netadv.dll - Page 2

tetonbob · 10-09-2007, 02:24 PM

OK....I see a problem still. We'll use another tool to help us remove it.

I'll repeat the instructions of Post #11

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

Download this file - http://download.bleepingcomputer.com...a/ComboFix.exe

* IMPORTANT !!! Place combofix.exe on your Desktop
Disconnect from the internet....pull the plug!
S& D Spybot's Tea Timer

While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent HijackThis from fixing certain things.
Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your HijackThis log is clean.
- Open Spybot Search & Destroy.
- In the Mode menu click "Advanced mode" if not already selected.
- Choose "Yes" at the Warning prompt.
- Expand the "Tools" menu.
- Click "Resident".
- Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
- In the File menu click "Exit" to exit Spybot Search & Destroy.
- See this link for a tutorial
Go to -> Run -> paste in the following single line command & click OK

"%userprofile%\desktop\combofix.exe" /killall
Follow the prompts. Type "1" and press Enter to begin the scan.
Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

---------------------------------------------------------------------------------------------
Re-establish an internet connection.
Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.

---------------------------------------------------------------------------------------------

hangthisup · 10-09-2007, 03:01 PM

ComboFix 07-10-10.1 - jason 2007-10-10 13:46:04.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.468 [GMT -7:00]
Running from: C:\Documents and Settings\jason\My Documents\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data.\salesmonitor
C:\Documents and Settings\All Users\Application Data\SystemDoctor Free
C:\Documents and Settings\All Users\Application Data\SystemDoctor Free\Data\Abbr
C:\Documents and Settings\All Users\Application Data\SystemDoctor Free\Data\Abbr
C:\Documents and Settings\All Users\Application Data\SystemDoctor Free\Data\ActivationCode
C:\Documents and Settings\All Users\Application Data\SystemDoctor Free\Data\ActivationCode
C:\Documents and Settings\All Users\Application Data\SystemDoctor Free\Data\HOURS
C:\Documents and Settings\All Users\Application Data\SystemDoctor Free\Data\HOURS
C:\Documents and Settings\All Users\Application Data\SystemDoctor Free\Data\ProductCode
C:\Documents and Settings\All Users\Application Data\SystemDoctor Free\Data\ProductCode
C:\Documents and Settings\jason\Application Data\SystemDoctor Free
C:\Documents and Settings\jason\Application Data\SystemDoctor Free\Logs\update.log
C:\Documents and Settings\jason\Application Data\SystemDoctor Free\Logs\update.log
C:\Program Files\Common Files\SystemDoctor
C:\Program Files\Common Files\SystemDoctor\dcpasmon.exe
C:\Program Files\Common Files\SystemDoctor\err.log
C:\Program Files\Common Files\SystemDoctor\up.dat
C:\WINDOWS\dat.txt
C:\WINDOWS\search_res.txt
C:\WINDOWS\setup.exe

.
((((((((((((((((((((((((( Files Created from 2007-09-10 to 2007-10-10 )))))))))))))))))))))))))))))))
.

2007-10-09 13:43 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-09 11:34 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-10-09 11:34 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-10-09 11:34 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-10-09 11:34 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-10-09 11:34 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-10-09 09:36 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Sony Corporation
2007-10-09 09:36 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Google
2007-10-09 08:54 <DIR> d-------- C:\Program Files\CCleaner
2007-10-09 08:00 <DIR> d-------- C:\Deckard
2007-10-09 05:30 <DIR> d-------- C:\Program Files\Enigma Software Group
2007-10-09 05:03 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-10-09 05:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-10-09 04:52 266,240 --a------ C:\WINDOWS\bndsrsvk.dll
2007-10-09 04:37 <DIR> d-------- C:\Documents and Settings\jason\Application Data\Comodo
2007-10-09 04:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Comodo
2007-10-08 22:22 <DIR> d-------- C:\WINDOWS\My Games
2007-10-08 20:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-08 20:45 <DIR> d-------- C:\Program Files\Comodo
2007-10-08 20:39 <DIR> d-------- C:\Program Files\SpywareGuard
2007-10-08 20:35 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-10-08 20:27 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-10-08 18:30 4,220 --a------ C:\WINDOWS\system32\tmp.reg
2007-10-08 18:21 <DIR> d--hs---- C:\WINDOWS\ftpcache
2007-10-08 18:21 <DIR> d-------- C:\Documents and Settings\jason\Application Data\eGames
2007-10-08 18:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\eGames
2007-10-08 16:35 <DIR> d-------- C:\Program Files\Windows Defender
2007-10-08 11:37 <DIR> d-------- C:\Program Files\SystemDefender
2007-10-08 11:30 286,720 --a------ C:\WINDOWS\bndsrvqt.dll
2007-10-07 18:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CWFXCEJTXG
2007-10-07 08:23 <DIR> d-------- C:\Program Files\Super Granny 3
2007-10-05 14:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\LSFXCEJTXG
2007-10-04 19:52 7 --a------ C:\WINDOWS\system32\cpahrider.reg
2007-10-02 22:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\JZFXCEJTXG
2007-10-01 10:23 26,008 -ra------ C:\WINDOWS\system32\drivers\RimUsb.sys
2007-10-01 10:21 26,752 -ra------ C:\WINDOWS\system32\drivers\RimSerial.sys
2007-10-01 10:20 <DIR> d-------- C:\Program Files\Research In Motion
2007-09-26 09:04 7 --a------ C:\WINDOWS\system32\btrasher3.reg
2007-09-26 08:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FOFXCEJTXG
2007-09-25 17:42 <DIR> d-------- C:\Program Files\Quirty Buddy
2007-09-25 15:23 <DIR> d-------- C:\Program Files\Snowy - Treasure Hunter 3
2007-09-24 16:27 <DIR> d-------- C:\Program Files\Zoo Empire
2007-09-24 15:57 <DIR> d-------- C:\Downloads
2007-09-24 14:45 <DIR> d-------- C:\Program Files\Freecell Buddy Pogo
2007-09-23 14:17 <DIR> d-------- C:\Documents and Settings\jason\Application Data\Jane s Hotel
2007-09-22 18:11 <DIR> d-------- C:\Program Files\Cake Mania 2
2007-09-22 09:33 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2007-09-14 21:44 <DIR> d-------- C:\Program Files\Paradise Pet Salon

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-09 19:59 --------- d-----w C:\Program Files\Trend Micro
2007-10-09 16:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\WholeSecurity
2007-10-09 03:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2007-10-09 01:20 --------- d-----w C:\Program Files\Yahoo! Games
2007-10-08 23:06 --------- d-----w C:\Program Files\Oberon Media
2007-10-08 22:59 --------- d-----w C:\Program Files\Coupons
2007-10-08 22:57 --------- d-----w C:\Program Files\Smiley Arcade
2007-10-08 22:56 --------- d-----w C:\Program Files\BurgerRush_at
2007-10-08 18:39 --------- d-----w C:\Program Files\ArcticQuest2_at
2007-10-08 17:23 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-10-08 01:52 --------- d-----w C:\Program Files\BadgeHelp
2007-10-07 15:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sandlot Games
2007-10-05 16:14 --------- d-----w C:\Documents and Settings\jason\Application Data\AweSEM
2007-10-03 04:20 30,976 ----a-w C:\WINDOWS\rascntrl.dll
2007-10-03 04:20 23,104 ----a-w C:\WINDOWS\system32\svcprmpt.dll
2007-10-03 03:06 --------- d-----w C:\Program Files\Google
2007-09-30 01:13 --------- d-----w C:\Program Files\Nick Arcade
2007-09-25 22:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Aliasworlds
2007-09-24 23:33 --------- d-----w C:\Program Files\SallysSalon_at
2007-09-24 23:12 --------- d-----w C:\Documents and Settings\jason\Application Data\PlayFirst
2007-09-24 23:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2007-09-20 08:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-09-14 02:44 --------- d-----w C:\Program Files\MySpace
2007-09-09 05:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Alawar Stargaze
2007-09-07 16:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\SGFXCEJTXG
2007-09-05 19:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\VXFXCEJTXG
2007-09-02 05:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\TUFXCEJTXG
2007-08-28 22:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony Online Entertainment
2007-08-23 04:06 --------- d-----w C:\Documents and Settings\jason\Application Data\MySpace
2007-08-22 10:54 --------- d-----w C:\Program Files\Doras Carnival 2 At the Boardwalk
2007-08-15 23:44 --------- d-----w C:\Documents and Settings\jason\Application Data\Magus
2007-08-15 15:54 --------- d-----w C:\Documents and Settings\jason\Application Data\gemsweeperextractedgfx
2007-08-13 18:34 --------- d-----w C:\Program Files\Real
2007-07-31 02:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-31 02:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-31 02:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-31 02:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-31 02:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-31 02:19 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-07-31 02:19 207,736 ----a-w C:\WINDOWS\system32\muweb.dll
2007-07-31 02:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-31 02:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-31 02:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-07-16 19:09 28,672 ----a-w C:\WINDOWS\system32\UnInsPup.exe
2007-07-08 22:09 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2007-06-20 01:51 0 ----a-w C:\Documents and Settings\jason\Application Data\wklnhst.dat
2006-02-19 11:28 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{05F79890-CFA6-4D53-87BC-2F390DA6645E}]
2007-10-09 03:22 266240 --a------ C:\WINDOWS\bndsrsvk.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3ADCBC16-19FA-4C59-9C22-E17C71B5FD7A}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22}]
2005-10-14 10:21 102400 --a------ C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-08-05 10:57]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-08-05 10:56]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-08-05 10:56]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-11-17 20:47]
"RTHDCPL"="RTHDCPL.EXE" [2005-08-09 15:17 C:\WINDOWS\RTHDCPL.EXE]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-11 19:51]
"Mouse Suite 98 Daemon"="ICO.EXE" []
"VAIO Recovery"="C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-19 21:08]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"SonyPowerCfg"="C:\Program Files\Sony\VAIO Power Management\SPMgr.exe" [2005-10-19 23:07]
"ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 15:12]
"VAIO Update 2"="C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-10-11 22:36]
"VAIOCameraUtility"="C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe" [2005-12-01 03:20]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-09-17 00:27]
"PartSeal"="C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-19 21:08]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 03:41]
"eBayToolbar"="C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe" [2007-09-10 23:40]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-01 16:51]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-10-08 20:37]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2007-10-08 20:45]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-01 17:22]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00]

C:\Documents and Settings\jason\Start Menu\Programs\Startup\
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 19:05:35]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-08-19 10:25:25]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 05:21:22]
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2006-02-10 08:56:20]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoBandCustomize"=0 (0x0)
"NoMovingBands"=0 (0x0)
"NoCloseDragDropBands"=0 (0x0)
"NoToolbarsOnTaskbar"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
VESWinlogon.dll 2005-05-20 18:42 73728 C:\WINDOWS\system32\VESWinlogon.dll

R3 SonyImgF;Sony Image Conversion Filter Driver;C:\WINDOWS\system32\DRIVERS\SonyImgF.sys
S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment;C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
S3 kwkpcusb;Kyocera CDMA Wireless Modem Driver for KPC;C:\WINDOWS\system32\DRIVERS\kwusbnt.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{57d7930d-566c-11dc-b09e-00014af7e659}]
AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL http://www.mgae.com/keylauncher/?code=3654333842770338

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2007-10-07 23:34:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
"2007-10-09 19:13:33 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-10 13:48:58
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-10 13:49:35
.
--- E O F ---

hangthisup · 10-09-2007, 03:03 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:03:19 PM, on 10/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Apoint\Apntex.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\PROGRA~1\Grisoft\AVG7\avgw.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: MSVPS System - {05F79890-CFA6-4D53-87BC-2F390DA6645E} - C:\WINDOWS\bndsrsvk.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: (no name) - {3ADCBC16-19FA-4C59-9C22-E17C71B5FD7A} - (no file)
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [PartSeal] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [vpnvow] C:\DOCUME~1\jason\LOCALS~1\Temp\vpnvow.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\jason\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {00A7BD45-3D5C-11D4-BDA7-00C0F02C56AB} (DMSrvPushX Control) - http://dvr1.labohemegc.com/webpages/DMWebX.ocx
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {1CDFA4E8-3396-439D-8C9D-AD0E32DE94B6} (CPlayFirsttastyplanetControl Object) - http://www.playfirst.com/play/game/t...et.1.0.0.4.cab
O16 - DPF: {352797A0-EFD0-4FA6-B229-145120EA4B8A} (Walt Disney Internet Group Hardware Control) - https://disneyblast.go.com/v3/setup/...areControl.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/re...s/MSNPUpld.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://atv.disney.go.com/global/down.../OTOYAX29b.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/download...ameManager.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/.../installer.exe
O16 - DPF: {E6C4420E-0669-4518-B825-F63CDDEF7D5D} (InitOcx Control) - http://rc.puppyred.com/init.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

--
End of file - 15193 bytes

tetonbob · 10-09-2007, 03:12 PM

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

Download ResetTeaTimer.bat by right-clicking on the link, and choosing Save As. Save it to your desktop, or somewhere you can find it easily.
Double click ResetTeaTimer.bat to remove all entries set by TeaTimer.

---------------------------------------------------------------------------------------------

Spywareguard

Please disable Spywareguard, as it may hinder the removal of some entries. You can re-enable it after you're clean.

Right click the running icon of Spywareguard located in the system tray
Go to Menu > File > Exit and confirm the programs close.

---------------------------------------------------------------------------------------------

Open notepad and copy/paste the text in the quotebox below into it:

Quote:

http://www.techsupportforum.com/security-center/hijackthis-log-help/186879-netadv-dll.html

KillAll::

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{05F79890-CFA6-4D53-87BC-2F390DA6645E}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3ADCBC16-19FA-4C59-9C22-E17C71B5FD7A}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"vpnvow"=-

Collect::
C:\WINDOWS\bndsrsvk.dll

Save this as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture a file to submit for analysis.

Ensure you are connected to the internet and click OK. A browser will open. Simply follow the instructions to copy/paste/send the requested file.

---------------------------------------------------------------------------------------------

Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.

Create an uninstall list:

With HiJackThis still open

Click on the configure button on the bottom right
Click on the tab "Misc Tools"
Click on the Box that says "Open Uninstall Manager"
Click on the button "Save list"
Copy and past the List from the notepad file into your post

---------------------------------------------------------------------------------------------

hangthisup · 10-09-2007, 03:35 PM

I save the log as cfscript.txt I copy it right off of your post. I combine it with the combo fix. It is telling me that it is not spelled correct. I hit ok and it kicks me out. What should I do

hangthisup · 10-09-2007, 03:39 PM

nevermind on the last post i got it

hangthisup · 10-09-2007, 03:46 PM

ComboFix 07-10-10.1 - jason 2007-10-10 14:41:02.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.467 [GMT -7:00]
Running from: C:\Documents and Settings\jason\My Documents\ComboFix.exe
Command switches used :: C:\Documents and Settings\jason\Desktop\CFScript.txt.lnk
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\dat.txt
C:\WINDOWS\search_res.txt

.
((((((((((((((((((((((((( Files Created from 2007-09-10 to 2007-10-10 )))))))))))))))))))))))))))))))
.

2007-10-09 13:43 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-09 11:34 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-10-09 11:34 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-10-09 11:34 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-10-09 11:34 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-10-09 11:34 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-10-09 09:36 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Sony Corporation
2007-10-09 09:36 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Google
2007-10-09 08:54 <DIR> d-------- C:\Program Files\CCleaner
2007-10-09 08:00 <DIR> d-------- C:\Deckard
2007-10-09 05:30 <DIR> d-------- C:\Program Files\Enigma Software Group
2007-10-09 05:03 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-10-09 05:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-10-09 04:52 266,240 --a------ C:\WINDOWS\bndsrsvk.dll
2007-10-09 04:37 <DIR> d-------- C:\Documents and Settings\jason\Application Data\Comodo
2007-10-09 04:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Comodo
2007-10-08 22:22 <DIR> d-------- C:\WINDOWS\My Games
2007-10-08 20:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-08 20:45 <DIR> d-------- C:\Program Files\Comodo
2007-10-08 20:39 <DIR> d-------- C:\Program Files\SpywareGuard
2007-10-08 20:35 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-10-08 20:27 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-10-08 18:30 4,220 --a------ C:\WINDOWS\system32\tmp.reg
2007-10-08 18:21 <DIR> d--hs---- C:\WINDOWS\ftpcache
2007-10-08 18:21 <DIR> d-------- C:\Documents and Settings\jason\Application Data\eGames
2007-10-08 18:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\eGames
2007-10-08 16:35 <DIR> d-------- C:\Program Files\Windows Defender
2007-10-08 11:37 <DIR> d-------- C:\Program Files\SystemDefender
2007-10-08 11:30 286,720 --a------ C:\WINDOWS\bndsrvqt.dll
2007-10-07 18:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CWFXCEJTXG
2007-10-07 08:23 <DIR> d-------- C:\Program Files\Super Granny 3
2007-10-05 14:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\LSFXCEJTXG
2007-10-04 19:52 7 --a------ C:\WINDOWS\system32\cpahrider.reg
2007-10-02 22:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\JZFXCEJTXG
2007-10-01 10:23 26,008 -ra------ C:\WINDOWS\system32\drivers\RimUsb.sys
2007-10-01 10:21 26,752 -ra------ C:\WINDOWS\system32\drivers\RimSerial.sys
2007-10-01 10:20 <DIR> d-------- C:\Program Files\Research In Motion
2007-09-26 09:04 7 --a------ C:\WINDOWS\system32\btrasher3.reg
2007-09-26 08:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FOFXCEJTXG
2007-09-25 17:42 <DIR> d-------- C:\Program Files\Quirty Buddy
2007-09-25 15:23 <DIR> d-------- C:\Program Files\Snowy - Treasure Hunter 3
2007-09-24 16:27 <DIR> d-------- C:\Program Files\Zoo Empire
2007-09-24 15:57 <DIR> d-------- C:\Downloads
2007-09-24 14:45 <DIR> d-------- C:\Program Files\Freecell Buddy Pogo
2007-09-23 14:17 <DIR> d-------- C:\Documents and Settings\jason\Application Data\Jane s Hotel
2007-09-22 18:11 <DIR> d-------- C:\Program Files\Cake Mania 2
2007-09-22 09:33 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2007-09-14 21:44 <DIR> d-------- C:\Program Files\Paradise Pet Salon

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-10 21:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2007-10-09 19:59 --------- d-----w C:\Program Files\Trend Micro
2007-10-09 16:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\WholeSecurity
2007-10-09 01:20 --------- d-----w C:\Program Files\Yahoo! Games
2007-10-08 23:06 --------- d-----w C:\Program Files\Oberon Media
2007-10-08 22:59 --------- d-----w C:\Program Files\Coupons
2007-10-08 22:57 --------- d-----w C:\Program Files\Smiley Arcade
2007-10-08 22:56 --------- d-----w C:\Program Files\BurgerRush_at
2007-10-08 18:39 --------- d-----w C:\Program Files\ArcticQuest2_at
2007-10-08 17:23 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-10-08 01:52 --------- d-----w C:\Program Files\BadgeHelp
2007-10-07 15:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sandlot Games
2007-10-05 16:14 --------- d-----w C:\Documents and Settings\jason\Application Data\AweSEM
2007-10-03 04:20 30,976 ----a-w C:\WINDOWS\rascntrl.dll
2007-10-03 04:20 23,104 ----a-w C:\WINDOWS\system32\svcprmpt.dll
2007-10-03 03:06 --------- d-----w C:\Program Files\Google
2007-09-30 01:13 --------- d-----w C:\Program Files\Nick Arcade
2007-09-25 22:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Aliasworlds
2007-09-24 23:33 --------- d-----w C:\Program Files\SallysSalon_at
2007-09-24 23:12 --------- d-----w C:\Documents and Settings\jason\Application Data\PlayFirst
2007-09-24 23:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2007-09-20 08:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-09-14 02:44 --------- d-----w C:\Program Files\MySpace
2007-09-09 05:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Alawar Stargaze
2007-09-07 16:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\SGFXCEJTXG
2007-09-05 19:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\VXFXCEJTXG
2007-09-02 05:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\TUFXCEJTXG
2007-08-28 22:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony Online Entertainment
2007-08-23 04:06 --------- d-----w C:\Documents and Settings\jason\Application Data\MySpace
2007-08-22 10:54 --------- d-----w C:\Program Files\Doras Carnival 2 At the Boardwalk
2007-08-15 23:44 --------- d-----w C:\Documents and Settings\jason\Application Data\Magus
2007-08-15 15:54 --------- d-----w C:\Documents and Settings\jason\Application Data\gemsweeperextractedgfx
2007-08-13 18:34 --------- d-----w C:\Program Files\Real
2007-07-31 02:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-31 02:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-31 02:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-31 02:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-31 02:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-31 02:19 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-07-31 02:19 207,736 ----a-w C:\WINDOWS\system32\muweb.dll
2007-07-31 02:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-31 02:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-31 02:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-07-16 19:09 28,672 ----a-w C:\WINDOWS\system32\UnInsPup.exe
2007-07-08 22:09 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2007-06-20 01:51 0 ----a-w C:\Documents and Settings\jason\Application Data\wklnhst.dat
2006-02-19 11:28 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{05F79890-CFA6-4D53-87BC-2F390DA6645E}]
2007-10-09 03:22 266240 --a------ C:\WINDOWS\bndsrsvk.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3ADCBC16-19FA-4C59-9C22-E17C71B5FD7A}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22}]
2005-10-14 10:21 102400 --a------ C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-08-05 10:57]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-08-05 10:56]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-08-05 10:56]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-11-17 20:47]
"RTHDCPL"="RTHDCPL.EXE" [2005-08-09 15:17 C:\WINDOWS\RTHDCPL.EXE]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-11 19:51]
"Mouse Suite 98 Daemon"="ICO.EXE" []
"VAIO Recovery"="C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-19 21:08]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"SonyPowerCfg"="C:\Program Files\Sony\VAIO Power Management\SPMgr.exe" [2005-10-19 23:07]
"ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 15:12]
"VAIO Update 2"="C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-10-11 22:36]
"VAIOCameraUtility"="C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe" [2005-12-01 03:20]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-09-17 00:27]
"PartSeal"="C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-19 21:08]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 03:41]
"eBayToolbar"="C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe" [2007-09-10 23:40]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-01 16:51]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-10-08 20:37]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2007-10-08 20:45]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-01 17:22]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00]

C:\Documents and Settings\jason\Start Menu\Programs\Startup\
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 19:05:35]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-08-19 10:25:25]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 05:21:22]
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2006-02-10 08:56:20]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoBandCustomize"=0 (0x0)
"NoMovingBands"=0 (0x0)
"NoCloseDragDropBands"=0 (0x0)
"NoToolbarsOnTaskbar"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
VESWinlogon.dll 2005-05-20 18:42 73728 C:\WINDOWS\system32\VESWinlogon.dll

R3 SonyImgF;Sony Image Conversion Filter Driver;C:\WINDOWS\system32\DRIVERS\SonyImgF.sys
S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment;C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
S3 kwkpcusb;Kyocera CDMA Wireless Modem Driver for KPC;C:\WINDOWS\system32\DRIVERS\kwusbnt.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{57d7930d-566c-11dc-b09e-00014af7e659}]
AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL http://www.mgae.com/keylauncher/?code=3654333842770338

.
Contents of the 'Scheduled Tasks' folder
"2007-10-07 23:34:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
"2007-10-10 21:00:56 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-10 14:44:59
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-10 14:45:45
C:\ComboFix2.txt ... 2007-10-10 13:49
.
--- E O F ---

hangthisup · 10-09-2007, 03:49 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:47:49 PM, on 10/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Apoint\Apntex.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\PROGRA~1\Grisoft\AVG7\avgw.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: MSVPS System - {05F79890-CFA6-4D53-87BC-2F390DA6645E} - C:\WINDOWS\bndsrsvk.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: (no name) - {3ADCBC16-19FA-4C59-9C22-E17C71B5FD7A} - (no file)
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [PartSeal] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [vpnvow] C:\DOCUME~1\jason\LOCALS~1\Temp\vpnvow.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\jason\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {00A7BD45-3D5C-11D4-BDA7-00C0F02C56AB} (DMSrvPushX Control) - http://dvr1.labohemegc.com/webpages/DMWebX.ocx
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {1CDFA4E8-3396-439D-8C9D-AD0E32DE94B6} (CPlayFirsttastyplanetControl Object) - http://www.playfirst.com/play/game/t...et.1.0.0.4.cab
O16 - DPF: {352797A0-EFD0-4FA6-B229-145120EA4B8A} (Walt Disney Internet Group Hardware Control) - https://disneyblast.go.com/v3/setup/...areControl.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/re...s/MSNPUpld.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://atv.disney.go.com/global/down.../OTOYAX29b.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/download...ameManager.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/.../installer.exe
O16 - DPF: {E6C4420E-0669-4518-B825-F63CDDEF7D5D} (InitOcx Control) - http://rc.puppyred.com/init.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

--
End of file - 15053 bytes

hangthisup · 10-09-2007, 03:53 PM

Ad-Aware SE Personal
Adobe Flash Player 9 ActiveX
Adobe Reader 7.0.9
Adobe Shockwave Player
Apple Software Update
AVG 7.5
Cake Mania 2 (remove only)
ccCommon
CCleaner (remove only)
Click to DVD 2.0.03 Menu Data
Click to DVD 2.5.00
COMODO Firewall Pro
DVgate Plus
eBay Toolbar
GetDataBack for FAT
Google Earth
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Updater
HDAUDIO SoftV92 Data Fax Modem with SmartCP
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB935448)
HP Customer Participation Program 7.0
HP Document Viewer 7.0
HP Imaging Device Functions 7.0
HP Photosmart Premier Software 6.5
HP Photosmart, Officejet and Deskjet 7.0.A
HP Solution Center 7.0
HP Update
Image Converter 2 Plus
Intel(R) Graphics Media Accelerator Driver for Mobile
Intel(R) PROSet/Wireless Software
InterActual Player
InterVideo WinDVD for VAIO
iTunes
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 5
Java(TM) 6 Update 2
Java(TM) SE Runtime Environment 6 Update 1
Kaspersky Online Scanner
LiveUpdate 2.7 (Symantec Corporation)
Lottso! Deluxe
mCore
mDriver
Memory Stick Formatter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional 2007
Microsoft Office Professional 2007 Trial
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Standard Edition 2003
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Works
mMHouse
Mozilla Firefox (2.0.0.7)
mPfMgr
mProSafe
MSRedist
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
mWlsSafe
mXML
Netscape Browser (remove only)
Norton AntiSpam
Norton Internet Security 2006
Norton Protection Center
OCR Software by I.R.I.S 7.0
Office 2003 Trial Assistant
OpenMG Secure Module 4.3.00
OTOY
Panda ActiveScan
Puzzle City (remove only)
QuickTime
Realtek High Definition Audio Driver
Roxio DigitalMedia Audio
Roxio DigitalMedia Copy
Roxio DigitalMedia Data
Search Enhancement by AOL Search
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Excel 2007 (KB936509)
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Office 2007 (KB934062)
Security Update for Office 2007 (KB936514)
Security Update for Publisher 2007 (KB936646)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for the 2007 Microsoft Office System (KB936960)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938829)
Setting Utility Series
Sony Certificate PCH
Sony MP4 Shared Library
Sony USB Mouse
Sony Utilities DLL
Sony Video Shared Library
Spybot - Search & Destroy
SpywareBlaster v3.5.1
SpywareGuard v2.2
SymNet
Update for Office 2007 (KB932080)
Update for Office 2007 (KB934391)
Update for Office 2007 (KB934393)
Update for Outlook 2007 (KB937608)
Update for Outlook 2007 Junk Email Filter (kb937833)
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Word 2007 (KB934173)
VAIO Breeze Wallpaper
VAIO Camera Utility
VAIO Central
VAIO Entertainment Platform
VAIO Event Service
VAIO Light Flo Wallpaper
VAIO Media 5.0
VAIO Media AC3 Decoder 1.0
VAIO Media Integrated Server 5.0
VAIO Media Redistribution 5.0
VAIO Media Registration Tool 5.0
VAIO Original Screen Saver
VAIO Original Screen Saver VAIO Cozy Screen SD Wide Contents
VAIO Power Management
VAIO Registration
VAIO Security Center
VAIO Support Central
VAIO Update 2
VAIO Wireless LAN Setup Utility
Virtools 3D Life Player
Windows Backup Utility
Windows Defender
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Connect
Windows Media Connect
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 10 Hotfix [See KB886612 for more information]
Windows XP Hotfix - KB307154
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB884575
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888239
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Yahoo! Toolbar for Internet Explorer

tetonbob · 10-09-2007, 04:42 PM

Hello -

That did not produce the expected results.

Quote:

Command switches used :: C:\Documents and Settings\jason\Desktop\CFScript.txt.lnk

CFScript must be a text file. It also must be saved in the same location as ComboFix.

ComboFix.exe was not saved to the desktop.

Quote:

Running from: C:\Documents and Settings\jason\My Documents\ComboFix.exe

So, what I need you to do is either save the CFScript file into My Documents, or preferably, move ComboFix.exe to the desktop and then run the last ComboFix instructions once again.

Once you've done that, post it's log, and a new HijackThis log.

hangthisup · 10-09-2007, 09:20 PM

ComboFix 07-10-10.1 - jason 2007-10-10 19:59:20.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.601 [GMT -7:00]
Running from: C:\Documents and Settings\jason\My Documents\ComboFix.exe
Command switches used :: C:\Documents and Settings\jason\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\bndsrsvk.dll
C:\WINDOWS\dat.txt
C:\WINDOWS\search_res.txt

.
((((((((((((((((((((((((( Files Created from 2007-09-11 to 2007-10-11 )))))))))))))))))))))))))))))))
.

2007-10-09 13:43 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-09 11:34 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-10-09 11:34 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-10-09 11:34 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-10-09 11:34 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-10-09 11:34 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-10-09 09:36 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Sony Corporation
2007-10-09 09:36 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Google
2007-10-09 08:54 <DIR> d-------- C:\Program Files\CCleaner
2007-10-09 08:00 <DIR> d-------- C:\Deckard
2007-10-09 05:30 <DIR> d-------- C:\Program Files\Enigma Software Group
2007-10-09 05:03 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-10-09 05:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-10-09 04:37 <DIR> d-------- C:\Documents and Settings\jason\Application Data\Comodo
2007-10-09 04:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Comodo
2007-10-08 22:22 <DIR> d-------- C:\WINDOWS\My Games
2007-10-08 20:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-08 20:45 <DIR> d-------- C:\Program Files\Comodo
2007-10-08 20:39 <DIR> d-------- C:\Program Files\SpywareGuard
2007-10-08 20:35 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-10-08 20:27 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-10-08 18:30 4,220 --a------ C:\WINDOWS\system32\tmp.reg
2007-10-08 18:21 <DIR> d--hs---- C:\WINDOWS\ftpcache
2007-10-08 18:21 <DIR> d-------- C:\Documents and Settings\jason\Application Data\eGames
2007-10-08 18:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\eGames
2007-10-08 16:35 <DIR> d-------- C:\Program Files\Windows Defender
2007-10-08 11:37 <DIR> d-------- C:\Program Files\SystemDefender
2007-10-08 11:30 286,720 --a------ C:\WINDOWS\bndsrvqt.dll
2007-10-07 18:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CWFXCEJTXG
2007-10-07 08:23 <DIR> d-------- C:\Program Files\Super Granny 3
2007-10-05 14:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\LSFXCEJTXG
2007-10-04 19:52 7 --a------ C:\WINDOWS\system32\cpahrider.reg
2007-10-02 22:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\JZFXCEJTXG
2007-10-01 10:23 26,008 -ra------ C:\WINDOWS\system32\drivers\RimUsb.sys
2007-10-01 10:21 26,752 -ra------ C:\WINDOWS\system32\drivers\RimSerial.sys
2007-10-01 10:20 <DIR> d-------- C:\Program Files\Research In Motion
2007-09-26 09:04 7 --a------ C:\WINDOWS\system32\btrasher3.reg
2007-09-26 08:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FOFXCEJTXG
2007-09-25 17:42 <DIR> d-------- C:\Program Files\Quirty Buddy
2007-09-25 15:23 <DIR> d-------- C:\Program Files\Snowy - Treasure Hunter 3
2007-09-24 16:27 <DIR> d-------- C:\Program Files\Zoo Empire
2007-09-24 15:57 <DIR> d-------- C:\Downloads
2007-09-24 14:45 <DIR> d-------- C:\Program Files\Freecell Buddy Pogo
2007-09-23 14:17 <DIR> d-------- C:\Documents and Settings\jason\Application Data\Jane s Hotel
2007-09-22 18:11 <DIR> d-------- C:\Program Files\Cake Mania 2
2007-09-22 09:33 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2007-09-14 21:44 <DIR> d-------- C:\Program Files\Paradise Pet Salon

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-10 21:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2007-10-09 19:59 --------- d-----w C:\Program Files\Trend Micro
2007-10-09 16:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\WholeSecurity
2007-10-09 01:20 --------- d-----w C:\Program Files\Yahoo! Games
2007-10-08 23:06 --------- d-----w C:\Program Files\Oberon Media
2007-10-08 22:59 --------- d-----w C:\Program Files\Coupons
2007-10-08 22:57 --------- d-----w C:\Program Files\Smiley Arcade
2007-10-08 22:56 --------- d-----w C:\Program Files\BurgerRush_at
2007-10-08 18:39 --------- d-----w C:\Program Files\ArcticQuest2_at
2007-10-08 17:23 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-10-08 01:52 --------- d-----w C:\Program Files\BadgeHelp
2007-10-07 15:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sandlot Games
2007-10-05 16:14 --------- d-----w C:\Documents and Settings\jason\Application Data\AweSEM
2007-10-03 04:20 30,976 ----a-w C:\WINDOWS\rascntrl.dll
2007-10-03 03:06 --------- d-----w C:\Program Files\Google
2007-09-30 01:13 --------- d-----w C:\Program Files\Nick Arcade
2007-09-25 22:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Aliasworlds
2007-09-24 23:33 --------- d-----w C:\Program Files\SallysSalon_at
2007-09-24 23:12 --------- d-----w C:\Documents and Settings\jason\Application Data\PlayFirst
2007-09-24 23:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2007-09-20 08:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-09-14 02:44 --------- d-----w C:\Program Files\MySpace
2007-09-09 05:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Alawar Stargaze
2007-09-07 16:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\SGFXCEJTXG
2007-09-05 19:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\VXFXCEJTXG
2007-09-02 05:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\TUFXCEJTXG
2007-08-28 22:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony Online Entertainment
2007-08-23 04:06 --------- d-----w C:\Documents and Settings\jason\Application Data\MySpace
2007-08-22 10:54 --------- d-----w C:\Program Files\Doras Carnival 2 At the Boardwalk
2007-08-15 23:44 --------- d-----w C:\Documents and Settings\jason\Application Data\Magus
2007-08-15 15:54 --------- d-----w C:\Documents and Settings\jason\Application Data\gemsweeperextractedgfx
2007-08-13 18:34 --------- d-----w C:\Program Files\Real
2007-07-08 22:09 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2007-06-20 01:51 0 ----a-w C:\Documents and Settings\jason\Application Data\wklnhst.dat
2006-02-19 11:28 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
.

((((((((((((((((((((((((((((( snapshot@2007-10-10_13.49.03.62 )))))))))))))))))))))))))))))))))))))))))
.
----a-w 74,936 2007-10-11 02:55:29 C:\WINDOWS\system32\Restore\rstrlog.dat
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22}]
2005-10-14 10:21 102400 --a------ C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-08-05 10:57]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-08-05 10:56]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-08-05 10:56]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-11-17 20:47]
"RTHDCPL"="RTHDCPL.EXE" [2005-08-09 15:17 C:\WINDOWS\RTHDCPL.EXE]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-11 19:51]
"Mouse Suite 98 Daemon"="ICO.EXE" []
"VAIO Recovery"="C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-19 21:08]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"SonyPowerCfg"="C:\Program Files\Sony\VAIO Power Management\SPMgr.exe" [2005-10-19 23:07]
"ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 15:12]
"VAIO Update 2"="C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-10-11 22:36]
"VAIOCameraUtility"="C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe" [2005-12-01 03:20]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-09-17 00:27]
"PartSeal"="C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-19 21:08]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 03:41]
"eBayToolbar"="C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe" [2007-09-10 23:40]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-01 16:51]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-10-08 20:37]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2007-10-08 20:45]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-01 17:22]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00]

C:\Documents and Settings\jason\Start Menu\Programs\Startup\
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 19:05:35]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-08-19 10:25:25]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 05:21:22]
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2006-02-10 08:56:20]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoBandCustomize"=0 (0x0)
"NoMovingBands"=0 (0x0)
"NoCloseDragDropBands"=0 (0x0)
"NoToolbarsOnTaskbar"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
VESWinlogon.dll 2005-05-20 18:42 73728 C:\WINDOWS\system32\VESWinlogon.dll

R3 SonyImgF;Sony Image Conversion Filter Driver;C:\WINDOWS\system32\DRIVERS\SonyImgF.sys
S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment;C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
S3 kwkpcusb;Kyocera CDMA Wireless Modem Driver for KPC;C:\WINDOWS\system32\DRIVERS\kwusbnt.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{57d7930d-566c-11dc-b09e-00014af7e659}]
AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL http://www.mgae.com/keylauncher/?code=3654333842770338

.
Contents of the 'Scheduled Tasks' folder
"2007-10-07 23:34:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
"2007-10-11 02:59:25 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-10 20:04:58
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-10 20:07:18 - machine was rebooted
C:\ComboFix2.txt ... 2007-10-10 14:45
C:\ComboFix3.txt ... 2007-10-10 13:49
.
--- E O F ---

tetonbob · 10-09-2007, 09:26 PM

Ok, great.

Now, if you can post the new HijackThis log requested, we can continue.

hangthisup · 10-09-2007, 09:30 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:29:04 PM, on 10/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [PartSeal] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\jason\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {00A7BD45-3D5C-11D4-BDA7-00C0F02C56AB} (DMSrvPushX Control) - http://dvr1.labohemegc.com/webpages/DMWebX.ocx
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {1CDFA4E8-3396-439D-8C9D-AD0E32DE94B6} (CPlayFirsttastyplanetControl Object) - http://www.playfirst.com/play/game/t...et.1.0.0.4.cab
O16 - DPF: {352797A0-EFD0-4FA6-B229-145120EA4B8A} (Walt Disney Internet Group Hardware Control) - https://disneyblast.go.com/v3/setup/...areControl.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/re...s/MSNPUpld.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://atv.disney.go.com/global/down.../OTOYAX29b.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/download...ameManager.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/.../installer.exe
O16 - DPF: {E6C4420E-0669-4518-B825-F63CDDEF7D5D} (InitOcx Control) - http://rc.puppyred.com/init.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

--
End of file - 14765 bytes

hangthisup · 10-09-2007, 09:31 PM

I appreciate all of your help, I will definately make a good donation for all of your help.

tetonbob · 10-09-2007, 09:36 PM

OK, great. We have the main infections under control now. There are more steps to take care of.

I see you have more than one Anti-Virus program installed, AVG 7.5 and Norton Internet Security 2006. While this may seem like greater protection, it can cause problems including slowdowns and system hangs. Choose one to keep and uninstall the other.

Any antivirus program must be removed via add/remove program.
For any program that doesn't have an add/remove entry, you will have to do this:

re-install the program -> reboot -> uninstall

-----------------------------------------------------------------------

If you choose to uninstall Norton, see this page for more information:

http://basconotw.mvps.org/SymRem.htm

-----------------------------------------------------------------------

Once you've done that...here are your next steps:

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Updating Java:

Download the latest version of Java Runtime Environment (JRE) 6 u3 and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.

In your case it is these:

J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 5
Java(TM) 6 Update 2
Java(TM) SE Runtime Environment 6 Update 1
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u3-windowsi586-p.exe to install the newest version.

After the install is complete, go into the Control Panel and double-click the Java Icon. (looks like a coffee cup)
- On the General tab, under Temporary Internet Files, click the Settings button.
- Next, click on the Delete Files button
- There are two options in the window to clear the cache - Leave BOTH Checked
  - Applications and Applets
    Trace and Log Files
- Click OK on Delete Temporary Files Window
  Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
- Click OK to leave the Temporary Files Window
- Click OK to leave the Java Control Panel.

---------------------------------------------------------------------------------------------

Next step is to perform this online scan, to look for any remnants:

Please use this pictorial guide to assist you.

Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online Scanner

Answer Yes, when prompted to install an ActiveX component.

The program will then begin downloading the latest definition files.
Once the files have been downloaded click on NEXT
Locate the Scan Settings button & configure to:
- Scan using the following Anti-Virus database:
  - Extended
- Scan Options:
  - Scan Archives
  - Scan Mail Bases
Click OK & have it scan My Computer
Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

* Turn off the real time scanner of any existing antivirus program while performing the online scan

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the licence, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

---------------------------------------------------------------------------------------------

Once you've done that....

Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.

---------------------------------------------------------------------------------------------

hangthisup · 10-10-2007, 04:38 AM

KASPERSKY ONLINE SCANNER REPORT
Thursday, October 11, 2007 3:34:25 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 10/10/2007
Kaspersky Anti-Virus database records: 430193

Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
C:\
D:\
E:\

Scan Statistics
Total number of scanned objects 91848
Number of viruses found 32
Number of infected objects 93
Number of suspicious objects 0
Duration of the scan process 01:34:37

Infected Object Name Virus Name Last Action
C:\Deckard\System Scanner\backup\DOCUME~1\jason\LOCALS~1\Temp\BITA0.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Deckard\System Scanner\backup\DOCUME~1\jason\LOCALS~1\Temp\BITA0.tmp ZIP: infected - 1 skipped

C:\Deckard\System Scanner\backup\DOCUME~1\jason\LOCALS~1\Temp\sw_ins.exe Infected: Trojan-Downloader.Win32.Adload.ma skipped

C:\Deckard\System Scanner\backup\DOCUME~1\jason\LOCALS~1\Temp\temp.frAC31 Infected: Trojan-Downloader.Win32.Agent.dag skipped

C:\Deckard\System Scanner\backup\DOCUME~1\jason\LOCALS~1\Temp\USDR6_9999_N18M1603\installer.exe/file05 Infected: not-a-virus:Downloader.Win32.WinFixer.t skipped

C:\Deckard\System Scanner\backup\DOCUME~1\jason\LOCALS~1\Temp\USDR6_9999_N18M1603\installer.exe/file07 Infected: not-a-virus:Downloader.Win32.WinFixer.x skipped

C:\Deckard\System Scanner\backup\DOCUME~1\jason\LOCALS~1\Temp\USDR6_9999_N18M1603\installer.exe Inno: infected - 2 skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-10082007-163550.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Sony Corporation\SonicStage\Packages\MtData.ldb Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Sony Corporation\SonicStage\Packages\MtData.mdb Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Sony Corporation\VAIO Entertainment Platform\1.0\VzCdb\MtData.ldb Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Sony Corporation\VAIO Entertainment Platform\1.0\VzCdb\MtData.mdb Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped

C:\Documents and Settings\jason\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\jason\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\Documents and Settings\jason\Local Settings\Application Data\ApplicationHistory\hpqimzone.exe.3204510e.ini.inuse Object is locked skipped

C:\Documents and Settings\jason\Local Settings\Application Data\HP\Digital Imaging\db\administrativeInfo.dbf Object is locked skipped

C:\Documents and Settings\jason\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.cdx Object is locked skipped

C:\Documents and Settings\jason\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.dbf Object is locked skipped

C:\Documents and Settings\jason\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.cdx Object is locked skipped

C:\Documents and Settings\jason\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.dbf Object is locked skipped

C:\Documents and Settings\jason\Local Settings\Application Data\HP\Digital Imaging\db\CB_Server_Errors.txt Object is locked skipped

C:\Documents and Settings\jason\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.cdx Object is locked skipped

C:\Documents and Settings\jason\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.dbf Object is locked skipped

C:\Documents and Settings\jason\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.cdx Object is locked skipped

C:\Documents and Settings\jason\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.dbf Object is locked skipped

C:\Documents and Settings\jason\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.fpt Object is locked skipped

C:\Documents and Settings\jason\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.cdx Object is locked skipped

C:\Documents and Settings\jason\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.dbf Object is locked skipped

C:\Documents and Settings\jason\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.cdx Object is locked skipped

C:\Documents and Settings\jason\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.dbf Object is locked skipped

C:\Documents and Settings\jason\Local Settings\Application Data\HP\Digital Imaging\db\managedFolderTable.dbf Object is locked skipped

C:\Documents and Settings\jason\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.cdx Object is locked skipped

C:\Documents and Settings\jason\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.dbf Object is locked skipped

C:\Documents and Settings\jason\Local Settings\Application Data\HP\Digital Imaging\db\propertiesTable.cdx Object is locked skipped

C:\Documents and Settings\jason\Local Settings\Application Data\HP\Digital Imaging\db\propertiesTable.dbf Object is locked skipped

C:\Documents and Settings\jason\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.cdx Object is locked skipped

C:\Documents and Settings\jason\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.dbf Object is locked skipped

C:\Documents and Settings\jason\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.cdx Object is locked skipped

C:\Documents and Settings\jason\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.dbf Object is locked skipped

C:\Documents and Settings\jason\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped

C:\Documents and Settings\jason\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\jason\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\jason\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{689962FE-6D93-4991-B0FD-5632A5EE12C7} Object is locked skipped

C:\Documents and Settings\jason\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\jason\Local Settings\History\History.IE5\MSHist012007101020071011\index.dat Object is locked skipped

C:\Documents and Settings\jason\Local Settings\Temp\BITA8.tmp Object is locked skipped

C:\Documents and Settings\jason\Local Settings\Temp\hpodvd09.log Object is locked skipped

C:\Documents and Settings\jason\Local Settings\Temp\~DF1723.tmp Object is locked skipped

C:\Documents and Settings\jason\Local Settings\Temp\~DF6DDE.tmp Object is locked skipped

C:\Documents and Settings\jason\Local Settings\Temp\~DFA84C.tmp Object is locked skipped

C:\Documents and Settings\jason\Local Settings\Temp\~DFA8B0.tmp Object is locked skipped

C:\Documents and Settings\jason\Local Settings\Temp\~DFAF92.tmp Object is locked skipped

C:\Documents and Settings\jason\Local Settings\Temp\~DFE68E.tmp Object is locked skipped

C:\Documents and Settings\jason\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped

C:\Documents and Settings\jason\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\jason\Local Settings\Temporary Internet Files\Content.IE5\WPCTKIN0\whitelist[1].zip Object is locked skipped

C:\Documents and Settings\jason\ntuser.dat Object is locked skipped

C:\Documents and Settings\jason\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Downloads\zeSetup-dm[1].exe Infected: not-a-virus:AdWare.Win32.Trymedia.b skipped

C:\Program Files\Common Files\Symantec Shared\AntiSpam\Log\Spam.log Object is locked skipped

C:\Program Files\Mozilla Firefox\plugins\NPMySrch.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.i skipped

C:\qoobox\Quarantine\C\Program Files\Common Files\SystemDoctor\dcpasmon.exe.vir Infected: not-a-virus:Downloader.Win32.WinFixer.x skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{021D2686-EBFF-4030-BCBF-2BC93998321F}\RP156\A0010561.scr Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{021D2686-EBFF-4030-BCBF-2BC93998321F}\RP156\A0010562.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.i skipped

C:\System Volume Information\_restore{021D2686-EBFF-4030-BCBF-2BC93998321F}\RP156\A0010563.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.i skipped

C:\System Volume Information\_restore{021D2686-EBFF-4030-BCBF-2BC93998321F}\RP156\A0010565.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.at skipped

C:\System Volume Information\_restore{021D2686-EBFF-4030-BCBF-2BC93998321F}\RP156\A0010567.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped

C:\System Volume Information\_restore{021D2686-EBFF-4030-BCBF-2BC93998321F}\RP156\A0010568.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{021D2686-EBFF-4030-BCBF-2BC93998321F}\RP156\A0010569.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.af skipped

C:\System Volume Information\_restore{021D2686-EBFF-4030-BCBF-2BC93998321F}\RP156\A0010570.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped

C:\System Volume Information\_restore{021D2686-EBFF-4030-BCBF-2BC93998321F}\RP156\A0010571.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped

C:\System Volume Information\_restore{021D2686-EBFF-4030-BCBF-2BC93998321F}\RP156\A0010572.SCR Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{021D2686-EBFF-4030-BCBF-2BC93998321F}\RP156\A0010573.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped

C:\System Volume Information\_restore{021D2686-EBFF-4030-BCBF-2BC93998321F}\RP156\A0010574.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{021D2686-EBFF-4030-BCBF-2BC93998321F}\RP156\A0010576.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.an skipped

C:\System Volume Information\_restore{021D2686-EBFF-4030-BCBF-2BC93998321F}\RP156\A0010577.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.aq skipped

C:\System Volume Information\_restore{021D2686-EBFF-4030-BCBF-2BC93998321F}\RP156\A0010578.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.bh skipped

C:\System Volume Information\_restore{021D2686-EBFF-4030-BCBF-2BC93998321F}\RP156\A0010580.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped

C:\System Volume Information\_restore{021D2686-EBFF-4030-BCBF-2BC93998321F}\RP156\A0010581.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.ax skipped

C:\System Volume Information\_restore{021D2686-EBFF-4030-BCBF-2BC93998321F}\RP156\A0010583.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped

C:\System Volume Information\_restore{021D2686-EBFF-4030-BCBF-2BC93998321F}\RP156\A0010585.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{021D2686-EBFF-4030-BCBF-2BC93998321F}\RP156\A0010586.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.as skipped

C:\System Volume Information\_restore{021D2686-EBFF-4030-BCBF-2BC93998321F}\RP156\A0010587.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.ad skipped

C:\System Volume Information\_restore{021D2686-EBFF-4030-BCBF-2BC93998321F}\RP156\A0010589.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped

C:\System Volume Information\_restore{021D2686-EBFF-4030-BCBF-2BC93998321F}\RP156\A0010590.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped

C:\System Volume Information\_restore{021D2686-EBFF-4030-BCBF-2BC93998321F}\RP156\A0010591.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped

C:\System Volume Information\_restore{021D2686-EBFF-4030-BCBF-2BC93998321F}\RP156\A0010592.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.i skipped

C:\System Volume Information\_restore{021D2686-EBFF-4030-BCBF-2BC93998321F}\RP157\snapshot\MFEX-1.DAT Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped

C:\System Volume Information\_restore{021D2686-EBFF-4030-BCBF-2BC93998321F}\RP158\A0010736.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped

C:\System Volume Information\_restore{021D2686-EBFF-4030-BCBF-2BC93998321F}\RP158\A0010739.DLL Infected: not-a-virus:AdWare.Win32.FunWeb.e skipped

C:\System Volume Information\_restore{021D2686-EBFF-4030-BCBF-2BC93998321F}\RP158\snapshot\MFEX-1.DAT Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped

C:\System Volume Information\_restore{021D2686-EBFF-4030-BCBF-2BC93998321F}\RP186\A0012790.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch.a skipped

C:\System Volume Information\_restore{021D2686-EBFF-4030-BCBF-2BC93998321F}\RP186\A0012792.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped

C:\System Volume Information\_restore{021D2686-EBFF-4030-BCBF-2BC93998321F}\RP209\A0014511.dll Infected: not-a-virus:AdWare.Win32.Coupons skipped

C:\System Volume Information\_restore{021D2686-EBFF-4030-BCBF-2BC93998321F}\RP209\A0014645.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.as skipped

C:\System Volume Information\_restore{021D2686-EBFF-4030-BCBF-2BC93998321F}\RP209\A0014646.scr Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{021D2686-EBFF-4030-BCBF-2BC93998321F}\RP209\A0014647.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.i skipped

C:\System Volume Information\_restore{021D2686-EBFF-4030-BCBF-2BC93998321F}\RP209\A0014648.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.i skipped

C:\System Volume Information\_restore{021D2686-EBFF-4030-BCBF-2BC93998321F}\RP209\A0014650.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.l skipped

C:\System Volume Information\_restore{021D2686-EBFF-4030-BCBF-2BC93998321F}\RP209\A0014651.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.ba skipped

C:\System Volume Information\_restore{021D2686-EBFF-4030-BCBF-2BC93998321F}\RP209\A0014652.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{021D2686-EBFF-4030-BCBF-2BC93998321F}\RP209\A0014653.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{021D2686-EBFF-4030-BCBF-2BC93998321F}\RP209\A0014654.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.at skipped

C:\System Volume Information\_restore{021D2686-EBFF-4030-BCBF-2BC93998321F}\RP209\A0014656.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped

C:\System Volume Information\_restore{021D2686-EBFF-4030-BCBF-2BC93998321F}\RP209\A0014657.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{021D2686-EBFF-4030-BCBF-2BC93998321F}\RP209\A0014658.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.af skipped

C:\System Volume Information\_restore{021D2686-EBFF-4030-BCBF-2BC93998321F}\RP209\A0014659.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped

C:\System Volume Information\_restore{021D2686-EBFF-4030-BCBF-2BC93998321F}\RP209\A0014660.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped

C:\System Volume Information\_restore{021D2686-EBFF-4030-BCBF-2BC93998321F}\RP209\A0014661.SCR Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{021D2686-EBFF-4030-BCBF-2BC93998321F}\RP209\A0014662.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped

C:\System Volume Information\_restore{021D2686-EBFF-4030-BCBF-2BC93998321F}\RP209\A0014663.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{021D2686-EBFF-4030-BCBF-2BC93998321F}\RP209\A0014664.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.an skipped

C:\System Volume Information\_restore{021D2686-EBFF-4030-BCBF-2BC93998321F}\RP209\A0014665.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.aq skipped

C:\System Volume Information\_restore{021D2686-EBFF-4030-BCBF-2BC93998321F}\RP209\A0014666.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.bh skipped

C:\System Volume Information\_restore{021D2686-EBFF-4030-BCBF-2BC93998321F}\RP209\A0014668.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped

C:\System Volume Information\_restore{021D2686-EBFF-4030-BCBF-2BC93998321F}\RP209\A0014669.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.ax skipped

C:\System Volume Information\_restore{021D2686-EBFF-4030-BCBF-2BC93998321F}\RP209\A0014670.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped

C:\System Volume Information\_restore{021D2686-EBFF-4030-BCBF-2BC93998321F}\RP209\A0014672.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{021D2686-EBFF-4030-BCBF-2BC93998321F}\RP209\A0014673.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.as skipped

C:\System Volume Information\_restore{021D2686-EBFF-4030-BCBF-2BC93998321F}\RP209\A0014674.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.ad skipped

C:\System Volume Information\_restore{021D2686-EBFF-4030-BCBF-2BC93998321F}\RP209\A0014675.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped

C:\System Volume Information\_restore{021D2686-EBFF-4030-BCBF-2BC93998321F}\RP209\A0014676.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.i skipped

C:\System Volume Information\_restore{021D2686-EBFF-4030-BCBF-2BC93998321F}\RP209\A0014701.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.as skipped

C:\System Volume Information\_restore{021D2686-EBFF-4030-BCBF-2BC93998321F}\RP209\A0014702.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped

C:\System Volume Information\_restore{021D2686-EBFF-4030-BCBF-2BC93998321F}\RP209\A0014703.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.l skipped

C:\System Volume Information\_restore{021D2686-EBFF-4030-BCBF-2BC93998321F}\RP209\A0014704.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped

C:\System Volume Information\_restore{021D2686-EBFF-4030-BCBF-2BC93998321F}\RP209\A0014705.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{021D2686-EBFF-4030-BCBF-2BC93998321F}\RP209\A0014706.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{021D2686-EBFF-4030-BCBF-2BC93998321F}\RP211\A0014724.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped

C:\System Volume Information\_restore{021D2686-EBFF-4030-BCBF-2BC93998321F}\RP211\A0014730.dll Infected: not-a-virus:AdWare.Win32.Vapsup.ae skipped

C:\System Volume Information\_restore{021D2686-EBFF-4030-BCBF-2BC93998321F}\RP211\A0014768.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.i skipped

C:\System Volume Information\_restore{021D2686-EBFF-4030-BCBF-2BC93998321F}\RP211\A0014769.DLL Infected: not-a-virus:AdWare.Win32.MySearch.g skipped

C:\System Volume Information\_restore{021D2686-EBFF-4030-BCBF-2BC93998321F}\RP211\A0014771.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.l skipped

C:\System Volume Information\_restore{021D2686-EBFF-4030-BCBF-2BC93998321F}\RP211\A0014830.dll Infected: not-a-virus:AdWare.Win32.Vapsup.ab skipped

C:\System Volume Information\_restore{021D2686-EBFF-4030-BCBF-2BC93998321F}\RP212\A0014859.exe Infected: Trojan-Downloader.Win32.Zlob.cpx skipped

C:\System Volume Information\_restore{021D2686-EBFF-4030-BCBF-2BC93998321F}\RP212\A0014860.dll Infected: not-a-virus:AdWare.Win32.Agent.jw skipped

C:\System Volume Information\_restore{021D2686-EBFF-4030-BCBF-2BC93998321F}\RP212\A0014861.dll Infected: not-a-virus:AdWare.Win32.Agent.kc skipped

C:\System Volume Information\_restore{021D2686-EBFF-4030-BCBF-2BC93998321F}\RP212\A0014863.dll Infected: Trojan-Downloader.Win32.Agent.dag skipped

C:\System Volume Information\_restore{021D2686-EBFF-4030-BCBF-2BC93998321F}\RP212\A0014868.dll Infected: not-a-virus:AdWare.Win32.Vapsup.ab skipped

C:\System Volume Information\_restore{021D2686-EBFF-4030-BCBF-2BC93998321F}\RP214\A0016081.dll Infected: not-a-virus:AdWare.Win32.Agent.fh skipped

C:\System Volume Information\_restore{021D2686-EBFF-4030-BCBF-2BC93998321F}\RP214\A0016082.exe Infected: not-a-virus:AdWare.Win32.Vapsup.ae skipped

C:\System Volume Information\_restore{021D2686-EBFF-4030-BCBF-2BC93998321F}\RP215\A0016173.exe Infected: not-a-virus:Downloader.Win32.WinFixer.x skipped

C:\System Volume Information\_restore{021D2686-EBFF-4030-BCBF-2BC93998321F}\RP216\A0016786.exe Infected: Trojan-Downloader.Win32.Zlob.dgn skipped

C:\System Volume Information\_restore{021D2686-EBFF-4030-BCBF-2BC93998321F}\RP225\change.log Object is locked skipped

C:\WINDOWS\bndsrvqt.dll Infected: not-a-virus:AdWare.Win32.Vapsup.ae skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped

C:\WINDOWS\system32\config\OSession.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\Temp\JETA8C3.tmp Object is locked skipped

C:\WINDOWS\Temp\JETA8E2.tmp Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

hangthisup · 10-10-2007, 04:39 AM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:38:48 AM, on 10/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [PartSeal] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\jason\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {00A7BD45-3D5C-11D4-BDA7-00C0F02C56AB} (DMSrvPushX Control) - http://dvr1.labohemegc.com/webpages/DMWebX.ocx
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {1CDFA4E8-3396-439D-8C9D-AD0E32DE94B6} (CPlayFirsttastyplanetControl Object) - http://www.playfirst.com/play/game/t...et.1.0.0.4.cab
O16 - DPF: {352797A0-EFD0-4FA6-B229-145120EA4B8A} (Walt Disney Internet Group Hardware Control) - https://disneyblast.go.com/v3/setup/...areControl.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/re...s/MSNPUpld.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://atv.disney.go.com/global/down.../OTOYAX29b.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/download...ameManager.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/.../installer.exe
O16 - DPF: {E6C4420E-0669-4518-B825-F63CDDEF7D5D} (InitOcx Control) - http://rc.puppyred.com/init.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

--
End of file - 13940 bytes

tetonbob · 10-10-2007, 08:44 AM

OK, some cleanup actions to perform.

Open NOTEPAD.exe and copy/paste the text in the quotebox below into it:

Quote:

@echo off
if exist "%temp%\log.txt" del "%temp%\log.txt"

for %%g in (

"C:\Downloads\zeSetup-dm[1].exe"
"C:\Program Files\Mozilla Firefox\plugins\NPMySrch.dll"
"C:\WINDOWS\bndsrvqt.dll"

) do (
del /a/f %%g >nul 2>&1
if exist %%g echo.%%~g>>"%temp%\log.txt"
)

for %%g in (

%systemdrive%\Deckard
%systemdrive%\Qoobox

) do (
rd /s/q %%g >nul 2>&1
if exist %%g echo.%%~g>>"%temp%\log.txt"
)
if exist "%temp%\log.txt" ( start notepad "%temp%\log.txt"
) else echo.Deleted Successfully !!

echo.GetObject("winmgmts:" ^& "{impersonationLevel=impersonate}!\\" ^& "." ^& "\root\default").Get("SystemRestore").Disable("")>SR.vbs
echo.GetObject("winmgmts:" ^& "{impersonationLevel=impersonate}!\\" ^& "." ^& "\root\default").Get("SystemRestore").Enable("")>>SR.vbs
wscript SR.vbs

(
echo.REGEDIT4&echo.
echo.[hkey_current_user\software\microsoft\windows\currentversion\explorer\advanced]
echo."hidden"=dword:00000002
echo."hidefileext"=dword:00000001
echo."showsuperhidden"=dword:00000000
)>rehide.reg

regedit /s rehide.reg
del rehide.reg SR.vbs
nircmd wait 7000
del %0

Save this as fix.bat Choose to "Save type as - All Files"
It should look like this:

Double click on fix.bat & allow it to run

Post back to tell me what it says

hangthisup · 10-10-2007, 12:26 PM

it says deleted successfully

hangthisup · 10-10-2007, 03:09 PM

I ran the fix.bat and it said deleted sucessfully

10-09-2007, 02:24 PM	#21 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,234 OS: 2000 Pro; XP Pro; XP Home	Re: netadv.dll OK....I see a problem still. We'll use another tool to help us remove it. I'll repeat the instructions of Post #11 Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix. It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence. --------------------------------------------------------------------------------------------- Download this file - http://download.bleepingcomputer.com...a/ComboFix.exe * IMPORTANT !!! Place combofix.exe on your Desktop Disconnect from the internet....pull the plug! S& D Spybot's Tea Timer While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent HijackThis from fixing certain things. Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your HijackThis log is clean. Open Spybot Search & Destroy. In the Mode menu click "Advanced mode" if not already selected. Choose "Yes" at the Warning prompt. Expand the "Tools" menu. Click "Resident". Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box. In the File menu click "Exit" to exit Spybot Search & Destroy. See this link for a tutorial Go to -> Run -> paste in the following single line command & click OK "%userprofile%\desktop\combofix.exe" /killall Follow the prompts. Type "1" and press Enter to begin the scan. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal. When finished, it shall produce a log for you. Post that log in your next reply Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall. --------------------------------------------------------------------------------------------- Re-establish an internet connection. Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here. --------------------------------------------------------------------------------------------- __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

10-09-2007, 03:01 PM	#22 (permalink)
hangthisup Registered User Join Date: Oct 2007 Posts: 31 OS: xp	Re: netadv.dll ComboFix 07-10-10.1 - jason 2007-10-10 13:46:04.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.468 [GMT -7:00] Running from: C:\Documents and Settings\jason\My Documents\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Application Data.\salesmonitor C:\Documents and Settings\All Users\Application Data\SystemDoctor Free C:\Documents and Settings\All Users\Application Data\SystemDoctor Free\Data\Abbr C:\Documents and Settings\All Users\Application Data\SystemDoctor Free\Data\Abbr C:\Documents and Settings\All Users\Application Data\SystemDoctor Free\Data\ActivationCode C:\Documents and Settings\All Users\Application Data\SystemDoctor Free\Data\ActivationCode C:\Documents and Settings\All Users\Application Data\SystemDoctor Free\Data\HOURS C:\Documents and Settings\All Users\Application Data\SystemDoctor Free\Data\HOURS C:\Documents and Settings\All Users\Application Data\SystemDoctor Free\Data\ProductCode C:\Documents and Settings\All Users\Application Data\SystemDoctor Free\Data\ProductCode C:\Documents and Settings\jason\Application Data\SystemDoctor Free C:\Documents and Settings\jason\Application Data\SystemDoctor Free\Logs\update.log C:\Documents and Settings\jason\Application Data\SystemDoctor Free\Logs\update.log C:\Program Files\Common Files\SystemDoctor C:\Program Files\Common Files\SystemDoctor\dcpasmon.exe C:\Program Files\Common Files\SystemDoctor\err.log C:\Program Files\Common Files\SystemDoctor\up.dat C:\WINDOWS\dat.txt C:\WINDOWS\search_res.txt C:\WINDOWS\setup.exe . ((((((((((((((((((((((((( Files Created from 2007-09-10 to 2007-10-10 ))))))))))))))))))))))))))))))) . 2007-10-09 13:43 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-10-09 11:34 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2007-10-09 11:34 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2007-10-09 11:34 53,248 --a------ C:\WINDOWS\system32\Process.exe 2007-10-09 11:34 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2007-10-09 11:34 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2007-10-09 09:36 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Sony Corporation 2007-10-09 09:36 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Google 2007-10-09 08:54 <DIR> d-------- C:\Program Files\CCleaner 2007-10-09 08:00 <DIR> d-------- C:\Deckard 2007-10-09 05:30 <DIR> d-------- C:\Program Files\Enigma Software Group 2007-10-09 05:03 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab 2007-10-09 05:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2007-10-09 04:52 266,240 --a------ C:\WINDOWS\bndsrsvk.dll 2007-10-09 04:37 <DIR> d-------- C:\Documents and Settings\jason\Application Data\Comodo 2007-10-09 04:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Comodo 2007-10-08 22:22 <DIR> d-------- C:\WINDOWS\My Games 2007-10-08 20:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-10-08 20:45 <DIR> d-------- C:\Program Files\Comodo 2007-10-08 20:39 <DIR> d-------- C:\Program Files\SpywareGuard 2007-10-08 20:35 <DIR> d-------- C:\Program Files\SpywareBlaster 2007-10-08 20:27 <DIR> d-------- C:\WINDOWS\system32\ActiveScan 2007-10-08 18:30 4,220 --a------ C:\WINDOWS\system32\tmp.reg 2007-10-08 18:21 <DIR> d--hs---- C:\WINDOWS\ftpcache 2007-10-08 18:21 <DIR> d-------- C:\Documents and Settings\jason\Application Data\eGames 2007-10-08 18:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\eGames 2007-10-08 16:35 <DIR> d-------- C:\Program Files\Windows Defender 2007-10-08 11:37 <DIR> d-------- C:\Program Files\SystemDefender 2007-10-08 11:30 286,720 --a------ C:\WINDOWS\bndsrvqt.dll 2007-10-07 18:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CWFXCEJTXG 2007-10-07 08:23 <DIR> d-------- C:\Program Files\Super Granny 3 2007-10-05 14:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\LSFXCEJTXG 2007-10-04 19:52 7 --a------ C:\WINDOWS\system32\cpahrider.reg 2007-10-02 22:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\JZFXCEJTXG 2007-10-01 10:23 26,008 -ra------ C:\WINDOWS\system32\drivers\RimUsb.sys 2007-10-01 10:21 26,752 -ra------ C:\WINDOWS\system32\drivers\RimSerial.sys 2007-10-01 10:20 <DIR> d-------- C:\Program Files\Research In Motion 2007-09-26 09:04 7 --a------ C:\WINDOWS\system32\btrasher3.reg 2007-09-26 08:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FOFXCEJTXG 2007-09-25 17:42 <DIR> d-------- C:\Program Files\Quirty Buddy 2007-09-25 15:23 <DIR> d-------- C:\Program Files\Snowy - Treasure Hunter 3 2007-09-24 16:27 <DIR> d-------- C:\Program Files\Zoo Empire 2007-09-24 15:57 <DIR> d-------- C:\Downloads 2007-09-24 14:45 <DIR> d-------- C:\Program Files\Freecell Buddy Pogo 2007-09-23 14:17 <DIR> d-------- C:\Documents and Settings\jason\Application Data\Jane s Hotel 2007-09-22 18:11 <DIR> d-------- C:\Program Files\Cake Mania 2 2007-09-22 09:33 <DIR> d-------- C:\Program Files\Microsoft Silverlight 2007-09-14 21:44 <DIR> d-------- C:\Program Files\Paradise Pet Salon . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-10-09 19:59 --------- d-----w C:\Program Files\Trend Micro 2007-10-09 16:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\WholeSecurity 2007-10-09 03:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater 2007-10-09 01:20 --------- d-----w C:\Program Files\Yahoo! Games 2007-10-08 23:06 --------- d-----w C:\Program Files\Oberon Media 2007-10-08 22:59 --------- d-----w C:\Program Files\Coupons 2007-10-08 22:57 --------- d-----w C:\Program Files\Smiley Arcade 2007-10-08 22:56 --------- d-----w C:\Program Files\BurgerRush_at 2007-10-08 18:39 --------- d-----w C:\Program Files\ArcticQuest2_at 2007-10-08 17:23 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2007-10-08 01:52 --------- d-----w C:\Program Files\BadgeHelp 2007-10-07 15:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sandlot Games 2007-10-05 16:14 --------- d-----w C:\Documents and Settings\jason\Application Data\AweSEM 2007-10-03 04:20 30,976 ----a-w C:\WINDOWS\rascntrl.dll 2007-10-03 04:20 23,104 ----a-w C:\WINDOWS\system32\svcprmpt.dll 2007-10-03 03:06 --------- d-----w C:\Program Files\Google 2007-09-30 01:13 --------- d-----w C:\Program Files\Nick Arcade 2007-09-25 22:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Aliasworlds 2007-09-24 23:33 --------- d-----w C:\Program Files\SallysSalon_at 2007-09-24 23:12 --------- d-----w C:\Documents and Settings\jason\Application Data\PlayFirst 2007-09-24 23:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst 2007-09-20 08:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2007-09-14 02:44 --------- d-----w C:\Program Files\MySpace 2007-09-09 05:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Alawar Stargaze 2007-09-07 16:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\SGFXCEJTXG 2007-09-05 19:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\VXFXCEJTXG 2007-09-02 05:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\TUFXCEJTXG 2007-08-28 22:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony Online Entertainment 2007-08-23 04:06 --------- d-----w C:\Documents and Settings\jason\Application Data\MySpace 2007-08-22 10:54 --------- d-----w C:\Program Files\Doras Carnival 2 At the Boardwalk 2007-08-15 23:44 --------- d-----w C:\Documents and Settings\jason\Application Data\Magus 2007-08-15 15:54 --------- d-----w C:\Documents and Settings\jason\Application Data\gemsweeperextractedgfx 2007-08-13 18:34 --------- d-----w C:\Program Files\Real 2007-07-31 02:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll 2007-07-31 02:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll 2007-07-31 02:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe 2007-07-31 02:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll 2007-07-31 02:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll 2007-07-31 02:19 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll 2007-07-31 02:19 207,736 ----a-w C:\WINDOWS\system32\muweb.dll 2007-07-31 02:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll 2007-07-31 02:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll 2007-07-31 02:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll 2007-07-16 19:09 28,672 ----a-w C:\WINDOWS\system32\UnInsPup.exe 2007-07-08 22:09 774,144 ----a-w C:\Program Files\RngInterstitial.dll 2007-06-20 01:51 0 ----a-w C:\Documents and Settings\jason\Application Data\wklnhst.dat 2006-02-19 11:28 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{05F79890-CFA6-4D53-87BC-2F390DA6645E}] 2007-10-09 03:22 266240 --a------ C:\WINDOWS\bndsrsvk.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3ADCBC16-19FA-4C59-9C22-E17C71B5FD7A}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22}] 2005-10-14 10:21 102400 --a------ C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-08-05 10:57] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-08-05 10:56] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-08-05 10:56] "Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-11-17 20:47] "RTHDCPL"="RTHDCPL.EXE" [2005-08-09 15:17 C:\WINDOWS\RTHDCPL.EXE] "AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-11 19:51] "Mouse Suite 98 Daemon"="ICO.EXE" [] "VAIO Recovery"="C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-19 21:08] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00] "SonyPowerCfg"="C:\Program Files\Sony\VAIO Power Management\SPMgr.exe" [2005-10-19 23:07] "ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 15:12] "VAIO Update 2"="C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-10-11 22:36] "VAIOCameraUtility"="C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe" [2005-12-01 03:20] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-09-17 00:27] "PartSeal"="C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-19 21:08] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 03:41] "eBayToolbar"="C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe" [2007-09-10 23:40] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-01 16:51] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-10-08 20:37] "COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2007-10-08 20:45] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-01 17:22] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00] C:\Documents and Settings\jason\Start Menu\Programs\Startup\ SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 19:05:35] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26] Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-08-19 10:25:25] HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 05:21:22] HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2006-02-10 08:56:20] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoBandCustomize"=0 (0x0) "NoMovingBands"=0 (0x0) "NoCloseDragDropBands"=0 (0x0) "NoToolbarsOnTaskbar"=0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon] VESWinlogon.dll 2005-05-20 18:42 73728 C:\WINDOWS\system32\VESWinlogon.dll R3 SonyImgF;Sony Image Conversion Filter Driver;C:\WINDOWS\system32\DRIVERS\SonyImgF.sys S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment;C:\Program Files\Sony\Image Converter 2\IcVzMon.exe S3 kwkpcusb;Kyocera CDMA Wireless Modem Driver for KPC;C:\WINDOWS\system32\DRIVERS\kwusbnt.sys [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{57d7930d-566c-11dc-b09e-00014af7e659}] AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL http://www.mgae.com/keylauncher/?code=3654333842770338 Newly Created Service - CATCHME . Contents of the 'Scheduled Tasks' folder "2007-10-07 23:34:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" "2007-10-09 19:13:33 C:\WINDOWS\Tasks\MP Scheduled Scan.job" - C:\Program Files\Windows Defender\MpCmdRun.exe . ************************************************************************ catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-10 13:48:58 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2007-10-10 13:49:35 . --- E O F ---

10-09-2007, 03:03 PM	#23 (permalink)
hangthisup Registered User Join Date: Oct 2007 Posts: 31 OS: xp	Re: netadv.dll Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:03:19 PM, on 10/10/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Program Files\Comodo\Firewall\cmdagent.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Sony\VAIO Event Service\VESMgr.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Apoint\Apoint.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\Sony\VAIO Power Management\SPMgr.exe C:\Program Files\Sony\ISB Utility\ISBMgr.exe C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Apoint\Apntex.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\Comodo\Firewall\CPF.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\SpywareGuard\sgmain.exe C:\Program Files\SpywareGuard\sgbhp.exe C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\PROGRA~1\Grisoft\AVG7\avgw.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: MSVPS System - {05F79890-CFA6-4D53-87BC-2F390DA6645E} - C:\WINDOWS\bndsrsvk.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll O2 - BHO: (no name) - {3ADCBC16-19FA-4C59-9C22-E17C71B5FD7A} - (no file) O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [PartSeal] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKLM\..\Policies\Explorer\Run: [vpnvow] C:\DOCUME~1\jason\LOCALS~1\Temp\vpnvow.exe O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user') O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\jason\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople O16 - DPF: {00A7BD45-3D5C-11D4-BDA7-00C0F02C56AB} (DMSrvPushX Control) - http://dvr1.labohemegc.com/webpages/DMWebX.ocx O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab O16 - DPF: {1CDFA4E8-3396-439D-8C9D-AD0E32DE94B6} (CPlayFirsttastyplanetControl Object) - http://www.playfirst.com/play/game/t...et.1.0.0.4.cab O16 - DPF: {352797A0-EFD0-4FA6-B229-145120EA4B8A} (Walt Disney Internet Group Hardware Control) - https://disneyblast.go.com/v3/setup/...areControl.cab O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/re...s/MSNPUpld.cab O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://atv.disney.go.com/global/down.../OTOYAX29b.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/download...ameManager.cab O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/.../installer.exe O16 - DPF: {E6C4420E-0669-4518-B825-F63CDDEF7D5D} (InitOcx Control) - http://rc.puppyred.com/init.cab O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- End of file - 15193 bytes

10-09-2007, 03:35 PM	#25 (permalink)
hangthisup Registered User Join Date: Oct 2007 Posts: 31 OS: xp	Re: netadv.dll I save the log as cfscript.txt I copy it right off of your post. I combine it with the combo fix. It is telling me that it is not spelled correct. I hit ok and it kicks me out. What should I do

10-09-2007, 03:39 PM	#26 (permalink)
hangthisup Registered User Join Date: Oct 2007 Posts: 31 OS: xp	Re: netadv.dll nevermind on the last post i got it

10-09-2007, 03:46 PM	#27 (permalink)
hangthisup Registered User Join Date: Oct 2007 Posts: 31 OS: xp	Re: netadv.dll ComboFix 07-10-10.1 - jason 2007-10-10 14:41:02.3 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.467 [GMT -7:00] Running from: C:\Documents and Settings\jason\My Documents\ComboFix.exe Command switches used :: C:\Documents and Settings\jason\Desktop\CFScript.txt.lnk * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\dat.txt C:\WINDOWS\search_res.txt . ((((((((((((((((((((((((( Files Created from 2007-09-10 to 2007-10-10 ))))))))))))))))))))))))))))))) . 2007-10-09 13:43 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-10-09 11:34 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2007-10-09 11:34 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2007-10-09 11:34 53,248 --a------ C:\WINDOWS\system32\Process.exe 2007-10-09 11:34 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2007-10-09 11:34 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2007-10-09 09:36 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Sony Corporation 2007-10-09 09:36 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Google 2007-10-09 08:54 <DIR> d-------- C:\Program Files\CCleaner 2007-10-09 08:00 <DIR> d-------- C:\Deckard 2007-10-09 05:30 <DIR> d-------- C:\Program Files\Enigma Software Group 2007-10-09 05:03 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab 2007-10-09 05:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2007-10-09 04:52 266,240 --a------ C:\WINDOWS\bndsrsvk.dll 2007-10-09 04:37 <DIR> d-------- C:\Documents and Settings\jason\Application Data\Comodo 2007-10-09 04:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Comodo 2007-10-08 22:22 <DIR> d-------- C:\WINDOWS\My Games 2007-10-08 20:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-10-08 20:45 <DIR> d-------- C:\Program Files\Comodo 2007-10-08 20:39 <DIR> d-------- C:\Program Files\SpywareGuard 2007-10-08 20:35 <DIR> d-------- C:\Program Files\SpywareBlaster 2007-10-08 20:27 <DIR> d-------- C:\WINDOWS\system32\ActiveScan 2007-10-08 18:30 4,220 --a------ C:\WINDOWS\system32\tmp.reg 2007-10-08 18:21 <DIR> d--hs---- C:\WINDOWS\ftpcache 2007-10-08 18:21 <DIR> d-------- C:\Documents and Settings\jason\Application Data\eGames 2007-10-08 18:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\eGames 2007-10-08 16:35 <DIR> d-------- C:\Program Files\Windows Defender 2007-10-08 11:37 <DIR> d-------- C:\Program Files\SystemDefender 2007-10-08 11:30 286,720 --a------ C:\WINDOWS\bndsrvqt.dll 2007-10-07 18:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CWFXCEJTXG 2007-10-07 08:23 <DIR> d-------- C:\Program Files\Super Granny 3 2007-10-05 14:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\LSFXCEJTXG 2007-10-04 19:52 7 --a------ C:\WINDOWS\system32\cpahrider.reg 2007-10-02 22:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\JZFXCEJTXG 2007-10-01 10:23 26,008 -ra------ C:\WINDOWS\system32\drivers\RimUsb.sys 2007-10-01 10:21 26,752 -ra------ C:\WINDOWS\system32\drivers\RimSerial.sys 2007-10-01 10:20 <DIR> d-------- C:\Program Files\Research In Motion 2007-09-26 09:04 7 --a------ C:\WINDOWS\system32\btrasher3.reg 2007-09-26 08:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FOFXCEJTXG 2007-09-25 17:42 <DIR> d-------- C:\Program Files\Quirty Buddy 2007-09-25 15:23 <DIR> d-------- C:\Program Files\Snowy - Treasure Hunter 3 2007-09-24 16:27 <DIR> d-------- C:\Program Files\Zoo Empire 2007-09-24 15:57 <DIR> d-------- C:\Downloads 2007-09-24 14:45 <DIR> d-------- C:\Program Files\Freecell Buddy Pogo 2007-09-23 14:17 <DIR> d-------- C:\Documents and Settings\jason\Application Data\Jane s Hotel 2007-09-22 18:11 <DIR> d-------- C:\Program Files\Cake Mania 2 2007-09-22 09:33 <DIR> d-------- C:\Program Files\Microsoft Silverlight 2007-09-14 21:44 <DIR> d-------- C:\Program Files\Paradise Pet Salon . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-10-10 21:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater 2007-10-09 19:59 --------- d-----w C:\Program Files\Trend Micro 2007-10-09 16:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\WholeSecurity 2007-10-09 01:20 --------- d-----w C:\Program Files\Yahoo! Games 2007-10-08 23:06 --------- d-----w C:\Program Files\Oberon Media 2007-10-08 22:59 --------- d-----w C:\Program Files\Coupons 2007-10-08 22:57 --------- d-----w C:\Program Files\Smiley Arcade 2007-10-08 22:56 --------- d-----w C:\Program Files\BurgerRush_at 2007-10-08 18:39 --------- d-----w C:\Program Files\ArcticQuest2_at 2007-10-08 17:23 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2007-10-08 01:52 --------- d-----w C:\Program Files\BadgeHelp 2007-10-07 15:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sandlot Games 2007-10-05 16:14 --------- d-----w C:\Documents and Settings\jason\Application Data\AweSEM 2007-10-03 04:20 30,976 ----a-w C:\WINDOWS\rascntrl.dll 2007-10-03 04:20 23,104 ----a-w C:\WINDOWS\system32\svcprmpt.dll 2007-10-03 03:06 --------- d-----w C:\Program Files\Google 2007-09-30 01:13 --------- d-----w C:\Program Files\Nick Arcade 2007-09-25 22:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Aliasworlds 2007-09-24 23:33 --------- d-----w C:\Program Files\SallysSalon_at 2007-09-24 23:12 --------- d-----w C:\Documents and Settings\jason\Application Data\PlayFirst 2007-09-24 23:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst 2007-09-20 08:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2007-09-14 02:44 --------- d-----w C:\Program Files\MySpace 2007-09-09 05:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Alawar Stargaze 2007-09-07 16:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\SGFXCEJTXG 2007-09-05 19:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\VXFXCEJTXG 2007-09-02 05:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\TUFXCEJTXG 2007-08-28 22:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony Online Entertainment 2007-08-23 04:06 --------- d-----w C:\Documents and Settings\jason\Application Data\MySpace 2007-08-22 10:54 --------- d-----w C:\Program Files\Doras Carnival 2 At the Boardwalk 2007-08-15 23:44 --------- d-----w C:\Documents and Settings\jason\Application Data\Magus 2007-08-15 15:54 --------- d-----w C:\Documents and Settings\jason\Application Data\gemsweeperextractedgfx 2007-08-13 18:34 --------- d-----w C:\Program Files\Real 2007-07-31 02:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll 2007-07-31 02:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll 2007-07-31 02:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe 2007-07-31 02:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll 2007-07-31 02:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll 2007-07-31 02:19 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll 2007-07-31 02:19 207,736 ----a-w C:\WINDOWS\system32\muweb.dll 2007-07-31 02:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll 2007-07-31 02:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll 2007-07-31 02:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll 2007-07-16 19:09 28,672 ----a-w C:\WINDOWS\system32\UnInsPup.exe 2007-07-08 22:09 774,144 ----a-w C:\Program Files\RngInterstitial.dll 2007-06-20 01:51 0 ----a-w C:\Documents and Settings\jason\Application Data\wklnhst.dat 2006-02-19 11:28 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{05F79890-CFA6-4D53-87BC-2F390DA6645E}] 2007-10-09 03:22 266240 --a------ C:\WINDOWS\bndsrsvk.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3ADCBC16-19FA-4C59-9C22-E17C71B5FD7A}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22}] 2005-10-14 10:21 102400 --a------ C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-08-05 10:57] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-08-05 10:56] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-08-05 10:56] "Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-11-17 20:47] "RTHDCPL"="RTHDCPL.EXE" [2005-08-09 15:17 C:\WINDOWS\RTHDCPL.EXE] "AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-11 19:51] "Mouse Suite 98 Daemon"="ICO.EXE" [] "VAIO Recovery"="C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-19 21:08] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00] "SonyPowerCfg"="C:\Program Files\Sony\VAIO Power Management\SPMgr.exe" [2005-10-19 23:07] "ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 15:12] "VAIO Update 2"="C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-10-11 22:36] "VAIOCameraUtility"="C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe" [2005-12-01 03:20] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-09-17 00:27] "PartSeal"="C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-19 21:08] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 03:41] "eBayToolbar"="C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe" [2007-09-10 23:40] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-01 16:51] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-10-08 20:37] "COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2007-10-08 20:45] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-01 17:22] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00] C:\Documents and Settings\jason\Start Menu\Programs\Startup\ SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 19:05:35] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26] Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-08-19 10:25:25] HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 05:21:22] HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2006-02-10 08:56:20] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoBandCustomize"=0 (0x0) "NoMovingBands"=0 (0x0) "NoCloseDragDropBands"=0 (0x0) "NoToolbarsOnTaskbar"=0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon] VESWinlogon.dll 2005-05-20 18:42 73728 C:\WINDOWS\system32\VESWinlogon.dll R3 SonyImgF;Sony Image Conversion Filter Driver;C:\WINDOWS\system32\DRIVERS\SonyImgF.sys S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment;C:\Program Files\Sony\Image Converter 2\IcVzMon.exe S3 kwkpcusb;Kyocera CDMA Wireless Modem Driver for KPC;C:\WINDOWS\system32\DRIVERS\kwusbnt.sys [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{57d7930d-566c-11dc-b09e-00014af7e659}] AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL http://www.mgae.com/keylauncher/?code=3654333842770338 . Contents of the 'Scheduled Tasks' folder "2007-10-07 23:34:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" "2007-10-10 21:00:56 C:\WINDOWS\Tasks\MP Scheduled Scan.job" - C:\Program Files\Windows Defender\MpCmdRun.exe . ************************************************************************ catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-10 14:44:59 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2007-10-10 14:45:45 C:\ComboFix2.txt ... 2007-10-10 13:49 . --- E O F ---

10-09-2007, 03:49 PM	#28 (permalink)
hangthisup Registered User Join Date: Oct 2007 Posts: 31 OS: xp	Re: netadv.dll Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:47:49 PM, on 10/10/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Program Files\Comodo\Firewall\cmdagent.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Sony\VAIO Event Service\VESMgr.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Apoint\Apoint.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\Sony\VAIO Power Management\SPMgr.exe C:\Program Files\Sony\ISB Utility\ISBMgr.exe C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Apoint\Apntex.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\Comodo\Firewall\CPF.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\PROGRA~1\Grisoft\AVG7\avgw.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: MSVPS System - {05F79890-CFA6-4D53-87BC-2F390DA6645E} - C:\WINDOWS\bndsrsvk.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll O2 - BHO: (no name) - {3ADCBC16-19FA-4C59-9C22-E17C71B5FD7A} - (no file) O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [PartSeal] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKLM\..\Policies\Explorer\Run: [vpnvow] C:\DOCUME~1\jason\LOCALS~1\Temp\vpnvow.exe O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user') O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\jason\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople O16 - DPF: {00A7BD45-3D5C-11D4-BDA7-00C0F02C56AB} (DMSrvPushX Control) - http://dvr1.labohemegc.com/webpages/DMWebX.ocx O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab O16 - DPF: {1CDFA4E8-3396-439D-8C9D-AD0E32DE94B6} (CPlayFirsttastyplanetControl Object) - http://www.playfirst.com/play/game/t...et.1.0.0.4.cab O16 - DPF: {352797A0-EFD0-4FA6-B229-145120EA4B8A} (Walt Disney Internet Group Hardware Control) - https://disneyblast.go.com/v3/setup/...areControl.cab O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/re...s/MSNPUpld.cab O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://atv.disney.go.com/global/down.../OTOYAX29b.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/download...ameManager.cab O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/.../installer.exe O16 - DPF: {E6C4420E-0669-4518-B825-F63CDDEF7D5D} (InitOcx Control) - http://rc.puppyred.com/init.cab O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- End of file - 15053 bytes

10-09-2007, 03:53 PM	#29 (permalink)
hangthisup Registered User Join Date: Oct 2007 Posts: 31 OS: xp	Re: netadv.dll Ad-Aware SE Personal Adobe Flash Player 9 ActiveX Adobe Reader 7.0.9 Adobe Shockwave Player Apple Software Update AVG 7.5 Cake Mania 2 (remove only) ccCommon CCleaner (remove only) Click to DVD 2.0.03 Menu Data Click to DVD 2.5.00 COMODO Firewall Pro DVgate Plus eBay Toolbar GetDataBack for FAT Google Earth Google Toolbar for Internet Explorer Google Toolbar for Internet Explorer Google Updater HDAUDIO SoftV92 Data Fax Modem with SmartCP High Definition Audio Driver Package - KB835221 HijackThis 2.0.2 Hotfix for Windows XP (KB914440) Hotfix for Windows XP (KB915865) Hotfix for Windows XP (KB935448) HP Customer Participation Program 7.0 HP Document Viewer 7.0 HP Imaging Device Functions 7.0 HP Photosmart Premier Software 6.5 HP Photosmart, Officejet and Deskjet 7.0.A HP Solution Center 7.0 HP Update Image Converter 2 Plus Intel(R) Graphics Media Accelerator Driver for Mobile Intel(R) PROSet/Wireless Software InterActual Player InterVideo WinDVD for VAIO iTunes J2SE Runtime Environment 5.0 Update 11 J2SE Runtime Environment 5.0 Update 5 Java(TM) 6 Update 2 Java(TM) SE Runtime Environment 6 Update 1 Kaspersky Online Scanner LiveUpdate 2.7 (Symantec Corporation) Lottso! Deluxe mCore mDriver Memory Stick Formatter Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft .NET Framework 2.0 Microsoft Data Access Components KB870669 Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Professional 2007 Microsoft Office Professional 2007 Trial Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Standard Edition 2003 Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft Works mMHouse Mozilla Firefox (2.0.0.7) mPfMgr mProSafe MSRedist MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) mWlsSafe mXML Netscape Browser (remove only) Norton AntiSpam Norton Internet Security 2006 Norton Protection Center OCR Software by I.R.I.S 7.0 Office 2003 Trial Assistant OpenMG Secure Module 4.3.00 OTOY Panda ActiveScan Puzzle City (remove only) QuickTime Realtek High Definition Audio Driver Roxio DigitalMedia Audio Roxio DigitalMedia Copy Roxio DigitalMedia Data Search Enhancement by AOL Search Security Update for CAPICOM (KB931906) Security Update for CAPICOM (KB931906) Security Update for Excel 2007 (KB936509) Security Update for Microsoft .NET Framework 2.0 (KB928365) Security Update for Office 2007 (KB934062) Security Update for Office 2007 (KB936514) Security Update for Publisher 2007 (KB936646) Security Update for Step By Step Interactive Training (KB923723) Security Update for the 2007 Microsoft Office System (KB936960) Security Update for Windows Internet Explorer 7 (KB928090) Security Update for Windows Internet Explorer 7 (KB929969) Security Update for Windows Internet Explorer 7 (KB931768) Security Update for Windows Internet Explorer 7 (KB933566) Security Update for Windows Internet Explorer 7 (KB937143) Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player 10 (KB917734) Security Update for Windows Media Player 10 (KB936782) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows XP (KB890046) Security Update for Windows XP (KB893066) Security Update for Windows XP (KB893756) Security Update for Windows XP (KB896358) Security Update for Windows XP (KB896422) Security Update for Windows XP (KB896423) Security Update for Windows XP (KB896424) Security Update for Windows XP (KB896428) Security Update for Windows XP (KB896688) Security Update for Windows XP (KB899587) Security Update for Windows XP (KB899588) Security Update for Windows XP (KB899589) Security Update for Windows XP (KB899591) Security Update for Windows XP (KB900725) Security Update for Windows XP (KB901017) Security Update for Windows XP (KB901190) Security Update for Windows XP (KB901214) Security Update for Windows XP (KB902400) Security Update for Windows XP (KB903235) Security Update for Windows XP (KB904706) Security Update for Windows XP (KB905414) Security Update for Windows XP (KB905749) Security Update for Windows XP (KB908519) Security Update for Windows XP (KB911562) Security Update for Windows XP (KB911927) Security Update for Windows XP (KB912919) Security Update for Windows XP (KB913580) Security Update for Windows XP (KB914388) Security Update for Windows XP (KB914389) Security Update for Windows XP (KB917422) Security Update for Windows XP (KB917953) Security Update for Windows XP (KB918118) Security Update for Windows XP (KB918439) Security Update for Windows XP (KB919007) Security Update for Windows XP (KB920213) Security Update for Windows XP (KB920670) Security Update for Windows XP (KB920683) Security Update for Windows XP (KB920685) Security Update for Windows XP (KB921503) Security Update for Windows XP (KB922819) Security Update for Windows XP (KB923191) Security Update for Windows XP (KB923414) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB923694) Security Update for Windows XP (KB923980) Security Update for Windows XP (KB924191) Security Update for Windows XP (KB924270) Security Update for Windows XP (KB924667) Security Update for Windows XP (KB925902) Security Update for Windows XP (KB926255) Security Update for Windows XP (KB926436) Security Update for Windows XP (KB927779) Security Update for Windows XP (KB927802) Security Update for Windows XP (KB928090) Security Update for Windows XP (KB928255) Security Update for Windows XP (KB928843) Security Update for Windows XP (KB929123) Security Update for Windows XP (KB930178) Security Update for Windows XP (KB931261) Security Update for Windows XP (KB931784) Security Update for Windows XP (KB932168) Security Update for Windows XP (KB935839) Security Update for Windows XP (KB935840) Security Update for Windows XP (KB936021) Security Update for Windows XP (KB938829) Setting Utility Series Sony Certificate PCH Sony MP4 Shared Library Sony USB Mouse Sony Utilities DLL Sony Video Shared Library Spybot - Search & Destroy SpywareBlaster v3.5.1 SpywareGuard v2.2 SymNet Update for Office 2007 (KB932080) Update for Office 2007 (KB934391) Update for Office 2007 (KB934393) Update for Outlook 2007 (KB937608) Update for Outlook 2007 Junk Email Filter (kb937833) Update for Windows XP (KB894391) Update for Windows XP (KB896727) Update for Windows XP (KB898461) Update for Windows XP (KB900485) Update for Windows XP (KB904942) Update for Windows XP (KB908531) Update for Windows XP (KB910437) Update for Windows XP (KB911280) Update for Windows XP (KB916595) Update for Windows XP (KB920872) Update for Windows XP (KB922582) Update for Windows XP (KB927891) Update for Windows XP (KB929338) Update for Windows XP (KB930916) Update for Windows XP (KB931836) Update for Windows XP (KB933360) Update for Windows XP (KB936357) Update for Windows XP (KB938828) Update for Word 2007 (KB934173) VAIO Breeze Wallpaper VAIO Camera Utility VAIO Central VAIO Entertainment Platform VAIO Event Service VAIO Light Flo Wallpaper VAIO Media 5.0 VAIO Media AC3 Decoder 1.0 VAIO Media Integrated Server 5.0 VAIO Media Redistribution 5.0 VAIO Media Registration Tool 5.0 VAIO Original Screen Saver VAIO Original Screen Saver VAIO Cozy Screen SD Wide Contents VAIO Power Management VAIO Registration VAIO Security Center VAIO Support Central VAIO Update 2 VAIO Wireless LAN Setup Utility Virtools 3D Life Player Windows Backup Utility Windows Defender Windows Installer 3.1 (KB893803) Windows Internet Explorer 7 Windows Media Connect Windows Media Connect Windows Media Format Runtime Windows Media Player 10 Windows Media Player 10 Hotfix [See KB886612 for more information] Windows XP Hotfix - KB307154 Windows XP Hotfix - KB873339 Windows XP Hotfix - KB884575 Windows XP Hotfix - KB885250 Windows XP Hotfix - KB885835 Windows XP Hotfix - KB885836 Windows XP Hotfix - KB886185 Windows XP Hotfix - KB887472 Windows XP Hotfix - KB887742 Windows XP Hotfix - KB888113 Windows XP Hotfix - KB888239 Windows XP Hotfix - KB888302 Windows XP Hotfix - KB890859 Windows XP Hotfix - KB891781 Yahoo! Toolbar for Internet Explorer

10-09-2007, 09:20 PM	#31 (permalink)
hangthisup Registered User Join Date: Oct 2007 Posts: 31 OS: xp	Re: netadv.dll ComboFix 07-10-10.1 - jason 2007-10-10 19:59:20.4 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.601 [GMT -7:00] Running from: C:\Documents and Settings\jason\My Documents\ComboFix.exe Command switches used :: C:\Documents and Settings\jason\Desktop\CFScript.txt * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\bndsrsvk.dll C:\WINDOWS\dat.txt C:\WINDOWS\search_res.txt . ((((((((((((((((((((((((( Files Created from 2007-09-11 to 2007-10-11 ))))))))))))))))))))))))))))))) . 2007-10-09 13:43 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-10-09 11:34 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2007-10-09 11:34 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2007-10-09 11:34 53,248 --a------ C:\WINDOWS\system32\Process.exe 2007-10-09 11:34 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2007-10-09 11:34 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2007-10-09 09:36 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Sony Corporation 2007-10-09 09:36 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Google 2007-10-09 08:54 <DIR> d-------- C:\Program Files\CCleaner 2007-10-09 08:00 <DIR> d-------- C:\Deckard 2007-10-09 05:30 <DIR> d-------- C:\Program Files\Enigma Software Group 2007-10-09 05:03 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab 2007-10-09 05:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2007-10-09 04:37 <DIR> d-------- C:\Documents and Settings\jason\Application Data\Comodo 2007-10-09 04:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Comodo 2007-10-08 22:22 <DIR> d-------- C:\WINDOWS\My Games 2007-10-08 20:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-10-08 20:45 <DIR> d-------- C:\Program Files\Comodo 2007-10-08 20:39 <DIR> d-------- C:\Program Files\SpywareGuard 2007-10-08 20:35 <DIR> d-------- C:\Program Files\SpywareBlaster 2007-10-08 20:27 <DIR> d-------- C:\WINDOWS\system32\ActiveScan 2007-10-08 18:30 4,220 --a------ C:\WINDOWS\system32\tmp.reg 2007-10-08 18:21 <DIR> d--hs---- C:\WINDOWS\ftpcache 2007-10-08 18:21 <DIR> d-------- C:\Documents and Settings\jason\Application Data\eGames 2007-10-08 18:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\eGames 2007-10-08 16:35 <DIR> d-------- C:\Program Files\Windows Defender 2007-10-08 11:37 <DIR> d-------- C:\Program Files\SystemDefender 2007-10-08 11:30 286,720 --a------ C:\WINDOWS\bndsrvqt.dll 2007-10-07 18:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CWFXCEJTXG 2007-10-07 08:23 <DIR> d-------- C:\Program Files\Super Granny 3 2007-10-05 14:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\LSFXCEJTXG 2007-10-04 19:52 7 --a------ C:\WINDOWS\system32\cpahrider.reg 2007-10-02 22:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\JZFXCEJTXG 2007-10-01 10:23 26,008 -ra------ C:\WINDOWS\system32\drivers\RimUsb.sys 2007-10-01 10:21 26,752 -ra------ C:\WINDOWS\system32\drivers\RimSerial.sys 2007-10-01 10:20 <DIR> d-------- C:\Program Files\Research In Motion 2007-09-26 09:04 7 --a------ C:\WINDOWS\system32\btrasher3.reg 2007-09-26 08:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FOFXCEJTXG 2007-09-25 17:42 <DIR> d-------- C:\Program Files\Quirty Buddy 2007-09-25 15:23 <DIR> d-------- C:\Program Files\Snowy - Treasure Hunter 3 2007-09-24 16:27 <DIR> d-------- C:\Program Files\Zoo Empire 2007-09-24 15:57 <DIR> d-------- C:\Downloads 2007-09-24 14:45 <DIR> d-------- C:\Program Files\Freecell Buddy Pogo 2007-09-23 14:17 <DIR> d-------- C:\Documents and Settings\jason\Application Data\Jane s Hotel 2007-09-22 18:11 <DIR> d-------- C:\Program Files\Cake Mania 2 2007-09-22 09:33 <DIR> d-------- C:\Program Files\Microsoft Silverlight 2007-09-14 21:44 <DIR> d-------- C:\Program Files\Paradise Pet Salon . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-10-10 21:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater 2007-10-09 19:59 --------- d-----w C:\Program Files\Trend Micro 2007-10-09 16:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\WholeSecurity 2007-10-09 01:20 --------- d-----w C:\Program Files\Yahoo! Games 2007-10-08 23:06 --------- d-----w C:\Program Files\Oberon Media 2007-10-08 22:59 --------- d-----w C:\Program Files\Coupons 2007-10-08 22:57 --------- d-----w C:\Program Files\Smiley Arcade 2007-10-08 22:56 --------- d-----w C:\Program Files\BurgerRush_at 2007-10-08 18:39 --------- d-----w C:\Program Files\ArcticQuest2_at 2007-10-08 17:23 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2007-10-08 01:52 --------- d-----w C:\Program Files\BadgeHelp 2007-10-07 15:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sandlot Games 2007-10-05 16:14 --------- d-----w C:\Documents and Settings\jason\Application Data\AweSEM 2007-10-03 04:20 30,976 ----a-w C:\WINDOWS\rascntrl.dll 2007-10-03 03:06 --------- d-----w C:\Program Files\Google 2007-09-30 01:13 --------- d-----w C:\Program Files\Nick Arcade 2007-09-25 22:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Aliasworlds 2007-09-24 23:33 --------- d-----w C:\Program Files\SallysSalon_at 2007-09-24 23:12 --------- d-----w C:\Documents and Settings\jason\Application Data\PlayFirst 2007-09-24 23:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst 2007-09-20 08:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2007-09-14 02:44 --------- d-----w C:\Program Files\MySpace 2007-09-09 05:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Alawar Stargaze 2007-09-07 16:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\SGFXCEJTXG 2007-09-05 19:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\VXFXCEJTXG 2007-09-02 05:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\TUFXCEJTXG 2007-08-28 22:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony Online Entertainment 2007-08-23 04:06 --------- d-----w C:\Documents and Settings\jason\Application Data\MySpace 2007-08-22 10:54 --------- d-----w C:\Program Files\Doras Carnival 2 At the Boardwalk 2007-08-15 23:44 --------- d-----w C:\Documents and Settings\jason\Application Data\Magus 2007-08-15 15:54 --------- d-----w C:\Documents and Settings\jason\Application Data\gemsweeperextractedgfx 2007-08-13 18:34 --------- d-----w C:\Program Files\Real 2007-07-08 22:09 774,144 ----a-w C:\Program Files\RngInterstitial.dll 2007-06-20 01:51 0 ----a-w C:\Documents and Settings\jason\Application Data\wklnhst.dat 2006-02-19 11:28 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll . ((((((((((((((((((((((((((((( snapshot@2007-10-10_13.49.03.62 ))))))))))))))))))))))))))))))))))))))))) . ----a-w 74,936 2007-10-11 02:55:29 C:\WINDOWS\system32\Restore\rstrlog.dat . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22}] 2005-10-14 10:21 102400 --a------ C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-08-05 10:57] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-08-05 10:56] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-08-05 10:56] "Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-11-17 20:47] "RTHDCPL"="RTHDCPL.EXE" [2005-08-09 15:17 C:\WINDOWS\RTHDCPL.EXE] "AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-11 19:51] "Mouse Suite 98 Daemon"="ICO.EXE" [] "VAIO Recovery"="C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-19 21:08] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00] "SonyPowerCfg"="C:\Program Files\Sony\VAIO Power Management\SPMgr.exe" [2005-10-19 23:07] "ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 15:12] "VAIO Update 2"="C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-10-11 22:36] "VAIOCameraUtility"="C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe" [2005-12-01 03:20] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-09-17 00:27] "PartSeal"="C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-19 21:08] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 03:41] "eBayToolbar"="C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe" [2007-09-10 23:40] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-01 16:51] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-10-08 20:37] "COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2007-10-08 20:45] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-01 17:22] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00] C:\Documents and Settings\jason\Start Menu\Programs\Startup\ SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 19:05:35] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26] Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-08-19 10:25:25] HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 05:21:22] HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2006-02-10 08:56:20] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoBandCustomize"=0 (0x0) "NoMovingBands"=0 (0x0) "NoCloseDragDropBands"=0 (0x0) "NoToolbarsOnTaskbar"=0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon] VESWinlogon.dll 2005-05-20 18:42 73728 C:\WINDOWS\system32\VESWinlogon.dll R3 SonyImgF;Sony Image Conversion Filter Driver;C:\WINDOWS\system32\DRIVERS\SonyImgF.sys S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment;C:\Program Files\Sony\Image Converter 2\IcVzMon.exe S3 kwkpcusb;Kyocera CDMA Wireless Modem Driver for KPC;C:\WINDOWS\system32\DRIVERS\kwusbnt.sys [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{57d7930d-566c-11dc-b09e-00014af7e659}] AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL http://www.mgae.com/keylauncher/?code=3654333842770338 . Contents of the 'Scheduled Tasks' folder "2007-10-07 23:34:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" "2007-10-11 02:59:25 C:\WINDOWS\Tasks\MP Scheduled Scan.job" . ************************************************************************ catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-10 20:04:58 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2007-10-10 20:07:18 - machine was rebooted C:\ComboFix2.txt ... 2007-10-10 14:45 C:\ComboFix3.txt ... 2007-10-10 13:49 . --- E O F ---

10-09-2007, 09:26 PM	#32 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,234 OS: 2000 Pro; XP Pro; XP Home	Re: netadv.dll Ok, great. Now, if you can post the new HijackThis log requested, we can continue. __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

10-09-2007, 09:30 PM	#33 (permalink)
hangthisup Registered User Join Date: Oct 2007 Posts: 31 OS: xp	Re: netadv.dll Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:29:04 PM, on 10/10/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Program Files\Comodo\Firewall\cmdagent.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Sony\VAIO Event Service\VESMgr.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Apoint\Apoint.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\Sony\VAIO Power Management\SPMgr.exe C:\Program Files\Sony\ISB Utility\ISBMgr.exe C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\Windows Defender\MSASCui.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\Comodo\Firewall\CPF.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\SpywareGuard\sgmain.exe C:\Program Files\SpywareGuard\sgbhp.exe C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [PartSeal] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user') O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\jason\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople O16 - DPF: {00A7BD45-3D5C-11D4-BDA7-00C0F02C56AB} (DMSrvPushX Control) - http://dvr1.labohemegc.com/webpages/DMWebX.ocx O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab O16 - DPF: {1CDFA4E8-3396-439D-8C9D-AD0E32DE94B6} (CPlayFirsttastyplanetControl Object) - http://www.playfirst.com/play/game/t...et.1.0.0.4.cab O16 - DPF: {352797A0-EFD0-4FA6-B229-145120EA4B8A} (Walt Disney Internet Group Hardware Control) - https://disneyblast.go.com/v3/setup/...areControl.cab O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/re...s/MSNPUpld.cab O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://atv.disney.go.com/global/down.../OTOYAX29b.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/download...ameManager.cab O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/.../installer.exe O16 - DPF: {E6C4420E-0669-4518-B825-F63CDDEF7D5D} (InitOcx Control) - http://rc.puppyred.com/init.cab O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- End of file - 14765 bytes

10-09-2007, 09:31 PM	#34 (permalink)
hangthisup Registered User Join Date: Oct 2007 Posts: 31 OS: xp	Re: netadv.dll I appreciate all of your help, I will definately make a good donation for all of your help.

10-09-2007, 09:36 PM	#35 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,234 OS: 2000 Pro; XP Pro; XP Home	Re: netadv.dll OK, great. We have the main infections under control now. There are more steps to take care of. I see you have more than one Anti-Virus program installed, AVG 7.5 and Norton Internet Security 2006. While this may seem like greater protection, it can cause problems including slowdowns and system hangs. Choose one to keep and uninstall the other. Any antivirus program must be removed via add/remove program. For any program that doesn't have an add/remove entry, you will have to do this: re-install the program -> reboot -> uninstall ----------------------------------------------------------------------- If you choose to uninstall Norton, see this page for more information: http://basconotw.mvps.org/SymRem.htm ----------------------------------------------------------------------- Once you've done that...here are your next steps: Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update. Updating Java: Download the latest version of Java Runtime Environment (JRE) 6 u3 and save to your desktop. Close any programs you may have running - especially your web browser. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java. Check any item with Java Runtime Environment (JRE or J2SE) in the name. In your case it is these: J2SE Runtime Environment 5.0 Update 11 J2SE Runtime Environment 5.0 Update 5 Java(TM) 6 Update 2 Java(TM) SE Runtime Environment 6 Update 1 Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions. Reboot your computer once all Java components are removed. Then from your desktop double-click on jre-6u3-windowsi586-p.exe to install the newest version. After the install is complete, go into the Control Panel and double-click the Java Icon. (looks like a coffee cup) On the General tab, under Temporary Internet Files, click the Settings button. Next, click on the Delete Files button There are two options in the window to clear the cache - Leave BOTH Checked Applications and Applets Trace and Log Files Click OK on Delete Temporary Files Window Note: This deletes ALL the Downloaded Applications and Applets from the CACHE. Click OK to leave the Temporary Files Window Click OK to leave the Java Control Panel. --------------------------------------------------------------------------------------------- Next step is to perform this online scan, to look for any remnants: Please use this pictorial guide to assist you. Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online Scanner Answer Yes, when prompted to install an ActiveX component. The program will then begin downloading the latest definition files. Once the files have been downloaded click on NEXT Locate the Scan Settings button & configure to: Scan using the following Anti-Virus database: Extended Scan Options: Scan Archives Scan Mail Bases Click OK & have it scan My Computer Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it. Click the Save as Text button to save the file to your desktop so that you may post it in your next reply * Turn off the real time scanner of any existing antivirus program while performing the online scan Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the licence, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%. --------------------------------------------------------------------------------------------- Once you've done that.... Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here. --------------------------------------------------------------------------------------------- __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

10-10-2007, 04:39 AM	#37 (permalink)
hangthisup Registered User Join Date: Oct 2007 Posts: 31 OS: xp	Re: netadv.dll Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:38:48 AM, on 10/11/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Comodo\Firewall\cmdagent.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Sony\VAIO Event Service\VESMgr.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Apoint\Apoint.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Sony\VAIO Power Management\SPMgr.exe C:\Program Files\Sony\ISB Utility\ISBMgr.exe C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Comodo\Firewall\CPF.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Apoint\Apntex.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\SpywareGuard\sgmain.exe C:\Program Files\SpywareGuard\sgbhp.exe C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [PartSeal] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\jason\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople O16 - DPF: {00A7BD45-3D5C-11D4-BDA7-00C0F02C56AB} (DMSrvPushX Control) - http://dvr1.labohemegc.com/webpages/DMWebX.ocx O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab O16 - DPF: {1CDFA4E8-3396-439D-8C9D-AD0E32DE94B6} (CPlayFirsttastyplanetControl Object) - http://www.playfirst.com/play/game/t...et.1.0.0.4.cab O16 - DPF: {352797A0-EFD0-4FA6-B229-145120EA4B8A} (Walt Disney Internet Group Hardware Control) - https://disneyblast.go.com/v3/setup/...areControl.cab O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/re...s/MSNPUpld.cab O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://atv.disney.go.com/global/down.../OTOYAX29b.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/download...ameManager.cab O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/.../installer.exe O16 - DPF: {E6C4420E-0669-4518-B825-F63CDDEF7D5D} (InitOcx Control) - http://rc.puppyred.com/init.cab O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- End of file - 13940 bytes

10-10-2007, 12:26 PM	#39 (permalink)
hangthisup Registered User Join Date: Oct 2007 Posts: 31 OS: xp	Re: netadv.dll it says deleted successfully

10-10-2007, 03:09 PM	#40 (permalink)
hangthisup Registered User Join Date: Oct 2007 Posts: 31 OS: xp	Re: netadv.dll I ran the fix.bat and it said deleted sucessfully