Pop ups and computer running real slow

jjnuk07 · 04-18-2007, 03:57 AM

Hi Guys, i am hoping that you will be able to help me. A few days ago my trend internet security 2007 started to flash warnings that i was trying to access dangerous sites. I then ran trend and spyware doctor and nothing was found. Since then i have been working through the five steps before posting a log. My computer is getting slower and slower and it takes minutes to type anywords. I know nothing about computers and apologise if i have incorrectly posted the wrong data. Many Thanks John

Deckard's System Scanner v20070411.38
Run by John Neicho on 2007-04-17 at 22:20:55
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.

-- Last 1 Restore Point(s) --
1: 2007-04-17 21:21:57 UTC - RP1 - System Checkpoint

Backed up registry hives.

Performed disk cleanup.

-- HijackThis (run as John Neicho.exe) -----------------------------------------

HijackThis failed to provide a log after three minutes; running clone instead.
-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of HijackThis v1.99.1
Scan saved at 2007-04-17 22:33:30
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.0.5730.11)

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\explorer.exe
C:\Program Files\GRISOFT\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\GRISOFT\AVG7\avgamsvr.exe
C:\Program Files\GRISOFT\AVG7\avgupsvc.exe
C:\Program Files\M-Audio\Fast Track USB\MAUSBFTInst.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\KService\KService.exe
C:\Program Files\Trend Micro\Internet Security 2007\PcCtlCom.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Trend Micro\Internet Security 2007\Tmntsrv.exe
C:\WINDOWS\system32\ico.exe
C:\Program Files\Trend Micro\Internet Security 2007\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
C:\Program Files\Apoint\ApntEx.exe
C:\WINDOWS\kdx\KHost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\system32\alg.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Trend Micro\Internet Security 2007\PcScnSrv.exe
C:\Program Files\Trend Micro\Internet Security 2007\tmproxy.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Documents and Settings\John Neicho\Desktop\dss.exe
C:\Downloads\John Neicho.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.skybroadband.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\Program Files\Spyware Doctor\tools\iesdsg.dll
O2 - BHO: (no name) - {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} - C:\WINDOWS\system32\ksnjsaal.dll
O2 - BHO: (no name) - {6C622D52-0612-414B-A063-105A614D396F} - C:\WINDOWS\system32\gebbyyv.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar4.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\Program Files\Spyware Doctor\tools\iesdpb.dll
O2 - BHO: (no name) - {D793A31E-9950-4652-A129-5214865CC783} - C:\WINDOWS\system32\yaywx.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar4.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [pccguide.exe] C:\PROGRA~1\TRENDM~1\INTERN~3\pccguide.exe
O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\System32\M-AudioTaskBarIcon.exe
O4 - HKCU\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe -all
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.skybroadband.com (file missing)
O9 - Extra 'Tools' menuitem: (no name) - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.skybroadband.com (file missing)
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\Program Files\Spyware Doctor\tools\iesdpb.dll
O9 - Extra 'Tools' menuitem: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\Program Files\Spyware Doctor\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra 'Tools' menuitem: (no name) - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O10 - Unknown file in Winsock LSP: C:\WINDOWS\system32\nwprovau.dll
O15 - Trusted Zone: *.sony-europe.com (HKCU)
O15 - Trusted Zone: *.sonystyle-europe.com (HKCU)
O15 - Trusted Zone: *.vaio-link.com (HKCU)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {0EC4C9E3-EC6A-11CF-8E3B-444553540000} (WaveTab Control) - file:///F:/setup/RiffLick.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/downlo...eckControl.cab
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/portal/en...ex/TmHcmsX.CAB
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st_current.cab
O16 - DPF: {3334504D-9980-0010-8000-00AA00389B71} () - http://download.microsoft.com/downlo...4D/mp43dmo.CAB
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} () - http://download.microsoft.com/downlo...0C/wmv9dmo.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub...sh/swflash.cab
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{598C641C-0AD0-4794-860A-2659594B4E97}: NameServer = 192.168.0.1
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - Winlogon Notify: AtiExtEvent - C:\WINDOWS\system32\Ati2evxx.dll
O20 - Winlogon Notify: gebbyyv - C:\WINDOWS\system32\gebbyyv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\system32\WgaLogon.dll
O20 - Winlogon Notify: yaywx - C:\WINDOWS\system32\yaywx.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\GRISOFT\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program Files\GRISOFT\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program Files\GRISOFT\AVG7\avgupsvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Microsoft Corp., Veritas Software - C:\WINDOWS\System32\dmadmin.exe /com
O23 - Service: M-Audio Fast Track Installer (FastTrackInstallerService) - Avid Technology, Inc. - C:\Program Files\M-Audio\Fast Track USB\MAUSBFTInst.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - "C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe"
O23 - Service: KService - Kontiki Inc. - "C:\Program Files\KService\KService.exe"
O23 - Service: NBService - Unknown owner - D:\Program Files\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security 2007\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - "C:\PROGRA~1\TRENDM~1\INTERN~3\PcScnSrv.exe"
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security 2007\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security 2007\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security 2007\tmproxy.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - "C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe"
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - "C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP"
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - "C:\Program Files\sony\VAIO Media Integrated Server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server"
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -RunBySCM
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - "C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe"
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

-- File Associations -----------------------------------------------------------

.chm - unable to read key

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 AVG Anti-Rootkit - c:\windows\system32\drivers\avgarkt.sys
R0 caboagp (ATI Cabo AGP Filter) - c:\windows\system32\drivers\atisgkaf.sys
R0 imagedrv - c:\windows\system32\drivers\imagedrv.sys
R0 imagesrv - c:\windows\system32\drivers\imagesrv.sys
R0 prohlp02 (StarForce Protection Helper Driver v2) - c:\windows\system32\drivers\prohlp02.sys
R0 prosync1 (StarForce Protection Synchronization Driver v1) - c:\windows\system32\drivers\prosync1.sys
R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys
R0 sfhlp01 (StarForce Protection Helper Driver) - c:\windows\system32\drivers\sfhlp01.sys
R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys
R0 sfsync02 (StarForce Protection Synchronization Driver (version 2.x)) - c:\windows\system32\drivers\sfsync02.sys
R0 sfsync04 (StarForce Protection Synchronization Driver (version 4.x)) - c:\windows\system32\drivers\sfsync04.sys
R1 AvgArCln (Avg Anti-Rootkit Clean Driver) - c:\windows\system32\drivers\avgarcln.sys
R1 DMICall (Sony DMI Call service) - c:\windows\system32\drivers\dmicall.sys
R1 ikhfile (File Security Kernel Anti-Spyware Driver) - c:\windows\system32\drivers\ikhfile.sys
R1 ikhlayer (Kernel Anti-Spyware Driver) - c:\windows\system32\drivers\ikhlayer.sys
R1 prodrv06 (StarForce Protection Environment Driver v6) - c:\windows\system32\drivers\prodrv06.sys
R1 tmtdi (Trend Micro TDI Driver) - c:\windows\system32\drivers\tmtdi.sys
R2 atksgt - c:\windows\system32\drivers\atksgt.sys
R2 lirsgt - c:\windows\system32\drivers\lirsgt.sys
R2 mdmxsdk - c:\windows\system32\drivers\mdmxsdk.sys
R2 NwlnkIpx (NWLink IPX/SPX/NetBIOS Compatible Transport Protocol) - c:\windows\system32\drivers\nwlnkipx.sys
R2 NwlnkNb (NWLink NetBIOS) - c:\windows\system32\drivers\nwlnknb.sys
R2 NwlnkSpx (NWLink SPX/SPXII Protocol) - c:\windows\system32\drivers\nwlnkspx.sys
R2 tmcomm - c:\windows\system32\drivers\tmcomm.sys
R2 tmmbd (Trend Micro MBD Driver) - c:\windows\system32\drivers\tm_mbd_c.sys
R2 Tmpreflt - c:\windows\system32\drivers\tmpreflt.sys
R2 tmxpflt - c:\windows\system32\drivers\tmxpflt.sys
R2 Vsapint - c:\windows\system32\drivers\vsapint.sys
R3 ALCXSENS (Service for WDM 3D Audio Driver) - c:\windows\system32\drivers\alcxsens.sys
R3 ApfiltrService (Alps Pointing-device Filter Driver) - c:\windows\system32\drivers\apfiltr.sys
R3 CLEDX (Team H2O CLEDX service) - c:\windows\system32\drivers\cledx.sys
R3 HSF_DP - c:\windows\system32\drivers\hsf_dp.sys
R3 HSFHWALI - c:\windows\system32\drivers\hsfhwali.sys
R3 LEX_AS_NIC_SERVICE_YNOS (LAN-Express AS IEEE 802.11g Wireless Network Adapter Service) - c:\windows\system32\drivers\expasag.sys
R3 MAUSBFT (Service for M-Audio Fast Track USB (WDM)) - c:\windows\system32\drivers\mausbft.sys
R3 mcdbus (Driver for MagicISO SCSI Host Controller) - c:\windows\system32\drivers\mcdbus.sys
R3 SNC (Sony Notebook Control Device) - c:\windows\system32\drivers\sonync.sys
R3 tifmsony - c:\windows\system32\drivers\tifmsony.sys
R3 tmcfw (Trend Micro Common Firewall Service) - c:\windows\system32\drivers\tm_cfw.sys
R3 winachsf - c:\windows\system32\drivers\hsf_cnxt.sys
R3 WmBEnum (Logitech Virtual Bus Enumerator Driver) - c:\windows\system32\drivers\wmbenum.sys
R3 WmXlCore (Logitech WingMan Translation Layer Driver) - c:\windows\system32\drivers\wmxlcore.sys

S3 aliadwdm (ALi Audio Accelerator WDM driver) - c:\windows\system32\drivers\ac97ali.sys
S3 jgameenp - c:\docume~1\johnne~1\locals~1\temp\jgameenp.sys (file missing)
S3 MA763010 (M-Audio Fast Track) - c:\windows\system32\drivers\ma763010.sys
S3 Maplom - c:\windows\system32\drivers\maplom.sys
S3 P2k (Motorola USB Device) - c:\windows\system32\drivers\p2k.sys
S3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys
S3 vsc32 (Virtual Sound Canvas 3.2) - c:\windows\system32\drivers\vsc.sys (file missing)
S3 WmFilter (Logitech WingMan HID Filter Driver) - c:\windows\system32\drivers\wmfilter.sys
S3 WmVirHid (Logitech Virtual Hid Device Driver) - c:\windows\system32\drivers\wmvirhid.sys

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 FastTrackInstallerService (M-Audio Fast Track Installer) - c:\program files\m-audio\fast track usb\mausbftinst.exe
R2 KService - "c:\program files\kservice\kservice.exe"
R2 PcCtlCom (Trend Micro Central Control Component) - c:\progra~1\trendm~1\intern~3\pcctlcom.exe
R2 Tmntsrv (Trend Micro Real-time Service) - c:\progra~1\trendm~1\intern~3\tmntsrv.exe
R2 TmPfw (Trend Micro Personal Firewall) - c:\progra~1\trendm~1\intern~3\tmpfw.exe
R2 tmproxy (Trend Micro Proxy Service) - c:\progra~1\trendm~1\intern~3\tmproxy.exe
R2 VzCdbSvc (VAIO Entertainment Database Service) - "c:\program files\common files\sony shared\vaio entertainment platform\vzcdb\vzcdbsvc.exe"
R2 VzFw (VAIO Entertainment File Import Service) - c:\program files\common files\sony shared\vaio entertainment platform\vzcdb\vzfw.exe
R3 PcScnSrv (Trend Micro Protection Against Spyware ) - "c:\progra~1\trendm~1\intern~3\pcscnsrv.exe"
R3 Vcsw (VAIO Entertainment UPnP Client Adapter) - c:\program files\common files\sony shared\vaio entertainment platform\vcsw\vcsw.exe -runbyscm

S3 NBService - d:\program files\nero 7\nero backitup\nbservice.exe
S3 PACSPTISVR - c:\program files\common files\sony shared\avlib\pacsptisvr.exe
S3 SPTISRV (Sony SPTI Service) - c:\program files\common files\sony shared\avlib\sptisrv.exe
S3 VAIO Entertainment TV Device Arbitration Service - "c:\program files\common files\sony shared\vaio entertainment platform\vzcs\vzhardwareresourcemanager\vzhardwareresourcemanager.exe"
S3 VAIOMediaPlatform-IntegratedServer-AppServer (VAIO Media Integrated Server) - c:\program files\sony\vaio media integrated server\vmisrv.exe
S3 VAIOMediaPlatform-IntegratedServer-HTTP (VAIO Media Integrated Server (HTTP)) - "c:\program files\sony\vaio media integrated server\platform\sv_httpd.exe" /service=vaiomediaplatform-integratedserver-http /regroot="software\sony corporation\vaio media platform\2.0" /regext="applications\integratedserver\http"
S3 VAIOMediaPlatform-IntegratedServer-UPnP (VAIO Media Integrated Server (UPnP)) - c:\program files\sony\vaio media integrated server\platform\upnpframework.exe
S3 VAIOMediaPlatform-Mobile-Gateway (VAIO Media Gateway Server) - "c:\program files\sony\vaio media integrated server\platform\vmgateway.exe" /service=vaiomediaplatform-mobile-gateway /regroot="software\sony corporation\vaio media platform\2.0" /regext="\addons\packages\mobile\gateway" /displayname="vaio media gateway server"

-- Files created between 2007-03-17 and 2007-04-17 -----------------------------

2007-04-17 15:53:55 21312 --a------ C:\WINDOWS\choice.exe
2007-04-17 15:52:07 0 d-------- C:\ie-spyad
2007-04-17 15:42:24 0 d-------- C:\Program Files\SpywareGuard<SPYWAR~3>
2007-04-17 15:24:26 123972 --a------ C:\WINDOWS\system32\auiwxrtm.dll
2007-04-17 11:45:42 0 d-------- C:\Program Files\SpywareBlaster<SPYWAR~2>
2007-04-17 11:01:59 123972 --a------ C:\WINDOWS\system32\bcvrejbv.dll
2007-04-16 20:33:05 123972 --a------ C:\WINDOWS\system32\phpadftv.dll
2007-04-16 18:40:09 790570 ---hs---- C:\WINDOWS\system32\xwyay.bak2<XWYAY~2.BAK>
2007-04-16 18:31:42 0 d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2007-04-16 18:31:42 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun
2007-04-16 18:31:42 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sony Corporation<SONYCO~1>
2007-04-16 18:31:42 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2007-04-16 18:31:41 1310720 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2007-04-15 22:43:27 48708 --a------ C:\WINDOWS\system32\ksnjsaal.dll
2007-04-15 21:37:19 787125 ---hs---- C:\WINDOWS\system32\xwyay.ini2<XWYAY~1.INI>
2007-04-15 15:29:14 0 d-------- C:\WINDOWS\system32\ActiveScan<ACTIVE~1>
2007-04-15 10:35:18 0 d-------- C:\Program Files\Lavasoft
2007-04-13 21:23:43 766167 ---hs---- C:\WINDOWS\system32\xwyay.bak1<XWYAY~1.BAK>
2007-04-13 21:22:32 280676 -----n--- C:\WINDOWS\system32\yaywx.dll
2007-04-13 21:17:11 26694 --a------ C:\WINDOWS\system32\gebbyyv.dll
2007-04-13 17:40:38 3968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-04-13 17:39:11 3968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys

-- Find3M Report ---------------------------------------------------------------

2007-04-16 21:39:46 0 d-------- C:\Program Files\Spyware Doctor<SPYWAR~1>
2007-04-16 21:29:59 0 d-------- C:\Program Files\MagicDisc<MAGICD~1>
2007-04-16 21:29:39 0 d-------- C:\Program Files\KService
2007-04-16 21:25:51 0 d-------- C:\Program Files\Google
2007-04-16 21:20:52 0 d-------- C:\Program Files\Apoint
2007-04-16 18:22:39 0 d-------- C:\Documents and Settings\John Neicho\Application Data\AVG7
2007-04-15 10:36:59 0 d-------- C:\Documents and Settings\John Neicho\Application Data\Lavasoft
2007-04-15 10:33:08 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard<WISEIN~1>
2007-04-13 21:16:15 0 d-------- C:\Program Files\eMule
2007-03-20 18:01:17 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-03-19 14:01:29 48 --a------ C:\WINDOWS\system32\msvcsv60.dll
2007-03-19 14:01:29 48 --a------ C:\WINDOWS\msocreg32.dat<MSOCRE~1.DAT>
2007-03-17 14:43:01 292864 --a------ C:\WINDOWS\system32\winsrv.dll
2007-03-08 16:38:53 0 d-------- C:\Documents and Settings\John Neicho\Application Data\My Games<MYGAME~1>
2007-03-08 16:36:28 577536 --a------ C:\WINDOWS\system32\user32.dll
2007-03-08 16:36:28 40960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-03-08 16:36:28 281600 --a------ C:\WINDOWS\system32\gdi32.dll
2007-03-08 14:47:48 1843584 --a------ C:\WINDOWS\system32\win32k.sys
2007-03-03 13:28:31 0 d-------- C:\Program Files\Motorola Phone Tools<MOTORO~1>
2007-03-03 13:25:22 0 d-------- C:\Program Files\Avanquest update<AVANQU~1>
2007-02-28 13:16:59 0 d-------- C:\Program Files\Native Instruments<NATIVE~1>
2007-02-25 14:53:00 99 --a------ C:\scope
2007-02-24 19:16:05 118784 --a------ C:\WINDOWS\dsdxirmv.exe
2007-02-24 13:01:51 0 d-------- C:\Documents and Settings\John Neicho\Application Data\Cakewalk
2007-02-22 15:17:00 0 d-------- C:\Program Files\intelliScore Polyphonic<INTELL~1>
2007-02-16 15:36:00 47104 -----n--- C:\WINDOWS\AKDeInstall.exe<AKDEIN~1.EXE>
2007-02-05 21:17:02 185344 --a------ C:\WINDOWS\system32\upnphost.dll

-- Registry Dump ---------------------------------------------------------------

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"kdx"="C:\\WINDOWS\\kdx\\KHost.exe -all"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"OE"="\"C:\\Program Files\\Trend Micro\\Internet Security 2007\\TMAS_OE\\TMAS_OEMon.exe\""
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
"WMPNSCFG"="C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Apoint"="C:\\Program Files\\Apoint\\Apoint.exe"
"ezShieldProtector for Px"="C:\\WINDOWS\\System32\\ezSP_Px.exe"
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"Mouse Suite 98 Daemon"="ICO.EXE"
"pccguide.exe"="C:\\PROGRA~1\\TRENDM~1\\INTERN~3\\pccguide.exe"
"M-Audio Taskbar Icon"="C:\\WINDOWS\\System32\\M-AudioTaskBarIcon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~2.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kazga.exe.lnk]
"backup"="C:\\WINDOWS\\pss\\Kazga.exe.lnkCommon Startup"
"location"="Common Startup"
"item"="Kazga.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="apdproxy"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="avgcc"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NMBgMonitor"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\errorkiller]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="errorkiller"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HKSERV.EXE]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="HKserv"
"hkey"="HKLM"
"command"="C:\\Program Files\\Sony\\HotKey Utility\\HKserv.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrintDrive]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="okdjcpni"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SonyPowerCfg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SPMgr"
"hkey"="HKLM"
"command"="C:\\Program Files\\sony\\vaio power management\\SPMgr.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="swdoctor"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead Photo Express Calendar Checker]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="calcheck"
"hkey"="HKLM"
"command"="C:\\Program Files\\Ulead Systems\\Ulead Photo Express 5 SE\\calcheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Update 2]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="VAIOUpdt"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Sony\\VAIO Update 2\\VAIOUpdt.exe\" /Stationary"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WMPNSCFG"
"hkey"="HKCU"
"command"="C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
"{6C622D52-0612-414B-A063-105A614D396F}"=""
"{81559C35-8464-49F7-BB0E-07A383BEF910}"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"Spyware Doctor"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebbyyv
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yaywx

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

-- End of Deckard's System Scanner: finished at 2007-04-17 at 22:46:06 ---------

sUBs · 04-20-2007, 05:42 PM

1. Download this file -> http://download.bleepingcomputer.com...a/ComboFix.exe

2. Double click on combofix.exe & follow the prompts.

3. When finished, it shall produce a log for you. Post that log & a fresh HJT log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

jjnuk07 · 04-21-2007, 02:34 PM

Thanks for helping me . The logs requested are attached below.
Thanks again. John

"John Neicho" - 07-04-21 20:51:47 Service Pack 2
ComboFix 07-04-21.2V - Running from: C:\Documents and Settings\John Neicho\Desktop\

(((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\system32\auiwxrtm.dll
C:\WINDOWS\system32\bcvrejbv.dll
C:\WINDOWS\system32\egexxnql.dll
C:\WINDOWS\system32\ivsamnke.dll
C:\WINDOWS\system32\krejuhpo.dll
C:\WINDOWS\system32\lhtowwtx.dll
C:\WINDOWS\system32\phpadftv.dll
C:\WINDOWS\system32\uatqtffj.dll
C:\WINDOWS\system32\dpbbmevu.dll
C:\WINDOWS\system32\iefhyxko.dll
C:\WINDOWS\system32\ksnjsaal.dll
C:\WINDOWS\system32\leisylte.dll
C:\WINDOWS\system32\ltdlbykv.dll
C:\WINDOWS\system32\oteefwds.dll
C:\WINDOWS\system32\xwyay.bak1
C:\WINDOWS\system32\xwyay.bak2
C:\WINDOWS\system32\xwyay.ini
C:\WINDOWS\system32\xwyay.ini2
C:\WINDOWS\system32\xwyay.tmp
C:\WINDOWS\system32\yaywx.dll
C:\WINDOWS\system32\gebbyyv.dll

* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

((((((((((((((((((((((((((((((( Files Created from 2007-03-21 to 2007-04-21 ))))))))))))))))))))))))))))))))))

2007-04-17 22:20 <DIR> d-------- C:\Deckard
2007-04-17 15:53 21,312 --a------ C:\WINDOWS\choice.exe
2007-04-17 15:52 <DIR> d-------- C:\ie-spyad
2007-04-17 15:42 <DIR> d-------- C:\Program Files\SpywareGuard
2007-04-17 11:45 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-04-16 18:31 1,310,720 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-04-16 18:31 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec
2007-04-16 18:31 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Sony Corporation
2007-04-15 15:29 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-04-15 10:35 <DIR> d-------- C:\Program Files\Lavasoft
2007-04-13 17:40 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-04-13 17:39 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-04-16 21:39 -------- d-------- C:\Program Files\spyware doctor
2007-04-16 21:29 -------- d-------- C:\Program Files\magicdisc
2007-04-16 21:29 -------- d-------- C:\Program Files\kservice
2007-04-16 21:25 -------- d-------- C:\Program Files\google
2007-03-20 18:01 -------- d--h----- C:\Program Files\installshield installation information
2007-03-19 14:01 48 --a------ C:\WINDOWS\system32\msvcsv60.dll
2007-03-19 14:01 48 --a------ C:\WINDOWS\msocreg32.dat
2007-03-17 14:43 292864 --a------ C:\WINDOWS\system32\winsrv.dll
2007-03-08 16:38 -------- d-------- C:\DOCUME~1\JOHNNE~1\APPLIC~1\my games
2007-03-08 16:36 577536 --a------ C:\WINDOWS\system32\user32.dll
2007-03-08 16:36 40960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-03-08 16:36 281600 --a------ C:\WINDOWS\system32\gdi32.dll
2007-03-08 14:47 1843584 --a------ C:\WINDOWS\system32\win32k.sys
2007-03-03 13:28 -------- d-------- C:\Program Files\motorola phone tools
2007-02-28 13:16 -------- d-------- C:\Program Files\native instruments
2007-02-24 19:16 118784 --a------ C:\WINDOWS\dsdxirmv.exe
2007-02-22 15:17 -------- d-------- C:\Program Files\intelliscore polyphonic
2007-02-16 15:36 47104 --------- C:\WINDOWS\akdeinstall.exe
2007-02-05 21:17 185344 --a------ C:\WINDOWS\system32\upnphost.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{4A368E80-174F-4872-96B5-0B27DDD11DB2} C:\Program Files\SpywareGuard\dlprotect.dll
{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} c:\program files\google\googletoolbar4.dll
{B56A7D7D-6927-48C8-A975-17DF180C71AC} C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Apoint"="C:\\Program Files\\Apoint\\Apoint.exe"
"ezShieldProtector for Px"="C:\\WINDOWS\\System32\\ezSP_Px.exe"
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"Mouse Suite 98 Daemon"="ICO.EXE"
"pccguide.exe"="C:\\PROGRA~1\\TRENDM~1\\INTERN~3\\pccguide.exe"
"M-Audio Taskbar Icon"="C:\\WINDOWS\\System32\\M-AudioTaskBarIcon.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"kdx"="C:\\WINDOWS\\kdx\\KHost.exe -all"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"OE"="\"C:\\Program Files\\Trend Micro\\Internet Security 2007\\TMAS_OE\\TMAS_OEMon.exe\""
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
"WMPNSCFG"="C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Spyware Doctor"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~2.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kazga.exe.lnk]
"backup"="C:\\WINDOWS\\pss\\Kazga.exe.lnkCommon Startup"
"location"="Common Startup"
"item"="Kazga.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="apdproxy"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="avgcc"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NMBgMonitor"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\errorkiller]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="errorkiller"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HKSERV.EXE]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="HKserv"
"hkey"="HKLM"
"command"="C:\\Program Files\\Sony\\HotKey Utility\\HKserv.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrintDrive]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="okdjcpni"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SonyPowerCfg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SPMgr"
"hkey"="HKLM"
"command"="C:\\Program Files\\sony\\vaio power management\\SPMgr.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="swdoctor"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead Photo Express Calendar Checker]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="calcheck"
"hkey"="HKLM"
"command"="C:\\Program Files\\Ulead Systems\\Ulead Photo Express 5 SE\\calcheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Update 2]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="VAIOUpdt"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Sony\\VAIO Update 2\\VAIOUpdt.exe\" /Stationary"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WMPNSCFG"
"hkey"="HKCU"
"command"="C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-04-21 21

31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 07-04-21 21:08:43 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 07-04-21 21:08
C:\ComboFix2.txt ... 06-12-04 14:45

Logfile of HijackThis v1.99.1
Scan saved at 21:14:36, on 21/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\M-Audio\Fast Track USB\MAUSBFTInst.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\KService\KService.exe
C:\PROGRA~1\TRENDM~1\INTERN~3\PcCtlCom.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\PROGRA~1\TRENDM~1\INTERN~3\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~3\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~3\tmproxy.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\PROGRA~1\TRENDM~1\INTERN~3\PcScnSrv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Apoint\Apntex.exe
C:\PROGRA~1\TRENDM~1\INTERN~3\pccguide.exe
C:\WINDOWS\System32\M-AudioTaskBarIcon.exe
C:\WINDOWS\kdx\KHost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [pccguide.exe] C:\PROGRA~1\TRENDM~1\INTERN~3\pccguide.exe
O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\System32\M-AudioTaskBarIcon.exe
O4 - HKCU\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe -all
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.skybroadband.com (file missing)
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com/
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O16 - DPF: {0EC4C9E3-EC6A-11CF-8E3B-444553540000} (WaveTab Control) - file:///F:/setup/RiffLick.cab
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/portal/en...ex/TmHcmsX.CAB
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st_current.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{598C641C-0AD0-4794-860A-2659594B4E97}: NameServer = 192.168.0.1
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: M-Audio Fast Track Installer (FastTrackInstallerService) - Avid Technology, Inc. - C:\Program Files\M-Audio\Fast Track USB\MAUSBFTInst.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\KService\KService.exe
O23 - Service: NBService - Nero AG - D:\Program Files\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~3\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~3\PcScnSrv.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~3\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~3\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~3\tmproxy.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP (file missing)
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Program Files\sony\VAIO Media Integrated Server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server (file missing)
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

sUBs · 04-21-2007, 02:39 PM

Please perform an online scan using Internet Explorer at http://www.kaspersky.com/virusscanner

Answer Yes, when prompted to install an ActiveX component.

The program will then begin downloading the latest definition files.
Once the files have been downloaded click on NEXT
Locate the Scan Settings button & configure to:
- Scan using the following Anti-Virus database:
  - Extended
- Scan Options:
  - Scan Archives
  - Scan Mail Bases
Click OK & have it scan My Computer
Once the scan is complete, it will display if your system has been infected. We only require a report from it.
It does not provide an option to clean/disinfect.
Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

* Turn off the real time scanner of any existing antivirus program while performing the online scan

---------------

In your next post, please include fresh logs from:

Fresh Hijackthis log taken just before replying

Online scan

Please provide details of any problems you encountered whilst performing the above steps & update us on how the computer behaves now

sUBs · 04-21-2007, 02:40 PM

This is to be performed after you have posted the required logs.

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Updating Java:

Download the latest version of Java Runtime Environment (JRE) 6u1 - http://java.sun.com/javase/downloads/index.jsp
Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
Click the "Download" button to the right.
Check the box that says: "Accept License Agreement".
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u1-windows-i586-p.exe to install the newest version.

jjnuk07 · 04-23-2007, 09:42 AM

Hi sorry for the long time to reply but i had to go out yesterday and the virus scanner took ages to complete. My computer is running much better and i have no more pop ups. Thanks for helping me. I will update my java now. Here are the logs requested.
John

-------------------------------

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, April 23, 2007 3

54 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 23/04/2007
Kaspersky Anti-Virus database records: 300781
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
H:\

Scan Statistics:
Total number of scanned objects: 84520
Number of viruses found: 16
Number of infected objects: 82 / 0
Number of suspicious objects: 0
Duration of the scan process: 02:52:16

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Sony Corporation\SonicStage\Packages\MtData.ldb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Sony Corporation\SonicStage\Packages\MtData.mdb Object is locked skipped
C:\Documents and Settings\John Neicho\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\John Neicho\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\John Neicho\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\John Neicho\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\John Neicho\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\John Neicho\Local Settings\History\History.IE5\MSHist012007042320070424\index.dat Object is locked skipped
C:\Documents and Settings\John Neicho\Local Settings\Temp\~DF1619.tmp Object is locked skipped
C:\Documents and Settings\John Neicho\Local Settings\Temp\~DF169C.tmp Object is locked skipped
C:\Documents and Settings\John Neicho\Local Settings\Temp\~DF24AE.tmp Object is locked skipped
C:\Documents and Settings\John Neicho\Local Settings\Temp\~DF3203.tmp Object is locked skipped
C:\Documents and Settings\John Neicho\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\John Neicho\My Documents\Langauge Homework\spanishhomewqork .doc Object is locked skipped
C:\Documents and Settings\John Neicho\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\John Neicho\NTUSER.DAT.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Downloads\avgas-setup-7.5.0.50.exe Object is locked skipped
C:\Program Files\KService\data\error.log Object is locked skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\11E.tmp/setup.exe Infected: P2P-Worm.Win32.Kapucen.b skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\11E.tmp RAR: infected - 1 skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\11E.tmp CryptFF.b: infected - 1 skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\128.tmp Infected: P2P-Worm.Win32.Kapucen.b skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\19.tmp/Eqhelper.exe Infected: Packed.Win32.Bagle skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\19.tmp ZIP: infected - 1 skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\19.tmp CryptFF.b: infected - 1 skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\193.tmp Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\20.tmp/setup.exe Infected: P2P-Worm.Win32.Kapucen.b skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\20.tmp RAR: infected - 1 skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\20.tmp CryptFF.b: infected - 1 skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\21.tmp/L2UuPu8.exe Infected: Email-Worm.Win32.Glowa.g skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\21.tmp/snvKr1M.exe Infected: Email-Worm.Win32.Glowa.g skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\21.tmp/t0NA8L7.exe Infected: Email-Worm.Win32.Glowa.g skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\21.tmp RAR: infected - 3 skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\21.tmp CryptFF.b: infected - 3 skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\22.tmp Infected: P2P-Worm.Win32.VB.dz skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\24.tmp Infected: P2P-Worm.Win32.Kapucen.b skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\25.tmp/setup.exe Infected: P2P-Worm.Win32.Kapucen.b skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\25.tmp RAR: infected - 1 skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\25.tmp CryptFF.b: infected - 1 skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\26.tmp/setup.exe Infected: P2P-Worm.Win32.Kapucen.b skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\26.tmp RAR: infected - 1 skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\26.tmp CryptFF.b: infected - 1 skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\29.tmp/setup.exe Infected: Trojan.Win32.Agent.qt skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\29.tmp/Setup.exe Infected: P2P-Worm.Win32.Kapucen.b skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\29.tmp ZIP: infected - 2 skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\29.tmp CryptFF.b: infected - 2 skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\2E.tmp/Setup.exe Infected: Trojan.Win32.LowZones.cw skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\2E.tmp ZIP: infected - 1 skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\2E.tmp CryptFF.b: infected - 1 skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\5A.tmp/setup.exe Infected: Trojan-Downloader.Win32.Bagle.ax skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\5A.tmp/Setup.exe Infected: P2P-Worm.Win32.Kapucen.b skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\5A.tmp ZIP: infected - 2 skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\5A.tmp CryptFF.b: infected - 2 skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\5B.tmp/AbiTitmuss.exe Infected: Email-Worm.Win32.Bagle.fc skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\5B.tmp ZIP: infected - 1 skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\5B.tmp CryptFF.b: infected - 1 skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\5C.tmp/screensaver.exe Infected: not-a-virus:AdWare.Win32.

04-20-2007, 05:42 PM	#2 (permalink)
sUBs Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy Join Date: May 2005 Posts: 21,354 OS: XP	Re: Pop ups and computer running real slow 1. Download this file -> http://download.bleepingcomputer.com...a/ComboFix.exe 2. Double click on combofix.exe & follow the prompts. 3. When finished, it shall produce a log for you. Post that log & a fresh HJT log in your next reply Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

04-21-2007, 02:39 PM	#4 (permalink)
sUBs Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy Join Date: May 2005 Posts: 21,354 OS: XP	Re: Pop ups and computer running real slow Please perform an online scan using Internet Explorer at http://www.kaspersky.com/virusscanner Answer Yes, when prompted to install an ActiveX component. The program will then begin downloading the latest definition files. Once the files have been downloaded click on NEXT Locate the Scan Settings button & configure to: Scan using the following Anti-Virus database: Extended Scan Options: Scan Archives Scan Mail Bases Click OK & have it scan My Computer Once the scan is complete, it will display if your system has been infected. We only require a report from it. It does not provide an option to clean/disinfect. Click the Save as Text button to save the file to your desktop so that you may post it in your next reply * Turn off the real time scanner of any existing antivirus program while performing the online scan --------------- In your next post, please include fresh logs from: Fresh Hijackthis log taken just before replying Online scan Please provide details of any problems you encountered whilst performing the above steps & update us on how the computer behaves now

04-21-2007, 02:40 PM	#5 (permalink)
sUBs Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy Join Date: May 2005 Posts: 21,354 OS: XP	Re: Pop ups and computer running real slow This is to be performed after you have posted the required logs. Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update. Updating Java: Download the latest version of Java Runtime Environment (JRE) 6u1 - http://java.sun.com/javase/downloads/index.jsp Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications". Click the "Download" button to the right. Check the box that says: "*Accept* License Agreement". The page will refresh. Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop. Close any programs you may have running - especially your web browser. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java. Check any item with Java Runtime Environment (JRE or J2SE) in the name. Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions. Reboot your computer once all Java components are removed. Then from your desktop double-click on jre-6u1-windows-i586-p.exe to install the newest version.