Tech Support Forum - View Single Post

minaccia · 11-11-2008, 08:49 AM

Hi thanks for your reply.
I thought I already removed Norton, through the remove programs application in control panel, but I saw some Norton folders were still there, and I deleted those.
I removed the cracked software as asked.
Below you can find the .log files you asked me.

I hope to hear from you soon,

Thanks!

Combo fix:

ComboFix 08-11-10.01 - Owner 2008-11-11 10:29:16.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1333 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Owner\Application Data\gadcom
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\fbk.sts
c:\program files\Mjcore
c:\program files\Mjcore\Mjcore.dll
c:\windows\setup.exe
c:\windows\system32\Drivers\TDSSpxoe.sys
c:\windows\system32\MSINET.oca
c:\windows\system32\pac.txt
c:\windows\system32\TDSSktpa.dll

.
((((((((((((((((((((((((( Files Created from 2008-10-11 to 2008-11-11 )))))))))))))))))))))))))))))))
.

2008-11-09 13:20 . 2008-11-10 14:25 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-11-09 13:20 . 2008-11-10 14:55 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-08 17:58 . 2008-11-08 17:58 <DIR> d-------- C:\rsit
2008-11-08 17:37 . 2008-11-08 17:40 250 --a------ c:\windows\gmer.ini
2008-11-08 16:35 . 2008-11-08 16:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\NVIDIA
2008-11-08 14:30 . 2008-11-08 14:30 <DIR> d-------- c:\documents and settings\Owner\Application Data\McAfee
2008-11-08 13:15 . 2008-11-09 23:42 58 --a------ c:\windows\system32\winwp.bmp
2008-11-08 13:10 . 2008-11-09 16:24 150,528 --a------ c:\windows\system32\mkrnl.exe
2008-11-08 13:10 . 2008-11-08 13:10 10,000 --a------ c:\windows\system32\jsne87fidgf.dll
2008-11-08 13:09 . 2008-11-08 13:21 <DIR> d-------- c:\windows\system32\sX3i19
2008-11-08 13:09 . 2008-11-08 13:09 <DIR> d-------- c:\temp\PRE45
2008-11-08 13:09 . 2008-11-08 13:09 <DIR> d-------- C:\Temp
2008-11-08 13:09 . 2008-11-11 10:34 <DIR> d-------- C:\QUARANTINE
2008-11-08 13:09 . 2008-11-08 16:49 <DIR> d-------- c:\documents and settings\Owner\Application Data\NI.GSCNS
2008-11-08 13:09 . 2008-11-08 13:09 34,816 --a------ c:\windows\system32\prun.exe
2008-11-08 13:09 . 2008-11-08 13:09 10,000 --a------ c:\windows\system32\siejf93.dll
2008-11-08 12:49 . 2008-11-08 12:49 107,888 --a------ c:\windows\system32\CmdLineExt.dll
2008-11-08 12:22 . 2006-11-29 13:06 3,426,072 --a------ c:\windows\system32\d3dx9_32.dll
2008-11-08 12:22 . 2006-09-28 16:05 2,414,360 --a------ c:\windows\system32\d3dx9_31.dll
2008-11-08 12:22 . 2006-12-08 12:02 251,672 --a------ c:\windows\system32\xactengine2_5.dll
2008-11-08 12:22 . 2006-09-28 16:05 237,848 --a------ c:\windows\system32\xactengine2_4.dll
2008-11-08 12:22 . 2006-07-28 09:30 236,824 --a------ c:\windows\system32\xactengine2_3.dll
2008-11-08 12:22 . 2006-09-28 16:04 68,888 --a------ c:\windows\system32\xinput1_3.dll
2008-11-08 12:22 . 2006-07-28 09:30 62,744 --a------ c:\windows\system32\xinput1_2.dll
2008-11-08 12:22 . 2006-11-15 11:38 15,128 --a------ c:\windows\system32\x3daudio1_1.dll
2008-11-08 12:21 . 2005-05-26 15:34 2,297,552 --a------ c:\windows\system32\d3dx9_26.dll
2008-11-08 11:58 . 2008-11-08 11:58 <DIR> d-------- c:\documents and settings\Owner\Application Data\Sonic
2008-11-08 11:58 . 2008-11-08 11:58 <DIR> d-------- c:\documents and settings\Owner\Application Data\Leadertech
2008-11-08 11:58 . 2008-11-08 11:58 <DIR> d-------- c:\documents and settings\Owner\Application Data\DAEMON Tools
2008-11-07 17:17 . 2008-06-10 02:32 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-11-05 14:25 . 2008-11-05 14:25 <DIR> d-------- c:\windows\Applian FLV Player
2008-11-05 14:25 . 2008-11-05 14:25 <DIR> d-------- c:\program files\FLV Player
2008-11-05 13:30 . 2008-11-05 13:30 <DIR> d-------- c:\program files\SopCast
2008-11-01 16:45 . 2008-11-01 16:45 <DIR> d-------- c:\program files\Microsoft CAPICOM 2.1.0.2
2008-10-31 14:32 . 2008-10-31 14:32 <DIR> d-------- c:\windows\Sun
2008-10-31 10:15 . 2008-10-31 10:15 <DIR> d-------- c:\documents and settings\Owner\Application Data\Windows Search
2008-10-30 17:33 . 2008-10-31 22:34 <DIR> d-------- c:\documents and settings\Owner\Application Data\Apple Computer
2008-10-30 17:33 . 2008-04-17 12:12 107,368 --a------ c:\windows\system32\GEARAspi.dll
2008-10-30 17:33 . 2008-04-17 12:12 15,464 --a------ c:\windows\system32\drivers\GEARAspiWDM.sys
2008-10-30 17:32 . 2008-10-30 17:33 <DIR> d-------- c:\program files\iTunes
2008-10-30 17:32 . 2008-10-30 17:32 <DIR> d-------- c:\program files\iPod
2008-10-30 17:32 . 2008-10-30 17:33 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-30 17:31 . 2008-10-30 17:32 <DIR> d-------- c:\program files\QuickTime
2008-10-30 17:31 . 2008-10-30 17:32 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple Computer
2008-10-30 17:30 . 2008-10-30 17:30 <DIR> d-------- c:\program files\Apple Software Update
2008-10-30 17:30 . 2008-10-01 12:01 32,000 --a------ c:\windows\system32\drivers\usbaapl.sys
2008-10-30 17:29 . 2008-10-30 17:31 <DIR> d-------- c:\program files\Common Files\Apple
2008-10-30 17:29 . 2008-10-30 17:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple
2008-10-30 17:16 . 2008-04-13 16:12 159,232 --a------ c:\windows\system32\ptpusd.dll
2008-10-30 17:16 . 2008-04-13 10:45 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2008-10-30 17:16 . 2008-04-13 10:45 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys
2008-10-30 17:16 . 2001-08-17 21:36 5,632 --a------ c:\windows\system32\ptpusb.dll
2008-10-29 17:40 . 2008-10-29 17:40 <DIR> d-------- c:\documents and settings\Owner\Application Data\vlc
2008-10-29 17:28 . 2008-10-29 17:28 <DIR> d-------- c:\program files\VideoLAN
2008-10-29 17:28 . 2008-10-29 17:28 <DIR> d-------- c:\program files\StreamerOne
2008-10-29 13:54 . 2008-11-11 10:35 <DIR> d-------- c:\program files\DNA
2008-10-29 13:54 . 2008-11-11 10:35 <DIR> d-------- c:\documents and settings\Owner\Application Data\DNA
2008-10-27 18:27 . 2008-10-27 18:27 <DIR> d-------- c:\program files\WinSCP
2008-10-27 18:15 . 2008-10-27 18:15 <DIR> d-------- c:\program files\cygwin
2008-10-27 18:15 . 2008-10-27 19:39 <DIR> d-------- C:\cygwin
2008-10-27 13:44 . 2008-11-11 09:37 <DIR> d-------- c:\documents and settings\Owner\Application Data\skypePM
2008-10-27 13:44 . 2008-10-27 13:44 56 --ah----- c:\windows\system32\ezsidmv.dat
2008-10-27 13:43 . 2008-10-27 13:43 <DIR> d-------- c:\program files\Skype
2008-10-27 13:43 . 2008-10-27 13:43 <DIR> d-------- c:\program files\Common Files\Skype
2008-10-27 13:43 . 2008-11-11 10:13 <DIR> d-------- c:\documents and settings\Owner\Application Data\Skype
2008-10-27 13:43 . 2008-10-27 13:43 <DIR> d-------- c:\documents and settings\All Users\Application Data\Skype
2008-10-27 13:28 . 2005-06-18 17:57 25,088 --a------ c:\windows\system32\spdifcp.dll
2008-10-27 13:22 . 2008-10-27 13:22 <DIR> d-------- c:\documents and settings\Owner\Application Data\Windows Desktop Search
2008-10-27 13:21 . 2008-10-27 13:21 <DIR> d-------- c:\windows\system32\GroupPolicy
2008-10-27 13:21 . 2008-10-27 13:21 <DIR> d-------- c:\program files\Windows Desktop Search
2008-10-27 13:19 . 2008-03-07 12:02 192,000 -----c--- c:\windows\system32\dllcache\offfilt.dll
2008-10-27 13:19 . 2008-03-07 12:02 98,304 -----c--- c:\windows\system32\dllcache\nlhtml.dll
2008-10-27 13:19 . 2008-03-07 12:02 29,696 -----c--- c:\windows\system32\dllcache\mimefilt.dll
2008-10-27 13:18 . 2007-07-30 18:19 271,224 --a------ c:\windows\system32\mucltui.dll
2008-10-27 13:18 . 2007-07-30 18:19 207,736 --a------ c:\windows\system32\muweb.dll
2008-10-27 13:18 . 2007-07-30 18:19 30,072 --a------ c:\windows\system32\mucltui.dll.mui
2008-10-27 12:57 . 2008-10-27 12:57 <DIR> d-------- c:\documents and settings\Owner\Application Data\MathWorks
2008-10-27 12:34 . 2008-10-27 12:34 <DIR> d-------- c:\program files\MATLAB
2008-10-27 09:36 . 2008-10-31 17:45 <DIR> d-------- c:\documents and settings\Owner\Application Data\AdobeUM
2008-10-27 09:20 . 2008-11-11 09:58 <DIR> d-------- C:\swp55
2008-10-27 09:08 . 2006-10-26 18:56 32,592 --a------ c:\windows\system32\msonpmon.dll
2008-10-27 08:58 . 2008-11-11 09:51 <DIR> d-------- c:\documents and settings\All Users\Application Data\Microsoft Help
2008-10-27 08:31 . 2008-11-08 16:50 229,376 --a------ c:\documents and settings\Owner\cwshredder.dll
2008-10-27 00:15 . 2008-10-27 00:15 <DIR> d-------- C:\research2
2008-10-26 17:13 . 2008-10-26 17:13 <DIR> d-------- c:\documents and settings\Owner\Application Data\Roxio
2008-10-26 12:54 . 2008-10-26 12:54 <DIR> d-------- c:\program files\McAfee
2008-10-26 12:54 . 2008-10-26 12:54 <DIR> d-------- c:\program files\Common Files\McAfee
2008-10-26 12:54 . 2008-10-26 12:54 <DIR> d-------- c:\program files\Common Files\Cisco Systems
2008-10-26 12:54 . 2008-11-08 14:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\McAfee
2008-10-26 12:54 . 2007-10-25 17:06 1,495,552 --a------ c:\windows\system32\epoPGPsdk.dll
2008-10-26 12:54 . 2008-01-24 22:50 171,400 --a------ c:\windows\system32\drivers\mfehidk.sys
2008-10-26 12:54 . 2008-01-24 22:50 72,936 --a------ c:\windows\system32\drivers\mfeavfk.sys
2008-10-26 12:54 . 2008-01-24 22:50 64,232 --a------ c:\windows\system32\drivers\mfeapfk.sys
2008-10-26 12:54 . 2008-01-24 22:50 52,104 --a------ c:\windows\system32\drivers\mfetdik.sys
2008-10-26 12:54 . 2008-01-24 22:50 33,960 --a------ c:\windows\system32\drivers\mfebopk.sys
2008-10-26 12:54 . 2007-10-25 17:06 280 --a------ c:\windows\system32\epoPGPsdk.dll.sig
2008-10-26 12:41 . 2008-10-26 12:41 0 --a------ c:\windows\nsreg.dat
2008-10-25 18:54 . 2008-10-25 18:54 <DIR> d-------- c:\program files\MSXML 4.0
2008-10-25 18:52 . 2008-10-03 12:41 6,066,176 -----c--- c:\windows\system32\dllcache\ieframe.dll
2008-10-25 18:52 . 2007-04-17 04:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat
2008-10-25 18:52 . 2007-03-08 00:10 991,232 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui
2008-10-25 18:52 . 2008-08-26 02:24 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll
2008-10-25 18:52 . 2008-08-26 02:24 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll
2008-10-25 18:52 . 2008-08-26 02:24 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll
2008-10-25 18:52 . 2008-08-26 02:24 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll
2008-10-25 18:52 . 2008-08-26 02:24 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll
2008-10-25 18:52 . 2008-08-25 03:38 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe
2008-10-25 18:46 . 2008-10-25 18:46 <DIR> d-------- c:\program files\Windows Media Connect 2
2008-10-25 18:44 . 2008-10-25 18:44 <DIR> d-------- c:\windows\system32\LogFiles
2008-10-25 18:44 . 2008-10-25 18:45 <DIR> d-------- c:\windows\system32\drivers\UMDF
2008-10-25 18:40 . 2008-09-08 05:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys
2008-10-25 18:40 . 2008-06-13 06:05 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys
2008-10-25 18:40 . 2008-07-07 15:26 253,952 -----c--- c:\windows\system32\dllcache\es.dll
2008-10-25 18:40 . 2008-05-08 09:02 203,136 -----c--- c:\windows\system32\dllcache\rmcast.sys
2008-10-25 18:40 . 2008-05-09 05:53 180,224 -----c--- c:\windows\system32\dllcache\scrobj.dll
2008-10-25 18:40 . 2008-05-09 05:53 172,032 -----c--- c:\windows\system32\dllcache\scrrun.dll
2008-10-25 18:40 . 2008-05-08 06:24 155,648 -----c--- c:\windows\system32\dllcache\wscript.exe
2008-10-25 18:40 . 2008-05-09 03:45 135,168 -----c--- c:\windows\system32\dllcache\cscript.exe
2008-10-25 18:40 . 2008-05-09 05:53 90,112 -----c--- c:\windows\system32\dllcache\wshext.dll
2008-10-25 18:40 . 2008-06-24 11:43 74,240 -----c--- c:\windows\system32\dllcache\mscms.dll
2008-10-25 18:39 . 2008-09-15 07:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys
2008-10-25 18:39 . 2008-05-07 00:12 1,288,192 -----c--- c:\windows\system32\dllcache\quartz.dll
2008-10-25 18:38 . 2008-08-14 05:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-25 18:38 . 2008-08-14 05:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-25 18:38 . 2008-08-14 04:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-11 15:04 --------- d-----w c:\program files\Common Files\Adobe
2008-11-11 15:02 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-07 22:17 --------- d-----w c:\program files\Java
2008-10-25 23:44 --------- d-----w c:\program files\Windows Media Connect
2008-10-25 21:59 --------- d-----w c:\program files\Sony
2008-10-25 21:49 --------- d-----w c:\program files\Common Files\Sony Shared
2008-10-25 21:49 --------- d-----w c:\documents and settings\All Users\Application Data\Sony Corporation
2008-10-25 21:26 --------- d-----w c:\documents and settings\Administrator\Application Data\Sony Corporation
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C5AF42A3-94F3-42BD-F434-3604832C897D}]
2008-11-08 13:09 10000 --a------ c:\windows\system32\siejf93.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-09-23 21755688]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-10-29 342336]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-17 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-17 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-17 118784]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-11-17 118784]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-02-28 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-02-28 602182]
"EOUApp"="c:\program files\Intel\Wireless\Bin\EOUWiz.exe" [2006-02-28 569413]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-20 7561216]
"VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-19 28672]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2006-06-13 217088]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]
"VAIO Update 2"="c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-10-11 151552]
"NapsterShell"="c:\program files\Napster\napster.exe" [2006-06-29 319488]
"Switcher.exe"="c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2006-02-14 176128]
"DISCover"="c:\program files\DISC\DISCover.exe" [2006-06-01 1077248]
"Biomenu"="c:\program files\Protector Suite QL\menusw.exe" [2006-02-22 1354240]
"VAIOSurvey"="c:\program files\sony\vaio survey\surveysa.exe" [2005-06-13 258048]
"VAIOCameraUtility"="c:\program files\Sony\VAIO Camera Utility\VCUServe.exe" [2005-12-27 69632]
"HostManager"="c:\program files\Common Files\AOL\1224971836\ee\AOLSoftware.exe" [2006-04-13 50792]
"PartSeal"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-19 28672]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-01-24 111952]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2007-10-25 136512]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 29696]
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2006-04-07 1773568]
Trend Micro Anti-Spyware.lnk - c:\program files\Trend Micro\Tmas\Tmas.exe [2008-10-25 1310720]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{C5AF42A3-94F3-42BD-F434-3604832C897D}"= "c:\windows\system32\siejf93.dll" [2008-11-08 10000]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{03A80B1D-5C6A-42c2-9DFB-81B6005D8023}"= "c:\program files\Trend Micro\Tmas\sshook.dll" [2008-10-25 77824]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2006-02-22 20:11 39936 c:\windows\system32\fusstub.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2006-03-09 16:51 73728 c:\windows\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= c:\progra~1\COMMON~1\SONYSH~1\VideoLib\sonydv.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli fusstub

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\cygwin\\usr\\X11R6\\bin\\XWin.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\StreamerOne\\StreamerOne.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 shpf;Sony HDD Protection Filter Driver;c:\windows\system32\DRIVERS\shpf.sys [2005-11-21 9216]
R2 FdRedir;FdRedir;c:\program files\Common Files\Protector Suite QL\Drivers\FdRedir.sys [2006-02-22 13440]
R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\Common Files\Protector Suite QL\Drivers\filedisk.sys [2006-02-22 33024]
R3 IFXTPM;IFXTPM;c:\windows\system32\DRIVERS\IFXTPM.SYS [2005-10-21 36352]
R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\DRIVERS\SonyImgF.sys [2006-03-06 30080]
R3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\DRIVERS\SonyPI.sys [2003-06-18 71961]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2006-02-21 226304]
S1 d3f96ca3;d3f96ca3;c:\windows\system32\drivers\d3f96ca3.sys [ ]
S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment;c:\program files\Sony\Image Converter 2\IcVzMon.exe [2005-07-14 32768]
.
Contents of the 'Scheduled Tasks' folder

2008-10-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
- - - - ORPHANS REMOVED - - - -

BHO-{C5BF49A2-94F3-42BD-F434-3604812C897D} - (no file)
HKCU-Run-msupdate.exe - c:\windows\system32\msupdate.exe
HKCU-Run-GetPack24 - c:\program files\GetPack\GetPack24.exe
HKCU-Run-jsg8jfgfdfhfhf - c:\docume~1\Owner\LOCALS~1\Temp\winlogun.exe
HKLM-Run-URLLSTCK.exe - c:\program files\Norton Internet Security\UrlLstCk.exe

.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\g4tuw41u.default\
FF -: plugin - c:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - c:\program files\DNA\plugins\npbtdna.dll
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-11 10:34:22
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\program files\McAfee\VirusScan Enterprise\Mcshield.exe
c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe
c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
c:\program files\McAfee\Common Framework\naPrdMgr.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\searchindexer.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
c:\program files\Apoint\ApntEx.exe
c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\DISC\DiscStreamHub.exe
c:\program files\McAfee\Common Framework\Mctray.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Completion time: 2008-11-11 10:41:55 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-11 15:41:50

Pre-Run: 96,380,911,616 bytes free
Post-Run: 96,399,880,192 bytes free

309 --- E O F --- 2008-11-01 22:12:28

hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:45:07 AM, on 11/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Program Files\Napster\napster.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\Protector Suite QL\menusw.exe
C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
C:\Program Files\Common Files\AOL\1224971836\ee\AOLSoftware.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\Tmas\Tmas.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll
O2 - BHO: C:\WINDOWS\system32\siejf93.dll - {C5AF42A3-94F3-42BD-F434-3604832C897D} - C:\WINDOWS\system32\siejf93.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SonyPowerCfg] "C:\Program Files\Sony\VAIO Power Management\SPMgr.exe"
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe
O4 - HKLM\..\Run: [Biomenu] "C:\Program Files\Protector Suite QL\menusw.exe"
O4 - HKLM\..\Run: [VAIOSurvey] c:\program files\sony\vaio survey\surveysa.exe
O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1224971836\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [PartSeal] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1224974123968
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: lke3iemrl490kgfgdsfd - {C5AF42A3-94F3-42BD-F434-3604832C897D} - C:\WINDOWS\system32\siejf93.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

--
End of file - 12879 bytes

thanks again

11-11-2008, 08:49 AM	#3 (permalink)
minaccia Registered User Join Date: Nov 2008 Posts: 7 OS: xp sp3	Re: probable spyware +windows alert messages Hi thanks for your reply. I thought I already removed Norton, through the remove programs application in control panel, but I saw some Norton folders were still there, and I deleted those. I removed the cracked software as asked. Below you can find the .log files you asked me. I hope to hear from you soon, Thanks! Combo fix: ComboFix 08-11-10.01 - Owner 2008-11-11 10:29:16.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1333 [GMT -5:00] Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Owner\Application Data\gadcom c:\documents and settings\Owner\Local Settings\Temporary Internet Files\fbk.sts c:\program files\Mjcore c:\program files\Mjcore\Mjcore.dll c:\windows\setup.exe c:\windows\system32\Drivers\TDSSpxoe.sys c:\windows\system32\MSINET.oca c:\windows\system32\pac.txt c:\windows\system32\TDSSktpa.dll . ((((((((((((((((((((((((( Files Created from 2008-10-11 to 2008-11-11 ))))))))))))))))))))))))))))))) . 2008-11-09 13:20 . 2008-11-10 14:25 <DIR> d-------- c:\program files\Spybot - Search & Destroy 2008-11-09 13:20 . 2008-11-10 14:55 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2008-11-08 17:58 . 2008-11-08 17:58 <DIR> d-------- C:\rsit 2008-11-08 17:37 . 2008-11-08 17:40 250 --a------ c:\windows\gmer.ini 2008-11-08 16:35 . 2008-11-08 16:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\NVIDIA 2008-11-08 14:30 . 2008-11-08 14:30 <DIR> d-------- c:\documents and settings\Owner\Application Data\McAfee 2008-11-08 13:15 . 2008-11-09 23:42 58 --a------ c:\windows\system32\winwp.bmp 2008-11-08 13:10 . 2008-11-09 16:24 150,528 --a------ c:\windows\system32\mkrnl.exe 2008-11-08 13:10 . 2008-11-08 13:10 10,000 --a------ c:\windows\system32\jsne87fidgf.dll 2008-11-08 13:09 . 2008-11-08 13:21 <DIR> d-------- c:\windows\system32\sX3i19 2008-11-08 13:09 . 2008-11-08 13:09 <DIR> d-------- c:\temp\PRE45 2008-11-08 13:09 . 2008-11-08 13:09 <DIR> d-------- C:\Temp 2008-11-08 13:09 . 2008-11-11 10:34 <DIR> d-------- C:\QUARANTINE 2008-11-08 13:09 . 2008-11-08 16:49 <DIR> d-------- c:\documents and settings\Owner\Application Data\NI.GSCNS 2008-11-08 13:09 . 2008-11-08 13:09 34,816 --a------ c:\windows\system32\prun.exe 2008-11-08 13:09 . 2008-11-08 13:09 10,000 --a------ c:\windows\system32\siejf93.dll 2008-11-08 12:49 . 2008-11-08 12:49 107,888 --a------ c:\windows\system32\CmdLineExt.dll 2008-11-08 12:22 . 2006-11-29 13:06 3,426,072 --a------ c:\windows\system32\d3dx9_32.dll 2008-11-08 12:22 . 2006-09-28 16:05 2,414,360 --a------ c:\windows\system32\d3dx9_31.dll 2008-11-08 12:22 . 2006-12-08 12:02 251,672 --a------ c:\windows\system32\xactengine2_5.dll 2008-11-08 12:22 . 2006-09-28 16:05 237,848 --a------ c:\windows\system32\xactengine2_4.dll 2008-11-08 12:22 . 2006-07-28 09:30 236,824 --a------ c:\windows\system32\xactengine2_3.dll 2008-11-08 12:22 . 2006-09-28 16:04 68,888 --a------ c:\windows\system32\xinput1_3.dll 2008-11-08 12:22 . 2006-07-28 09:30 62,744 --a------ c:\windows\system32\xinput1_2.dll 2008-11-08 12:22 . 2006-11-15 11:38 15,128 --a------ c:\windows\system32\x3daudio1_1.dll 2008-11-08 12:21 . 2005-05-26 15:34 2,297,552 --a------ c:\windows\system32\d3dx9_26.dll 2008-11-08 11:58 . 2008-11-08 11:58 <DIR> d-------- c:\documents and settings\Owner\Application Data\Sonic 2008-11-08 11:58 . 2008-11-08 11:58 <DIR> d-------- c:\documents and settings\Owner\Application Data\Leadertech 2008-11-08 11:58 . 2008-11-08 11:58 <DIR> d-------- c:\documents and settings\Owner\Application Data\DAEMON Tools 2008-11-07 17:17 . 2008-06-10 02:32 73,728 --a------ c:\windows\system32\javacpl.cpl 2008-11-05 14:25 . 2008-11-05 14:25 <DIR> d-------- c:\windows\Applian FLV Player 2008-11-05 14:25 . 2008-11-05 14:25 <DIR> d-------- c:\program files\FLV Player 2008-11-05 13:30 . 2008-11-05 13:30 <DIR> d-------- c:\program files\SopCast 2008-11-01 16:45 . 2008-11-01 16:45 <DIR> d-------- c:\program files\Microsoft CAPICOM 2.1.0.2 2008-10-31 14:32 . 2008-10-31 14:32 <DIR> d-------- c:\windows\Sun 2008-10-31 10:15 . 2008-10-31 10:15 <DIR> d-------- c:\documents and settings\Owner\Application Data\Windows Search 2008-10-30 17:33 . 2008-10-31 22:34 <DIR> d-------- c:\documents and settings\Owner\Application Data\Apple Computer 2008-10-30 17:33 . 2008-04-17 12:12 107,368 --a------ c:\windows\system32\GEARAspi.dll 2008-10-30 17:33 . 2008-04-17 12:12 15,464 --a------ c:\windows\system32\drivers\GEARAspiWDM.sys 2008-10-30 17:32 . 2008-10-30 17:33 <DIR> d-------- c:\program files\iTunes 2008-10-30 17:32 . 2008-10-30 17:32 <DIR> d-------- c:\program files\iPod 2008-10-30 17:32 . 2008-10-30 17:33 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-10-30 17:31 . 2008-10-30 17:32 <DIR> d-------- c:\program files\QuickTime 2008-10-30 17:31 . 2008-10-30 17:32 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple Computer 2008-10-30 17:30 . 2008-10-30 17:30 <DIR> d-------- c:\program files\Apple Software Update 2008-10-30 17:30 . 2008-10-01 12:01 32,000 --a------ c:\windows\system32\drivers\usbaapl.sys 2008-10-30 17:29 . 2008-10-30 17:31 <DIR> d-------- c:\program files\Common Files\Apple 2008-10-30 17:29 . 2008-10-30 17:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple 2008-10-30 17:16 . 2008-04-13 16:12 159,232 --a------ c:\windows\system32\ptpusd.dll 2008-10-30 17:16 . 2008-04-13 10:45 15,104 --a------ c:\windows\system32\drivers\usbscan.sys 2008-10-30 17:16 . 2008-04-13 10:45 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys 2008-10-30 17:16 . 2001-08-17 21:36 5,632 --a------ c:\windows\system32\ptpusb.dll 2008-10-29 17:40 . 2008-10-29 17:40 <DIR> d-------- c:\documents and settings\Owner\Application Data\vlc 2008-10-29 17:28 . 2008-10-29 17:28 <DIR> d-------- c:\program files\VideoLAN 2008-10-29 17:28 . 2008-10-29 17:28 <DIR> d-------- c:\program files\StreamerOne 2008-10-29 13:54 . 2008-11-11 10:35 <DIR> d-------- c:\program files\DNA 2008-10-29 13:54 . 2008-11-11 10:35 <DIR> d-------- c:\documents and settings\Owner\Application Data\DNA 2008-10-27 18:27 . 2008-10-27 18:27 <DIR> d-------- c:\program files\WinSCP 2008-10-27 18:15 . 2008-10-27 18:15 <DIR> d-------- c:\program files\cygwin 2008-10-27 18:15 . 2008-10-27 19:39 <DIR> d-------- C:\cygwin 2008-10-27 13:44 . 2008-11-11 09:37 <DIR> d-------- c:\documents and settings\Owner\Application Data\skypePM 2008-10-27 13:44 . 2008-10-27 13:44 56 --ah----- c:\windows\system32\ezsidmv.dat 2008-10-27 13:43 . 2008-10-27 13:43 <DIR> d-------- c:\program files\Skype 2008-10-27 13:43 . 2008-10-27 13:43 <DIR> d-------- c:\program files\Common Files\Skype 2008-10-27 13:43 . 2008-11-11 10:13 <DIR> d-------- c:\documents and settings\Owner\Application Data\Skype 2008-10-27 13:43 . 2008-10-27 13:43 <DIR> d-------- c:\documents and settings\All Users\Application Data\Skype 2008-10-27 13:28 . 2005-06-18 17:57 25,088 --a------ c:\windows\system32\spdifcp.dll 2008-10-27 13:22 . 2008-10-27 13:22 <DIR> d-------- c:\documents and settings\Owner\Application Data\Windows Desktop Search 2008-10-27 13:21 . 2008-10-27 13:21 <DIR> d-------- c:\windows\system32\GroupPolicy 2008-10-27 13:21 . 2008-10-27 13:21 <DIR> d-------- c:\program files\Windows Desktop Search 2008-10-27 13:19 . 2008-03-07 12:02 192,000 -----c--- c:\windows\system32\dllcache\offfilt.dll 2008-10-27 13:19 . 2008-03-07 12:02 98,304 -----c--- c:\windows\system32\dllcache\nlhtml.dll 2008-10-27 13:19 . 2008-03-07 12:02 29,696 -----c--- c:\windows\system32\dllcache\mimefilt.dll 2008-10-27 13:18 . 2007-07-30 18:19 271,224 --a------ c:\windows\system32\mucltui.dll 2008-10-27 13:18 . 2007-07-30 18:19 207,736 --a------ c:\windows\system32\muweb.dll 2008-10-27 13:18 . 2007-07-30 18:19 30,072 --a------ c:\windows\system32\mucltui.dll.mui 2008-10-27 12:57 . 2008-10-27 12:57 <DIR> d-------- c:\documents and settings\Owner\Application Data\MathWorks 2008-10-27 12:34 . 2008-10-27 12:34 <DIR> d-------- c:\program files\MATLAB 2008-10-27 09:36 . 2008-10-31 17:45 <DIR> d-------- c:\documents and settings\Owner\Application Data\AdobeUM 2008-10-27 09:20 . 2008-11-11 09:58 <DIR> d-------- C:\swp55 2008-10-27 09:08 . 2006-10-26 18:56 32,592 --a------ c:\windows\system32\msonpmon.dll 2008-10-27 08:58 . 2008-11-11 09:51 <DIR> d-------- c:\documents and settings\All Users\Application Data\Microsoft Help 2008-10-27 08:31 . 2008-11-08 16:50 229,376 --a------ c:\documents and settings\Owner\cwshredder.dll 2008-10-27 00:15 . 2008-10-27 00:15 <DIR> d-------- C:\research2 2008-10-26 17:13 . 2008-10-26 17:13 <DIR> d-------- c:\documents and settings\Owner\Application Data\Roxio 2008-10-26 12:54 . 2008-10-26 12:54 <DIR> d-------- c:\program files\McAfee 2008-10-26 12:54 . 2008-10-26 12:54 <DIR> d-------- c:\program files\Common Files\McAfee 2008-10-26 12:54 . 2008-10-26 12:54 <DIR> d-------- c:\program files\Common Files\Cisco Systems 2008-10-26 12:54 . 2008-11-08 14:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\McAfee 2008-10-26 12:54 . 2007-10-25 17:06 1,495,552 --a------ c:\windows\system32\epoPGPsdk.dll 2008-10-26 12:54 . 2008-01-24 22:50 171,400 --a------ c:\windows\system32\drivers\mfehidk.sys 2008-10-26 12:54 . 2008-01-24 22:50 72,936 --a------ c:\windows\system32\drivers\mfeavfk.sys 2008-10-26 12:54 . 2008-01-24 22:50 64,232 --a------ c:\windows\system32\drivers\mfeapfk.sys 2008-10-26 12:54 . 2008-01-24 22:50 52,104 --a------ c:\windows\system32\drivers\mfetdik.sys 2008-10-26 12:54 . 2008-01-24 22:50 33,960 --a------ c:\windows\system32\drivers\mfebopk.sys 2008-10-26 12:54 . 2007-10-25 17:06 280 --a------ c:\windows\system32\epoPGPsdk.dll.sig 2008-10-26 12:41 . 2008-10-26 12:41 0 --a------ c:\windows\nsreg.dat 2008-10-25 18:54 . 2008-10-25 18:54 <DIR> d-------- c:\program files\MSXML 4.0 2008-10-25 18:52 . 2008-10-03 12:41 6,066,176 -----c--- c:\windows\system32\dllcache\ieframe.dll 2008-10-25 18:52 . 2007-04-17 04:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat 2008-10-25 18:52 . 2007-03-08 00:10 991,232 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui 2008-10-25 18:52 . 2008-08-26 02:24 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll 2008-10-25 18:52 . 2008-08-26 02:24 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll 2008-10-25 18:52 . 2008-08-26 02:24 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll 2008-10-25 18:52 . 2008-08-26 02:24 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll 2008-10-25 18:52 . 2008-08-26 02:24 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll 2008-10-25 18:52 . 2008-08-25 03:38 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe 2008-10-25 18:46 . 2008-10-25 18:46 <DIR> d-------- c:\program files\Windows Media Connect 2 2008-10-25 18:44 . 2008-10-25 18:44 <DIR> d-------- c:\windows\system32\LogFiles 2008-10-25 18:44 . 2008-10-25 18:45 <DIR> d-------- c:\windows\system32\drivers\UMDF 2008-10-25 18:40 . 2008-09-08 05:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys 2008-10-25 18:40 . 2008-06-13 06:05 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys 2008-10-25 18:40 . 2008-07-07 15:26 253,952 -----c--- c:\windows\system32\dllcache\es.dll 2008-10-25 18:40 . 2008-05-08 09:02 203,136 -----c--- c:\windows\system32\dllcache\rmcast.sys 2008-10-25 18:40 . 2008-05-09 05:53 180,224 -----c--- c:\windows\system32\dllcache\scrobj.dll 2008-10-25 18:40 . 2008-05-09 05:53 172,032 -----c--- c:\windows\system32\dllcache\scrrun.dll 2008-10-25 18:40 . 2008-05-08 06:24 155,648 -----c--- c:\windows\system32\dllcache\wscript.exe 2008-10-25 18:40 . 2008-05-09 03:45 135,168 -----c--- c:\windows\system32\dllcache\cscript.exe 2008-10-25 18:40 . 2008-05-09 05:53 90,112 -----c--- c:\windows\system32\dllcache\wshext.dll 2008-10-25 18:40 . 2008-06-24 11:43 74,240 -----c--- c:\windows\system32\dllcache\mscms.dll 2008-10-25 18:39 . 2008-09-15 07:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys 2008-10-25 18:39 . 2008-05-07 00:12 1,288,192 -----c--- c:\windows\system32\dllcache\quartz.dll 2008-10-25 18:38 . 2008-08-14 05:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe 2008-10-25 18:38 . 2008-08-14 05:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe 2008-10-25 18:38 . 2008-08-14 04:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-11 15:04 --------- d-----w c:\program files\Common Files\Adobe 2008-11-11 15:02 --------- d--h--w c:\program files\InstallShield Installation Information 2008-11-07 22:17 --------- d-----w c:\program files\Java 2008-10-25 23:44 --------- d-----w c:\program files\Windows Media Connect 2008-10-25 21:59 --------- d-----w c:\program files\Sony 2008-10-25 21:49 --------- d-----w c:\program files\Common Files\Sony Shared 2008-10-25 21:49 --------- d-----w c:\documents and settings\All Users\Application Data\Sony Corporation 2008-10-25 21:26 --------- d-----w c:\documents and settings\Administrator\Application Data\Sony Corporation . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C5AF42A3-94F3-42BD-F434-3604832C897D}] 2008-11-08 13:09 10000 --a------ c:\windows\system32\siejf93.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-09-23 21755688] "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-10-29 342336] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-17 98304] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-17 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-17 118784] "Apoint"="c:\program files\Apoint\Apoint.exe" [2004-11-17 118784] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-02-28 667718] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-02-28 602182] "EOUApp"="c:\program files\Intel\Wireless\Bin\EOUWiz.exe" [2006-02-28 569413] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-20 7561216] "VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-19 28672] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2006-06-13 217088] "ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768] "VAIO Update 2"="c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-10-11 151552] "NapsterShell"="c:\program files\Napster\napster.exe" [2006-06-29 319488] "Switcher.exe"="c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2006-02-14 176128] "DISCover"="c:\program files\DISC\DISCover.exe" [2006-06-01 1077248] "Biomenu"="c:\program files\Protector Suite QL\menusw.exe" [2006-02-22 1354240] "VAIOSurvey"="c:\program files\sony\vaio survey\surveysa.exe" [2005-06-13 258048] "VAIOCameraUtility"="c:\program files\Sony\VAIO Camera Utility\VCUServe.exe" [2005-12-27 69632] "HostManager"="c:\program files\Common Files\AOL\1224971836\ee\AOLSoftware.exe" [2006-04-13 50792] "PartSeal"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-19 28672] "ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-01-24 111952] "McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2007-10-25 136512] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 29696] Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2006-04-07 1773568] Trend Micro Anti-Spyware.lnk - c:\program files\Trend Micro\Tmas\Tmas.exe [2008-10-25 1310720] Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler] "{C5AF42A3-94F3-42BD-F434-3604832C897D}"= "c:\windows\system32\siejf93.dll" [2008-11-08 10000] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{03A80B1D-5C6A-42c2-9DFB-81B6005D8023}"= "c:\program files\Trend Micro\Tmas\sshook.dll" [2008-10-25 77824] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus] 2006-02-22 20:11 39936 c:\windows\system32\fusstub.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon] 2006-03-09 16:51 73728 c:\windows\system32\VESWinlogon.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.dvsd"= c:\progra~1\COMMON~1\SONYSH~1\VideoLib\sonydv.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli fusstub [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\DISC\\DISCover.exe"= "c:\\Program Files\\DISC\\DiscStreamHub.exe"= "c:\\Program Files\\DISC\\myFTP.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"= "c:\\cygwin\\usr\\X11R6\\bin\\XWin.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "c:\\Program Files\\StreamerOne\\StreamerOne.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\SopCast\\adv\\SopAdver.exe"= "c:\\Program Files\\SopCast\\SopCast.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R0 shpf;Sony HDD Protection Filter Driver;c:\windows\system32\DRIVERS\shpf.sys [2005-11-21 9216] R2 FdRedir;FdRedir;c:\program files\Common Files\Protector Suite QL\Drivers\FdRedir.sys [2006-02-22 13440] R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\Common Files\Protector Suite QL\Drivers\filedisk.sys [2006-02-22 33024] R3 IFXTPM;IFXTPM;c:\windows\system32\DRIVERS\IFXTPM.SYS [2005-10-21 36352] R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\DRIVERS\SonyImgF.sys [2006-03-06 30080] R3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\DRIVERS\SonyPI.sys [2003-06-18 71961] R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2006-02-21 226304] S1 d3f96ca3;d3f96ca3;c:\windows\system32\drivers\d3f96ca3.sys [ ] S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment;c:\program files\Sony\Image Converter 2\IcVzMon.exe [2005-07-14 32768] . Contents of the 'Scheduled Tasks' folder 2008-10-30 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] . - - - - ORPHANS REMOVED - - - - BHO-{C5BF49A2-94F3-42BD-F434-3604812C897D} - (no file) HKCU-Run-msupdate.exe - c:\windows\system32\msupdate.exe HKCU-Run-GetPack24 - c:\program files\GetPack\GetPack24.exe HKCU-Run-jsg8jfgfdfhfhf - c:\docume~1\Owner\LOCALS~1\Temp\winlogun.exe HKLM-Run-URLLSTCK.exe - c:\program files\Norton Internet Security\UrlLstCk.exe . ------- Supplementary Scan ------- . FireFox -: Profile - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\g4tuw41u.default\ FF -: plugin - c:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll FF -: plugin - c:\program files\DNA\plugins\npbtdna.dll FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-11 10:34:22 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . ------------------------ Other Running Processes ------------------------ . c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\program files\Intel\Wireless\Bin\S24EvMon.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\McAfee\Common Framework\FrameworkService.exe c:\program files\McAfee\VirusScan Enterprise\Mcshield.exe c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe c:\program files\McAfee\Common Framework\naPrdMgr.exe c:\windows\system32\nvsvc32.exe c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\program files\Sony\VAIO Event Service\VESMgr.exe c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\windows\system32\searchindexer.exe c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe c:\program files\Apoint\ApntEx.exe c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe c:\program files\DISC\DiscStreamHub.exe c:\program files\McAfee\Common Framework\Mctray.exe c:\program files\iPod\bin\iPodService.exe c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe c:\program files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe c:\program files\Skype\Plugin Manager\skypePM.exe c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe c:\windows\system32\wbem\wmiapsrv.exe . ************************************************************************ . Completion time: 2008-11-11 10:41:55 - machine was rebooted ComboFix-quarantined-files.txt 2008-11-11 15:41:50 Pre-Run: 96,380,911,616 bytes free Post-Run: 96,399,880,192 bytes free 309 --- E O F --- 2008-11-01 22:12:28 hijackthis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:45:07 AM, on 11/11/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\McAfee\Common Framework\FrameworkService.exe C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Sony\VAIO Event Service\VESMgr.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe C:\Program Files\Apoint\Apoint.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Sony\VAIO Power Management\SPMgr.exe C:\Program Files\Sony\ISB Utility\ISBMgr.exe C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe C:\Program Files\Napster\napster.exe C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe C:\Program Files\DISC\DISCover.exe C:\Program Files\Protector Suite QL\menusw.exe C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe C:\Program Files\Common Files\AOL\1224971836\ee\AOLSoftware.exe C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE C:\Program Files\McAfee\Common Framework\UdaterUI.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\DISC\DiscStreamHub.exe C:\Program Files\McAfee\Common Framework\McTray.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\DNA\btdna.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Trend Micro\Tmas\Tmas.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll O2 - BHO: C:\WINDOWS\system32\siejf93.dll - {C5AF42A3-94F3-42BD-F434-3604832C897D} - C:\WINDOWS\system32\siejf93.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [SonyPowerCfg] "C:\Program Files\Sony\VAIO Power Management\SPMgr.exe" O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe O4 - HKLM\..\Run: [Biomenu] "C:\Program Files\Protector Suite QL\menusw.exe" O4 - HKLM\..\Run: [VAIOSurvey] c:\program files\sony\vaio survey\surveysa.exe O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe" O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1224971836\ee\AOLSoftware.exe O4 - HKLM\..\Run: [PartSeal] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe" O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Bluetooth Manager.lnk = ? O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople O15 - Trusted Zone: http://*.trymedia.com (HKLM) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1224974123968 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: lke3iemrl490kgfgdsfd - {C5AF42A3-94F3-42BD-F434-3604832C897D} - C:\WINDOWS\system32\siejf93.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- End of file - 12879 bytes thanks again