Please help!

Q

qwerty77

New member
I have some sort of malware in my registry I can't get rid of and I'm about to lose my mind. It's locked up my control panel completely and I can't turn system restore off either. I've tried Norton and McAffee antivirus scans, Ad-Watch, Ad-Aware, Spybot SD, and Spyware Doctor. It now won't let me run any of these scans, even when booted in safe mode. I've downloaded HJT but can't run it. I can't end programs in task manager or use msconfig to change startup programs. I repeatedly get 2 windows pop up. One is an about a spyware removal program that redirects to a series of websites beginning with TrustedAntivirus.com. The other is an error 1810 about not being online, but it just comes up randomly, not when opening programs. Does anyone have any suggestions???
 
I'm also getting blue screens of death and random restarts now, but the blue screens dissapear before I can read the error code on them.
 
Hello.

Do you have access to another computer so you can download HJT?

Upload to infected machine
Place HJT into own folder
Run HJT on the infected PC and post the log you produce using the clean PC in the Malware Removal Forum

Let us know. :)
 
Hi,
I have HJT installed in C:/ on the infected computer, I just can't open it, or any other scanning programs for some reason.
 
Hello.

Oops, missed that part. I have moved your topic to the malware removal forum and will leave a note for our helpers.

Best wishes.
 
HJT log

I got HJT to run today. Here is the log from it.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:32:18 PM, on 1/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
C:\Program Files\Common Files\AOL\1154548953\ee\AOLSoftware.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
C:\Program Files\Trend Micro\Tmas\Tmas.exe
C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Symantec AntiVirus\vpc32.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Aware2007.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Owner\Desktop\HiJackThis(2).exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll
O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\Search\YSearchSuggest.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [SonyPowerCfg] "C:\Program Files\Sony\VAIO Power Management\SPMgr.exe"
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [VAIO Update 3] "C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1154548953\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [lanmanwrk.exe] C:\WINDOWS\System32\lanmanwrk.exe
O4 - HKLM\..\Run: [KernelDrv.exe] C:\WINDOWS\System32\KernelDrv.exe
O4 - HKLM\..\Run: [etMonitor] C:\WINDOWS\etMon.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [Medichi] medichi.exe
O4 - HKLM\..\Run: [Medichi2] medichi2.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/VaioInfo.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1173976083410
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: murka.dat
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SonicStageMonitoring - Sony Corporation - C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

--
End of file - 17187 bytes
 
Welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:
1. If you don't know, stop and ask! Don't keep going on.
2. Please reply to this thread. Do not start a new topic.
3. Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)

If you can do those three things, everything should go smoothly :D

AntiVirus
You appear to have Symantec and McAfee
First you should know that you're actually doing more harm than good by running more than one Anti Virus program.
When you do this the programs compete for resources, and the end result is none does it's best and can cause system instability.
I recommend that you choose one that you want to keep.
The other/s I would either uninstall, or disable from startup and use as "on demand" for an occasional scan.

Download and Run ComboFix
  • Download Combofix from one of the links below :

    ComboFix.exe 1
    ComboFix.exe 2
    ComboFix.exe 3
  • You must download it to and run it from your Desktop
  • Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
  • Rename ComboFix.exe to Combo.exe BEFORE you run it
  • Double click combofix.exe & follow the prompts.
  • When finished, it will produce a log. Please save that log to post in your next reply along with a fresh HJT log
  • Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
ComboFix SHOULD NOT be used unless requested by a forum helper
 
Last edited:
Thanks! Here is the CF log:

ComboFix 07-12-31.4 - Owner 2008-01-01 21:35:38.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.459 [GMT -5:00]
Running from: C:\Documents and Settings\Owner\Desktop\Combo.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\QdrDrive
C:\WINDOWS\setup.exe
C:\WINDOWS\system32\16875.exe
C:\WINDOWS\system32\31699.exe
C:\WINDOWS\system32\97585.exe
C:\WINDOWS\system32\install.exe
C:\WINDOWS\system32\suspend.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_LANMANDRV


((((((((((((((((((((((((( Files Created from 2007-12-02 to 2008-01-02 )))))))))))))))))))))))))))))))
.

2008-01-01 21:33 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-01 18:33 . 2005-10-11 17:57 36,864 -ra------ C:\WINDOWS\SET161.tmp
2007-12-31 19:34 . 2007-12-31 19:34 812,344 --a------ C:\HJTInstall.exe
2007-12-31 19:33 . 2007-12-31 19:33 6,163 --a------ C:\downloadget.htm
2007-12-31 19:15 . 2007-12-31 19:15 401,720 --a------ C:\HiJackThis.exe
2007-12-31 18:37 . 2008-01-01 18:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-30 17:43 . 2006-07-04 04:35 159,872 -ra------ C:\WINDOWS\system32\drivers\etFilter.sys
2007-12-30 17:43 . 2006-03-01 04:56 61,440 -ra------ C:\WINDOWS\system32\etVFW.dll
2007-12-30 17:43 . 2006-02-19 21:19 36,864 --a------ C:\WINDOWS\system32\etProp.ax
2007-12-30 17:43 . 2005-10-11 17:57 36,864 -ra------ C:\WINDOWS\etMon.exe
2007-12-30 17:43 . 2005-05-25 18:56 28,672 -ra------ C:\WINDOWS\etRun.exe
2007-12-30 17:43 . 2004-09-14 19:25 17,808 -ra------ C:\WINDOWS\system32\emYUV.dll
2007-12-30 17:42 . 2005-10-20 18:11 94,720 -ra------ C:\WINDOWS\system32\drivers\etDevice.sys
2007-12-30 17:42 . 2005-10-20 18:29 6,016 -ra------ C:\WINDOWS\system32\drivers\etScan.sys
2007-12-30 17:36 . 2007-12-31 20:30 16,384 --a------ C:\WINDOWS\system32\users32.dat
2007-12-30 17:24 . 2007-12-30 17:24 <DIR> d-------- C:\Program Files\ETUSB2.0
2007-12-30 17:24 . 2007-12-30 17:24 <DIR> d-------- C:\Program Files\eMPIA-ET
2007-12-30 17:24 . 2005-07-01 19:01 393,306 --a------ C:\WINDOWS\etamcap.exe
2007-12-30 17:24 . 2005-05-25 19:18 217,088 --a------ C:\WINDOWS\etSTI.exe
2007-12-30 17:24 . 2005-06-10 16:07 208,896 --a------ C:\WINDOWS\etCap.exe
2007-12-30 15:11 . 2007-12-30 15:20 <DIR> d-------- C:\Program Files\ScopePhoto
2007-12-29 13:53 . 2007-12-29 13:53 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Sonic
2007-12-29 13:53 . 2007-12-29 13:53 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Leadertech
2007-12-29 08:20 . 2007-12-29 08:20 <DIR> d-------- C:\Program Files\MSECache
2007-12-28 08:01 . 2007-12-28 08:01 <DIR> d-------- C:\Program Files\ReflexiveArcade
2007-12-15 12:27 . 2007-12-15 12:27 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-15 12:27 . 2007-12-15 12:27 1,409 --a------ C:\WINDOWS\QTFont.for

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-02 02:44 --------- d-----w C:\Program Files\Spyware Doctor
2008-01-02 02:43 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-01-02 02:33 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-01 01:30 4,224 ----a-w C:\WINDOWS\system32\drivers\beep.sys
2008-01-01 00:34 --------- d-----w C:\Program Files\Trend Micro
2007-12-31 22:10 74,240 ----a-w C:\WINDOWS\system32\drivers\iksyssec.sys
2007-12-31 22:10 56,832 ----a-w C:\WINDOWS\system32\drivers\iksysflt.sys
2007-12-31 18:19 --------- d-----w C:\Documents and Settings\Owner\Application Data\Sony Corporation
2007-12-30 22:46 --------- d-----w C:\Program Files\Java
2007-12-30 22:38 --------- d-----w C:\Program Files\QuickTime
2007-12-30 22:38 --------- d-----w C:\Program Files\iTunes
2007-12-30 22:38 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-12-30 22:38 --------- d-----w C:\Program Files\Apoint
2007-12-30 22:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-27 22:16 --------- d-----w C:\Documents and Settings\Owner\Application Data\Aim
2007-12-27 02:32 --------- d-----w C:\Documents and Settings\Owner\Application Data\LimeWire
2007-12-26 03:04 --------- d-----w C:\Program Files\Yahoo!
2007-12-26 03:04 --------- d-----w C:\Program Files\1Club.FM
2007-12-26 02:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Napster
2007-12-26 02:51 --------- d-----w C:\Program Files\BitTorrent
2007-12-10 13:53 --------- d-----w C:\Program Files\AIM
2007-12-07 05:25 47,760 ----a-w C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
2007-12-02 18:37 --------- d-----w C:\Program Files\Google
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-08 02:20 --------- d-----w C:\Program Files\MySpace
2007-11-08 02:20 --------- d-----w C:\Documents and Settings\Owner\Application Data\MySpace
2007-05-28 15:55 30,033,136 ----a-w C:\Documents and Settings\Owner\SymantecAV10.1.4.B4000.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22}]
2005-10-14 12:21 102400 --a------ C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-15 07:00 15360]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-12-30 17:36 4670968]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [ ]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-12-30 17:36 8720384]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-30 17:36 282624]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2007-12-30 17:36 77824]
"VAIO Recovery"="C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-19 23:08 28672]
"SonyPowerCfg"="C:\Program Files\Sony\VAIO Power Management\SPMgr.exe" [2007-12-30 17:36 217088]
"ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [2007-12-30 17:36 32768]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-05-08 12:50 7561216]
"Switcher.exe"="C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2007-12-30 17:36 176128]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2007-12-31 20:30 118784]
"McAfeeUpdaterUI"="C:\Program Files\McAfee\Common Framework\UdaterUI.exe" [2007-12-30 17:36 136768]
"ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.exe" [2006-11-30 09:50 112216]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 15:56 64512]
"VAIO Update 3"="C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe" [2007-12-30 17:36 551032]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2007-12-30 17:36 124656]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-12-30 17:36 53408]
"DeadAIM"="C:\Program Files\AIM\\DeadAIM.ocm" [2004-02-23 03:16 144896]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-30 17:36 256576]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-30 17:36 282624]
"VAIOCameraUtility"="C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe" [2007-12-30 17:36 69632]
"HostManager"="C:\Program Files\Common Files\AOL\1154548953\ee\AOLSoftware.exe" [2007-12-30 17:36 50792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-12-31 13:10 132496]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2007-12-30 17:36 94208]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2007-12-30 17:36 118784]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2007-12-30 17:36 479232]
"KernelDrv.exe"="C:\WINDOWS\System32\KernelDrv.exe" [ ]
"etMonitor"="C:\WINDOWS\etMon.exe" [2005-10-11 17:57 36864]
"@"="" []
"lanmanwrk.exe"="C:\WINDOWS\System32\lanmanwrk.exe" [ ]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2008-01-01 18:19 1065800]
"Medichi"="medichi.exe" []
"Medichi2"="medichi2.exe" []
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-12-30 17:36 8720384]

Files\Webshots\Launcher.exe [2007-06-03 21:52:53]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26]
Clean Access Agent.lnk - C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe [2007-09-06 23:13:06]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04]
Trend Micro Anti-Spyware.lnk - C:\Program Files\Trend Micro\Tmas\Tmas.exe [2006-08-02 15:15:47]
VPN Client.lnk - C:\WINDOWS\Installer\{8A3A2363-2129-43FB-8DFC-F237DA58038C}\Icon3E5562ED7.ico [2007-06-16 12:48:54]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{03A80B1D-5C6A-42c2-9DFB-81B6005D8023}"= C:\Program Files\Trend Micro\Tmas\sshook.dll [2006-08-02 15:15 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
VESWinlogon.dll 2006-03-09 16:51 73728 C:\WINDOWS\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe [2002-12-17 19:26]
R3 SonyImgF;Sony Image Conversion Filter Driver;C:\WINDOWS\system32\DRIVERS\SonyImgF.sys [2006-03-06 21:39]
R3 ti21sony;ti21sony;C:\WINDOWS\system32\drivers\ti21sony.sys [2006-02-21 21:32]
S3 DCamUSBET;scopetek dcm130 usb2.0 device;C:\WINDOWS\system32\DRIVERS\etDevice.sys [2005-10-20 18:11]
S3 FiltUSBET;dcm130 USB Device Lower Filter;C:\WINDOWS\system32\DRIVERS\etFilter.sys [2006-07-04 04:35]
S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment;C:\Program Files\Sony\Image Converter 2\IcVzMon.exe [2005-07-14 21:10]
S3 pelmouse;Mouse Suite Driver;C:\WINDOWS\system32\DRIVERS\pelmouse.sys [2002-06-28 20:21]
S3 pelusblf;USB Mouse Low Filter Driver;C:\WINDOWS\system32\DRIVERS\pelusblf.sys [2001-07-24 12:34]
S3 ScanUSBET;dcm130 USB Still Image Capture Device;C:\WINDOWS\system32\DRIVERS\etScan.sys [2005-10-20 18:29]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE [2002-12-17 19:23]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d8435c48-225e-11db-b383-806d6172696f}]
\Shell\AutoRun\command - E:\sony\Autorun.exe

.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-01 21:46:39
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-01 21:54:57 - machine was rebooted
C:\qoobox\ComboFix-quarantined-files.txt 2008-01-02 02:54:53
.
2007-12-31 22:36:05 --- E O F ---
 
and here is the new HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:12:43 PM, on 1/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\WINDOWS\ehome\ehtray.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
C:\Program Files\Common Files\AOL\1154548953\ee\AOLSoftware.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\WINDOWS\etMon.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
C:\Program Files\Trend Micro\Tmas\Tmas.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Aware2007.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Outlook Express\msimn.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Owner\Desktop\HiJackThis(2).exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll
O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\Search\YSearchSuggest.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [SonyPowerCfg] "C:\Program Files\Sony\VAIO Power Management\SPMgr.exe"
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [VAIO Update 3] "C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1154548953\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [KernelDrv.exe] C:\WINDOWS\System32\KernelDrv.exe
O4 - HKLM\..\Run: [etMonitor] C:\WINDOWS\etMon.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/VaioInfo.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1173976083410
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SonicStageMonitoring - Sony Corporation - C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

--
End of file - 16176 bytes
 
That looks better, how are things running now ?

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

LimeWire
BitTorrent

I'd like you to read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.

Also available here.

My recommendation is you go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).
Please note: you must NOT use this whilst we are cleaning your machine.


Disable Teatimer
First step:
  • Right-click the Spybot Icon in the System Tray (looks like a blue/white calendar with a padlock symbol)
  • If you have the new version 1.5, Click once on Resident Protection, then Right click the Spybot icon again and make sure Resident Protection is now Unchecked. The Spybot icon in the System tray should now be now colorless.
  • If you have Version 1.4, Click on Exit Spybot S&D Resident
Second step, For Either Version :
  • Open Spybot S&D
  • Click Mode, choose Advanced Mode
  • Go To the bottom of the Vertical Panel on the Left, Click Tools
  • then, also in left panel, click Resident shows a red/white shield.
  • If your firewall raises a question, say OK
  • In the Resident protection status frame, Uncheck the box labeled Resident "Tea-Timer"(Protection of over-all system settings) active
  • OK any prompts.
  • Use File, Exit to terminate Spybot
  • Reboot your machine for the changes to take effect.

Custom CFScript
  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Code: 
    Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KernelDrv.exe"=-
"lanmanwrk.exe"=-
"Medichi"=-
"Medichi2"=-
"KernelFaultCheck"=-
  • Save this as CFScript.txt and place it on your desktop.


    CFScript.gif


  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.
 
It's running somewhat better, here is the new CF log:

ComboFix 07-12-31.4 - Owner 2008-01-02 7:59:29.2 - NTFSx86
Running from: C:\Documents and Settings\Owner\Desktop\Combo.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\cfscript.txt
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2007-12-02 to 2008-01-02 )))))))))))))))))))))))))))))))
.

2008-01-01 21:33 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-01 18:33 . 2005-10-11 17:57 36,864 -ra------ C:\WINDOWS\SET161.tmp
2007-12-31 19:34 . 2007-12-31 19:34 812,344 --a------ C:\HJTInstall.exe
2007-12-31 19:33 . 2007-12-31 19:33 6,163 --a------ C:\downloadget.htm
2007-12-31 19:15 . 2007-12-31 19:15 401,720 --a------ C:\HiJackThis.exe
2007-12-31 18:37 . 2008-01-01 18:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-30 17:43 . 2006-07-04 04:35 159,872 -ra------ C:\WINDOWS\system32\drivers\etFilter.sys
2007-12-30 17:43 . 2006-03-01 04:56 61,440 -ra------ C:\WINDOWS\system32\etVFW.dll
2007-12-30 17:43 . 2006-02-19 21:19 36,864 --a------ C:\WINDOWS\system32\etProp.ax
2007-12-30 17:43 . 2005-10-11 17:57 36,864 -ra------ C:\WINDOWS\etMon.exe
2007-12-30 17:43 . 2005-05-25 18:56 28,672 -ra------ C:\WINDOWS\etRun.exe
2007-12-30 17:43 . 2004-09-14 19:25 17,808 -ra------ C:\WINDOWS\system32\emYUV.dll
2007-12-30 17:42 . 2005-10-20 18:11 94,720 -ra------ C:\WINDOWS\system32\drivers\etDevice.sys
2007-12-30 17:42 . 2005-10-20 18:29 6,016 -ra------ C:\WINDOWS\system32\drivers\etScan.sys
2007-12-30 17:36 . 2007-12-31 20:30 16,384 --a------ C:\WINDOWS\system32\users32.dat
2007-12-30 17:24 . 2007-12-30 17:24 <DIR> d-------- C:\Program Files\ETUSB2.0
2007-12-30 17:24 . 2007-12-30 17:24 <DIR> d-------- C:\Program Files\eMPIA-ET
2007-12-30 17:24 . 2005-07-01 19:01 393,306 --a------ C:\WINDOWS\etamcap.exe
2007-12-30 17:24 . 2005-05-25 19:18 217,088 --a------ C:\WINDOWS\etSTI.exe
2007-12-30 17:24 . 2005-06-10 16:07 208,896 --a------ C:\WINDOWS\etCap.exe
2007-12-30 15:11 . 2007-12-30 15:20 <DIR> d-------- C:\Program Files\ScopePhoto
2007-12-29 13:53 . 2007-12-29 13:53 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Sonic
2007-12-29 13:53 . 2007-12-29 13:53 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Leadertech
2007-12-29 08:20 . 2007-12-29 08:20 <DIR> d-------- C:\Program Files\MSECache
2007-12-28 08:01 . 2007-12-28 08:01 <DIR> d-------- C:\Program Files\ReflexiveArcade
2007-12-15 12:27 . 2007-12-15 12:27 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-15 12:27 . 2007-12-15 12:27 1,409 --a------ C:\WINDOWS\QTFont.for

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-02 12:55 --------- d-----w C:\Program Files\LimeWire
2008-01-02 12:51 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-01-02 12:39 --------- d-----w C:\Program Files\Sony Pictures Games
2008-01-02 12:39 --------- d-----w C:\Documents and Settings\Owner\Application Data\Yahoo!
2008-01-02 12:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-01-02 12:37 --------- d-----w C:\Program Files\DAPlus
2008-01-02 12:37 --------- d-----w C:\Program Files\Common Files\AOL
2008-01-02 12:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-01-02 02:44 --------- d-----w C:\Program Files\Spyware Doctor
2008-01-02 02:33 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-01 01:30 4,224 ----a-w C:\WINDOWS\system32\drivers\beep.sys
2008-01-01 01:30 118,784 ----a-w C:\WINDOWS\system32\igfxpers.exe
2008-01-01 00:34 --------- d-----w C:\Program Files\Trend Micro
2007-12-31 22:10 74,240 ----a-w C:\WINDOWS\system32\drivers\iksyssec.sys
2007-12-31 22:10 56,832 ----a-w C:\WINDOWS\system32\drivers\iksysflt.sys
2007-12-31 21:57 8,477 ----a-w C:\WINDOWS\system32\ksvcl.dll
2007-12-31 21:57 26,120 ----a-w C:\WINDOWS\system32\kcopt.dll
2007-12-31 18:19 --------- d-----w C:\Documents and Settings\Owner\Application Data\Sony Corporation
2007-12-30 22:46 --------- d-----w C:\Program Files\Java
2007-12-30 22:38 --------- d-----w C:\Program Files\QuickTime
2007-12-30 22:38 --------- d-----w C:\Program Files\iTunes
2007-12-30 22:38 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-12-30 22:38 --------- d-----w C:\Program Files\Apoint
2007-12-30 22:36 94,208 ----a-w C:\WINDOWS\system32\igfxtray.exe
2007-12-30 22:36 77,824 ----a-w C:\WINDOWS\system32\hkcmd.exe
2007-12-30 22:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-27 22:16 --------- d-----w C:\Documents and Settings\Owner\Application Data\Aim
2007-12-27 02:32 --------- d-----w C:\Documents and Settings\Owner\Application Data\LimeWire
2007-12-26 03:04 --------- d-----w C:\Program Files\Yahoo!
2007-12-26 03:04 --------- d-----w C:\Program Files\1Club.FM
2007-12-26 02:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Napster
2007-12-26 02:51 --------- d-----w C:\Program Files\BitTorrent
2007-12-10 13:53 --------- d-----w C:\Program Files\AIM
2007-12-07 05:25 47,760 ----a-w C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
2007-12-02 18:37 --------- d-----w C:\Program Files\Google
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-08 02:20 --------- d-----w C:\Program Files\MySpace
2007-11-08 02:20 --------- d-----w C:\Documents and Settings\Owner\Application Data\MySpace
2007-10-29 22:35 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 23:39 228,864 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-05-28 15:55 30,033,136 ----a-w C:\Documents and Settings\Owner\SymantecAV10.1.4.B4000.exe
.

((((((((((((((((((((((((((((( snapshot@2008-01-01_21.54.35.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-02 12:48:33 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_8a4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22}]
2005-10-14 12:21 102400 --a------ C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-15 07:00 15360]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-12-30 17:36 4670968]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [ ]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-12-30 17:36 8720384]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-30 17:36 282624]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2007-12-30 17:36 77824]
"VAIO Recovery"="C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-19 23:08 28672]
"SonyPowerCfg"="C:\Program Files\Sony\VAIO Power Management\SPMgr.exe" [2007-12-30 17:36 217088]
"ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [2007-12-30 17:36 32768]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-05-08 12:50 7561216]
"Switcher.exe"="C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2007-12-30 17:36 176128]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2007-12-31 20:30 118784]
"McAfeeUpdaterUI"="C:\Program Files\McAfee\Common Framework\UdaterUI.exe" [2007-12-30 17:36 136768]
"ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.exe" [2006-11-30 09:50 112216]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 15:56 64512]
"VAIO Update 3"="C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe" [2007-12-30 17:36 551032]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2007-12-30 17:36 124656]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-12-30 17:36 53408]
"DeadAIM"="C:\Program Files\AIM\\DeadAIM.ocm" [2004-02-23 03:16 144896]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-30 17:36 256576]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-30 17:36 282624]
"VAIOCameraUtility"="C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe" [2007-12-30 17:36 69632]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-12-31 13:10 132496]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2007-12-30 17:36 94208]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2007-12-30 17:36 118784]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2007-12-30 17:36 479232]
"etMonitor"="C:\WINDOWS\etMon.exe" [2005-10-11 17:57 36864]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2008-01-01 18:19 1065800]
"HostManager"="C:\Program Files\Common Files\AOL\1154548953\ee\AOLSoftware.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-12-30 17:36 8720384]


Webshots.lnk - C:\Program Files\Webshots\Launcher.exe [2007-06-03 21:52:53]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26]
Clean Access Agent.lnk - C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe [2007-09-06 23:13:06]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04]
Trend Micro Anti-Spyware.lnk - C:\Program Files\Trend Micro\Tmas\Tmas.exe [2006-08-02 15:15:47]
VPN Client.lnk - C:\WINDOWS\Installer\{8A3A2363-2129-43FB-8DFC-F237DA58038C}\Icon3E5562ED7.ico [2007-06-16 12:48:54]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{03A80B1D-5C6A-42c2-9DFB-81B6005D8023}"= C:\Program Files\Trend Micro\Tmas\sshook.dll [2006-08-02 15:15 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
VESWinlogon.dll 2006-03-09 16:51 73728 C:\WINDOWS\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe [2002-12-17 19:26]
R3 SonyImgF;Sony Image Conversion Filter Driver;C:\WINDOWS\system32\DRIVERS\SonyImgF.sys [2006-03-06 21:39]
R3 ti21sony;ti21sony;C:\WINDOWS\system32\drivers\ti21sony.sys [2006-02-21 21:32]
S3 DCamUSBET;scopetek dcm130 usb2.0 device;C:\WINDOWS\system32\DRIVERS\etDevice.sys [2005-10-20 18:11]
S3 FiltUSBET;dcm130 USB Device Lower Filter;C:\WINDOWS\system32\DRIVERS\etFilter.sys [2006-07-04 04:35]
S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment;C:\Program Files\Sony\Image Converter 2\IcVzMon.exe [2005-07-14 21:10]
S3 pelmouse;Mouse Suite Driver;C:\WINDOWS\system32\DRIVERS\pelmouse.sys [2002-06-28 20:21]
S3 pelusblf;USB Mouse Low Filter Driver;C:\WINDOWS\system32\DRIVERS\pelusblf.sys [2001-07-24 12:34]
S3 ScanUSBET;dcm130 USB Still Image Capture Device;C:\WINDOWS\system32\DRIVERS\etScan.sys [2005-10-20 18:29]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE [2002-12-17 19:23]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d8435c48-225e-11db-b383-806d6172696f}]
\Shell\AutoRun\command - E:\sony\Autorun.exe

.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-02 08:06:41
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-02 8:11:41
C:\qoobox\ComboFix-quarantined-files.txt 2008-01-02 13:11:35
C:\qoobox\ComboFix2.txt 2008-01-02 02:54:57
.
2007-12-31 22:36:05 --- E O F ---
 
qwerty77 said:
When the computer rebooted after the CF scan I got a "system has recovered from a serious error" message.
Click to expand...
Curious ???

There is no malware visible in the last log, what problems are you having now ?
Did you disable/remove one of the Antivirus programs ?

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.
  1. Close all applications and windows.
  2. Double-click on dss.exe to run it, and follow the prompts.
  3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
  4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt to your post. in your reply

Kaspersky Online Scanner .
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
Go Here http://www.kaspersky.com/virusscanner

Read the Requirements and limitations before you click Accept.
Allow the ActiveX download if necessary
Once the database has downloaded, click Next.
Click Scan Settings and change the "Scan using the following antivirus database" from standard to extended and then click OK.
Click on "My Computer" and then put the kettle on!
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.

Please post all three logs in your reply ( you may need more than one post )
 
I also get pop-up errors about a persistance module every few hours.

Here's the extra log:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Core(TM)2 CPU T5600 @ 1.83GHz
CPU 1: Intel(R) Core(TM)2 CPU T5600 @ 1.83GHz
Percentage of Memory in Use: 61%
Physical Memory (total/avail): 1014.11 MiB / 393.09 MiB
Pagefile Memory (total/avail): 2441.59 MiB / 1891.86 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1926.81 MiB

C: is Fixed (NTFS) - 104.79 GiB total, 66.3 GiB free.
D: is Removable (No Media)
E: is CDROM (No Media)

\\.\PHYSICALDRIVE1 - MemoryStick0 Device

\\.\PHYSICALDRIVE0 - FUJITSU MHV2120BH PL - 111.79 GiB - 2 partitions
\PARTITION0 - Unknown - 7 GiB
\PARTITION1 (bootable) - Installable File System - 104.79 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is set to notify before install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

FW: Norton Internet Worm Protection v2006 (Symantec) Disabled
AV: VirusScan Enterprise + AntiSpyware Enterprise v8.5.0.781 (McAfee, Inc.) Disabled
AV: Symantec AntiVirus Corporate Edition v10.1.4.4000 (Symantec Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Owner\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_07\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=480037D956F7448
ComSpec=C:\WINDOWS\system32\cmd.exe
DEFLOGDIR=C:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Owner
LOGONSERVER=\\480037D956F7448
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\Intel\Wireless\Bin\;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\;C:\Program Files\QuickTime\QTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f06
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_07\lib\ext\QTJava.zip
SESSIONNAME=Console
SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
TMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
USERDOMAIN=480037D956F7448
USERNAME=Owner
USERPROFILE=C:\Documents and Settings\Owner
VSEDEFLOGDIR=C:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Owner (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

HijackThis 2.0.2 --> "C:\DOCUME~1\Owner\Desktop\HijackThis.exe" /uninstall


-- Application Event Log -------------------------------------------------------

Event Record #/Type15036 / Warning
Event Submitted/Written: 01/02/2008 08:28:02 AM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{90280409-6000-11D3-8CFE-0050048383C9}', feature 'InternationalSupportFiles_JPN' failed during request for component '{D4C8BFFA-BF6F-11D1-843A-0000F807F120}'

Event Record #/Type15034 / Error
Event Submitted/Written: 01/02/2008 08:27:51 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application igfxpers.exe, version 3.0.0.4543, faulting module igfxpers.exe, version 3.0.0.4543, fault address 0x00012fe1.
Processing media-specific event for [igfxpers.exe!ws!]

Event Record #/Type15032 / Warning
Event Submitted/Written: 01/02/2008 08:27:41 AM
Event ID/Source: 19011 / MSSQL$VAIO_VEDB
Event Description:
(SpnRegister) : Error 1355

Event Record #/Type15018 / Warning
Event Submitted/Written: 01/02/2008 07:56:24 AM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{90280409-6000-11D3-8CFE-0050048383C9}', feature 'InternationalSupportFiles_JPN' failed during request for component '{D4C8BFFA-BF6F-11D1-843A-0000F807F120}'

Event Record #/Type15016 / Warning
Event Submitted/Written: 01/02/2008 07:56:08 AM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{90280409-6000-11D3-8CFE-0050048383C9}', feature 'InternationalSupportFiles_JPN' failed during request for component '{D4C8BFFA-BF6F-11D1-843A-0000F807F120}'



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type13652 / Error
Event Submitted/Written: 01/02/2008 07:51:33 AM
Event ID/Source: 1003 / System Error
Event Description:
Error code 100000d1, parameter1 00000000, parameter2 00000002, parameter3 00000000, parameter4 f7956a20.

Event Record #/Type13628 / Error
Event Submitted/Written: 01/02/2008 07:48:24 AM
Event ID/Source: 1002 / Dhcp
Event Description:
The IP address lease 192.168.1.100 for the Network Card with network address 0018DE6CA3A7 has been
denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

Event Record #/Type13614 / Warning
Event Submitted/Written: 01/01/2008 11:04:16 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type13610 / Error
Event Submitted/Written: 12/26/2007 09:29:38 PM
Event ID/Source: 29 / W32Time
Event Description:
The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.

Event Record #/Type13609 / Error
Event Submitted/Written: 12/25/2007 09:46:59 PM
Event ID/Source: 11 / Cdrom
Event Description:
The driver detected a controller error on \Device\CdRom0.



-- End of Deckard's System Scanner: finished at 2008-01-02 09:48:48 ------------
 
Here's the main log in 2 parts; it's too long for 1 post:



Deckard's System Scanner v20071014.68
Run by Owner on 2008-01-02 09:46:41
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
98: 2008-01-02 14:46:53 UTC - RP251 - Deckard's System Scanner Restore Point
97: 2008-01-02 12:59:11 UTC - RP250 - ComboFix created restore point
96: 2008-01-02 02:35:03 UTC - RP249 - ComboFix created restore point
95: 2008-01-01 23:32:18 UTC - RP248 - Unsigned driver install
94: 2008-01-01 23:14:15 UTC - RP247 - Unsigned driver install


-- First Restore Point --
1: 2007-10-04 19:31:38 UTC - RP154 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:48:09 AM, on 1/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\WINDOWS\etMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Trend Micro\Tmas\Tmas.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\DOCUME~1\Owner\Desktop\Owner.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll
O2 - BHO: (no name) - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - (no file)
O2 - BHO: (no name) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [SonyPowerCfg] "C:\Program Files\Sony\VAIO Power Management\SPMgr.exe"
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [VAIO Update 3] "C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [etMonitor] C:\WINDOWS\etMon.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/VaioInfo.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1173976083410
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SonicStageMonitoring - Sony Corporation - C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

--
End of file - 14115 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 Tosrfcom (Bluetooth RFCOMM from TOSHIBA) - c:\windows\system32\drivers\tosrfcom.sys <Not Verified; TOSHIBA Corporation; Bluetooth RFCOMM Driver>
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.4.9.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.4.9.0>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>
R3 tosporte (Bluetooth Port Driver from Toshiba) - c:\windows\system32\drivers\tosporte.sys <Not Verified; TOSHIBA Corporation; TOSHIBA Bluetooth Port Emulation Driver>

S3 DCamUSBET (scopetek dcm130 usb2.0 device) - c:\windows\system32\drivers\etdevice.sys <Not Verified; eMPIA Technology, Inc.; ET USB 28xx Video>
S3 FiltUSBET (dcm130 USB Device Lower Filter) - c:\windows\system32\drivers\etfilter.sys <Not Verified; eMPIA Technology Inc.; EM27xx / EM28xx USB Video Convertor>
S3 ScanUSBET (dcm130 USB Still Image Capture Device) - c:\windows\system32\drivers\etscan.sys <Not Verified; eMPIA Technology, Inc.; ET USB 28xx Video>
S3 toshidpt (TOSHIBA Bluetooth HID port driver) - c:\windows\system32\drivers\toshidpt.sys <Not Verified; TOSHIBA Corporation.; TOSHIBA Bluetooth HID Mini Port Driver>
S3 Tosrfbd (Bluetooth RFBUS from TOSHIBA) - c:\windows\system32\drivers\tosrfbd.sys <Not Verified; TOSHIBA CORPORATION; Bluetooth BUS Driver(WindowsXP,Windows2000)>
S3 Tosrfbnp (Bluetooth RFBNEP from TOSHIBA) - c:\windows\system32\drivers\tosrfbnp.sys <Not Verified; TOSHIBA Corporation; Bluetooth RFBNEP Driver from TOSHIBA>
S3 Tosrfhid (Bluetooth RFHID from TOSHIBA) - c:\windows\system32\drivers\tosrfhid.sys <Not Verified; TOSHIBA Corporation.; Bluetooth HID Driver from TOSHIBA>
S3 tosrfnds (Bluetooth Personal Area Network from TOSHIBA) - c:\windows\system32\drivers\tosrfnds.sys <Not Verified; TOSHIBA Corporation.; Bluetooth BNEP Driver from TOSHIBA>
S3 TosRfSnd (Bluetooth Audio Device (WDM) from TOSHIBA) - c:\windows\system32\drivers\tosrfsnd.sys <Not Verified; TOSHIBA Corporation; Bluetooth Audio Driver>
S3 Tosrfusb (Bluetooth USB Controller) - c:\windows\system32\drivers\tosrfusb.sys <Not Verified; TOSHIBA CORPORATION; Microsoft(R) Windows NT(R) Operating System>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 aawservice (Ad-Aware 2007 Service) - "c:\program files\lavasoft\ad-aware 2007\aawservice.exe" <Not Verified; Lavasoft AB; Ad-Aware 2007 Service>
R2 RegSrvc (Intel(R) PROSet/Wireless Registry Service) - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; Intel(R) PROSet/Wireless Registry Service>

S3 WmcCds (Windows Media Connect (WMC)) - c:\program files\windows media connect\mswmccds.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 WmcCdsLs (Windows Media Connect (WMC) Helper) - c:\program files\windows media connect\mswmcls.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: CVirtA
 
-- Files created between 2007-12-02 and 2008-01-02 -----------------------------

2007-12-31 19:33:02 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
2007-12-31 19:28:03 0 d-------- C:\WINDOWS\CSC
2007-12-31 18:37:55 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-30 17:43:03 28672 -ra------ C:\WINDOWS\etRun.exe <Not Verified; eMPIA Technology, Inc.; etRun>
2007-12-30 17:43:03 36864 -ra------ C:\WINDOWS\etMon.exe <Not Verified; EMPIA Technology Corporation; etMonitor>
2007-12-30 17:43:02 61440 -ra------ C:\WINDOWS\system32\etVFW.dll <Not Verified; eMPIA Technology, Inc.; ET USB 28xx Video>
2007-12-30 17:43:02 17808 -ra------ C:\WINDOWS\system32\emYUV.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(TM) Operating System>
2007-12-30 17:43:02 159872 -ra------ C:\WINDOWS\system32\drivers\etFilter.sys <Not Verified; eMPIA Technology Inc.; EM27xx / EM28xx USB Video Convertor>
2007-12-30 17:42:59 6016 -ra------ C:\WINDOWS\system32\drivers\etScan.sys <Not Verified; eMPIA Technology, Inc.; ET USB 28xx Video>
2007-12-30 17:42:58 94720 -ra------ C:\WINDOWS\system32\drivers\etDevice.sys <Not Verified; eMPIA Technology, Inc.; ET USB 28xx Video>
2007-12-30 17:36:22 16384 --a------ C:\WINDOWS\system32\users32.dat
2007-12-30 17:24:33 217088 --a------ C:\WINDOWS\etSTI.exe <Not Verified; eMPIA Technology, Inc.; etSTI>
2007-12-30 17:24:33 208896 --a------ C:\WINDOWS\etCap.exe <Not Verified; eMPIA Technology, Inc.; etCap>
2007-12-30 17:24:33 393306 --a------ C:\WINDOWS\etamcap.exe <Not Verified; Microsoft Corporation; DirectX 9.0 Sample>
2007-12-30 17:24:33 0 d-------- C:\Program Files\ETUSB2.0
2007-12-30 17:24:32 0 d-------- C:\Program Files\eMPIA-ET
2007-12-30 15:11:54 0 d-------- C:\Program Files\ScopePhoto
2007-12-29 13:53:31 0 d-------- C:\Documents and Settings\Owner\Application Data\Sonic
2007-12-29 13:53:16 0 d-------- C:\Documents and Settings\Owner\Application Data\Leadertech
2007-12-29 08:20:03 0 d-------- C:\Program Files\MSECache
2007-12-20 18:38:12 0 d-------- C:\Program Files\ReflexiveArcade
2007-12-10 08:53:10 0 d-------- C:\Documents and Settings\Owner\Application Data\Help


-- Find3M Report ---------------------------------------------------------------

2008-01-02 09:44:01 148 --a------ C:\Documents and Settings\Owner\Application Data\GL_Alerts.conf
2008-01-02 08:34:35 0 d-------- C:\Program Files\Symantec AntiVirus
2008-01-02 07:55:26 0 d-------- C:\Program Files\LimeWire
2008-01-02 07:39:43 0 d-------- C:\Documents and Settings\Owner\Application Data\Yahoo!
2008-01-02 07:39:19 0 d-------- C:\Program Files\Sony Pictures Games
2008-01-02 07:37:59 0 d-------- C:\Program Files\DAPlus
2008-01-02 07:37:20 0 d-------- C:\Program Files\Common Files\AOL
2008-01-01 21:44:13 0 d-------- C:\Program Files\Spyware Doctor
2007-12-31 20:30:31 118784 --a------ C:\WINDOWS\system32\igfxpers.exe <Not Verified; Intel Corporation; Intel(R) Common User Interface>
2007-12-31 19:34:50 0 d-------- C:\Program Files\Trend Micro
2007-12-31 16:57:14 8477 --a------ C:\WINDOWS\system32\ksvcl.dll
2007-12-31 16:57:10 26120 --a------ C:\WINDOWS\system32\kcopt.dll
2007-12-31 13:19:43 0 d-------- C:\Documents and Settings\Owner\Application Data\Sony Corporation
2007-12-30 17:46:55 0 d-------- C:\Program Files\Java
2007-12-30 17:38:39 0 d-------- C:\Program Files\iTunes
2007-12-30 17:38:39 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-12-30 17:38:39 0 d-------- C:\Program Files\Apoint
2007-12-30 17:38:38 0 d-------- C:\Program Files\QuickTime
2007-12-30 17:36:25 94208 --a------ C:\WINDOWS\system32\igfxtray.exe <Not Verified; Intel Corporation; Intel(R) Common User Interface>
2007-12-30 17:36:24 77824 --a------ C:\WINDOWS\system32\hkcmd.exe <Not Verified; Intel Corporation; Intel(R) Common User Interface>
2007-12-30 17:24:28 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-12-27 17:16:04 0 d-------- C:\Documents and Settings\Owner\Application Data\Aim
2007-12-26 21:32:29 0 d-------- C:\Documents and Settings\Owner\Application Data\LimeWire
2007-12-25 22:04:57 0 d-------- C:\Program Files\Yahoo!
2007-12-25 22:04:57 0 d-------- C:\Program Files\1Club.FM
2007-12-25 21:53:42 0 d-------- C:\Program Files\Common Files
2007-12-25 21:51:42 0 d-------- C:\Program Files\BitTorrent
2007-12-10 08:53:10 0 d-------- C:\Program Files\AIM
2007-12-07 00:25:06 47760 --a------ C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
2007-12-02 13:37:53 0 d-------- C:\Program Files\Google
2007-11-08 16:31:07 0 d-------- C:\Documents and Settings\Owner\Application Data\Macromedia
2007-11-07 21:20:57 0 d-------- C:\Documents and Settings\Owner\Application Data\MySpace
2007-11-07 21:20:55 0 d-------- C:\Program Files\MySpace


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22}]
10/14/2005 12:21 PM 102400 --a------ C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [12/30/2007 05:36 PM]
"VAIO Recovery"="C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe" [04/19/2003 11:08 PM]
"SonyPowerCfg"="C:\Program Files\Sony\VAIO Power Management\SPMgr.exe" [12/30/2007 05:36 PM]
"ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [12/30/2007 05:36 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [05/08/2006 12:50 PM]
"Switcher.exe"="C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe" [12/30/2007 05:36 PM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [12/31/2007 08:30 PM]
"McAfeeUpdaterUI"="C:\Program Files\McAfee\Common Framework\UdaterUI.exe" [12/30/2007 05:36 PM]
"ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.exe" [11/30/2006 09:50 AM]
"VAIO Update 3"="C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe" [12/30/2007 05:36 PM]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [12/30/2007 05:36 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [12/30/2007 05:36 PM]
"DeadAIM"="C:\Program Files\AIM\\DeadAIM.ocm" [02/23/2004 03:16 AM]
"VAIOCameraUtility"="C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe" [12/30/2007 05:36 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [12/31/2007 01:10 PM]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [12/30/2007 05:36 PM]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [12/30/2007 05:36 PM]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [12/30/2007 05:36 PM]
"etMonitor"="C:\WINDOWS\etMon.exe" [10/11/2005 05:57 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [03/15/2006 07:00 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 2:01:04 AM]
Trend Micro Anti-Spyware.lnk - C:\Program Files\Trend Micro\Tmas\Tmas.exe [8/2/2006 3:15:47 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{03A80B1D-5C6A-42c2-9DFB-81B6005D8023}"= C:\Program Files\Trend Micro\Tmas\sshook.dll [08/02/2006 03:15 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
VESWinlogon.dll 03/09/2006 04:51 PM 73728 C:\WINDOWS\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Clean Access Agent.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Clean Access Agent.lnk
backup=C:\WINDOWS\pss\Clean Access Agent.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VPN Client.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
backup=C:\WINDOWS\pss\VPN Client.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Webshots.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Webshots.lnk
backup=C:\WINDOWS\pss\Webshots.lnkStartup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
"C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
C:\WINDOWS\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1154548953\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray]
"C:\Program Files\Spyware Doctor\SDTrayApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d8435c48-225e-11db-b383-806d6172696f}]
AutoRun\command- E:\sony\Autorun.exe




-- End of Deckard's System Scanner: finished at 2008-01-02 09:48:48 ------------
 
Try this first, then try IE again


SD Fix

DownloadSDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F5 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log
 
Here is the SDFix log:

SDFix: Version 1.122

Run by Owner on Wed 01/02/2008 at 10:53 AM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\F\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

No Trojan Files Found





Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

catchme 0.3.1333.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-02 11:37:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files:
---------------


Files with Hidden Attributes:

Mon 10 Sep 2007 74,752 ...H. --- "C:\Documents and Settings\Owner\Desktop\~WRL0245.tmp"
Tue 11 Sep 2007 123,392 ...H. --- "C:\Documents and Settings\Owner\Desktop\~WRL0606.tmp"
Mon 10 Sep 2007 88,064 ...H. --- "C:\Documents and Settings\Owner\Desktop\~WRL0658.tmp"
Tue 11 Sep 2007 142,336 ...H. --- "C:\Documents and Settings\Owner\Desktop\~WRL0846.tmp"
Tue 11 Sep 2007 134,144 ...H. --- "C:\Documents and Settings\Owner\Desktop\~WRL0969.tmp"
Tue 11 Sep 2007 130,560 ...H. --- "C:\Documents and Settings\Owner\Desktop\~WRL1037.tmp"
Mon 10 Sep 2007 79,872 ...H. --- "C:\Documents and Settings\Owner\Desktop\~WRL1181.tmp"
Tue 11 Sep 2007 93,184 ...H. --- "C:\Documents and Settings\Owner\Desktop\~WRL1357.tmp"
Tue 11 Sep 2007 110,080 ...H. --- "C:\Documents and Settings\Owner\Desktop\~WRL1422.tmp"
Tue 11 Sep 2007 88,064 ...H. --- "C:\Documents and Settings\Owner\Desktop\~WRL1434.tmp"
Tue 11 Sep 2007 123,392 ...H. --- "C:\Documents and Settings\Owner\Desktop\~WRL1593.tmp"
Tue 11 Sep 2007 139,776 ...H. --- "C:\Documents and Settings\Owner\Desktop\~WRL1736.tmp"
Mon 10 Sep 2007 74,240 ...H. --- "C:\Documents and Settings\Owner\Desktop\~WRL1890.tmp"
Mon 10 Sep 2007 82,432 ...H. --- "C:\Documents and Settings\Owner\Desktop\~WRL1957.tmp"
Tue 11 Sep 2007 141,824 ...H. --- "C:\Documents and Settings\Owner\Desktop\~WRL2389.tmp"
Tue 11 Sep 2007 141,824 ...H. --- "C:\Documents and Settings\Owner\Desktop\~WRL2511.tmp"
Mon 10 Sep 2007 82,432 ...H. --- "C:\Documents and Settings\Owner\Desktop\~WRL2545.tmp"
Tue 11 Sep 2007 111,104 ...H. --- "C:\Documents and Settings\Owner\Desktop\~WRL2899.tmp"
Tue 11 Sep 2007 110,080 ...H. --- "C:\Documents and Settings\Owner\Desktop\~WRL2910.tmp"
Mon 10 Sep 2007 74,752 ...H. --- "C:\Documents and Settings\Owner\Desktop\~WRL3045.tmp"
Mon 10 Sep 2007 61,952 ...H. --- "C:\Documents and Settings\Owner\Desktop\~WRL3054.tmp"
Mon 10 Sep 2007 77,312 ...H. --- "C:\Documents and Settings\Owner\Desktop\~WRL3328.tmp"
Tue 11 Sep 2007 88,064 ...H. --- "C:\Documents and Settings\Owner\Desktop\~WRL3458.tmp"
Mon 10 Sep 2007 74,240 ...H. --- "C:\Documents and Settings\Owner\Desktop\~WRL3746.tmp"
Mon 10 Sep 2007 74,752 ...H. --- "C:\F\Documents and Settings\Owner\Desktop\~WRL0245.tmp"
Tue 11 Sep 2007 123,392 ...H. --- "C:\F\Documents and Settings\Owner\Desktop\~WRL0606.tmp"
Mon 10 Sep 2007 88,064 ...H. --- "C:\F\Documents and Settings\Owner\Desktop\~WRL0658.tmp"
Tue 11 Sep 2007 142,336 ...H. --- "C:\F\Documents and Settings\Owner\Desktop\~WRL0846.tmp"
Tue 11 Sep 2007 134,144 ...H. --- "C:\F\Documents and Settings\Owner\Desktop\~WRL0969.tmp"
Tue 11 Sep 2007 130,560 ...H. --- "C:\F\Documents and Settings\Owner\Desktop\~WRL1037.tmp"
Mon 10 Sep 2007 79,872 ...H. --- "C:\F\Documents and Settings\Owner\Desktop\~WRL1181.tmp"
Tue 11 Sep 2007 93,184 ...H. --- "C:\F\Documents and Settings\Owner\Desktop\~WRL1357.tmp"
Tue 11 Sep 2007 110,080 ...H. --- "C:\F\Documents and Settings\Owner\Desktop\~WRL1422.tmp"
Tue 11 Sep 2007 88,064 ...H. --- "C:\F\Documents and Settings\Owner\Desktop\~WRL1434.tmp"
Tue 11 Sep 2007 123,392 ...H. --- "C:\F\Documents and Settings\Owner\Desktop\~WRL1593.tmp"
Tue 11 Sep 2007 139,776 ...H. --- "C:\F\Documents and Settings\Owner\Desktop\~WRL1736.tmp"
Mon 10 Sep 2007 74,240 ...H. --- "C:\F\Documents and Settings\Owner\Desktop\~WRL1890.tmp"
Mon 10 Sep 2007 82,432 ...H. --- "C:\F\Documents and Settings\Owner\Desktop\~WRL1957.tmp"
Tue 11 Sep 2007 141,824 ...H. --- "C:\F\Documents and Settings\Owner\Desktop\~WRL2389.tmp"
Tue 11 Sep 2007 141,824 ...H. --- "C:\F\Documents and Settings\Owner\Desktop\~WRL2511.tmp"
Mon 10 Sep 2007 82,432 ...H. --- "C:\F\Documents and Settings\Owner\Desktop\~WRL2545.tmp"
Tue 11 Sep 2007 111,104 ...H. --- "C:\F\Documents and Settings\Owner\Desktop\~WRL2899.tmp"
Tue 11 Sep 2007 110,080 ...H. --- "C:\F\Documents and Settings\Owner\Desktop\~WRL2910.tmp"
Mon 10 Sep 2007 74,752 ...H. --- "C:\F\Documents and Settings\Owner\Desktop\~WRL3045.tmp"
Mon 10 Sep 2007 61,952 ...H. --- "C:\F\Documents and Settings\Owner\Desktop\~WRL3054.tmp"
Mon 10 Sep 2007 77,312 ...H. --- "C:\F\Documents and Settings\Owner\Desktop\~WRL3328.tmp"
Tue 11 Sep 2007 88,064 ...H. --- "C:\F\Documents and Settings\Owner\Desktop\~WRL3458.tmp"
Mon 10 Sep 2007 74,240 ...H. --- "C:\F\Documents and Settings\Owner\Desktop\~WRL3746.tmp"
Wed 4 Oct 2006 3,072,000 A..H. --- "C:\Documents and Settings\Owner\Application Data\U3\temp\Launchpad Removal.exe"
Wed 4 Oct 2006 26,112 A..H. --- "C:\Documents and Settings\Owner\Desktop\greyjump\Fall 2006 208\~WRL0051.tmp"
Fri 21 Sep 2007 11,116 A.SH. --- "C:\Documents and Settings\Owner\My Documents\My Music\License Backup\drmv2key.bak"
Mon 10 Sep 2007 74,752 ...H. --- "C:\F\F\Documents and Settings\Owner\Desktop\~WRL0245.tmp"
Tue 11 Sep 2007 123,392 ...H. --- "C:\F\F\Documents and Settings\Owner\Desktop\~WRL0606.tmp"
Mon 10 Sep 2007 88,064 ...H. --- "C:\F\F\Documents and Settings\Owner\Desktop\~WRL0658.tmp"
Tue 11 Sep 2007 142,336 ...H. --- "C:\F\F\Documents and Settings\Owner\Desktop\~WRL0846.tmp"
Tue 11 Sep 2007 134,144 ...H. --- "C:\F\F\Documents and Settings\Owner\Desktop\~WRL0969.tmp"
Tue 11 Sep 2007 130,560 ...H. --- "C:\F\F\Documents and Settings\Owner\Desktop\~WRL1037.tmp"
Mon 10 Sep 2007 79,872 ...H. --- "C:\F\F\Documents and Settings\Owner\Desktop\~WRL1181.tmp"
Tue 11 Sep 2007 93,184 ...H. --- "C:\F\F\Documents and Settings\Owner\Desktop\~WRL1357.tmp"
Tue 11 Sep 2007 110,080 ...H. --- "C:\F\F\Documents and Settings\Owner\Desktop\~WRL1422.tmp"
Tue 11 Sep 2007 88,064 ...H. --- "C:\F\F\Documents and Settings\Owner\Desktop\~WRL1434.tmp"
Tue 11 Sep 2007 123,392 ...H. --- "C:\F\F\Documents and Settings\Owner\Desktop\~WRL1593.tmp"
Tue 11 Sep 2007 139,776 ...H. --- "C:\F\F\Documents and Settings\Owner\Desktop\~WRL1736.tmp"
Mon 10 Sep 2007 74,240 ...H. --- "C:\F\F\Documents and Settings\Owner\Desktop\~WRL1890.tmp"
Mon 10 Sep 2007 82,432 ...H. --- "C:\F\F\Documents and Settings\Owner\Desktop\~WRL1957.tmp"
Tue 11 Sep 2007 141,824 ...H. --- "C:\F\F\Documents and Settings\Owner\Desktop\~WRL2389.tmp"
Tue 11 Sep 2007 141,824 ...H. --- "C:\F\F\Documents and Settings\Owner\Desktop\~WRL2511.tmp"
Mon 10 Sep 2007 82,432 ...H. --- "C:\F\F\Documents and Settings\Owner\Desktop\~WRL2545.tmp"
Tue 11 Sep 2007 111,104 ...H. --- "C:\F\F\Documents and Settings\Owner\Desktop\~WRL2899.tmp"
Tue 11 Sep 2007 110,080 ...H. --- "C:\F\F\Documents and Settings\Owner\Desktop\~WRL2910.tmp"
Mon 10 Sep 2007 74,752 ...H. --- "C:\F\F\Documents and Settings\Owner\Desktop\~WRL3045.tmp"
Mon 10 Sep 2007 61,952 ...H. --- "C:\F\F\Documents and Settings\Owner\Desktop\~WRL3054.tmp"
Mon 10 Sep 2007 77,312 ...H. --- "C:\F\F\Documents and Settings\Owner\Desktop\~WRL3328.tmp"
Tue 11 Sep 2007 88,064 ...H. --- "C:\F\F\Documents and Settings\Owner\Desktop\~WRL3458.tmp"
Mon 10 Sep 2007 74,240 ...H. --- "C:\F\F\Documents and Settings\Owner\Desktop\~WRL3746.tmp"
Fri 17 Nov 2006 20,480 A..H. --- "C:\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL0001.tmp"
Fri 17 Nov 2000 28,160 A..H. --- "C:\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL0124.tmp"
Fri 17 Nov 2000 27,648 A..H. --- "C:\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL0288.tmp"
Fri 17 Nov 2006 24,576 A..H. --- "C:\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL0691.tmp"
Fri 17 Nov 2000 27,136 A..H. --- "C:\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL0780.tmp"
Fri 17 Nov 2000 27,648 A..H. --- "C:\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL1073.tmp"
Fri 17 Nov 2006 25,088 A..H. --- "C:\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL1259.tmp"
Fri 17 Nov 2000 27,136 A..H. --- "C:\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL1752.tmp"
Fri 17 Nov 2000 29,696 A..H. --- "C:\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL1841.tmp"
Fri 17 Nov 2006 25,088 A..H. --- "C:\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL2041.tmp"
Fri 17 Nov 2000 32,768 A..H. --- "C:\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL2392.tmp"
Fri 17 Nov 2000 26,624 A..H. --- "C:\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL2454.tmp"
Fri 17 Nov 2006 25,600 A..H. --- "C:\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL2805.tmp"
Fri 17 Nov 2000 29,696 A..H. --- "C:\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL3157.tmp"
Fri 17 Nov 2000 27,136 A..H. --- "C:\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL3858.tmp"
Fri 17 Nov 2000 30,208 A..H. --- "C:\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL4037.tmp"
Wed 4 Oct 2006 26,112 A..H. --- "C:\Documents and Settings\Owner\Desktop\Thesis jump BU 12-17-07\Gray jump\Fall 2006 208\~WRL0051.tmp"
Wed 4 Oct 2006 3,072,000 A..H. --- "C:\F\Documents and Settings\Owner\Application Data\U3\temp\Launchpad Removal.exe"
Wed 4 Oct 2006 26,112 A..H. --- "C:\F\Documents and Settings\Owner\Desktop\greyjump\Fall 2006 208\~WRL0051.tmp"
Fri 21 Sep 2007 11,116 A.SH. --- "C:\F\Documents and Settings\Owner\My Documents\My Music\License Backup\drmv2key.bak"
Mon 10 Sep 2007 74,752 ...H. --- "C:\F\F\F\Documents and Settings\Owner\Desktop\~WRL0245.tmp"
Tue 11 Sep 2007 123,392 ...H. --- "C:\F\F\F\Documents and Settings\Owner\Desktop\~WRL0606.tmp"
Mon 10 Sep 2007 88,064 ...H. --- "C:\F\F\F\Documents and Settings\Owner\Desktop\~WRL0658.tmp"
Tue 11 Sep 2007 142,336 ...H. --- "C:\F\F\F\Documents and Settings\Owner\Desktop\~WRL0846.tmp"
Tue 11 Sep 2007 134,144 ...H. --- "C:\F\F\F\Documents and Settings\Owner\Desktop\~WRL0969.tmp"
Tue 11 Sep 2007 130,560 ...H. --- "C:\F\F\F\Documents and Settings\Owner\Desktop\~WRL1037.tmp"
Mon 10 Sep 2007 79,872 ...H. --- "C:\F\F\F\Documents and Settings\Owner\Desktop\~WRL1181.tmp"
Tue 11 Sep 2007 93,184 ...H. --- "C:\F\F\F\Documents and Settings\Owner\Desktop\~WRL1357.tmp"
Tue 11 Sep 2007 110,080 ...H. --- "C:\F\F\F\Documents and Settings\Owner\Desktop\~WRL1422.tmp"
Tue 11 Sep 2007 88,064 ...H. --- "C:\F\F\F\Documents and Settings\Owner\Desktop\~WRL1434.tmp"
Tue 11 Sep 2007 123,392 ...H. --- "C:\F\F\F\Documents and Settings\Owner\Desktop\~WRL1593.tmp"
Tue 11 Sep 2007 139,776 ...H. --- "C:\F\F\F\Documents and Settings\Owner\Desktop\~WRL1736.tmp"
Mon 10 Sep 2007 74,240 ...H. --- "C:\F\F\F\Documents and Settings\Owner\Desktop\~WRL1890.tmp"
Mon 10 Sep 2007 82,432 ...H. --- "C:\F\F\F\Documents and Settings\Owner\Desktop\~WRL1957.tmp"
Tue 11 Sep 2007 141,824 ...H. --- "C:\F\F\F\Documents and Settings\Owner\Desktop\~WRL2389.tmp"
Tue 11 Sep 2007 141,824 ...H. --- "C:\F\F\F\Documents and Settings\Owner\Desktop\~WRL2511.tmp"
Mon 10 Sep 2007 82,432 ...H. --- "C:\F\F\F\Documents and Settings\Owner\Desktop\~WRL2545.tmp"
Tue 11 Sep 2007 111,104 ...H. --- "C:\F\F\F\Documents and Settings\Owner\Desktop\~WRL2899.tmp"
Tue 11 Sep 2007 110,080 ...H. --- "C:\F\F\F\Documents and Settings\Owner\Desktop\~WRL2910.tmp"
Mon 10 Sep 2007 74,752 ...H. --- "C:\F\F\F\Documents and Settings\Owner\Desktop\~WRL3045.tmp"
Mon 10 Sep 2007 61,952 ...H. --- "C:\F\F\F\Documents and Settings\Owner\Desktop\~WRL3054.tmp"
Mon 10 Sep 2007 77,312 ...H. --- "C:\F\F\F\Documents and Settings\Owner\Desktop\~WRL3328.tmp"
Tue 11 Sep 2007 88,064 ...H. --- "C:\F\F\F\Documents and Settings\Owner\Desktop\~WRL3458.tmp"
Mon 10 Sep 2007 74,240 ...H. --- "C:\F\F\F\Documents and Settings\Owner\Desktop\~WRL3746.tmp"
Fri 17 Nov 2006 20,480 A..H. --- "C:\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL0001.tmp"
Fri 17 Nov 2000 28,160 A..H. --- "C:\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL0124.tmp"
Fri 17 Nov 2000 27,648 A..H. --- "C:\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL0288.tmp"
Fri 17 Nov 2006 24,576 A..H. --- "C:\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL0691.tmp"
Fri 17 Nov 2000 27,136 A..H. --- "C:\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL0780.tmp"
Fri 17 Nov 2000 27,648 A..H. --- "C:\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL1073.tmp"
Fri 17 Nov 2006 25,088 A..H. --- "C:\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL1259.tmp"
Fri 17 Nov 2000 27,136 A..H. --- "C:\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL1752.tmp"
Fri 17 Nov 2000 29,696 A..H. --- "C:\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL1841.tmp"
Fri 17 Nov 2006 25,088 A..H. --- "C:\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL2041.tmp"
Fri 17 Nov 2000 32,768 A..H. --- "C:\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL2392.tmp"
Fri 17 Nov 2000 26,624 A..H. --- "C:\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL2454.tmp"
Fri 17 Nov 2006 25,600 A..H. --- "C:\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL2805.tmp"
Fri 17 Nov 2000 29,696 A..H. --- "C:\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL3157.tmp"
Fri 17 Nov 2000 27,136 A..H. --- "C:\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL3858.tmp"
 
You must log in or register to reply here.
Back
Top