Thread: Random audio ads/music/scenes, routing.exe, macidwe.exe, perfs.exe, tdxdowkc.exe
View Single Post
Old 08-14-2008, 08:20 AM   #3 (permalink)
tppiii
Registered User
 
Join Date: Aug 2008
Location: Connecticut
Posts: 10
OS: Windows XP Sp3


Re: Random audio ads/music/scenes, routing.exe, macidwe.exe, perfs.exe, tdxdowkc.exe
Attached is the combofix and hjthis log as you requested. Sorry for the delay.

I had to run combofix twice. The first time around, my computer powered off since the battery died. So I had to plug in the laptop and reran things. I ended up leaving combofix running and went to bed, and when i came back, my computer was restarted and I logged into Windows and it made the log.

Thank you so much for your help.

ComboFix 08-08-13.02 - Tan Pham 2008-08-14 2:01:37.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1364 [GMT -4:00]
Running from: C:\Documents and Settings\Tan Pham\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\LocalService\Application Data\macromedia\Flash Player\#SharedObjects\LBDJGAAP\interclick.com
C:\Documents and Settings\LocalService\Application Data\macromedia\Flash Player\#SharedObjects\LBDJGAAP\interclick.com\ud.sol
C:\Documents and Settings\LocalService\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\LocalService\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\NetworkService\Application Data\macromedia\Flash Player\#SharedObjects\8VMXRE2T\interclick.com
C:\Documents and Settings\NetworkService\Application Data\macromedia\Flash Player\#SharedObjects\8VMXRE2T\interclick.com\ud.sol
C:\Documents and Settings\NetworkService\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\NetworkService\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\Tan Pham\Application Data\macromedia\Flash Player\#SharedObjects\TXQYMC2Z\interclick.com
C:\Documents and Settings\Tan Pham\Application Data\macromedia\Flash Player\#SharedObjects\TXQYMC2Z\interclick.com\ud.sol
C:\Documents and Settings\Tan Pham\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Tan Pham\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\Tan Pham\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\WINDOWS\BM5b950fec.txt
C:\WINDOWS\system32\hytdbxav.ini
C:\WINDOWS\system32\jbhprwlq.ini
C:\WINDOWS\system32\lsprst7.dll
C:\WINDOWS\system32\nsprs.dll
C:\WINDOWS\system32\oqrxtpnd.ini
C:\WINDOWS\system32\serauth1.dll
C:\WINDOWS\system32\serauth2.dll
C:\WINDOWS\system32\ssprs.dll
C:\WINDOWS\system32\thmmhgsw.ini
C:\WINDOWS\system32\vofgwgac.ini
.
---- Previous Run -------
.
C:\WINDOWS\cookies.ini
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\setup.exe
C:\WINDOWS\system32\afinding.exe
C:\WINDOWS\system32\atsxyzd.sys
C:\WINDOWS\system32\Cache
C:\WINDOWS\system32\comsa32.sys
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\Nobicyt.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_AFINDING
-------\Legacy_MACIDWE
-------\Legacy_PERFMONS
-------\Legacy_PERFS
-------\Legacy_ROUTING
-------\Legacy_SOBICYT
-------\Legacy_TDXDOWKC
-------\Legacy_WSERVING
-------\Service_AFinding
-------\Service_macidwe
-------\Service_perfmons
-------\Service_perfs
-------\Service_Routing
-------\Service_sobicyt
-------\Service_tdxdowkc
-------\Service_WServing


((((((((((((((((((((((((( Files Created from 2008-07-14 to 2008-08-14 )))))))))))))))))))))))))))))))
.

2008-08-11 18:43 . 2008-08-11 18:43 <DIR> d-------- C:\Nokia
2008-08-11 18:43 . 2008-08-11 18:43 <DIR> d-------- C:\Documents and Settings\Tan Pham\.Nokia
2008-08-11 18:38 . 2008-08-11 18:43 <DIR> d--h----- C:\Program Files\Zero G Registry
2008-08-11 18:38 . 2008-08-11 18:38 <DIR> d--h----- C:\Documents and Settings\Tan Pham\InstallAnywhere
2008-08-11 04:16 . 2008-08-11 04:16 169,312 --a------ C:\Babyboy.mp3
2008-08-11 01:01 . 2006-11-05 08:36 184,737 --a------ C:\robot.mp3
2008-08-08 20:27 . 2008-02-15 12:45 172,032 --a------ C:\WINDOWS\system32\igfxres.dll
2008-08-08 15:43 . 2008-08-08 15:43 <DIR> d-------- C:\WINDOWS\system32\Lang
2008-08-08 15:43 . 2008-02-15 13:12 5,854,752 --a------ C:\WINDOWS\system32\drivers\igxpmp32.sys
2008-08-08 15:43 . 2008-02-15 13:12 2,643,968 --a------ C:\WINDOWS\system32\igxpdx32.dll
2008-08-08 15:43 . 2008-02-15 13:12 1,670,144 --a------ C:\WINDOWS\system32\igxpdv32.dll
2008-08-08 15:43 . 2008-03-07 12:56 920,088 --a------ C:\WINDOWS\system32\igxpun.exe
2008-08-08 15:43 . 2008-02-15 12:49 176,128 --a------ C:\WINDOWS\system32\igfxrsky.lrc
2008-08-08 15:43 . 2008-02-15 12:49 172,032 --a------ C:\WINDOWS\system32\igfxrslv.lrc
2008-08-08 15:43 . 2008-02-15 13:12 151,040 --a------ C:\WINDOWS\system32\igxpgd32.dll
2008-08-08 15:43 . 2008-02-15 13:21 147,456 --a------ C:\WINDOWS\system32\igfxCoIn_v4926.dll
2008-08-08 15:43 . 2008-02-15 13:12 57,344 --a------ C:\WINDOWS\system32\igxprd32.dll
2008-08-08 15:32 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-08-08 15:29 . 2008-08-08 15:29 <DIR> d-------- C:\Program Files\Viewpoint
2008-08-08 01:01 . 2008-08-08 01:01 <DIR> d-------- C:\Deckard
2008-08-08 00:58 . 2008-08-08 00:58 <DIR> d-------- C:\ie-spyad_zo
2008-08-08 00:45 . 2008-08-08 00:45 <DIR> d-------- C:\Documents and Settings\Tan Pham\Application Data\Uniblue
2008-08-08 00:30 . 2008-08-08 00:30 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-07 21:43 . 2008-08-07 21:43 <DIR> d-------- C:\NVIDIA
2008-08-07 21:43 . 2007-12-18 21:06 356,352 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2008-08-07 19:07 . 2008-08-07 19:07 <DIR> d-------- C:\Documents and Settings\Tan Pham\Application Data\InstallShield Installation Information
2008-08-07 18:45 . 2008-08-07 18:45 <DIR> d-------- C:\Program Files\Unreal Tournament 3
2008-08-07 18:45 . 2008-08-07 18:45 <DIR> d-------- C:\Program Files\AGEIA Technologies
2008-08-07 01:48 . 2008-08-07 01:48 <DIR> d-------- C:\Documents and Settings\Tan Pham\Application Data\.Tribler
2008-08-07 01:48 . 2008-08-07 01:48 <DIR> d-------- C:\Documents and Settings\Tan Pham\Application Data\.SwarmPlayer
2008-08-07 01:47 . 2008-08-07 01:48 <DIR> d-------- C:\Program Files\SwarmPlayer
2008-08-06 11:54 . 2008-08-06 11:54 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AdobeUM
2008-08-06 01:35 . 1999-03-10 17:07 934,160 --a------ C:\WINDOWS\system32\msjava.dll
2008-08-06 01:26 . 2008-08-06 01:26 <DIR> d-------- C:\Program Files\UltraISO
2008-08-06 01:26 . 2008-08-06 01:26 <DIR> d-------- C:\Program Files\Common Files\EZB Systems
2008-08-05 22:55 . 2008-08-05 22:55 <DIR> d-------- C:\Program Files\Common Files\Risxtd
2008-08-05 22:55 . 2008-08-05 22:55 <DIR> d-------- C:\Program Files\Common Files\ResearchSoft
2008-08-05 22:55 . 2008-08-13 21:14 <DIR> d-------- C:\Documents and Settings\Tan Pham\Application Data\EndNote
2008-08-05 22:52 . 2008-08-05 22:55 <DIR> d-------- C:\Program Files\EndNote X2
2008-08-05 22:51 . 2008-08-05 22:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Thomson.ResearchSoft.Installers
2008-08-04 03:14 . 2008-08-04 03:14 <DIR> d-------- C:\Program Files\Vivaty
2008-08-03 21:58 . 2008-08-03 21:58 <DIR> d-------- C:\WINDOWS\occache
2008-08-03 21:58 . 2008-08-03 21:58 <DIR> d-------- C:\Program Files\Learn2.com
2008-08-03 21:58 . 2008-08-03 22:07 <DIR> d-------- C:\Program Files\AOL Companion
2008-08-03 21:56 . 2003-05-30 13:46 1,706,800 --a------ C:\WINDOWS\system32\gdiplus.dll
2008-08-03 21:56 . 2003-08-15 15:17 153,088 --a------ C:\WINDOWS\system32\jgdwmie.dll
2008-08-03 21:56 . 2003-01-10 17:13 65,536 --a------ C:\WINDOWS\wanmpsvc.exe
2008-08-03 21:56 . 2003-01-10 17:13 33,588 --a------ C:\WINDOWS\system32\drivers\wanatw4.sys
2008-08-03 21:56 . 2003-08-15 15:16 24,659 --a------ C:\WINDOWS\system32\aolddial.dll
2008-08-03 21:55 . 2008-08-03 21:58 <DIR> d-------- C:\Program Files\Common Files\aolshare
2008-08-03 21:55 . 2008-08-12 22:32 <DIR> d-------- C:\Program Files\America Online 9.0
2008-08-02 16:44 . 2008-08-02 16:44 2 --a------ C:\WINDOWS\msoffice.ini
2008-08-02 16:14 . 2008-08-03 00:25 <DIR> d-------- C:\Program Files\Samsung
2008-08-02 14:40 . 2008-08-02 14:41 <DIR> d-------- C:\Documents and Settings\Tan Pham\Application Data\Yahoo!
2008-08-02 14:40 . 2008-08-02 14:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-08-02 00:04 . 2008-08-02 00:04 <DIR> d---s---- C:\Documents and Settings\NetworkService\UserData
2008-08-01 20:52 . 2008-08-01 20:52 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2008-08-01 20:24 . 2008-08-01 20:24 <DIR> d-------- C:\Program Files\Motorola
2008-08-01 20:24 . 2006-07-28 08:12 40,960 --a------ C:\WINDOWS\system32\drivers\motodrv.sys
2008-08-01 20:02 . 2008-08-01 20:02 92,064 --a------ C:\WINDOWS\system32\drivers\mqdmmdm.sys
2008-08-01 20:02 . 2008-08-01 20:02 92,064 --a------ C:\Documents and Settings\Tan Pham\mqdmmdm.sys
2008-08-01 20:02 . 2008-08-01 20:02 79,328 --a------ C:\WINDOWS\system32\drivers\mqdmserd.sys
2008-08-01 20:02 . 2008-08-01 20:02 79,328 --a------ C:\Documents and Settings\Tan Pham\mqdmserd.sys
2008-08-01 20:02 . 2008-08-01 20:02 66,656 --a------ C:\WINDOWS\system32\drivers\mqdmbus.sys
2008-08-01 20:02 . 2008-08-01 20:02 66,656 --a------ C:\Documents and Settings\Tan Pham\mqdmbus.sys
2008-08-01 20:02 . 2008-08-01 20:02 9,232 --a------ C:\WINDOWS\system32\drivers\mqdmmdfl.sys
2008-08-01 20:02 . 2008-08-01 20:02 9,232 --a------ C:\Documents and Settings\Tan Pham\mqdmmdfl.sys
2008-08-01 20:02 . 2008-08-01 20:02 6,208 --a------ C:\WINDOWS\system32\drivers\mqdmcmnt.sys
2008-08-01 20:02 . 2008-08-01 20:02 6,208 --a------ C:\WINDOWS\system32\drivers\mqdmcm.sys
2008-08-01 20:02 . 2008-08-01 20:02 6,208 --a------ C:\Documents and Settings\Tan Pham\mqdmcmnt.sys
2008-08-01 20:02 . 2008-08-01 20:02 5,936 --a------ C:\WINDOWS\system32\drivers\mqdmwhnt.sys
2008-08-01 20:02 . 2008-08-01 20:02 5,936 --a------ C:\WINDOWS\system32\drivers\mqdmwh.sys
2008-08-01 20:02 . 2008-08-01 20:02 5,936 --a------ C:\Documents and Settings\Tan Pham\mqdmwhnt.sys
2008-08-01 20:02 . 2008-08-01 20:02 4,048 --a------ C:\Documents and Settings\Tan Pham\mqdmcr.sys
2008-08-01 18:01 . 2008-08-01 18:45 <DIR> d-------- C:\Program Files\Avanquest update
2008-08-01 18:01 . 2008-04-14 00:15 26,112 --a------ C:\WINDOWS\system32\drivers\usbser.sys
2008-08-01 18:01 . 2008-04-14 00:15 26,112 --a--c--- C:\WINDOWS\system32\dllcache\usbser.sys
2008-08-01 18:00 . 2008-08-01 20:02 <DIR> d-------- C:\Program Files\Motorola Phone Tools
2008-08-01 18:00 . 2008-08-01 20:02 25,600 --a------ C:\Documents and Settings\Tan Pham\usbsermptxp.sys
2008-08-01 18:00 . 2008-08-01 20:02 22,768 --a------ C:\Documents and Settings\Tan Pham\usbsermpt.sys
2008-07-31 21:02 . 2008-07-31 21:02 <DIR> d-------- C:\Documents and Settings\Tan Pham\Application Data\acccore
2008-07-31 20:40 . 2008-07-31 20:40 <DIR> d-------- C:\Program Files\Apple Software Update
2008-07-31 20:40 . 2008-07-31 20:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-07-31 20:40 . 2008-07-31 20:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-07-31 20:32 . 2008-07-31 20:32 <DIR> d-------- C:\Program Files\Yahoo!
2008-07-31 20:32 . 2008-07-31 20:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-07-30 22:32 . 2008-07-31 00:32 <DIR> d-------- C:\VundoFix Backups
2008-07-30 14:59 . 2008-07-30 20:01 <DIR> d-------- C:\Program Files\Common Files\AnswerWorks 5.0
2008-07-30 14:59 . 2007-07-26 17:13 3,518,464 --a------ C:\WINDOWS\system32\cdintf300.dll
2008-07-30 14:59 . 2007-07-26 17:13 1,843,200 --a------ C:\WINDOWS\system32\acXMLParser.dll
2008-07-30 14:58 . 2008-07-30 20:02 <DIR> d-------- C:\Program Files\Quicken
2008-07-30 14:58 . 2008-07-30 20:02 76 --a------ C:\WINDOWS\QUICKEN.INI
2008-07-30 14:56 . 2008-07-30 14:56 <DIR> d-------- C:\Program Files\MagicDisc
2008-07-30 14:56 . 2008-07-28 17:19 116,736 --a------ C:\WINDOWS\system32\drivers\mcdbus.sys
2008-07-30 01:19 . 2008-07-30 01:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-07-30 00:51 . 2008-07-30 00:51 0 --a------ C:\WINDOWS\BM5b950fec.xml
2008-07-29 21:54 . 2008-07-29 21:54 0 --a------ C:\WINDOWS\tosOBEX.INI
2008-07-29 21:51 . 2008-07-29 21:51 <DIR> d-------- C:\Documents and Settings\Tan Pham\Application Data\Protector Suite
2008-07-29 16:52 . 2008-07-31 20:59 <DIR> d-------- C:\Program Files\Trillian Astra
2008-07-26 18:18 . 2008-07-30 19:41 <DIR> d-------- C:\Program Files\Microsoft Money 2007
2008-07-25 17:33 . 2008-08-03 21:58 <DIR> d-------- C:\Program Files\Common Files\Nullsoft
2008-07-25 17:33 . 2008-04-14 05:42 1,499,136 --a------ C:\WINDOWS\system32\shdocvw.bak
2008-07-25 17:32 . 2003-08-15 15:17 1,044,480 --a------ C:\WINDOWS\system32\roboex32.dll
2008-07-25 17:32 . 2003-08-15 15:17 54,784 --a------ C:\WINDOWS\system32\Inetwh32.dll
2008-07-25 17:32 . 2003-08-15 15:17 29,184 --a------ C:\WINDOWS\system32\popup.ocx
2008-07-24 22:07 . 2008-07-24 22:07 <DIR> d-------- C:\Program Files\Virtual Account Numbers
2008-07-24 22:07 . 2008-07-24 22:07 <DIR> d-------- C:\Documents and Settings\Tan Pham\Application Data\InstallShield
2008-07-24 22:07 . 2007-12-07 15:51 532,480 --a------ C:\WINDOWS\system32\FFCore.dll
2008-07-24 22:07 . 2007-12-07 15:51 102,400 --a------ C:\WINDOWS\system32\OBroker.exe
2008-07-24 21:39 . 2008-07-24 21:39 <DIR> d-------- C:\Program Files\Netflix
2008-07-24 18:12 . 2008-08-07 22:11 <DIR> d-------- C:\Documents and Settings\Tan Pham\Application Data\AdobeUM
2008-07-24 00:58 . 2008-08-09 20:40 <DIR> d-------- C:\Documents and Settings\Tan Pham\Application Data\dvdcss
2008-07-24 00:21 . 2008-07-24 00:21 <DIR> d-------- C:\WINDOWS\IIS Temporary Compressed Files
2008-07-23 21:02 . 2008-07-23 21:02 <DIR> d-------- C:\Program Files\Toshiba
2008-07-23 20:58 . 2008-07-23 20:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\VAIO Media Platform
2008-07-23 20:57 . 2005-11-11 16:00 2,981,888 --a------ C:\WINDOWS\system32\iplw7.dll
2008-07-23 20:57 . 2005-11-11 16:00 2,973,696 --a------ C:\WINDOWS\system32\ipla6.dll
2008-07-23 20:57 . 2005-11-11 16:00 2,785,280 --a------ C:\WINDOWS\system32\iplm6.dll
2008-07-23 20:57 . 2005-11-11 16:00 2,686,976 --a------ C:\WINDOWS\system32\iplm5.dll
2008-07-23 20:57 . 2005-11-11 16:00 2,531,328 --a------ C:\WINDOWS\system32\iplp6.dll
2008-07-23 20:57 . 2005-11-11 16:00 2,502,656 --a------ C:\WINDOWS\system32\iplpx.dll
2008-07-23 20:57 . 2005-11-11 16:00 53,248 --a------ C:\WINDOWS\system32\ipl.dll
2008-07-23 20:57 . 2005-11-11 16:00 19,968 --a------ C:\WINDOWS\system32\Cpuinf32.dll
2008-07-23 20:34 . 2008-07-23 20:34 <DIR> d-------- C:\Program Files\Common Files\Protector Suite QL
2008-07-23 20:34 . 2008-08-08 15:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-08 19:32 --------- d-----w C:\Program Files\Java
2008-08-06 05:15 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-06 05:15 --------- d-----w C:\Program Files\Sony
2008-08-03 07:18 --------- d-----w C:\Program Files\Common Files\Adobe
2008-07-24 00:59 --------- d-----w C:\Program Files\Common Files\Sony Shared
2008-07-22 04:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Napster
2008-07-22 03:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony Corporation
2008-07-22 01:54 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Sony Corporation
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 09:42 2156368]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-05-30 15:54 21718312]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 05:42 15360]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 13:39 1289000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-09-27 20:33 125168]
"VAIOCameraUtility"="C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe" [2005-12-27 13:58 69632]
"VAIO Update 3"="C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe" [2007-05-15 20:46 551032]
"VAIO Recovery"="C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 00:08 28672]
"Switcher.exe"="C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2006-02-14 15:11 176128]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"SonyPowerCfg"="C:\Program Files\Sony\VAIO Power Management\SPMgr.exe" [2006-06-13 13:22 217088]
"PartSeal"="C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 00:08 28672]
"ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 17:12 32768]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-02-28 17:25 667718]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-02-28 17:25 602182]
"EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [2006-02-28 17:29 569413]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-07-19 19:26 52896]
"Biomenu"="C:\Program Files\Protector Suite QL\menusw.exe" [2006-02-22 18:10 1354240]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-11-17 23:47 118784]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2008-02-15 12:46 135168]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2008-02-15 12:46 159744]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2008-02-15 12:46 131072]

C:\Documents and Settings\Tan Pham\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2008-07-22 01:12:04 3450608]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2006-04-07 16:37:00 1773568]
DynDNS Updater Tray Icon.lnk - C:\Program Files\DynDNS Updater\DynTray.exe [2008-06-23 15:04:20 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2006-02-22 18:11 39936 C:\WINDOWS\system32\fusstub.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2006-03-09 17:51 73728 C:\WINDOWS\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= C:\PROGRA~1\COMMON~1\SONYSH~1\VideoLib\sonydv.dll
"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
"vidc.wmv3"= C:\PROGRA~1\COMBIN~1\Filters\wmv9vcm.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 8.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 8.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 8.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Tan Pham^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\Tan Pham\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Tan Pham^Start Menu^Programs^Startup^MagicDisc.lnk]
path=C:\Documents and Settings\Tan Pham\Start Menu\Programs\Startup\MagicDisc.lnk
backup=C:\WINDOWS\pss\MagicDisc.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
--a------ 2008-04-23 02:08 483328 C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2006-11-16 19:04 139264 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Citi Virtual Account Numbers]
--a------ 2007-12-07 15:52 270336 C:\PROGRA~1\VIRTUA~1\CitiVAN.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
--a------ 2006-09-28 15:21 57344 C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-14 05:42 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2006-11-13 13:39 1289000 C:\Program Files\Microsoft ActiveSync\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
--a------ 2007-10-25 19:33 563984 C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
--a------ 2007-10-25 19:37 2178832 C:\Program Files\Logitech\QuickCam\Quickcam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 15:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2006-06-20 20:45 7561216 C:\WINDOWS\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2006-11-06 04:27 200704 C:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-07-23 20:26 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
--a------ 2006-03-30 16:45 313472 C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--------- 2006-10-18 20:05 204288 C:\Program Files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WServing"=2 (0x2)
"VAIO Entertainment TV Device Arbitration Service"=3 (0x3)
"tdxdowkc"=2 (0x2)
"SavRoam"=3 (0x3)
"Routing"=2 (0x2)
"perfs"=2 (0x2)
"PACSPTISVR"=3 (0x3)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"NBService"=3 (0x3)
"MSCSPTISRV"=3 (0x3)
"macidwe"=2 (0x2)
"LVSrvLauncher"=2 (0x2)
"IDriverT"=3 (0x3)
"gusvc"=3 (0x3)
"AOL ACS"=2 (0x2)
"Adobe LM Service"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Starcraft\\StarCraft.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\DC++\\DCPlusPlus.exe"=
"C:\\Program Files\\Trillian\\trillian.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Motorola\\Software Update\\msu.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\SwarmPlayer\\swarmplayer.exe"=
"C:\\Program Files\\Unreal Tournament 3\\Binaries\\UT3.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\acsd.exe"=
"C:\\Program Files\\America Online 9.0\\waol.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"1904:UDP"= 1904:UDP:Windows Media Format SDK (ceswxfst.sys)
"1905:UDP"= 1905:UDP:Windows Media Format SDK (ceswxfst.sys)

R0 shpf;Sony HDD Protection Filter Driver;C:\WINDOWS\system32\DRIVERS\shpf.sys [2005-11-21 18:06]
R2 DynDNS Updater;DynDNS Updater;C:\Program Files\DynDNS Updater\DynUpSvc.exe [2008-06-23 15:04]
R2 FdRedir;FdRedir;C:\Program Files\Common Files\Protector Suite QL\Drivers\FdRedir.sys [2006-02-22 18:13]
R2 FileDisk2;FileDisk Protector Kernel Driver;C:\Program Files\Common Files\Protector Suite QL\Drivers\filedisk.sys [2006-02-22 18:13]
R3 IFXTPM;IFXTPM;C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2005-10-21 15:19]
R3 SonyImgF;Sony Image Conversion Filter Driver;C:\WINDOWS\system32\DRIVERS\SonyImgF.sys [2006-03-06 22:39]
R3 SPI;Sony Programmable I/O Control Device;C:\WINDOWS\system32\DRIVERS\SonyPI.sys [2003-06-18 20:12]
R3 ti21sony;ti21sony;C:\WINDOWS\system32\drivers\ti21sony.sys [2006-02-21 22:32]
S3 MotDev;Motorola Inc. USB Device;C:\WINDOWS\system32\DRIVERS\motodrv.sys [2006-07-28 08:12]
S3 mqdmbus;Motorola DM Composite Driver (WDM);C:\WINDOWS\system32\DRIVERS\mqdmbus.sys [2008-08-01 20:02]
S3 mqdmmdfl;Motorola USB Modem (Filter);C:\WINDOWS\system32\DRIVERS\mqdmmdfl.sys [2008-08-01 20:02]
S3 mqdmmdm;Motorola USB Modem;C:\WINDOWS\system32\DRIVERS\mqdmmdm.sys [2008-08-01 20:02]
S3 mqdmserd;Motorola USB Diag;C:\WINDOWS\system32\DRIVERS\mqdmserd.sys [2008-08-01 20:02]
S4 NOBICYT;NOBICYT Service;C:\WINDOWS\system32\Nobicyt.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2008-07-30 C:\WINDOWS\Tasks\Money 2007 Home & Business.job
- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Money 2007 Home & Business\Money 2007 Home & Business.lnk [2008-07-26 18:19]

2008-08-14 C:\WINDOWS\Tasks\You Cant Answer This Phone.job
- C:\My Shared\Torrents\400+Amusing Ringtones\400+Amusing Ringtones\You Cant Answer This Phone.mp3 [2006-11-07 09:50]
.
- - - - ORPHANS REMOVED - - - -

BHO-{246D8DEE-5F51-4351-B33C-009E3F33D131} - C:\WINDOWS\system32\uRLDvwwV.dll
BHO-{BE961036-940B-42C8-9180-FF943717739b} - C:\WINDOWS\system32\esqeobds.dll
BHO-{c45908b5-baf9-4162-a53f-a07e7410fe14} - C:\WINDOWS\system32\vmjmwi.dll
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
WebBrowser-{ECDEE021-0D17-467F-A1FF-C7A115230949} - (no file)
MSConfigStartUp-58a63c70 - C:\WINDOWS\system32\wsghmmht.dll
MSConfigStartUp-Acrobat Assistant 8 - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
MSConfigStartUp-AdobeUpdater - C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
MSConfigStartUp-NapsterShell - C:\Program Files\Napster\napster.exe
MSConfigStartUp-VAIOSecurity - C:\Program Files\Sony\VAIO Security Center\VSC.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Tan Pham\Application Data\Mozilla\Firefox\Profiles\tc03u3ug.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com
FF -: plugin - C:\Documents and Settings\Tan Pham\Application Data\Mozilla\Firefox\Profiles\tc03u3ug.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp07074039.dll
FF -: plugin - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF -: plugin - C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF -: plugin - C:\Program Files\Yahoo!\Shared\npYState.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-14 08:04:46
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\logishrd\LVCOMSER\LVComSer.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Apoint\ApntEx.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2008-08-14 8:10:09 - machine was rebooted [Tan Pham]
ComboFix-quarantined-files.txt 2008-08-14 12:10:04

Pre-Run: 33,247,748,096 bytes free
Post-Run: 33,262,632,960 bytes free

432

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:16:09 AM, on 8/14/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\DynDNS Updater\DynUpSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Protector Suite QL\menusw.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\DynDNS Updater\DynTray.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\rdpclip.exe
C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
C:\WINDOWS\System32\logon.scr
C:\Program Files\chatClient\chatcli.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netflix.com/MemberHome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CitiUS Shared Browser Helper Object - {387EDF53-1CF2-4523-BC2F-13462651BE8C} - C:\PROGRA~1\VIRTUA~1\BhoCitUS.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe"
O4 - HKLM\..\Run: [VAIO Update 3] "C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SonyPowerCfg] "C:\Program Files\Sony\VAIO Power Management\SPMgr.exe"
O4 - HKLM\..\Run: [PartSeal] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Biomenu] "C:\Program Files\Protector Suite QL\menusw.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: DynDNS Updater Tray Icon.lnk = C:\Program Files\DynDNS Updater\DynTray.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Virtual Account Numbers - {DE700910-58F7-4D2E-B7E6-3BA2DA1B6806} - C:\PROGRA~1\VIRTUA~1\CitiVAN.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {03A99563-4F42-4DCF-A069-C728A71164A3} (VivatyCtrl Class) - http://apps.vivaty.com/downloads/player/install.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DynDNS Updater - Dynamic Network Services, Inc. - C:\Program Files\DynDNS Updater\DynUpSvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 14653 bytes
Attached Files
File Type: txt ComboFix.txt (31.0 KB, 1 views)
File Type: txt hijackthis1.txt (14.3 KB, 1 views)
Last edited by tetonbob; 08-14-2008 at 08:35 AM.
tppiii is offline