Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93105 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Slow processor


  • This topic is locked This topic is locked
15 replies to this topic

#1 jim_

jim_

    New Member

  • Authentic Member
  • Pip
  • 14 posts

Posted 24 March 2007 - 08:34 PM

Hey, my processor has been running real slow recently. It's not the fastest as it is, but still, it should at least be able to play videos... Right now, every time I try it goes out of sync, like it can't keep up. At first it happened occasionally with DVD's and such, but now it even has trouble streaming crappy quality videos without getting in a muddle. Anyway, here's my HikackThis Log. Cheers:

Logfile of HijackThis v1.99.1
Scan saved at 03:30:16, on 25/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Belkin\Belkin 802.11g Wireless Card Configuration Utility\utility.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Wanadoo
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://www-cache.freeserve.com:8080;ftp=http://www-cache.freeserve.com:8080
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [VAIO Update 3] "C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe" /Stationary
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Belkin 802.11g Wireless Card Utility.lnk = ?
O4 - Global Startup: BlueSoleil.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1102445446291
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O16 - DPF: {D1BDCFB6-22F8-4CBF-A080-85675F2466A2} (UEANetTeam.Scanner) - http://netreg.uea.ac.uk/UEANetTeam.CAB
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment File Import Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
O23 - Service: VAIO Entertainment Task Scheduler - Sony Corporation - C:\Program Files\Sony\VAIO Entertainment\VzTaskScheduler.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP (file missing)
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server (file missing)

    Advertisements

Register to Remove


#2 Rogue

Rogue

    Authentic Member

  • Authentic Member
  • PipPip
  • 179 posts

Posted 25 March 2007 - 10:32 AM

Hi Jim ,

Welcome to Tom Coyote Forums

Please observe these rules while we work:
  • Perform all actions in the order given.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Since there may be other issues with your system besides your original symptoms, please continue to follow this thread until I have given you an "All Clean.".
If you can do these things, everything should go smoothly.

Ready? Let's go.

*=========================*

Rename Hijackthis:

Locate the program Hijackthis.
Select the file, Hijackthis.exe, right-click and select Rename.
Please change the name to: icmore.exe
If you don't see an .exe on Hijackthis just name it icmore
Then please could you post a new Hijackthis log.
*========================*

You may not be able to get an uninstall because of the infection but let's try it anyway.

Show Uninstall List with Hijackthis
This is how you do that:
Open HiJackThis
Click on the tab "Open the Misc Tools Session"
Click on the Box that says "Uninstall Manager"
Click on the button "Save list"
Copy and past the List from notepad into your post
*=========================*

O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
Did you add these addresses to your Trusted Zone or did Sony?
*=========================*

Post the following;

New hjt log (icmore)
Uninstall list

Thanks,
Rogue
Rogue
Trained at MalWare Removal University - A Cooperative Effort with WhatTheTech Classroom

#3 jim_

jim_

    New Member

  • Authentic Member
  • Pip
  • 14 posts

Posted 25 March 2007 - 02:45 PM

Thanks a lot for your time, I really appreciate it. Here you go, hopefully I've done this right:

Then please could you post a new Hijackthis log.


Logfile of HijackThis v1.99.1
Scan saved at 21:33:54, on 25/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Belkin\Belkin 802.11g Wireless Card Configuration Utility\utility.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\hijackthis\icmore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Wanadoo
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://www-cache.freeserve.com:8080;ftp=http://www-cache.freeserve.com:8080
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [VAIO Update 3] "C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe" /Stationary
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Belkin 802.11g Wireless Card Utility.lnk = ?
O4 - Global Startup: BlueSoleil.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1102445446291
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O16 - DPF: {D1BDCFB6-22F8-4CBF-A080-85675F2466A2} (UEANetTeam.Scanner) - http://netreg.uea.ac.uk/UEANetTeam.CAB
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment File Import Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
O23 - Service: VAIO Entertainment Task Scheduler - Sony Corporation - C:\Program Files\Sony\VAIO Entertainment\VzTaskScheduler.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP (file missing)
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server (file missing)


*============================*


Copy and past the List from notepad into your post


Adobe Acrobat 5.0
Adobe Acrobat Elements 6.0
Adobe Photoshop Album 2.0 Starter Edition
Adobe Photoshop Elements 2.0
Adobe Premiere Standard
Adobe Reader 6.0.1
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
Azureus
Belkin 802.11g Wireless Card
BitTorrent 4.4.1
BlueSoleil
Click to DVD 2.0.01 Menu Data
Click to DVD 2.1.10
Creative MediaSource
DivX
DivX Converter
DivX Player
DivX Web Player
DVD Shrink 3.2
DVgate Plus
foobar2000
HijackThis 1.99.1
InterActual Player
InterVideo WinDVD 5 for VAIO
InterVideo WinDVDX
iTunes
J2SE Runtime Environment 5.0 Update 3
Java 2 Runtime Environment, SE v1.4.2_05
LAN-Express AS IEEE 802.11 Wireless LAN
LimeWire PRO 4.10.9
Macromedia Flash Player
Macromedia Shockwave Player
McAfee VirusScan Enterprise
Memory Stick Formatter
Microsoft .NET Framework 1.1
Microsoft Works 7.0
MoodLogic
Morrowind
Mozilla Firefox (1.5.0.11)
MSN Messenger 7.0
MSXML 4.0 SP2 (KB927978)
My Info Centre
NOMAD MuVo TX
PictureGear Studio 2.0
QuickTime
RealPlayer
Realtek AC'97 Audio
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929969)
SoftV92 Data Fax Modem with SmartCP
Sonic RecordNow!
SonicStage Mastering Studio 1.3
SonicStage Mastering Studio Audio Filter
SonicStage Mastering Studio Plugins 1.3
Sony Ericsson PC Suite 1.20.224
Sony Notebook Setup
Sony USB Mouse
Sony Utilities DLL
Sony Video Shared Library
Soulseek Client 152
SoulSeek Client 156c
SpeedTouch USB Software
TES Construction Set
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB929338)
Update for Windows XP (KB931836)
VAIO Edit Components
VAIO Entertainment Platform
VAIO GrandBlue Wallpaper
VAIO Launcher
VAIO Media 3.1
VAIO Media Integrated Server 3.1
VAIO Media Redistribution 3.1
VAIO Online Registration (English)
VAIO Power Management
VAIO Product Survey (English)
VAIO SLIT Pattern Wallpaper
VAIO SLIT Scene Wallpaper
VAIO SLIT-A Screen Saver
VAIO SLIT-B Screen Saver
VAIO SLIT-C Screen Saver
VAIO Update 3
VAIO Zone
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB884018
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
WinRAR archiver
x-black LCD


*============================*


Did you add these addresses to your Trusted Zone or did Sony?


That would be Sony.

#4 Rogue

Rogue

    Authentic Member

  • Authentic Member
  • PipPip
  • 179 posts

Posted 25 March 2007 - 05:24 PM

Hi Jim_,

You did just fine. Of course changing the name of HJT didn't yield the results I was hoping for. :( So let's dig a bit deeper.
While we are at it let's update your Java.

Those links in your Trusted Zone can go. Sony dosen't need to be there. It just means you trust anything from Sony to access/install to your system.

Start HijackThis as you did to generate a log, but this time click on 'Do a system scan only'.
Place a checkmark in the boxes to the left of the following entries, by clicking on them:

O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com

CLOSE ALL OPEN WINDOWS AND BROWSERS - EXCEPT HJT and click on Fix checked
*=========================*

Please update Java Runtime Environment

You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of perceived vulnerabilities in an existing version. For this reason, it's extremely important that you keep the program up to date, and also remove the older more vulnerable versions from your system. The most current version of Sun Java is: Java Runtime Environment Version 6.0 Update
  • Go to Start > Control Panel double-click on the Software icon > add/remove programs.
  • Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )

    J2SE Runtime Environment 5.0 Update 3
    Java 2 Runtime Environment, SE v1.4.2_05

    It should have next icon next to it: Posted Image
    Select it and click Remove.
  • The current version can be downloaded from Sun here: http://java.sun.com/...loads/index.jsp Scroll down the page to 'Java Runtime Environment (JRE) 6.0'
    Selcted either Windows Online or Windows Offline download and press the 'Download' button. On the new web page, click the 'Accept License Agreement' button. Then select 'Windows Offline Installation, Multi-language' in the Windows Platform area just below the Accept button.
*=========================*

Download and install AVG Anti-Spyware v7.5
  • After download, double click on the file to launch the install process.
  • Choose a language, click "OK" and then click "Next".
  • Read the "License Agreement" and click "I Agree".
  • Accept default installation path: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5, click "Next", then click "Install".
  • After setup completes, click "Finish" to start the program automatically or launch AVG Anti-Spyware by double-clicking its icon on your desktop or in the system tray.
  • The main "Status" menu will appear. Select "Change state" to inactivate 'Resident Shield' and 'Automatic Updates'. As AVG Anti-Spyware may interfere with some of our other fixes, we are temporarily disabling it's active protection features until your system is clean, then you can reenable them.
  • Then right click on AVG Anti-Spyware in the system tray and uncheck "Start with Windows".
  • Go to Start > Run and type: services.msc
  • Press "OK".
  • Click the "Extended tab" and scroll down the list to find AVG Anti-Spyware guard.
  • When you find the guard service, double-click on it.
  • In the Properties Window > General Tab that opens, click the "Stop" button.
  • From the drop-down menu next to "Startup Type", click on "Manual".
  • Now click "Apply", then "OK" and close the Services window.
  • Connect to the Internet, go back to AVG Anti-Spyware, select the "Update" button and click "Start update". Wait until you see the "Update successful" message. If you are having problems with the updater, manually update with the AVG Anti-Spyware Full database installer from here.
  • Exit AVG Anti-Spyware when done - DO NOT perform a scan yet.
*========================*

Download ATF Cleaner by Atribune and save it to your Desktop.
*=========================*

Double-click ATF-Cleaner.exe to run the program.
Make sure that all browser windows are closed
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser

Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit to close ATF-Cleaner.
*=========================*

Scan with AVG Anti-Spyware as follows:
  • Click on the "Scanner" button and choose the "Settings" tab.
  • Under "How to act?", click on "Recommended actions" and choose "Quarantine" to set default action for detected malware.
  • Under "How to Scan?", "Possibly unwanted software", and What to Scan?" leave all the default settings.
  • Under "Reports" select "Automatically generate report after every scan" and UNcheck "Only if threats were found".
  • Click the "Scan" tab to return to scanning options.
  • Click "Complete System Scan" to start.
  • When the scan has finished you will be presented with a list of infected objects found. Click "Apply all actions" to place the files in Quarantine.
IMPORTANT! Do not save the report before you have clicked the Apply all actions button. If you do, the log that is created will indicate "No action taken", making it more difficult to interpret the report. So be sure you save it only AFTER clicking the "Apply all actions" button.
  • Click on "Save Report" to view all completed scans. Click on the most recent scan you just performed and select "Save report as" - the default file name will be in date/time format as follows: Report-Scan-20060620-142816.txt. Save to your desktop. A copy of each report will also be saved in C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Reports\
  • Exit AVG Anti-Spyware when done, reboot normally and submit the log report in your next response.

Note: Close all open windows, programs, and DO NOT USE the computer while AVG Anti-Spyware is scanning. Doing so can hamper AVG Anti-Spyware's ability to clean properly and may result in reinfection.
*=========================*

Post a new HJT log
AVG Log

Is your antivirus subscription up to date?
Also let me know if there was any performance improvements.

Thanks,
Rogue
Rogue
Trained at MalWare Removal University - A Cooperative Effort with WhatTheTech Classroom

#5 jim_

jim_

    New Member

  • Authentic Member
  • Pip
  • 14 posts

Posted 25 March 2007 - 11:27 PM

I'm pretty sure that my anti-virus subscription is up to date, but just incase I'll make sure that it is now. There seems to be a general improvement in the general performance, but it's still having trouble playing videos. Again, thank you, and here's what you asked for:

Logfile of HijackThis v1.99.1
Scan saved at 06:20:21, on 26/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Belkin\Belkin 802.11g Wireless Card Configuration Utility\utility.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\hijackthis\icmore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Wanadoo
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://www-cache.freeserve.com:8080;ftp=http://www-cache.freeserve.com:8080
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [VAIO Update 3] "C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Belkin 802.11g Wireless Card Utility.lnk = ?
O4 - Global Startup: BlueSoleil.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1102445446291
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O16 - DPF: {D1BDCFB6-22F8-4CBF-A080-85675F2466A2} (UEANetTeam.Scanner) - http://netreg.uea.ac.uk/UEANetTeam.CAB
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment File Import Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
O23 - Service: VAIO Entertainment Task Scheduler - Sony Corporation - C:\Program Files\Sony\VAIO Entertainment\VzTaskScheduler.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP (file missing)
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server (file missing)




---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 06:14:20 26/03/2007

+ Scan result:



C:\Documents and Settings\Jim\Local Settings\Tempbooteula.exe -> Adware.Bestofer : Cleaned with backup (quarantined).
HKLM\SYSTEM\CurrentControlSet\Services\SvcProc -> Adware.BetterInternet : Cleaned with backup (quarantined).
HKLM\SYSTEM\CurrentControlSet\Services\SvcProc\Enum -> Adware.BetterInternet : Cleaned with backup (quarantined).
HKLM\SYSTEM\CurrentControlSet\Services\SvcProc\Security -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\Program Files\Common Files\system32.dll/Catcher.dll -> Adware.Maxifiles : Cleaned with backup (quarantined).
C:\Program Files\Common Files\system32.dll/cwebpage.dll -> Adware.Maxifiles : Cleaned with backup (quarantined).
C:\Program Files\DNS\cwebpage.dll -> Adware.Maxifiles : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{FFF4E223-7019-4ce7-BE03-D7D3C8CCE884} -> Adware.Shorty : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FFF4E223-7019-4CE7-BE03-D7D3C8CCE884} -> Adware.Shorty : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FFF4E223-7019-4CE7-BE03-D7D3C8CCE884} -> Adware.Shorty : Cleaned with backup (quarantined).
HKU\S-1-5-21-2735944772-2790306165-1017247374-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FFF4E223-7019-4CE7-BE03-D7D3C8CCE884} -> Adware.Shorty : Cleaned with backup (quarantined).
:mozilla.168:C:\Documents and Settings\other\Application Data\Mozilla\Firefox\Profiles\5zfjd9dc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.271:C:\Documents and Settings\other\Application Data\Mozilla\Firefox\Profiles\5zfjd9dc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.96:C:\Documents and Settings\other\Application Data\Mozilla\Firefox\Profiles\5zfjd9dc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.98:C:\Documents and Settings\other\Application Data\Mozilla\Firefox\Profiles\5zfjd9dc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.248:C:\Documents and Settings\other\Application Data\Mozilla\Firefox\Profiles\5zfjd9dc.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.249:C:\Documents and Settings\other\Application Data\Mozilla\Firefox\Profiles\5zfjd9dc.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.250:C:\Documents and Settings\other\Application Data\Mozilla\Firefox\Profiles\5zfjd9dc.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.235:C:\Documents and Settings\other\Application Data\Mozilla\Firefox\Profiles\5zfjd9dc.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.236:C:\Documents and Settings\other\Application Data\Mozilla\Firefox\Profiles\5zfjd9dc.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.237:C:\Documents and Settings\other\Application Data\Mozilla\Firefox\Profiles\5zfjd9dc.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.238:C:\Documents and Settings\other\Application Data\Mozilla\Firefox\Profiles\5zfjd9dc.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.239:C:\Documents and Settings\other\Application Data\Mozilla\Firefox\Profiles\5zfjd9dc.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.67:C:\Documents and Settings\other\Application Data\Mozilla\Firefox\Profiles\5zfjd9dc.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.68:C:\Documents and Settings\other\Application Data\Mozilla\Firefox\Profiles\5zfjd9dc.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.69:C:\Documents and Settings\other\Application Data\Mozilla\Firefox\Profiles\5zfjd9dc.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.70:C:\Documents and Settings\other\Application Data\Mozilla\Firefox\Profiles\5zfjd9dc.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.71:C:\Documents and Settings\other\Application Data\Mozilla\Firefox\Profiles\5zfjd9dc.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.72:C:\Documents and Settings\other\Application Data\Mozilla\Firefox\Profiles\5zfjd9dc.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.19:C:\Documents and Settings\other\Application Data\Mozilla\Firefox\Profiles\5zfjd9dc.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.20:C:\Documents and Settings\other\Application Data\Mozilla\Firefox\Profiles\5zfjd9dc.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.176:C:\Documents and Settings\other\Application Data\Mozilla\Firefox\Profiles\5zfjd9dc.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.177:C:\Documents and Settings\other\Application Data\Mozilla\Firefox\Profiles\5zfjd9dc.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.178:C:\Documents and Settings\other\Application Data\Mozilla\Firefox\Profiles\5zfjd9dc.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.179:C:\Documents and Settings\other\Application Data\Mozilla\Firefox\Profiles\5zfjd9dc.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.180:C:\Documents and Settings\other\Application Data\Mozilla\Firefox\Profiles\5zfjd9dc.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.152:C:\Documents and Settings\other\Application Data\Mozilla\Firefox\Profiles\5zfjd9dc.default\cookies.txt -> TrackingCookie.Adviva : Cleaned.
:mozilla.16:C:\Documents and Settings\other\Application Data\Mozilla\Firefox\Profiles\5zfjd9dc.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.194:C:\Documents and Settings\other\Application Data\Mozilla\Firefox\Profiles\5zfjd9dc.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.195:C:\Documents and Settings\other\Application Data\Mozilla\Firefox\Profiles\5zfjd9dc.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.189:C:\Documents and Settings\other\Application Data\Mozilla\Firefox\Profiles\5zfjd9dc.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.130:C:\Documents and Settings\other\Application Data\Mozilla\Firefox\Profiles\5zfjd9dc.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.131:C:\Documents and Settings\other\Application Data\Mozilla\Firefox\Profiles\5zfjd9dc.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.132:C:\Documents and Settings\other\Application Data\Mozilla\Firefox\Profiles\5zfjd9dc.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.133:C:\Documents and Settings\other\Application Data\Mozilla\Firefox\Profiles\5zfjd9dc.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.267:C:\Documents and Settings\other\Application Data\Mozilla\Firefox\Profiles\5zfjd9dc.default\cookies.txt -> TrackingCookie.Counted : Cleaned.
:mozilla.41:C:\Documents and Settings\other\Application Data\Mozilla\Firefox\Profiles\5zfjd9dc.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.253:C:\Documents and Settings\other\Application Data\Mozilla\Firefox\Profiles\5zfjd9dc.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.190:C:\Documents and Settings\other\Application Data\Mozilla\Firefox\Profiles\5zfjd9dc.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.157:C:\Documents and Settings\other\Application Data\Mozilla\Firefox\Profiles\5zfjd9dc.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.196:C:\Documents and Settings\other\Application Data\Mozilla\Firefox\Profiles\5zfjd9dc.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.273:C:\Documents and Settings\other\Application Data\Mozilla\Firefox\Profiles\5zfjd9dc.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.47:C:\Documents and Settings\other\Application Data\Mozilla\Firefox\Profiles\5zfjd9dc.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.48:C:\Documents and Settings\other\Application Data\Mozilla\Firefox\Profiles\5zfjd9dc.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.50:C:\Documents and Settings\other\Application Data\Mozilla\Firefox\Profiles\5zfjd9dc.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.51:C:\Documents and Settings\other\Application Data\Mozilla\Firefox\Profiles\5zfjd9dc.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.52:C:\Documents and Settings\other\Application Data\Mozilla\Firefox\Profiles\5zfjd9dc.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.141:C:\Documents and Settings\other\Application Data\Mozilla\Firefox\Profiles\5zfjd9dc.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.142:C:\Documents and Settings\other\Application Data\Mozilla\Firefox\Profiles\5zfjd9dc.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.119:C:\Documents and Settings\other\Application Data\Mozilla\Firefox\Profiles\5zfjd9dc.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.120:C:\Documents and Settings\other\Application Data\Mozilla\Firefox\Profiles\5zfjd9dc.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.277:C:\Documents and Settings\other\Application Data\Mozilla\Firefox\Profiles\5zfjd9dc.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.278:C:\Documents and Settings\other\Application Data\Mozilla\Firefox\Profiles\5zfjd9dc.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.279:C:\Documents and Settings\other\Application Data\Mozilla\Firefox\Profiles\5zfjd9dc.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.280:C:\Documents and Settings\other\Application Data\Mozilla\Firefox\Profiles\5zfjd9dc.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.181:C:\Documents and Settings\other\Application Data\Mozilla\Firefox\Profiles\5zfjd9dc.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.182:C:\Documents and Settings\other\Application Data\Mozilla\Firefox\Profiles\5zfjd9dc.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.185:C:\Documents and Settings\other\Application Data\Mozilla\Firefox\Profiles\5zfjd9dc.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.186:C:\Documents and Settings\other\Application Data\Mozilla\Firefox\Profiles\5zfjd9dc.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.187:C:\Documents and Settings\other\Application Data\Mozilla\Firefox\Profiles\5zfjd9dc.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.188:C:\Documents and Settings\other\Application Data\Mozilla\Firefox\Profiles\5zfjd9dc.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.42:C:\Documents and Settings\other\Application Data\Mozilla\Firefox\Profiles\5zfjd9dc.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.43:C:\Documents and Settings\other\Application Data\Mozilla\Firefox\Profiles\5zfjd9dc.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.45:C:\Documents and Settings\other\Application Data\Mozilla\Firefox\Profiles\5zfjd9dc.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.46:C:\Documents and Settings\other\Application Data\Mozilla\Firefox\Profiles\5zfjd9dc.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.158:C:\Documents and Settings\other\Application Data\Mozilla\Firefox\Profiles\5zfjd9dc.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.159:C:\Documents and Settings\other\Application Data\Mozilla\Firefox\Profiles\5zfjd9dc.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.160:C:\Documents and Settings\other\Application Data\Mozilla\Firefox\Profiles\5zfjd9dc.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.161:C:\Documents and Settings\other\Application Data\Mozilla\Firefox\Profiles\5zfjd9dc.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.162:C:\Documents and Settings\other\Application Data\Mozilla\Firefox\Profiles\5zfjd9dc.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.163:C:\Documents and Settings\other\Application Data\Mozilla\Firefox\Profiles\5zfjd9dc.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.164:C:\Documents and Settings\other\Application Data\Mozilla\Firefox\Profiles\5zfjd9dc.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.148:C:\Documents and Settings\other\Application Data\Mozilla\Firefox\Profiles\5zfjd9dc.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.216:C:\Documents and Settings\other\Application Data\Mozilla\Firefox\Profiles\5zfjd9dc.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned.
:mozilla.147:C:\Documents and Settings\other\Application Data\Mozilla\Firefox\Profiles\5zfjd9dc.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.191:C:\Documents and Settings\other\Application Data\Mozilla\Firefox\Profiles\5zfjd9dc.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.207:C:\Documents and Settings\other\Application Data\Mozilla\Firefox\Profiles\5zfjd9dc.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.259:C:\Documents and Settings\other\Application Data\Mozilla\Firefox\Profiles\5zfjd9dc.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.18:C:\Documents and Settings\other\Application Data\Mozilla\Firefox\Profiles\5zfjd9dc.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.134:C:\Documents and Settings\other\Application Data\Mozilla\Firefox\Profiles\5zfjd9dc.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.135:C:\Documents and Settings\other\Application Data\Mozilla\Firefox\Profiles\5zfjd9dc.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.136:C:\Documents and Settings\other\Application Data\Mozilla\Firefox\Profiles\5zfjd9dc.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.269:C:\Documents and Settings\other\Application Data\Mozilla\Firefox\Profiles\5zfjd9dc.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.270:C:\Documents and Settings\other\Application Data\Mozilla\Firefox\Profiles\5zfjd9dc.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
C:\WINDOWS\Smlt\Cq.vbs -> Trojan.Small : Cleaned with backup (quarantined).


::Report end

#6 Rogue

Rogue

    Authentic Member

  • Authentic Member
  • PipPip
  • 179 posts

Posted 26 March 2007 - 07:20 AM

Hi Jim_,

Just looking at your AVG log. Have you be infected before and had Tom Coyote or another forum clean your system?


Download WinPFind3U.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
  • Now click the Run Scan button on the toolbar.
  • The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts.

*=========================*

Run Kapersky Online AV Scanner
Using Internet Explore Go to http://www.kaspersky.com/virusscanner and click the Kaspersky Online Scanner button.
Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.
  • Read the Requirements and limitations before you click Accept.
  • Allow the ActiveX download if necessary.
  • Once the database has downloaded, click Next.
  • Click Scan Settings and change the "Scan using the following antivirus database" from standard to extended and then click OK.
  • Click on "My Computer" and then put the kettle on!
  • When the scan has completed, click Save Report As...
  • Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
  • Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.
Copy and paste the report into your next reply along with a fresh HJT log and a description of how your PC is behaving.
*=========================*

Please post the following;

WinPFind report
Kapersky Log

Thanks,
Rogue
Rogue
Trained at MalWare Removal University - A Cooperative Effort with WhatTheTech Classroom

#7 jim_

jim_

    New Member

  • Authentic Member
  • Pip
  • 14 posts

Posted 26 March 2007 - 04:46 PM

Hey, yeah, I did start cleaning my laptop out with this forum about a year or so ago, but I lost my interenet connection and didn't see it through. Up until now, there hasn't really been any major problems. I have a question though; I downloaded WinPFind3u, and started the scan. It appeared to be innactive (it looked like it had crashed, the cursor became the egg timer, the usual), but because you said that it would be scanning a massive ammount of data I just let it be. So I left it, without using the laptop, for seven hours and nothing changed. I needed to use my laptop now to get some work done, so I had to close it down. I just wondered if what happened was normal?, because if it is then I'll leave it running overnight, or if there was a problem running the program on my laptop. I just thought I better check first, seeing as I needed to use my laptop at some time tonight. As for system performance, there's definitely a marked improvement. Thanks.

#8 Rogue

Rogue

    Authentic Member

  • Authentic Member
  • PipPip
  • 179 posts

Posted 27 March 2007 - 07:27 AM

Hi Jim_ Yeah seven hours is a bit long. You are the second person I know that has had problems with it. Not sure if your Network Associates includes a firewall or not. Disable your AV and firewall. Disconnect from the internet. Meaning unplug your modem or network cable. You will have no protection. Try to scan again. If the scan is not completed in say 15 minutes. End the scan Reboot to Safe Mode by pressing F8 after hearing your computer beep once during startup, but before the Windows icon appears. Try scanning with WinPFind again. If that dosen't work just scan with Kapersky Online AV and we'll see what that brings back. Rogue
Rogue
Trained at MalWare Removal University - A Cooperative Effort with WhatTheTech Classroom

#9 jim_

jim_

    New Member

  • Authentic Member
  • Pip
  • 14 posts

Posted 27 March 2007 - 04:28 PM

Hey. I tried running it in Safe Mode, and it seemed to actually be doing something this time. After about forty five minutes, when it hadn't finished, I tried to minimize it to see if it was responding and it wasn't, so I had to give up on it for now.

As far as the system performance, it's still running kind of sluggishly, and videos don't seem to be running much better.

Here's the kapersky report anyway, and a fresh Hijack This.

Cheers.


-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, March 27, 2007 11:19:56 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 27/03/2007
Kaspersky Anti-Virus database records: 287003
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 62343
Number of viruses found: 6
Number of infected objects: 19 / 0
Number of suspicious objects: 6
Duration of the scan process: 04:50:35

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\BOPDATA\_Date-20070327_Time-162853094_EnterceptExceptions.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\BOPDATA\_Date-20070327_Time-162853094_EnterceptRules.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\AccessProtectionLog.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\BufferOverflowProtectionLog.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\OnAccessScanLog.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechISTsvc.zip/istsvc.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechISTsvc.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechISTsvc1.zip/istsvc.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechISTsvc1.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechSlotch.zip/istsvc.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechSlotch.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\46hlezl1.default\cert8.db Object is locked skipped
C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\46hlezl1.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\46hlezl1.default\history.dat Object is locked skipped
C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\46hlezl1.default\key3.db Object is locked skipped
C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\46hlezl1.default\parent.lock Object is locked skipped
C:\Documents and Settings\Jim\Application Data\Teleca\Telecalib\Logging\Application logs\SpecificUSB_log.txt Object is locked skipped
C:\Documents and Settings\Jim\Complete\3 Girl On Kitchen Table Masturbates.zip/Video.exe Infected: Trojan-Dropper.Win32.WinAD.h skipped
C:\Documents and Settings\Jim\Complete\3 Girl On Kitchen Table Masturbates.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Jim\Complete\6 Teenie Getting Pounded In Kitchen.zip/Video.exe Infected: Trojan-Dropper.Win32.WinAD.h skipped
C:\Documents and Settings\Jim\Complete\6 Teenie Getting Pounded In Kitchen.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Jim\Complete\Bald Guy Enjoys Licking Moist Clit In A Hot Kitchen.zip/Video.exe Infected: Trojan-Dropper.Win32.WinAD.h skipped
C:\Documents and Settings\Jim\Complete\Bald Guy Enjoys Licking Moist Clit In A Hot Kitchen.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Jim\Complete\Beauties Lick Toes And Masturbate In Their Kitchen.zip/Video.exe Infected: Trojan-Dropper.Win32.WinAD.h skipped
C:\Documents and Settings\Jim\Complete\Beauties Lick Toes And Masturbate In Their Kitchen.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Jim\Complete\Gay Amateur Gets Wild Anal Bang On Bed.zip/Video.exe Infected: Trojan-Dropper.Win32.WinAD.h skipped
C:\Documents and Settings\Jim\Complete\Gay Amateur Gets Wild Anal Bang On Bed.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Jim\Complete\Huge Titties Getting Soaped Up In The Kitchen Sink.zip/Video.exe Infected: Trojan-Dropper.Win32.WinAD.h skipped
C:\Documents and Settings\Jim\Complete\Huge Titties Getting Soaped Up In The Kitchen Sink.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Jim\Complete\Slim Gay Student Gives Wild Oral ######.zip/Video.exe Infected: Trojan-Dropper.Win32.WinAD.h skipped
C:\Documents and Settings\Jim\Complete\Slim Gay Student Gives Wild Oral ######.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Jim\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Jim\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Jim\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Jim\Local Settings\Application Data\Mozilla\Firefox\Profiles\46hlezl1.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Jim\Local Settings\Application Data\Mozilla\Firefox\Profiles\46hlezl1.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Jim\Local Settings\Application Data\Mozilla\Firefox\Profiles\46hlezl1.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Jim\Local Settings\Application Data\Mozilla\Firefox\Profiles\46hlezl1.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Jim\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Jim\Local Settings\Temp\~DF2510.tmp Object is locked skipped
C:\Documents and Settings\Jim\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Jim\ntuser.dat Object is locked skipped
C:\Documents and Settings\Jim\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{6076EFF1-E55A-41E4-913C-71A8429DE858}\RP235\A0071476.exe Infected: not-a-virus:AdWare.Win32.Bestofer.c skipped
C:\System Volume Information\_restore{6076EFF1-E55A-41E4-913C-71A8429DE858}\RP235\A0071477.dll/Catcher.dll Infected: not-a-virus:AdWare.Win32.Maxifiles.w skipped
C:\System Volume Information\_restore{6076EFF1-E55A-41E4-913C-71A8429DE858}\RP235\A0071477.dll ZIP: infected - 1 skipped
C:\System Volume Information\_restore{6076EFF1-E55A-41E4-913C-71A8429DE858}\RP235\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\ipxsdial.exe Infected: Trojan.Win32.Crypt.t skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\xxx.exe Infected: Trojan-Dropper.Win32.WinAD.e skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.


===========================

Logfile of HijackThis v1.99.1
Scan saved at 23:23:57, on 27/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Belkin\Belkin 802.11g Wireless Card Configuration Utility\utility.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\hijackthis\icmore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Wanadoo
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://www-cache.freeserve.com:8080;ftp=http://www-cache.freeserve.com:8080
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [VAIO Update 3] "C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Belkin 802.11g Wireless Card Utility.lnk = ?
O4 - Global Startup: BlueSoleil.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1102445446291
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O16 - DPF: {D1BDCFB6-22F8-4CBF-A080-85675F2466A2} (UEANetTeam.Scanner) - http://netreg.uea.ac.uk/UEANetTeam.CAB
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment File Import Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
O23 - Service: VAIO Entertainment Task Scheduler - Sony Corporation - C:\Program Files\Sony\VAIO Entertainment\VzTaskScheduler.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP (file missing)
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server (file missing)

#10 Rogue

Rogue

    Authentic Member

  • Authentic Member
  • PipPip
  • 179 posts

Posted 28 March 2007 - 07:52 AM

Hi Jim_,

OK WinPfind is being tempermental. Let's try another tool.

Now, enable the Show Hidden Folders option, like this:
Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading select Show hidden files and folders.
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.
*=========================*

Using Windows Explore by right-clicking the Start button and left clicking Explore navigate to and find the following files: if found, delete the following (some may not be present after previous steps):

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechISTsvc1.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechSlotch.zip
C:\WINDOWS\system32\xxx.exe
C:\WINDOWS\system32\ipxsdial.exe

Again using Windows Explore navigate to and find following folders: if found, delete the following (some may not be present after previous steps):

C:\Documents and Settings\Jim\Complete <<You may leave the folder but remove all the files inside the folder

Now empty your Recycle Bin
*=========================*

Download ComboScan to your Desktop.
http://www.techsuppo...d/comboscan.exe
  • Close all applications and windows.
  • Double-click on comboscan.exe to run it, and follow the prompts.
  • When the scan is complete, a text file will open - ComboScan.txt
  • Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of ComboScan.txt back into this thread.
Note: some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so.

What ComboScan will do:
  • create a new System Restore point in Windows XP and Vista.
  • clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
  • check some important areas of your system and produce a report for your analyst to review. ComboScan automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.
For users running Windows 2000, XP or Vista
*=========================*

Post the following

ComboScan.txt

Thanks,
Rogue

Edited by R0gue, 28 March 2007 - 08:07 AM.

Rogue
Trained at MalWare Removal University - A Cooperative Effort with WhatTheTech Classroom

    Advertisements

Register to Remove


#11 jim_

jim_

    New Member

  • Authentic Member
  • Pip
  • 14 posts

Posted 28 March 2007 - 09:05 AM

Hey, no problems this time. Two text files opened though, so I've just copied them both here.

Cheers.


ComboScan v20070306.20 run by Jim on 2007-03-28 at 15:58:28
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created ComboScan Restore Point.


-- Last 5 Restore Point(s) --
28: 2007-03-28 14:58:35 UTC - RP236 - ComboScan Restore Point
27: 2007-03-26 00:52:21 UTC - RP235 - Installed Java™ SE Runtime Environment 6
26: 2007-03-26 00:38:54 UTC - RP234 - Removed Java 2 Runtime Environment, SE v1.4.2_05
25: 2007-03-26 00:35:40 UTC - RP233 - Removed J2SE Runtime Environment 5.0 Update 3
24: 2007-03-21 23:31:05 UTC - RP232 - System Checkpoint


-- First Restore Point --
1: 2007-02-13 19:22:04 UTC - RP209 - System Checkpoint


Performed disk cleanup.


-- HijackThis (run as Jim.exe) -------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 15:58:51, on 28/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Belkin\Belkin 802.11g Wireless Card Configuration Utility\utility.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Documents and Settings\Jim\Desktop\comboscan.exe
C:\PROGRA~1\HIJACK~1\Jim.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Wanadoo
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://www-cache.freeserve.com:8080;ftp=http://www-cache.freeserve.com:8080
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [VAIO Update 3] "C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Belkin 802.11g Wireless Card Utility.lnk = ?
O4 - Global Startup: BlueSoleil.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1102445446291
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O16 - DPF: {D1BDCFB6-22F8-4CBF-A080-85675F2466A2} (UEANetTeam.Scanner) - http://netreg.uea.ac.uk/UEANetTeam.CAB
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment File Import Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
O23 - Service: VAIO Entertainment Task Scheduler - Sony Corporation - C:\Program Files\Sony\VAIO Entertainment\VzTaskScheduler.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP (file missing)
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server (file missing)


-- HijackThis Fixed Entries (C:\PROGRA~1\HIJACK~1\backups\) --------------------

backup-20060104-141101-205 F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
backup-20060104-141101-247 O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
backup-20060104-141101-370 O4 - HKLM\..\Run: [Tsl2] C:\PROGRA~1\COMMON~1\tsa\tsl2.exe
backup-20060104-141101-422 O4 - HKLM\..\Run: [MsMovies] C:\Program Files\MsMovies\MsMovies.exe /auto
backup-20060104-141101-637 O4 - HKLM\..\Run: [sp2update] C:\windows\sp2update00.exe
backup-20060104-141101-662 O4 - HKCU\..\RunServices: [p2pnetwork] p2pnetwork.exe
backup-20060104-141101-702 O4 - HKCU\..\Run: [DNS] C:\Program Files\Common Files\mc-58-12-0000140.exe
backup-20060104-141101-705 O4 - HKLM\..\Run: [virtual-ie] winlogi.exe
backup-20060104-141101-708 O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-58-12-0000137.exe
backup-20060104-141101-836 O4 - HKLM\..\RunServices: [virtual-ie] winlogi.exe
backup-20060104-141101-925 O4 - HKCU\..\Run: [p2pnetwork] p2pnetwork.exe
backup-20060112-201150-365 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
backup-20060112-201150-734 R3 - Default URLSearchHook is missing
backup-20060112-201150-954 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
backup-20070326-012921-138 O15 - Trusted Zone: *.sony-europe.com
backup-20070326-012921-485 O15 - Trusted Zone: *.vaio-link.com
backup-20070326-012921-595 O15 - Trusted Zone: *.sonystyle-europe.com

-- File Associations -----------------------------------------------------------

.bat - batfile - "%1" %*
.chm - chm.file - "C:\WINDOWS\hh.exe" %1
.cmd - cmdfile - "%1" %*
.com - comfile - "%1" %*
.exe - exefile - "%1" %*
.hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1
.inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1
.ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1
.js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %*
.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}
.pif - piffile - "%1" %*
.reg - regfile - regedit.exe "%1"
.scr - scrfile - "%1" /S
.txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1
.vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

3S alcan5wn (SpeedTouch USB ADSL PPP Networking Driver (NDISWAN)) - C:\WINDOWS\system32\drivers\alcan5wn.sys
3S alcaudsl (SpeedTouch ADSL Modem ATM Transport) - C:\WINDOWS\system32\drivers\alcaudsl.sys
3R ALCXSENS (Service for WDM 3D Audio Driver) - C:\WINDOWS\system32\drivers\ALCXSENS.SYS
3R ALCXWDM (Service for Realtek AC97 Audio (WDM)) - C:\WINDOWS\system32\drivers\ALCXWDM.SYS
3S aliadwdm (ALi Audio Accelerator WDM driver) - C:\WINDOWS\system32\drivers\ac97ali.sys
3R ApfiltrService (Alps Pointing-device Filter Driver) - C:\WINDOWS\system32\drivers\Apfiltr.sys
3R Arp1394 (1394 ARP Client Protocol) - C:\WINDOWS\system32\drivers\arp1394.sys
3R ati2mtag - C:\WINDOWS\system32\drivers\ati2mtag.sys
1R AVG Anti-Spyware Driver - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys
1R AvgAsCln (AVG Anti-Spyware Clean Driver) - C:\WINDOWS\system32\drivers\AvgAsCln.sys
3R BlueletAudio (Bluetooth Audio Service) - C:\WINDOWS\system32\drivers\blueletaudio.sys
3R BT (Bluetooth PAN Network Adapter) - C:\WINDOWS\system32\drivers\BtNetDrv.sys
3S Btcsrusb (Bluetooth USB For Bluetooth Service) - C:\WINDOWS\system32\drivers\btcusb.sys
3R BTHidEnum (Bluetooth HID Enumerator) - C:\WINDOWS\system32\drivers\vbtenum.sys
0R BTHidMgr (Bluetooth HID Manager Service) - C:\WINDOWS\system32\drivers\BTHidMgr.sys
0R caboagp (ATI Cabo AGP Filter) - C:\WINDOWS\system32\drivers\atisgkaf.SYS
3S CCDECODE (Closed Caption Decoder) - C:\WINDOWS\system32\drivers\CCDECODE.sys
1R DMICall (Sony DMI Call service) - C:\WINDOWS\system32\drivers\DMICall.sys
3R DNINDIS5 (DNINDIS5 NDIS Protocol Driver) - C:\Program Files\Belkin\Belkin 802.11g Wireless Card Configuration Utility\DNINDIS5.SYS
3R GEARAspiWDM (GEAR CDRom Filter) - C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
3S HidUsb (Microsoft HID Class Driver) - C:\WINDOWS\system32\drivers\hidusb.sys
3R HSFHWALI - C:\WINDOWS\system32\drivers\HSFHWALI.sys
3R HSF_DP - C:\WINDOWS\system32\drivers\HSF_DP.sys
1R intelppm (Intel Processor Driver) - C:\WINDOWS\system32\drivers\intelppm.sys
3S LEX_AS_NIC_SERVICE_YNOS (LAN-Express AS IEEE 802.11g Wireless Network Adapter Service) - C:\WINDOWS\system32\drivers\ExpasAG.sys
2R MDC8021X (AEGIS Protocol (IEEE 802.1x) v2.3.1.9) - C:\WINDOWS\system32\drivers\mdc8021x.sys
2R mdmxsdk - C:\WINDOWS\system32\drivers\mdmxsdk.sys
3S mouhid (Mouse HID Driver) - C:\WINDOWS\system32\drivers\mouhid.sys
3S MSTEE (Microsoft Streaming Tee/Sink-to-Sink Converter) - C:\WINDOWS\system32\drivers\MSTEE.sys
3S NABTSFEC (NABTS/FEC VBI Codec) - C:\WINDOWS\system32\drivers\NABTSFEC.sys
3R NaiAvFilter1 - C:\WINDOWS\system32\drivers\naiavf5x.sys
1R NaiAvTdi1 - C:\WINDOWS\system32\drivers\mvstdi5x.sys
3S NdisIP (Microsoft TV/Video Connection) - C:\WINDOWS\system32\drivers\NdisIP.sys
3R NIC1394 (1394 Net Driver) - C:\WINDOWS\system32\drivers\nic1394.sys
0R ohci1394 (Texas Instruments OHCI Compliant IEEE 1394 Host Controller) - C:\WINDOWS\system32\drivers\ohci1394.sys
2R PfModNT - C:\WINDOWS\system32\drivers\PfModNT.sys
0R PxHelp20 - C:\WINDOWS\system32\drivers\PxHelp20.sys
3R ROOTMODEM (Microsoft Legacy Modem Driver) - C:\WINDOWS\system32\drivers\rootmdm.sys
3R RT2500 (Belkin RT2500 Wireless Driver) - C:\WINDOWS\system32\drivers\RT2500.sys
3R RTL8023 (Realtek RTL8139/810x/8169/8110 all in one NDIS NT Driver) - C:\WINDOWS\system32\drivers\Rtlnic51.sys
3S SLIP (BDA Slip De-Framer) - C:\WINDOWS\system32\drivers\SLIP.sys
3R SNC (Sony Notebook Control Device) - C:\WINDOWS\system32\drivers\SonyNC.sys
3S streamip (BDA IPSink) - C:\WINDOWS\system32\drivers\StreamIP.sys
3R tifmsony - C:\WINDOWS\system32\drivers\tifmsony.sys
3R usbehci (Microsoft USB 2.0 Enhanced Host Controller Miniport Driver) - C:\WINDOWS\system32\drivers\usbehci.sys
3R usbohci (Microsoft USB Open Host Controller Miniport Driver) - C:\WINDOWS\system32\drivers\usbohci.sys
3S USBSTOR (USB Mass Storage Driver) - C:\WINDOWS\system32\drivers\USBSTOR.SYS
3R VComm (Virtual Serial port driver) - C:\WINDOWS\system32\drivers\VComm.sys
3R VcommMgr (Bluetooth VComm Manager Service) - C:\WINDOWS\system32\drivers\VcommMgr.sys
3R winachsf - C:\WINDOWS\system32\drivers\HSF_CNXT.sys
3S WSTCODEC (World Standard Teletext Codec) - C:\WINDOWS\system32\drivers\WSTCODEC.SYS
3R EntDrv51 - C:\WINDOWS\system32\drivers\entdrv51.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

3S aspnet_state (ASP.NET State Service) - C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
2R Ati HotKey Poller - C:\WINDOWS\system32\Ati2evxx.exe
3S AVG Anti-Spyware Guard - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
2R BlueSoleil Hid Service - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
2R Creative Service for CDROM Access - C:\WINDOWS\system32\CTSvcCDA.EXE
3S IDriverT (InstallDriver Table Manager) - "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"
3S iPodService (iPod Service) - "C:\Program Files\iPod\bin\iPodService.exe"
2R McShield (Network Associates McShield) - "C:\Program Files\Network Associates\VirusScan\mcshield.exe"
2R McTaskManager (Network Associates Task Manager) - "C:\Program Files\Network Associates\VirusScan\vstskmgr.exe"
2R UMWdf (Windows User Mode Driver Framework) - C:\WINDOWS\system32\wdfmgr.exe
3S VAIO Entertainment Aggregation and Control Service - "C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe"
3S VAIO Entertainment File Import Service - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
3S VAIO Entertainment Task Scheduler - "C:\Program Files\Sony\VAIO Entertainment\VzTaskScheduler.exe"
3S VAIO Entertainment TV Device Arbitration Service - "C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe"
3S VAIO Entertainment UPnP Client Adapter - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe -RunBySCM
3S VAIOMediaPlatform-IntegratedServer-AppServer (VAIO Media Integrated Server) - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
3S VAIOMediaPlatform-IntegratedServer-HTTP (VAIO Media Integrated Server (HTTP)) - "C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP"
3S VAIOMediaPlatform-IntegratedServer-UPnP (VAIO Media Integrated Server (UPnP)) - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
3S VAIOMediaPlatform-Mobile-Gateway (VAIO Media Gateway Server) - "C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server"
2R WMDM PMSP Service - C:\WINDOWS\system32\MsPMSPSv.exe


-- Files created between 2007-02-28 and 2007-03-28 -----------------------------

2007-03-27 17:05:38 0 d-------- C:\WINDOWS\system32\Kaspersky Lab<KASPER~1>
2007-03-26 01:59:49 3968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-03-26 01:59:44 0 d-------- C:\Program Files\Grisoft
2007-03-26 01:52:25 0 d-------- C:\Program Files\Common Files\Java
2007-03-21 01:43:00 0 d-------- C:\Program Files\Incomplete<INCOMP~1>
2007-03-06 00:39:32 0 d-------- C:\Update


-- Find3M Report ---------------------------------------------------------------

2007-03-28 15:56:58 0 d-------- C:\Program Files\Mozilla Firefox<MOZILL~1>
2007-03-26 01:52:25 0 d-------- C:\Program Files\Java
2007-03-24 01:49:04 0 d-------- C:\Program Files\LimeWire
2007-03-06 15:30:21 0 d-------- C:\Program Files\Sony
2007-03-06 00:41:28 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-03-05 00:49:53 0 d-------- C:\Program Files\OpenOffice.org 2.0<OPENOF~1.0>
2007-03-05 00:48:21 0 d-------- C:\Documents and Settings\Jim\Application Data\OpenOffice.org2<OPENOF~1.ORG>
2007-01-29 09:58:06 60416 -----n--- C:\WINDOWS\system32\tzchange.exe


-- Registry Dump ---------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Apoint"="C:\\Program Files\\Apoint\\Apoint.exe"
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"Mouse Suite 98 Daemon"="ICO.EXE"
"SonyPowerCfg"="C:\\Program Files\\Sony\\VAIO Power Management\\SPMgr.exe"
"SpeedTouch USB Diagnostics"="\"C:\\Program Files\\Thomson\\SpeedTouch USB\\Dragdiag.exe\" /icon"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
@=""
"Sony Ericsson PC Suite"="\"C:\\Program Files\\Sony Ericsson\\Mobile2\\Application Launcher\\Application Launcher.exe\" /startoptions"
"ShStatEXE"="\"C:\\Program Files\\Network Associates\\VirusScan\\SHSTAT.EXE\" /STANDALONE"
"McAfeeUpdaterUI"="\"C:\\Program Files\\Network Associates\\Common Framework\\UpdaterUI.exe\" /StartedFromRunKey"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"VAIO Update 3"="\"C:\\Program Files\\Sony\\VAIO Update 3\\VAIOUpdt.exe\" /Stationary"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0\\bin\\jusched.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Acrobat Assistant.lnk"
"backup"="C:\\WINDOWS\\pss\\Acrobat Assistant.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Distillr\\acrotray.exe "
"item"="Acrobat Assistant"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Wanadoo Connection Kit.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Wanadoo Connection Kit.lnk"
"backup"="C:\\WINDOWS\\pss\\Wanadoo Connection Kit.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\Wanadoo\\WANADO~1\\ATDIAL~1.EXE "
"item"="Wanadoo Connection Kit"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcctMgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AcctMgr"
"hkey"="HKLM"
"command"="C:\\Program Files\\Norton Password Manager\\AcctMgr.exe /startup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0



-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.pacimedia.com
127.0.0.1 www.pacimedia.com
127.0.0.1 www.pacimedia.com
127.0.0.1 www.pacimedia.com
127.0.0.1 www.pacimedia.com
127.0.0.1 www.pacimedia.com
127.0.0.1 www.pacimedia.com
127.0.0.1 www.pacimedia.com
127.0.0.1 www.pacimedia.com
127.0.0.1 www.pacimedia.com

3 more entries in hosts file.


-- End of ComboScan: finished at 2007-03-28 at 15:59:25 ------------------------


===================================================

ComboScan v20070306.20 run by Jim on 2007-03-28 at 15:58:28
Supplementary logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Mobile Intel® Pentium® 4 CPU 3.06GHz
Percentage of Memory in Use: 68%
Physical Memory (total/avail): 446.98 MiB / 140 MiB
Pagefile Memory (total/avail): 1057.66 MiB / 828.79 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1998.46 MiB

C: is Fixed (NTFS) - 18.63 GiB total, 2.19 GiB free.
D: is Fixed (NTFS) - 13.2 GiB total, 8.85 GiB free.
E: is Removable (No Media)
F: is CDROM (No Media)


-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.



-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Jim\Application Data
CLASSPATH=C:\Program Files\Java\j2re1.4.2_05\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=ORESTES
ComSpec=C:\WINDOWS\system32\cmd.exe
DEFAULT_CA_NR=CA6
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Jim
LOGONSERVER=\\ORESTES
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Teleca Shared
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 1, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0401
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\j2re1.4.2_05\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Jim\LOCALS~1\Temp
TMP=C:\DOCUME~1\Jim\LOCALS~1\Temp
USERDOMAIN=ORESTES
USERNAME=Jim
USERPROFILE=C:\Documents and Settings\Jim
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Jim (admin)
other (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1888DAFD-C634-4BC4-865C-3455E24F6177}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1888DAFD-C634-4BC4-865C-3455E24F6177}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDC05F7-83E4-4611-AD3C-A6EB2100332A}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDC05F7-83E4-4611-AD3C-A6EB2100332A}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67AEFC4C-69E4-11D7-85F4-00E018013273}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67AEFC4C-69E4-11D7-85F4-00E018013273}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{869D88A5-BD6C-4E39-8536-D95259EAD7E8}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{869D88A5-BD6C-4E39-8536-D95259EAD7E8}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{881A74B3-3D17-4842-B9AF-0761C6E6C4B5}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{881A74B3-3D17-4842-B9AF-0761C6E6C4B5}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B5BAAFAE-3561-463D-8E3F-91761A57ADB8}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B5BAAFAE-3561-463D-8E3F-91761A57ADB8}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BB82A76F-C3A1-4EBE-9788-148240FFDEE6}\SETUP.EXE" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x9 /remove
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Acrobat Elements 6.0 --> MsiExec.exe /I{E5E6E687-1033-BA7E-6000-000000000001}
Adobe Photoshop Album 2.0 Starter Edition --> MsiExec.exe /I{11B569C2-4BF6-4ED0-9D17-A4273943CB24}
Adobe Photoshop Elements 2.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop Elements 2\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop Elements 2\Uninst.dll"
Adobe Premiere Standard --> RunDll32 "C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll",LaunchSetup "C:\Program Files\InstallShield Installation Information\{7998F67D-655B-42E3-B651-18D96DD17268}\setup.exe"
Adobe Reader 6.0.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
Azureus --> C:\Program Files\Azureus\Uninstall.exe
Belkin 802.11g Wireless Card --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B1F9C281-41BB-46C9-A633-81B014914B9C}\Setup.exe"
BitTorrent 4.4.1 --> "C:\Program Files\BitTorrent\uninstall.exe"
BlueSoleil --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B9F499B8-D1F0-42FC-84BE-CC552123CCCB}\Setup.exe" -l0x9
Click to DVD 2.0.01 Menu Data --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98A3A654-3AEF-42D9-BA91-DE5815EA5897}\setup.exe"
Click to DVD 2.1.10 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7C2F71B2-6C73-11D6-B659-00C04F790F76}\setup.exe"
Creative MediaSource --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\SETUP.EXE" -l0x9 /remove
DivX --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
DVgate Plus --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{685BCC47-B8EC-45EC-BBCE-77DF2451502C}\Setup.exe" -l0x9
foobar2000 --> "C:\Program Files\foobar2000\uninstall.exe"
HijackThis 1.99.1 --> C:\Program Files\hijackthis\HijackThis.exe /uninstall
InterActual Player --> C:\Program Files\InterActual\InterActual Player\inuninst.exe
InterVideo WinDVD 5 for VAIO --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
InterVideo WinDVDX --> "C:\Program Files\InstallShield Installation Information\{1A91D1FA-B9B3-4556-9878-5C61059A19B2}\setup.exe" REMOVEALL
iTunes --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{0552A36D-0D7E-4FF5-8FDB-6629ABA7C779}
Java™ SE Runtime Environment 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
Kaspersky Online Scanner --> C:\WINDOWS\system32\KASPER~1\KASPER~1\kavuninstall.exe
LAN-Express AS IEEE 802.11 Wireless LAN --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FCCB0B43-7A6D-49A4-A5B3-B10F592F4EB6}\Setup.exe" -l0x9
LimeWire PRO 4.10.9 --> "C:\Program Files\LimeWire\uninstall.exe"
Macromedia Flash Player --> MsiExec.exe /X{27579b3c-5470-4496-be6c-0c872674f19f}
Macromedia Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
McAfee VirusScan Enterprise --> MsiExec.exe /X{5DF3D1BB-894E-4DCD-8275-159AC9829B43}
Memory Stick Formatter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{27337663-2619-11D4-99DC-0000F49094C7}\Setup.exe" -l0x9 /UNINSTALL
Microsoft Works 7.0 --> MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}
MoodLogic --> C:\WINDOWS\ml-uninstall-v10.exe
Morrowind --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\Bethesda Softworks\Morrowind\MWUninstall\Setup.exe" -l0x9
Mozilla Firefox (1.5.0.11) --> C:\Program Files\Mozilla Firefox\uninstall\uninstall.exe /ua "1.5.0.11 (en-GB)"
MSN Messenger 7.0 --> MsiExec.exe /I{ABEB838C-A1A7-4C5D-B7E1-8B4314600813}
My Info Centre --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{62B715BC-01F5-4CC9-9811-D24ED44C16D4} /l2057
NOMAD MuVo TX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BB82A76F-C3A1-4EBE-9788-148240FFDEE6}\SETUP.EXE" -l0x9 /remove
PictureGear Studio 2.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88DA0A52-3372-4803-971A-ADFB961707E8}\Setup.exe"
QuickTime --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{0B69DA57-BC7D-461D-B7D6-2AA9F08869CD} /l1033
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
SoftV92 Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_10B9&DEV_5457&SUBSYS_8175104D\HXFSETUP.EXE -U -IVEN_10B9&DEV_5457&SUBSYS_8175104D
Sonic RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
SonicStage Mastering Studio 1.3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BF3B304B-8A18-452D-A19F-6012CA8418D7}\Setup.exe" -l0x9
SonicStage Mastering Studio Audio Filter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB467B85-4F52-48C2-AEED-0673D00417B0}\Setup.exe" -l0x9
SonicStage Mastering Studio Plugins 1.3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE7EB179-5AA2-4B28-AC92-5CBAAF82BA7F}\Setup.exe" -l0x9
Sony Ericsson PC Suite 1.20.224 --> MsiExec.exe /I{7689CA7A-1270-425A-9959-EB4CB25EA29A}
Sony Notebook Setup --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{936FADC9-C609-471A-B6F2-A33E2E660D1A}\Setup.exe" -l0x9
Sony USB Mouse --> Pmuninst.exe MouseSuite98
Sony Utilities DLL --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EF3D45BB-2260-4008-88EA-492E7744A9DF}\Setup.exe" -l0x9
Sony Video Shared Library --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6990A2BF-D1D2-11D3-81BC-00609789C908}\setup.exe"
Soulseek Client 152 --> C:\WINDOWS\UnGins.exe "C:\Program Files\Soulseek\install.log"
SoulSeek Client 156c --> "C:\Program Files\Soulseek\uninstall.exe"
SpeedTouch USB Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D41FAAA9-8048-4906-86B2-9AADEA1FA0B7}\setup.exe" /l0009 -Control_Panel
TES Construction Set --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\Bethesda Softworks\Morrowind\CSUninstall\Setup.exe" -l0x9
VAIO Edit Components --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{761C9026-14F0-4352-8658-934558272404}\setup.exe"
VAIO Entertainment Platform --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D917FD82-6CE5-489A-AAF8-C701AAC85C4D}\Setup.exe" -l0x9
VAIO GrandBlue Wallpaper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D8E2BDAE-4AEB-464D-A410-89AF090B08D9}\Setup.exe" -l0x9
VAIO Launcher --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A43F939E-A863-433D-AC78-0897E44CFEB2}\setup.exe" -l0x9
VAIO Media 3.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1EB317D8-8945-4FD6-B37F-DF470317C6AB}\Setup.exe" -l0x9 UNINSTALL
VAIO Media Integrated Server 3.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A79D11B-FD82-4A5E-834F-20173515DD14}\setup.exe" -l0x9 UNINSTALL
VAIO Media Redistribution 3.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7128C69B-8F7E-4336-8698-3FD3CDD955EC}\Setup.exe" -l0x9 UNINSTALL
VAIO Online Registration (English) --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{668B1BD6-4593-4959-970E-249AFFE6F35C} /l2057
VAIO Power Management --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9E319E96-ED8E-4B01-9775-C521A1869A25}\Setup.exe" -l0x9
VAIO Product Survey (English) --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{9080C5D2-82FA-452A-87FA-CBB4B05D67A5} /l2057
VAIO SLIT-A Screen Saver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8D324F1B-A39E-4D5A-BA58-147416FE019A}\Setup.exe" -l0x9
VAIO SLIT-B Screen Saver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3600FB01-C63B-4A3D-B044-BB21792C6811}\Setup.exe" -l0x9
VAIO SLIT-C Screen Saver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{01AF4645-78E6-46C4-B528-54863679CC40}\Setup.exe" -l0x9
VAIO SLIT Pattern Wallpaper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{266AEE68-5718-4A31-BDD3-D356B1250C70}\Setup.exe" -l0x9
VAIO SLIT Scene Wallpaper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A17456ED-3432-49FF-A14D-E0F00A96A2AA}\Setup.exe" -l0x9
VAIO Update 3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9E158BB9-37B9-464B-837E-CC1D5766291B}\setup.exe" -l0x9 -removeonly
VAIO Zone --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ED8D39F2-7FFA-45EC-B148-EF2472955BB4}\Setup.exe" -l0x9
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
x-black LCD --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{546CCE4F-3620-47A8-98C9-4D6FD8F311AF} /l2057


-- End of ComboScan: finished at 2007-03-28 at 15:59:25 ------------------------

#12 Rogue

Rogue

    Authentic Member

  • Authentic Member
  • PipPip
  • 179 posts

Posted 28 March 2007 - 12:29 PM

Hi Jim_, Nothing major is sticking out that I can see in the logs now. I do see you have Limewire installed. Nothing wrong with Limewire itself but file sharing can lead to severe infections. Those infected files located inside C:\Program Files\Complete were just an example. As well as those listed in HJT backup folder all come from file sharing. I do see you have a recently created folder C:\Program Files\Incomplete. I would suggest removing any files inside that folder also. How is the system running now? If it’s OK I’ll post some finishing touches to clean up the mess we have made and give you some recommendations on future prevention. Rogue
Rogue
Trained at MalWare Removal University - A Cooperative Effort with WhatTheTech Classroom

#13 jim_

jim_

    New Member

  • Authentic Member
  • Pip
  • 14 posts

Posted 31 March 2007 - 08:05 AM

Hey, sorry for the delay in reply, I haven't been able to get online for the past few days. I just ran a video on youtube, to see if it was stuttering like it has been for a while, and it seems to be playing fine. The system seems to be running okay again. So I think we're cool to go ahead with any finishing touches, and I'll definitely be taking your advice on Limewire and such. Thanks a lot for your time and for your help.

#14 Rogue

Rogue

    Authentic Member

  • Authentic Member
  • PipPip
  • 179 posts

Posted 31 March 2007 - 01:11 PM

Hi Jim_

Glad to hear the system is running better.

Let's tidy things up a bit.

Uninstall the following tools or files.

WinPFind3U.exe from your Desktop
Kapersky Online AV Scanner log from desktop
comboscan.exe from desktop (Green Circle with + sign)
c:\ComboScan folder

These were problem specific and were not intended for everyday use.

Optional to tools or file to uninstall
HiJackThis from add/remove programs. If you should ever encounter another problem and seek help in this forum or others like it, you will need to re-download this application.
Kapersky Online AV from add/remove programs. You can continue to use Kapersky along with your resident AV . This will only detect viruses, not remove them. Not all detections are bad so be careful.
AVG Anti-Spyware v7.5 from add/remove programs This is a good tool to keep. You have a 30 day trial. Afterwards it will NOT automatically update, you will have to do it manually. I would suggest keeping it and suggest using it..
ATF-Cleaner from Desktop. This is another great tool I suggest keeping though. Great for general system performance if you surf alot. Run weekly or when you feel performance is slowing.
*========================*

Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

Restart your computer

Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Un-Check Turn off System Restore.
Click Apply, and then click OK.
*========================*

And that's all. But to help protect you against further infections, and also to help prevent criminals using your computer to infect other people's computers on the web, I recommend the following: (You may already have some of the items)
  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialise and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt
      • When all these settings have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Use an Anti Virus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. See this link for a listing of some on line & their stand-alone anti virus programs:
    Click here for more information on -> Computer Safety On line - Anti-Virus

    I would recommend Grisofts© AVG or AVAST©. As these are the more secure and since they will block both in and out traffic.
  • Update your Anti Virus Software - It is imperitive that you update your Anti virus software at least once a week (Even more if you wish). If you do not update your anti virus software then it will not be able to catch any of the new variants that may come out.
  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. For an article on Firewalls and a listing of some available ones see the link below:
    Click here for more information on -> Computer Safety On line - Software Firewalls

    I would recommend ZoneAlarm© as a firewall as it's easy to use. But for a more secure firewall, Sunbelts Kerio© is the one.
  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit <a href="http://www.windowsupdate.com" target="_blank">http://www.windowsupdate.com</a> regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

    Set up system to ensure a regular update of the Operating System.

    Automatically:
    • On the Desktop, right-click My Computer.
    • Click Properties.
    • Click on Automatic Updates
    • Check the option of choice (I use Automatic (Recommended)). If you use dial-up I would recommend using the
      Notify Me option so that you can download when you can afford the time and bandwidth overheads.
    • Select the Day/Time of choice
    • Click Apply
    • Click OK

    Next, if they're not already present, I would recommend the download and installation of some or all of the following programs (all free), and the updating of them regularly
  • Install Spybot© - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option.
    This will provide real-time spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an anti virus software. A tutorial on installing & using this product can be found here: Click here for more info -->Instructions for - Spybot S & D and Ad-aware
  • Install Lavasofts© Ad-Aware - Install and download Ad-Aware. You should also scan your computer with the program on a regular basis just as you would an anti virus software in conjunction with Spybot. A tutorial on installing & using this product can be found here: Click here for more info -->Instructions for - Spybot S & D and Ad-aware
  • Install Javacools© SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer and Firefox settings and that will protect you from running and downloading known malicious programs. A article on anti-malware products with links for this program and others can be found here: Click here for more info -->Computer Safety on line - Anti-Malware
  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and you are less susceptible to attacks.

Safe Surfing,

Rogue

Edited by R0gue, 31 March 2007 - 01:14 PM.

Rogue
Trained at MalWare Removal University - A Cooperative Effort with WhatTheTech Classroom

#15 Rogue

Rogue

    Authentic Member

  • Authentic Member
  • PipPip
  • 179 posts

Posted 01 April 2007 - 12:21 PM

Glad we could be of assistance. This topic is now closed. If you wish it reopened, please send us an email (Click for address) with a link to your thread.

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
Make sure you use proper prevention to keep from having problems occur to your computer in the future.

Coyote's Installed programs for prevention:
http://forums.tomcoy...ams_t31418.html

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Visit the CoyoteStore http://TomCoyote.org/coyotestore.php
Rogue
Trained at MalWare Removal University - A Cooperative Effort with WhatTheTech Classroom

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users