 skipped
C:\System Volume Information\_restore{543848E5-A971-4387-BA47-9852573A650F}\RP45\A0023124.exe/stream/data0002 Infected: not-a-virus:Downloader.Win32.Agent.q skipped
C:\System Volume Information\_restore{543848E5-A971-4387-BA47-9852573A650F}\RP45\A0023124.exe/stream Infected: not-a-virus:Downloader.Win32.Agent.q skipped
C:\System Volume Information\_restore{543848E5-A971-4387-BA47-9852573A650F}\RP45\A0023124.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{543848E5-A971-4387-BA47-9852573A650F}\RP45\A0023125.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\System Volume Information\_restore{543848E5-A971-4387-BA47-9852573A650F}\RP45\A0023125.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{543848E5-A971-4387-BA47-9852573A650F}\RP45\A0023126.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\System Volume Information\_restore{543848E5-A971-4387-BA47-9852573A650F}\RP45\A0023126.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{543848E5-A971-4387-BA47-9852573A650F}\RP46\change.log Object is locked skipped
C:\WINDOWS\Debug\oakley.log O.L.& S.
C:\WINDOWS\Debug\PASSWD.LOG O.L.& S.
C:\WINDOWS\Internet Logs\fwdbglog.txt O.L.& S.
C:\WINDOWS\Internet Logs\fwpktlog.txt O.L.& S.
C:\WINDOWS\Internet Logs\IAMDB.RDB O.L.& S.
C:\WINDOWS\Internet Logs\PANIC.ldb O.L.& S.
C:\WINDOWS\Internet Logs\tvDebug.log O.L.& S.
C:\WINDOWS\SchedLgU.Txt O.L.& S.
C:\WINDOWS\system32\config\AppEvent.Evt O.L.& S.
C:\WINDOWS\system32\config\default O.L.& S.
C:\WINDOWS\system32\config\default.LOG O.L.& S.
C:\WINDOWS\system32\config\SAM O.L.& S.
C:\WINDOWS\system32\config\SAM.LOG O.L.& S.
C:\WINDOWS\system32\config\SecEvent.Evt O.L.& S.
C:\WINDOWS\system32\config\SECURITY O.L.& S.
C:\WINDOWS\system32\config\SECURITY.LOG O.L.& S.
C:\WINDOWS\system32\config\software O.L.& S.
C:\WINDOWS\system32\config\software.LOG O.L.& S.
C:\WINDOWS\system32\config\SysEvent.Evt O.L.& S.
C:\WINDOWS\system32\config\system O.L.& S.
C:\WINDOWS\system32\config\system.LOG O.L.& S.
C:\WINDOWS\system32\drivers\fidbox.dat O.L.& S.
C:\WINDOWS\system32\drivers\fidbox.idx O.L.& S.
C:\WINDOWS\system32\drivers\fidbox2.dat O.L.& S.
C:\WINDOWS\system32\drivers\fidbox2.idx O.L.& S.
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR O.L.& S.
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA O.L.& S.
C:\WINDOWS\Temp\hsperfdata_SYSTEM\1612 O.L.& S.
C:\WINDOWS\Temp\hsperfdata_SYSTEM\300 O.L.& S.
C:\WINDOWS\Temp\ib50 O.L.& S.
C:\WINDOWS\Temp\ib51 O.L.& S.
C:\WINDOWS\Temp\ib52 O.L.& S.
C:\WINDOWS\Temp\ZLT029bf.TMP O.L.& S.
C:\WINDOWS\Temp\ZLT029c6.TMP O.L.& S.
C:\WINDOWS\tsitra1000106.exe Infected: Trojan-Downloader.Win32.Agent.duy skipped
C:\WINDOWS\tsitra77.exe Infected: Trojan-Downloader.Win32.Agent.duy skipped
E:\System Volume Information\MountPointManagerRemoteDatabase O.L.& S.
E:\System Volume Information\_restore{543848E5-A971-4387-BA47-9852573A650F}\RP45\A0023121.exe/fsg-ag.exe Infected: not-a-virus:AdWare.Win32.Gator.1050 skipped
E:\System Volume Information\_restore{543848E5-A971-4387-BA47-9852573A650F}\RP45\A0023121.exe Vise: infected - 1 skipped


Scan process completed.
 
Hello panicden,

Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.

Download ComboFix from Here or Here to your Desktop.
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
 
Hi Rip Chain, I followed the following instructions to the letter:

__RiP_ChAiN_ said:
Hello panicden,
Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.
[/COLOR]
Click to expand...

But I could not get HJT to generate the log you requested, when I clicked the "Save List" button it made the whole HJT app dissapear, no log, no HJT. So I repeated it several times, each time the same. So I then rebooted into safe mode and tried it. when I clicked the "Save List" button it did absolutely nothing, i mean nothing at all, the "HJT app did not poof as it did in normal startup but it did not generate a log, so what I did was I typed out each line listed in the uninstall Manager (and man my two fingers are killing me!), this is the best I could do, I hope this serves your purpose and is at least helpful (hopefully it is no different than what should have been generated) Here it is:

Uninstall Manager Log:
AC3File
AC3Filter
Ad-aware 6 Personal
Adobe Acrobat 5.0
Adobe bridge 1.0
Adobe Common File installer
Adobe Creative Suite 2
Adobe Help Center 1.0
Adobe Stock Photos 1.0
Adobe SVG Viewer 3.0
Age of Empires II
Ahead Nero Burning ROM
ATI Control Panel
ATI Display driver
AVG 7.5
AVG Anti-Spyware 7.5
Azureus Vuse
CDCheck
Click to DVD 1.2
CoreVorbis Audio decoder
Direct Show Ogg Vorbis Filter
DivX Pro Trial
DVD Creation
DVgate Plus
Experience Vaio
ffdshow
FlashGet 1.8
FTP Commander
Giga Pocket 5.5
Giga Pocket Demo Movie
Giga Pocket Hardware Library 5.5
Google Toolbar for Internet Explorer
HijackThis 2.0.2
Home Office Page for VAIO
Huffyuv AVI Lossless video codec
HyoerSnap-DX 4
ImageStation Tour
Intel(R) Extreme Graphics Driver
Intel(R)PRO Network Adapters and Driver
Internet Speed Monitor
Java 2 Runtime Environment, SE v1.4.0
Java Web Start
Java(TM) 6 Update 2
Kaspersky Online Scanner
KC Software VideoInspector
Macromedia Contribute 3.11
Macromedia Dremweaver 8
Macromedia Dreamweaver MX
Macromedia Extension Manager
Macromedia Fireworks 8
Macromedia FLash 8
Macromedia Flash 8 Video Encoder
Macromedia FLash Player 8
Macromedia Flash Pllayer 8 Plugin
Memory Stick Formatter
Microsoft Learning and Research Plus
Microsoft Money 2003
Microsoft Money 2003 system Pack
Microsoft Picture It! Express 7.0
Microsoft Upgrade Offer
Microsoft Works 7.0
Moodlogic
Morgan steram Switcher
Mozilla Firefox (2.0)
MSN Inetrnet Software
MSN Messenger 5.0
Music Visualizer Library 1.4.00
Netscape SMart Capture
NVIDIA Windows 2000/XP Display Driver
OpenMG Limited Patch 3.2-03-02-21-08
OpenMG Limited Patch 3.2-03-02-21-08
OpenMG Secure Module 3.2
Picture Gear Studio 1.0
PowerDVD
Quicken 2003 New User Edition
Quicktime
RealOne Player
Shockwave
SonicStage 1.5.50
Sony Certificate PCH
Sony on Yahoo Essentials
Sony Video shared Library
Spybot - Search & Destroy
Suite Specific
Total Recorder 6.0
Tubo Tax Offer
Ulead COOL 3D Studio
Ulead DVD Workshop 2
Ulead MediaStudio Pro 8.0
VAIO Media2.5
VAIO Media Music Server 2.5
VAIO Media Photo Server 2.5
VAIO Media Platform 2.5
VAIO Media Redistribution 2.5
VAIO Media Setup 2.5
VAIO Media Video Server 2.5
VAIO Registration
VAIO Remote Commander utility 5.5
VAIO Support
VAIO Survery Standalone
VAIO System Information
VAIO TV Page
VERITAS Record Now
ViewPoint Media Player
Windows Installer 3.0
Windows Media Format Runtime
Windows Media Player 10
Winrar archiver
Xvid MPEG-4 Video Codec
ZoneAlarm Security Suite



-------------------------------------------
Here is the Combo Fix Log:
ComboFix 07-10-07.1 - ROBERT 2007-10-07 2:41:16.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.1409 [GMT -4:00]
Running from: C:\Documents and Settings\ROBERT\Desktop\ANTISPYWARE\COMBO FIX\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\ROBERT\Start Menu\Programs\Startup\.lnk

.
((((((((((((((((((((((((( Files Created from 2007-09-07 to 2007-10-07 )))))))))))))))))))))))))))))))
.

2007-10-07 02:09 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-06 03:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-10-06 03:10 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-10-06 01:51 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-05 01:14 1,306,326 ---hs---- C:\WINDOWS\system32\edeeg.bak2
2007-10-05 00:34 512 --a------ C:\ScanSectorLog.dat
2007-10-04 17:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-04 17:44 <DIR> d-------- C:\Program Files\InterMute
2007-10-04 17:23 <DIR> d-------- C:\Documents and Settings\ROBERT\Application Data\MailFrontier
2007-10-04 17:14 97,056 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-10-04 17:14 13,307,424 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-10-04 17:14 12,288 --a------ C:\WINDOWS\system32\drivers\kl1.sys
2007-10-04 15:08 75,512 --a------ C:\WINDOWS\zllsputility.exe
2007-10-04 15:08 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-10-04 15:08 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2007-10-04 15:06 <DIR> d-------- C:\WINDOWS\Internet Logs
2007-10-04 14:56 7,894 ---hs---- C:\WINDOWS\system32\edeeg.ini2
2007-10-04 13:14 6,465 ---hs---- C:\WINDOWS\system32\edeeg.bak1
2007-10-04 13:13 319,584 --a------ C:\WINDOWS\system32\geede.dll
2007-10-04 13:09 35,840 --a------ C:\WINDOWS\tsitra1000106.exe
2007-10-04 13:09 <DIR> d-------- C:\WINDOWS\system32\sas1
2007-10-04 13:09 <DIR> d-------- C:\WINDOWS\system32\rev2
2007-10-04 13:09 <DIR> d-------- C:\WINDOWS\system32\bc1
2007-10-04 13:09 <DIR> d-------- C:\Program Files\ISM2
2007-10-04 13:08 35,840 --a------ C:\WINDOWS\tsitra77.exe
2007-10-04 13:08 35,328 --a------ C:\WINDOWS\winshow.exe
2007-10-04 13:08 <DIR> d-------- C:\WINDOWS\system32\vMW10a
2007-10-04 13:08 <DIR> d-------- C:\Temp\xOe
2007-10-04 07:41 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-09-28 01:51 <DIR> d-------- C:\Downloads
2007-09-28 01:19 <DIR> d-------- C:\Program Files\FlashGet
2007-09-24 03:45 9,120 --a------ C:\huff_value.dat
2007-09-23 23:58 <DIR> d-------- C:\Documents and Settings\ROBERT\Application Data\WinRAR
2007-09-22 15:29 <DIR> d-------- C:\Documents and Settings\ROBERT\Application Data\FrostWire
2007-09-22 15:28 <DIR> d-------- C:\Program Files\AskSBar
2007-09-18 08:26 <DIR> d-------- C:\Documents and Settings\ROBERT\Application Data\Template
2007-09-18 01:25 <DIR> d-------- C:\WINDOWS\pss
2007-09-16 16:38 <DIR> d-------- C:\Program Files\CDCheck
2007-09-14 11:00 <DIR> d-------- C:\Program Files\AC3File
2007-09-14 10:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google
2007-09-14 09:47 77,824 --a------ C:\WINDOWS\system32\MMSwitch.dll
2007-09-14 09:47 40,960 --a------ C:\WINDOWS\system32\MMAVILNG.exe
2007-09-14 09:47 36,734 --a------ C:\WINDOWS\system32\OggDSuninst.exe
2007-09-14 09:47 33,533 --a------ C:\WINDOWS\system32\CoreVorbis-uninstall.exe
2007-09-14 09:47 <DIR> d-------- C:\Program Files\Morgan
2007-09-14 09:47 <DIR> d-------- C:\Program Files\ffdshow
2007-09-14 09:45 <DIR> d-------- C:\Program Files\Xvid
2007-09-14 09:44 56 -r-hs---- C:\WINDOWS\system32\89CA563A33.sys
2007-09-14 09:44 2,098 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-09-14 09:44 <DIR> d-------- C:\Program Files\Google
2007-09-14 09:44 <DIR> d-------- C:\Program Files\DivX
2007-09-14 03:07 <DIR> d-------- C:\Program Files\AC3Filter
2007-09-14 03:06 <DIR> d-------- C:\Documents and Settings\ROBERT\Application Data\Viewpoint
2007-09-14 03:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-09-14 02:53 <DIR> d-------- C:\Program Files\KC Softwares
2007-09-10 03:49 <DIR> d-------- C:\Program Files\Lavasoft
2007-09-09 13:28 54,272 --a------ C:\WINDOWS\system32\DrvTrNTm.dll
2007-09-09 13:28 106,496 --a------ C:\WINDOWS\system32\DrvTrNTl.dll
2007-09-09 13:28 <DIR> d-------- C:\Program Files\HighCriteria
2007-09-08 14:49 <DIR> d-------- C:\Documents and Settings\ROBERT\.jpi_cache
2007-09-08 10:27 21,760 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2007-09-08 10:12 <DIR> d-------- C:\Documents and Settings\ROBERT\Application Data\AdobeUM
2007-09-08 02:16 <DIR> d-------- C:\Psfonts
2007-09-08 02:15 <DIR> d-------- C:\my flashes
2007-09-08 02:15 <DIR> d-------- C:\firmware Sony DW-U12A
2007-09-08 00:56 <DIR> d-------- C:\Documents and Settings\ROBERT\Application Data\Azureus
2007-09-08 00:55 <DIR> d-------- C:\Program Files\Azureus
2007-09-07 22:41 <DIR> d-------- C:\Program Files\Common Files\Macromedia Shared
2007-09-07 22:34 <DIR> d--h-c--- C:\WINDOWS\$MSI30UninstallMSI30-KB884016$
2007-09-07 20:56 <DIR> d-------- C:\Documents and Settings\ROBERT\Application Data\Ulead Systems
2007-09-07 20:35 49,152 --------- C:\WINDOWS\system32\INETWH32.dll
2007-09-07 20:35 1,056,768 --------- C:\WINDOWS\system32\ROBOEX32.DLL
2007-09-07 20:30 <DIR> d-------- C:\Program Files\FTP Commander
2007-09-07 20:28 <DIR> d-------- C:\Program Files\HyperSnap-DX 4
2007-09-07 20:27 <DIR> d-------- C:\Program Files\DVD Shrink
2007-09-07 20:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-09-07 18:28 16,384 --a------ C:\WINDOWS\system32\FileOps.exe
2007-09-07 18:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2007-09-07 18:22 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2007-09-07 18:06 7,420 --a------ C:\WINDOWS\UA000019.DLL
2007-09-07 17:55 73,728 --a------ C:\WINDOWS\system32\mplaw7.dll
2007-09-07 17:55 73,728 --a------ C:\WINDOWS\system32\mplaa6.dll
2007-09-07 17:55 61,440 --a------ C:\WINDOWS\system32\mplam6.dll
2007-09-07 17:55 401,462 --a------ C:\WINDOWS\system32\msvcp60.dll
2007-09-07 17:55 <DIR> d-------- C:\Program Files\Windows Media Components
2007-09-07 17:55 <DIR> d-------- C:\MSP8 Preview Files
2007-09-07 17:54 <DIR> d-------- C:\Program Files\Ulead Systems
2007-09-07 17:54 <DIR> d-------- C:\Program Files\Common Files\Ulead Systems
2007-09-07 17:54 <DIR> d-------- C:\Program Files\Common Files\SONY Digital Images
2007-09-07 17:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ulead Systems
2007-09-07 17:48 89,184 --------- C:\WINDOWS\system32\drivers\imagedrv.sys
2007-09-07 17:47 569,344 -ra------ C:\WINDOWS\system32\imagr5.dll
2007-09-07 17:47 544,768 -ra------ C:\WINDOWS\system32\imagx5.dll
2007-09-07 17:47 38,912 -ra------ C:\WINDOWS\system32\picn20.dll
2007-09-07 17:47 283,920 -ra------ C:\WINDOWS\system32\ImagXpr5.dll
2007-09-07 17:47 155,648 -ra------ C:\WINDOWS\system32\NeroCheck.exe
2007-09-07 17:47 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-09-07 17:47 <DIR> d-------- C:\Program Files\Ahead
2007-09-07 15:29 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-09-07 15:29 155,648 --a------ C:\WINDOWS\system32\xvidvfw.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-07 01:47 186956 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2007-10-07 01:47 10904 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2007-09-10 18:07 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-09-07 17:54 --------- d-------- C:\Program Files\Common Files\InstallShield
2007-09-07 02:58 --------- d-------- C:\Program Files\Sony
2007-09-07 02:58 --------- d-------- C:\Documents and Settings\All Users\Application Data\Sony Corporation
2007-09-07 02:45 0 -rah----- C:\WINDOWS\system32\drivers\Sony_PCV-RZ32G(UC)_.mrk
2002-08-29 08:00 262656 ----s---- C:\WINDOWS\Media\CertMgr.dll
.

((((((((((((((((((((((((((((( snapshot@2007-10-07_ 2.15.57.31 )))))))))))))))))))))))))))))))))))))))))
.
----a-w 882,068 2007-10-07 06:28:30 C:\WINDOWS\system32\ZoneLabs\avsys\bases\sfdb.dat
.
----a-w 882,068 2007-10-07 05:46:59 C:\WINDOWS\system32\ZoneLabs\avsys\bases\sfdb.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{524837ED-6546-4976-BDED-8E5A9B13E70B}]
2007-10-04 13:13 319584 --a------ C:\WINDOWS\System32\geede.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{85F4356D-B0C0-48A8-8A34-10DE22474963}]
C:\Program Files\WindowsUpdate\holetu4444.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C777CF73-124F-3562-44AC-E685D962C63C}]
2002-08-29 08:00 262656 ----s---- C:\WINDOWS\Media\CertMgr.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E8CDBA68-9B77-4324-85D3-1AD38E39ACEB}]
C:\Program Files\WindowsUpdate\holetu83122.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F188C731-7DDD-4A0E-9786-FA740681309F}]
C:\Program Files\Online Services\lawunedi.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-03-03 22:44]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2003-03-11 14:24]
"VAIO Recovery"="C:\Windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 01:08]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"TotalRecorderScheduler"="C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe" [2006-05-12 01:32]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-02-24 04:04]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 02:12]
"Adobe Version Cue CS2"="C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-04 18:58]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-10-04 11:50]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-10-04 12:38]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 02:50]
"ezShieldProtector for Px"="C:\WINDOWS\System32\ezSP_Px.exe" [2002-08-20 13:29]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2002-08-29 08:00]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Iinl"="C:\DOCUME~1\ROBERT\MYDOCU~1\FNTS~1\alg.exe" []
"Ztt"="C:\Program Files\??sembly\??rvices.exe" []
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2002-09-16 23:02]
"Mozilla Quick Launch"="C:\Program Files\Netscape\Netscape\Netscp.exe" [2003-02-08 12:50]
"ISMPack6"="C:\Program Files\ISM2\ISMPack6.exe" [2007-09-28 09:27]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2007-09-07 18:33:09]
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50]
Billminder.lnk - C:\Program Files\Quicken\billmind.exe [2002-09-20 15:19:46]
Quicken Scheduled Updates.lnk - C:\Program Files\Quicken\bagent.exe [2002-09-20 15:20:02]
Quicken Startup.lnk - C:\Program Files\Quicken\QWDLLS.EXE [2002-09-20 15:20:06]
Remocon Driver.lnk - C:\Program Files\Sony\USBSircs\usbsircs.exe [2007-09-07 02:52:02]
Timer Recording Manager.lnk - C:\Program Files\Sony\Giga Pocket\ReserveModule.exe [2007-09-07 02:52:07]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"OleExport"= {C777CF73-124F-3562-44AC-E685D962C63C} - C:\WINDOWS\Media\CertMgr.dll [2002-08-29 08:00 262656]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtqpqq]
awtqpqq.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\System32\geede.dll


R0 Pnp680r;Silicon Image SiI 0680 Medley Raid Controller;C:\WINDOWS\System32\DRIVERS\pnp680r.sys
R3 smrt;Sony MPEG RealTime encoder board;C:\WINDOWS\System32\DRIVERS\smrt.sys
R3 SONYWBMS;Sony Memory Stick controller(WB);C:\WINDOWS\System32\DRIVERS\SonyWBMS.SYS

.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-07 02:45:37
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-07 2:48:11
C:\ComboFix-quarantined-files.txt ... 2007-10-07 02:48
C:\ComboFix2.txt ... 2007-10-07 02:16
.
--- E O F ---
 
Hello panicden,

thank you very much for typing out that entire uninstall list, I imagine it took quite awhile to do.
Could you please also post a new HijakckThis log?
 
__RiP_ChAiN_ said:
Hello panicden,
Could you please also post a new HijakckThis log?
Click to expand...

Here it is Rip. And yes, it did take forever to type out, I soon knew that my normal one finger typing skills were not going to be enough for the challenge so I enlisted the aid of a second finger from the opposite hand even to get the job done, they can no longer bend but what the hell, it had to be done. Any idea why the save file button would not work for me?

HJT Log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:48:36 PM, on 10/7/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Sony\Giga Pocket\shwserv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\ISM2\ISMPack6.exe
C:\Program Files\Sony\USBSircs\usbsircs.exe
C:\Program Files\Sony\Giga Pocket\ReserveModule.exe
C:\Program Files\Sony\Giga Pocket\gps.exe
C:\Program Files\Sony\Giga Pocket\RM_SV.exe
C:\Program Files\Sony\Giga Pocket\halsv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [VAIO Recovery] C:\Windows\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe Version Cue CS2] C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [Iinl] "C:\DOCUME~1\ROBERT\MYDOCU~1\FNTS~1\alg.exe" -vt yazb
O4 - HKCU\..\Run: [Ztt] "C:\Program Files\??sembly\??rvices.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - HKCU\..\Run: [ISMPack6] "C:\Program Files\ISM2\ISMPack6.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Remocon Driver.lnk = ?
O4 - Global Startup: Timer Recording Manager.lnk = C:\Program Files\Sony\Giga Pocket\ReserveModule.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe (file missing)
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O21 - SSODL: OleExport - {C777CF73-124F-3562-44AC-E685D962C63C} - C:\WINDOWS\Media\CertMgr.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Giga Pocket Hardware Detector - Sony Corporation - C:\Program Files\Sony\Giga Pocket\shwserv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\Giga Pocket\halsv.exe
O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\Giga Pocket\RM_SV.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\Photo Server\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\Giga Pocket\GPVSvr.exe
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 10300 bytes
 
__RiP_ChAiN_ said:
Hello panicden,
Could you please also post a new HijakckThis log?
Click to expand...

Here it is Rip. And yes, it did take forever to type out, I soon knew that my normal one finger typing skills were not going to be enough for the challenge so I enlisted the aid of a second finger from the opposite hand even to get the job done, they can no longer bend but what the hell, it had to be done. Any idea why the save file button would not work for me?

HJT Log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:48:36 PM, on 10/7/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Sony\Giga Pocket\shwserv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\ISM2\ISMPack6.exe
C:\Program Files\Sony\USBSircs\usbsircs.exe
C:\Program Files\Sony\Giga Pocket\ReserveModule.exe
C:\Program Files\Sony\Giga Pocket\gps.exe
C:\Program Files\Sony\Giga Pocket\RM_SV.exe
C:\Program Files\Sony\Giga Pocket\halsv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [VAIO Recovery] C:\Windows\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe Version Cue CS2] C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [Iinl] "C:\DOCUME~1\ROBERT\MYDOCU~1\FNTS~1\alg.exe" -vt yazb
O4 - HKCU\..\Run: [Ztt] "C:\Program Files\??sembly\??rvices.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - HKCU\..\Run: [ISMPack6] "C:\Program Files\ISM2\ISMPack6.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Remocon Driver.lnk = ?
O4 - Global Startup: Timer Recording Manager.lnk = C:\Program Files\Sony\Giga Pocket\ReserveModule.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe (file missing)
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O21 - SSODL: OleExport - {C777CF73-124F-3562-44AC-E685D962C63C} - C:\WINDOWS\Media\CertMgr.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Giga Pocket Hardware Detector - Sony Corporation - C:\Program Files\Sony\Giga Pocket\shwserv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\Giga Pocket\halsv.exe
O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\Giga Pocket\RM_SV.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\Photo Server\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\Giga Pocket\GPVSvr.exe
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 10300 bytes
 
Hello panicden,

I soon knew that my normal one finger typing skills were not going to be enough for the challenge so I enlisted the aid of a second finger from the opposite hand even to get the job done
Click to expand...
:funny:
Any idea why the save file button would not work for me?
Click to expand...
I'm not sure, a lot of users have been having trouble with this option recently.

A. Please RUN HijackThis
  1. Click the SCAN button to produce a log.

  2. Place a check mark beside each one of the following items:

    O4 - HKCU\..\Run: [Iinl] "C:\DOCUME~1\ROBERT\MYDOCU~1\FNTS~1\alg.exe" -vt yazb
    O4 - HKCU\..\Run: [Ztt] "C:\Program Files\??sembly\??rvices.exe"
    O4 - HKCU\..\Run: [ISMPack6] "C:\Program Files\ISM2\ISMPack6.exe"

  3. Now with all the items selected, and all windows closed except for HJT, delete them by clicking the FIX checked button. Close the HijackThis window.


B. 1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\WINDOWS\system32\edeeg.bak2
C:\WINDOWS\system32\edeeg.ini2
C:\WINDOWS\system32\edeeg.bak1
C:\WINDOWS\system32\geede.dll
C:\WINDOWS\tsitra1000106.exe
C:\WINDOWS\tsitra77.exe
C:\WINDOWS\winshow.exe
C:\Program Files\Online Services\lawunedi.dll
C:\Program Files\WindowsUpdate\holetu83122.dll

Folder::
C:\WINDOWS\system32\vMW10a
C:\Temp\xOe
C:\WINDOWS\system32\sas1
C:\WINDOWS\system32\rev2
C:\WINDOWS\system32\bc1
C:\Program Files\ISM2

Registry::
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{524837ED-6546-4976-BDED-8E5A9B13E70B}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{85F4356D-B0C0-48A8-8A34-10DE22474963}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E8CDBA68-9B77-4324-85D3-1AD38E39ACEB}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F188C731-7DDD-4A0E-9786-FA740681309F}]
Click to expand...


3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif



5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.
 
And here you go:

COMBOFIX LOG
ComboFix 07-10-07.1 - ROBERT 2007-10-07 22:50:46.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.1426 [GMT -4:00]
Running from: C:\Documents and Settings\ROBERT\Desktop\ANTISPYWARE\COMBO FIX\ComboFix.exe
Command switches used :: C:\Documents and Settings\ROBERT\Desktop\ANTISPYWARE\COMBO FIX\CFScript.txt
* Created a new restore point

FILE::
C:\Program Files\Online Services\lawunedi.dll
C:\Program Files\WindowsUpdate\holetu83122.dll
C:\WINDOWS\system32\edeeg.bak1
C:\WINDOWS\system32\edeeg.bak2
C:\WINDOWS\system32\edeeg.ini2
C:\WINDOWS\system32\geede.dll
C:\WINDOWS\tsitra1000106.exe
C:\WINDOWS\tsitra77.exe
C:\WINDOWS\winshow.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\ISM2
C:\Program Files\ISM2\dictionary.gz
C:\Program Files\ISM2\ISMPack6.exe
C:\Program Files\ISM2\targets.gz
C:\Temp\xOe
C:\Temp\xOe\tOasF.log
C:\WINDOWS\system32\bc1
C:\WINDOWS\system32\edeeg.bak1
C:\WINDOWS\system32\edeeg.bak2
C:\WINDOWS\system32\edeeg.ini2
C:\WINDOWS\system32\geede.dll
C:\WINDOWS\system32\rev2
C:\WINDOWS\system32\sas1
C:\WINDOWS\system32\vMW10a
C:\WINDOWS\tsitra1000106.exe
C:\WINDOWS\tsitra77.exe
C:\WINDOWS\winshow.exe

.
((((((((((((((((((((((((( Files Created from 2007-09-08 to 2007-10-08 )))))))))))))))))))))))))))))))
.

2007-10-07 02:09 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-06 03:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-10-06 03:10 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-10-06 01:51 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-05 00:34 512 --a------ C:\ScanSectorLog.dat
2007-10-04 17:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-04 17:44 <DIR> d-------- C:\Program Files\InterMute
2007-10-04 17:23 <DIR> d-------- C:\Documents and Settings\ROBERT\Application Data\MailFrontier
2007-10-04 17:14 132,896 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-10-04 17:14 13,778,720 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-10-04 17:14 12,288 --a------ C:\WINDOWS\system32\drivers\kl1.sys
2007-10-04 15:08 75,512 --a------ C:\WINDOWS\zllsputility.exe
2007-10-04 15:08 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-10-04 15:08 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2007-10-04 15:06 <DIR> d-------- C:\WINDOWS\Internet Logs
2007-10-04 07:41 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-09-28 01:51 <DIR> d-------- C:\Downloads
2007-09-28 01:19 <DIR> d-------- C:\Program Files\FlashGet
2007-09-24 03:45 9,120 --a------ C:\huff_value.dat
2007-09-23 23:58 <DIR> d-------- C:\Documents and Settings\ROBERT\Application Data\WinRAR
2007-09-22 15:29 <DIR> d-------- C:\Documents and Settings\ROBERT\Application Data\FrostWire
2007-09-22 15:28 <DIR> d-------- C:\Program Files\AskSBar
2007-09-18 08:26 <DIR> d-------- C:\Documents and Settings\ROBERT\Application Data\Template
2007-09-18 01:25 <DIR> d-------- C:\WINDOWS\pss
2007-09-16 16:38 <DIR> d-------- C:\Program Files\CDCheck
2007-09-14 11:00 <DIR> d-------- C:\Program Files\AC3File
2007-09-14 10:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google
2007-09-14 09:47 77,824 --a------ C:\WINDOWS\system32\MMSwitch.dll
2007-09-14 09:47 40,960 --a------ C:\WINDOWS\system32\MMAVILNG.exe
2007-09-14 09:47 36,734 --a------ C:\WINDOWS\system32\OggDSuninst.exe
2007-09-14 09:47 33,533 --a------ C:\WINDOWS\system32\CoreVorbis-uninstall.exe
2007-09-14 09:47 <DIR> d-------- C:\Program Files\Morgan
2007-09-14 09:47 <DIR> d-------- C:\Program Files\ffdshow
2007-09-14 09:45 <DIR> d-------- C:\Program Files\Xvid
2007-09-14 09:44 56 -r-hs---- C:\WINDOWS\system32\89CA563A33.sys
2007-09-14 09:44 2,098 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-09-14 09:44 <DIR> d-------- C:\Program Files\Google
2007-09-14 09:44 <DIR> d-------- C:\Program Files\DivX
2007-09-14 03:07 <DIR> d-------- C:\Program Files\AC3Filter
2007-09-14 03:06 <DIR> d-------- C:\Documents and Settings\ROBERT\Application Data\Viewpoint
2007-09-14 03:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-09-14 02:53 <DIR> d-------- C:\Program Files\KC Softwares
2007-09-10 03:49 <DIR> d-------- C:\Program Files\Lavasoft
2007-09-09 13:28 54,272 --a------ C:\WINDOWS\system32\DrvTrNTm.dll
2007-09-09 13:28 106,496 --a------ C:\WINDOWS\system32\DrvTrNTl.dll
2007-09-09 13:28 <DIR> d-------- C:\Program Files\HighCriteria
2007-09-08 14:49 <DIR> d-------- C:\Documents and Settings\ROBERT\.jpi_cache
2007-09-08 10:27 21,760 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2007-09-08 10:12 <DIR> d-------- C:\Documents and Settings\ROBERT\Application Data\AdobeUM
2007-09-08 02:16 <DIR> d-------- C:\Psfonts
2007-09-08 02:15 <DIR> d-------- C:\my flashes
2007-09-08 02:15 <DIR> d-------- C:\firmware Sony DW-U12A
2007-09-08 00:56 <DIR> d-------- C:\Documents and Settings\ROBERT\Application Data\Azureus
2007-09-08 00:55 <DIR> d-------- C:\Program Files\Azureus

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-07 22:55 193940 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2007-10-07 22:55 14552 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2007-10-07 05:20 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-10-07 05:19 --------- d-------- C:\Program Files\Quicken
2007-10-07 05:17 --------- d-------- C:\Program Files\CyberLink
2007-10-07 05:08 --------- d-------- C:\Program Files\Sony
2007-10-07 05:08 --------- d-------- C:\Documents and Settings\All Users\Application Data\Sony Corporation
2007-10-06 15:05 --------- d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-10-05 17:56 --------- d-------- C:\Documents and Settings\ROBERT\Application Data\Real
2007-10-02 14:05 --------- d-------- C:\Program Files\FTP Commander
2007-09-11 13:07 --------- d-------- C:\Documents and Settings\ROBERT\Application Data\Ulead Systems
2007-09-07 23:17 --------- d-------- C:\Documents and Settings\ROBERT\Application Data\MSN6
2007-09-07 22:41 --------- d-------- C:\Program Files\Common Files\Macromedia Shared
2007-09-07 20:48 --------- d-------- C:\Program Files\Ulead Systems
2007-09-07 20:48 --------- d-------- C:\Documents and Settings\All Users\Application Data\Ulead Systems
2007-09-07 20:28 --------- d-------- C:\Program Files\HyperSnap-DX 4
2007-09-07 20:27 --------- d-------- C:\Program Files\DVD Shrink
2007-09-07 18:24 --------- d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2007-09-07 18:22 --------- d-------- C:\Program Files\Common Files\Adobe Systems Shared
2007-09-07 17:55 --------- d-------- C:\Program Files\Windows Media Components
2007-09-07 17:55 --------- d-------- C:\Program Files\Common Files\Ulead Systems
2007-09-07 17:54 --------- d-------- C:\Program Files\Common Files\SONY Digital Images
2007-09-07 17:54 --------- d-------- C:\Program Files\Common Files\InstallShield
2007-09-07 17:47 --------- d-------- C:\Program Files\Common Files\Ahead
2007-09-07 17:47 --------- d-------- C:\Program Files\Ahead
2007-09-07 03:16 499712 --a------ C:\WINDOWS\system32\msvcp71.dll
2007-09-07 03:16 348160 --a------ C:\WINDOWS\system32\msvcr71.dll
2007-09-07 03:02 --------- d-------- C:\Program Files\Microsoft Works
2007-09-07 03:02 --------- d-------- C:\Program Files\Encarta Online
2007-09-07 02:53 --------- d-------- C:\Program Files\VERITAS Software
2007-09-07 02:53 --------- d-------- C:\Documents and Settings\ROBERT\Application Data\VERITAS
2007-09-07 02:45 0 -rah----- C:\WINDOWS\system32\drivers\Sony_PCV-RZ32G(UC)_.mrk
2002-08-29 08:00 262656 ----s---- C:\WINDOWS\Media\CertMgr.dll
.

((((((((((((((((((((((((((((( snapshot@2007-10-07_ 2.15.57.31 )))))))))))))))))))))))))))))))))))))))))
.
----a-w 262,144 2007-10-08 02:50:35 C:\WINDOWS\system32\config\systemprofile\ntuser.dat
----a-w 33,252,352 2007-10-08 02:54:13 C:\WINDOWS\system32\ZoneLabs\zlqrtdb.dat
----a-w 882,824 2007-10-08 02:57:03 C:\WINDOWS\system32\ZoneLabs\avsys\bases\sfdb.dat
.
----a-w 262,144 2007-10-07 06:09:54 C:\WINDOWS\system32\config\systemprofile\ntuser.dat
----a-w 32,975,872 2007-10-06 00:19:36 C:\WINDOWS\system32\ZoneLabs\zlqrtdb.dat
----a-w 882,068 2007-10-07 05:46:59 C:\WINDOWS\system32\ZoneLabs\avsys\bases\sfdb.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{85F4356D-B0C0-48A8-8A34-10DE22474963}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C777CF73-124F-3562-44AC-E685D962C63C}]
2002-08-29 08:00 262656 ----s---- C:\WINDOWS\Media\CertMgr.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E8CDBA68-9B77-4324-85D3-1AD38E39ACEB}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F188C731-7DDD-4A0E-9786-FA740681309F}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F2A5AD06-51DF-4929-92A0-5B80AA4F794E}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"@"="" []
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-03-03 22:44]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2003-03-11 14:24]
"VAIO Recovery"="C:\Windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 01:08]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"TotalRecorderScheduler"="C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe" [2006-05-12 01:32]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-02-24 04:04]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 02:12]
"Adobe Version Cue CS2"="C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-04 18:58]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-10-04 11:50]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-10-04 12:38]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 02:50]
"ezShieldProtector for Px"="C:\WINDOWS\System32\ezSP_Px.exe" [2002-08-20 13:29]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" []
"Mozilla Quick Launch"="C:\Program Files\Netscape\Netscape\Netscp.exe" [2003-02-08 12:50]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"<NO NAME>"=

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2007-09-07 18:33:09]
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50]
Remocon Driver.lnk - C:\Program Files\Sony\USBSircs\usbsircs.exe [2007-09-07 02:52:02]
Timer Recording Manager.lnk - C:\Program Files\Sony\Giga Pocket\ReserveModule.exe [2007-09-07 02:52:07]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"OleExport"= {C777CF73-124F-3562-44AC-E685D962C63C} - C:\WINDOWS\Media\CertMgr.dll [2002-08-29 08:00 262656]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtqpqq]
awtqpqq.dll


R0 Pnp680r;Silicon Image SiI 0680 Medley Raid Controller;C:\WINDOWS\System32\DRIVERS\pnp680r.sys
R3 smrt;Sony MPEG RealTime encoder board;C:\WINDOWS\System32\DRIVERS\smrt.sys
R3 SONYWBMS;Sony Memory Stick controller(WB);C:\WINDOWS\System32\DRIVERS\SonyWBMS.SYS

.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-07 22:57:00
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-07 23:08:58 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-10-07 23:08
C:\ComboFix2.txt ... 2007-10-07 02:48
C:\ComboFix3.txt ... 2007-10-07 02:16
.
--- E O F ---
---------------------------------
 
And her is the HJT Log

HJT LOG
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:11:21 PM, on 10/7/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Sony\Giga Pocket\shwserv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\PROGRA~1\Grisoft\AVG7\avgw.exe
C:\Program Files\Sony\USBSircs\usbsircs.exe
C:\Program Files\Sony\Giga Pocket\ReserveModule.exe
C:\Program Files\Sony\Giga Pocket\gps.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Sony\Giga Pocket\RM_SV.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Sertificate Infj - {C777CF73-124F-3562-44AC-E685D962C63C} - C:\WINDOWS\Media\CertMgr.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [VAIO Recovery] C:\Windows\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe Version Cue CS2] C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Remocon Driver.lnk = ?
O4 - Global Startup: Timer Recording Manager.lnk = C:\Program Files\Sony\Giga Pocket\ReserveModule.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe (file missing)
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O20 - Winlogon Notify: awtqpqq - awtqpqq.dll (file missing)
O21 - SSODL: OleExport - {C777CF73-124F-3562-44AC-E685D962C63C} - C:\WINDOWS\Media\CertMgr.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Giga Pocket Hardware Detector - Sony Corporation - C:\Program Files\Sony\Giga Pocket\shwserv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\Giga Pocket\halsv.exe
O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\Giga Pocket\RM_SV.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\Photo Server\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\Giga Pocket\GPVSvr.exe
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 11134 bytes
 
Hello panicden,

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O20 - Winlogon Notify: awtqpqq - awtqpqq.dll (file missing)

Now close all windows other than HiJackThis, then click Fix Checked. Close HijackThis.

Please delete the following folder:

C:\Qoobox

Lets run an F-Secure online scan for Viruses, Spyware and RootKits:

  • [*Go to http://support.f-secure.com/enu/home/ols.shtml
  • Scroll to the bottom of the page and click the Start scanning button. A window will pop up.
  • Allow the Active X control to be installed on your computer, then click the Accept button
  • Click Full System Scan and allow the components to download and the scan to complete.
  • If malware is found, check Submit samples to F-Secure then select Automatic cleaning
  • When cleaning has finitished, click Show report (this will open an Internet Explorer window containing the report)
  • Highlight and Copy (CTRL + C) the complete report, and Paste (CTRL + V) in a new reply to this post
If Automatic cleaning with Submit samples hangs, click Cancel, then New Scan
  • When the cleaning option is presented, Uncheck Submit samples to F-Secure
  • Click Automatic cleaning
  • When cleaning has finitished, click Show report (this will open an Internet Explorer window containing the report)
  • Highlight and Copy (CTRL + C) the complete report, and Paste (CTRL + V) in a new reply to this post
Notes:
  • This scan will only work with Internet Explorer
  • You must have administrator rights to run this scan
  • This scan can take several hours, so please be patient
 
ok, I just tried the f-secure site on my laptop and it worked fine, the certificate came right up but on my infected PC still nothing, I then noticed that my CPU was maxing out at 93%, a quick look in my task manager showed that svchost.exe was for some reason using up 90% of the cpu, I have no applications open and running except for my zone alarm AV/firewall suite (by the way, any input on using zone Alarm? I used to use AVG and just recently switched over) which doesn't seem to be using much of my CPU from what I can see. Any Ideas as to what I might try? Is there something I should try to turn off to do the F-secure?
 
Ok, new update to my problem with F-secure, i found a workaround by booting up into safe mode with networking (and manually activating my Zone Alarm firewall & AV) and then accessing the F-Secure website. in this way and Only in this way can I get the F-secure scanner to work. I just downloaded the components and it looks like I am about to engage in a Scan so I expect to post a log shortly.
Do you have any idea what might be causing the problem between my PC in normal mode and this site?
I thought for a second that the problem might have been a conflict with my zone alarm so I did a quick (Real quick) test of de-activating my AV and quickly attempting to access the F-Secure scan but still I got a "page error" and hit the same ol' brick wall so I quickly & verynervously re-engaged my AV protection :fear:.
P.S. just so you know, my CPU Usage problem is not a problem at present as it was in my previouspost althought that was still strange and raises my concern.
 
Here is the F-Secure log

Scanning Report
Monday, October 08, 2007 01:55:28 - 04:02:46
Computer name: PANIC
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\ D:\ E:\ G:\

Result: 3 malware found
W32/Malware.ACSR (virus)
C:\WINDOWS\KILL32.EXE (Submitted)
W32/Tinydoor.AM (virus)
E:\KAZ\IMTOO DVD AUDIO RIPPER 1.0.8 KEYGEN.EXE (Submitted)
E:\KAZ\IMTOO DVD AUDIO RIPPER 1.0.EXE (Submitted)

--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 60784
System: 4323
Not scanned: 2
Actions:
Disinfected: 0
Renamed: 0
Deleted: 0
None: 3
Submitted: 3
Files not scanned:
C:\PAGEFILE.SYS
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT

--------------------------------------------------------------------------------

Options
Scanning engines:
F-Secure Libra: 2.4.2, 2007-10-07
F-Secure AVP: 7.0.171, 2007-10-08
F-Secure Orion: 1.2.37, 2007-10-08
F-Secure Blacklight: 1.0.64
F-Secure Draco: 1.0.35, 2007-09-17
F-Secure Pegasus: 1.19.0, 2007-09-02
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB BAT LNK ANI AVB CEO CMD LSP MAP MHT MIF PDF PHP POT WMF NWS TAR TGZ WSF ZL? {* ZIP JAR ARJ LZH TAR TGZ GZ CAB RAR BZ2 HQX
Use Advanced heuristics
 
I re-did the f-secure scan once more and had it delete the viruses that it found as well as disinfect the spyware infected files, I then ran a third scan and made sure that it came up virus and spyware free. I then went back to the folders that had originally had files infected and deleted them.
 
Hello panicden,

by the way, any input on using zone Alarm? I used to use AVG and just recently switched over) which doesn't seem to be using much of my CPU from what I can see. Any Ideas as to what I might try? Is there something I should try to turn off to do the F-secure?
Click to expand...
Zone alarm has proven to be a trusted firewall for me in the past, it's a good option.

Do you have any idea what might be causing the problem between my PC in normal mode and this site?
Click to expand...
I'm not really sure, it had to have been some kind of program interrfering though.

Could you please post back with a new HijackThis log?
 
Here is a fresh log for the fire:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:00:36 PM, on 10/8/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Sony\Giga Pocket\shwserv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\Program Files\Sony\Giga Pocket\RM_SV.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\PROGRA~1\Grisoft\AVG7\avgw.exe
C:\Program Files\Sony\USBSircs\usbsircs.exe
C:\Program Files\Sony\Giga Pocket\ReserveModule.exe
C:\Program Files\Sony\Giga Pocket\gps.exe
C:\WINDOWS\System32\ZoneLabs\UpdClient.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Sertificate Infj - {C777CF73-124F-3562-44AC-E685D962C63C} - C:\WINDOWS\Media\CertMgr.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [VAIO Recovery] C:\Windows\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe Version Cue CS2] C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Remocon Driver.lnk = ?
O4 - Global Startup: Timer Recording Manager.lnk = C:\Program Files\Sony\Giga Pocket\ReserveModule.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe (file missing)
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O21 - SSODL: OleExport - {C777CF73-124F-3562-44AC-E685D962C63C} - C:\WINDOWS\Media\CertMgr.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Giga Pocket Hardware Detector - Sony Corporation - C:\Program Files\Sony\Giga Pocket\shwserv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\Giga Pocket\halsv.exe
O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\Giga Pocket\RM_SV.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\Photo Server\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\Giga Pocket\GPVSvr.exe
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 11225 bytes
 
Hello panicden,

Your logs are finally looking good, besides that recent svchost.exe concern. How is your computer currently running?
 
Hey Rip, While I have,'t actually used it much throughout this rescue except to do the scans and such I have not had any instances of zedo or speed monitor pop ups yet today, I think that is a good sign, and that crazy nasty problem of the annoying "switch to" prompts every five seconds is gone. "Yay Rip!!"
I think my surfing speed is good, though you know how it is, you do your trepidatious maiden voyage clicking on a fresh page hoping it to zoom right up lickety split and any bit of hesitation gets you to start wringing your tie while hoping that you just lucked upon a slow site or congested server. but I think it is looking pretty good.........pretty...pretty...pretty good (OK you busted me, I'm a CYE fan)
Thank you for your word on Zone ALarm, as you no doubt can tell, like a kid clutching his moms apron strings I have not been able to bring myself to remove my AVG yet, now I think I will, to lessen the chance of any AV software conflict.
You my friend ROCK!, and no not in a Duran Duran wmpy hugry like a wolf sort of way, but in a BIG BAD Van Halen before Roth's hairline started playing hide & go seek kind of way, You, sir, have been a great help and while I won't lie, indeed I did soil more than one undergarment thoughout this ordeal, but your help has kept such unpleasantness to a minimum, my wife tanks you (she does the laundry). I will post back tomorrow with a final update after using the machine now that I have the reed light, peace my brother.
 
You must log in or register to reply here.
Back
Top