Random audio ads/music/scenes, routing.exe, macidwe.exe, perfs.exe, tdxdowkc.exe

tppiii · 08-07-2008, 11:52 PM

Ok, i noticed this today as i was watching a dvd on my laptop. Out of no where, I hear random audio.. some of it was ads (like you hear on the radio), some of it are random sound clips (like a lion roaring) and some of it are random lines (thinking from a movie, but not from the dvd I was watching)... well at first I thought it was AIM/AOL and the buddy sounds, but I did disable that. I ended up closing all instant messenger programs so I continue to watch my dvd. but the problem still persist, I still hear these sounds, do I decided to do a full virus (symantec), spyware/adaware (adware and spybot) scan. Nothing really came up.

So i ended up doing hijakthis this and found i have the routing.exe, macidwe.exe, perfs.exe, tdxdowkc.exe files. (I googled all the files on the HJ list that seem outside of the norms and see if it was spyware this is what i found). So i ended up disabling it in the task manager and manually deting the files out of system32. so the next day, the same thing happen again, I hear these random audio clips. I have nothing open that makes sounds, so I do not know what else to do. So I am here asking for help and input. If anyone can help, that would be great.

The following is my scanned log after i ran spyware/adware/virus scanning programs again and rebooted (I also attached the Hijackthis log from before the reboot):

Deckard's System Scanner v20071014.68
Run by Tan Pham on 2008-08-08 01:15:45
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

-- Last 5 Restore Point(s) --
9: 2008-08-08 05:02:08 UTC - RP88 - Deckard's System Scanner Restore Point
8: 2008-08-08 04:47:27 UTC - RP87 - Uniblue RegistryBooster
7: 2008-08-07 22:44:29 UTC - RP86 - Installed Unreal Tournament 3
6: 2008-08-07 06:35:07 UTC - RP85 - System Checkpoint
5: 2008-08-06 05:15:18 UTC - RP84 - Installed VAIO Update 3

-- First Restore Point --
1: 2008-08-06 00:20:54 UTC - RP80 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

-- HijackThis (run as Tan Pham.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:20:12 AM, on 8/8/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\DynDNS Updater\DynUpSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Protector Suite QL\menusw.exe
C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\DynDNS Updater\DynTray.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Documents and Settings\Tan Pham\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Tan Pham.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netflix.com/MemberHome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {246D8DEE-5F51-4351-B33C-009E3F33D131} - C:\WINDOWS\system32\uRLDvwwV.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {BE961036-940B-42C8-9180-FF943717739b} - C:\WINDOWS\system32\esqeobds.dll (file missing)
O2 - BHO: {41ef0147-e70a-f35a-2614-9fab5b80954c} - {c45908b5-baf9-4162-a53f-a07e7410fe14} - C:\WINDOWS\system32\vmjmwi.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [SonyPowerCfg] "C:\Program Files\Sony\VAIO Power Management\SPMgr.exe"
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Biomenu] "C:\Program Files\Protector Suite QL\menusw.exe"
O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe"
O4 - HKLM\..\Run: [PartSeal] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [VAIO Update 3] "C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe" /Stationary
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: DynDNS Updater Tray Icon.lnk = C:\Program Files\DynDNS Updater\DynTray.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Virtual Account Numbers - {DE700910-58F7-4D2E-B7E6-3BA2DA1B6806} - C:\PROGRA~1\VIRTUA~1\CitiVAN.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {03A99563-4F42-4DCF-A069-C728A71164A3} (VivatyCtrl Class) - http://apps.vivaty.com/downloads/player/install.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DynDNS Updater - Dynamic Network Services, Inc. - C:\Program Files\DynDNS Updater\DynUpSvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: macidwe Service (macidwe) - Unknown owner - C:\WINDOWS\system32\macidwe.exe (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: perfs Service (perfs) - Unknown owner - C:\WINDOWS\system32\perfs.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Routing Service (Routing) - Unknown owner - C:\WINDOWS\system32\routing.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: tdxdowkc Service (tdxdowkc) - Unknown owner - C:\WINDOWS\system32\tdxdowkc.exe (file missing)
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WServing Service (WServing) - Unknown owner - C:\WINDOWS\system32\wserving.exe (file missing)

--
End of file - 16086 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080808-003524-291 O23 - Service: tdxdowkc Service (tdxdowkc) - Unknown owner - C:\WINDOWS\system32\tdxdowkc.exe
backup-20080808-003832-230 O23 - Service: Routing Service (Routing) - Unknown owner - C:\WINDOWS\system32\routing.exe (file missing)
backup-20080808-004432-130 O23 - Service: Routing Service (Routing) - Unknown owner - C:\WINDOWS\system32\routing.exe (file missing)
backup-20080808-004432-316 O23 - Service: perfs Service (perfs) - Unknown owner - C:\WINDOWS\system32\perfs.exe
backup-20080808-004432-748 O23 - Service: tdxdowkc Service (tdxdowkc) - Unknown owner - C:\WINDOWS\system32\tdxdowkc.exe (file missing)
backup-20080808-004432-921 O23 - Service: macidwe Service (macidwe) - Unknown owner - C:\WINDOWS\system32\macidwe.exe
backup-20080808-004432-947 O23 - Service: WServing Service (WServing) - Unknown owner - C:\WINDOWS\system32\wserving.exe
backup-20080808-004432-953 O23 - Service: sobicyt - Unknown owner - C:\WINDOWS\system32\sobicyt.exe

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 ISODrive (ISO DVD/CD-ROM Device Driver) - c:\program files\ultraiso\drivers\isodrive.sys <Not Verified; EZB Systems, Inc.; ISODrive>
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R1 Tosrfcom (Bluetooth RFCOMM from TOSHIBA) - c:\windows\system32\drivers\tosrfcom.sys <Not Verified; TOSHIBA Corporation; Bluetooth RFCOMM Driver>
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.4.10.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.4.10.0>
R2 FdRedir - c:\program files\common files\protector suite ql\drivers\fdredir.sys <Not Verified; UPEK Inc.; Protector Suite QL>
R2 FileDisk2 (FileDisk Protector Kernel Driver) - c:\program files\common files\protector suite ql\drivers\filedisk.sys <Not Verified; UPEK Inc.; Protector Suite QL>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>
R3 mcdbus (Driver for MagicISO SCSI Host Controller) - c:\windows\system32\drivers\mcdbus.sys <Not Verified; MagicISO, Inc.; MagicISO SCSI Host Controller>
R3 tosporte (Bluetooth Port Driver from Toshiba) - c:\windows\system32\drivers\tosporte.sys <Not Verified; TOSHIBA Corporation; TOSHIBA Bluetooth Port Emulation Driver>

S3 mqdmbus (Motorola DM Composite Driver (WDM)) - c:\windows\system32\drivers\mqdmbus.sys <Not Verified; MCCI; Motorola DM Composite Driver>
S3 mqdmmdfl (Motorola USB Modem (Filter)) - c:\windows\system32\drivers\mqdmmdfl.sys <Not Verified; MCCI; Motorola USB Modem Filter>
S3 mqdmmdm (Motorola USB Modem) - c:\windows\system32\drivers\mqdmmdm.sys <Not Verified; MCCI; Motorola USB Modem>
S3 mqdmserd (Motorola USB Diag) - c:\windows\system32\drivers\mqdmserd.sys <Not Verified; MCCI; Motorola USB Diag>
S3 toshidpt (TOSHIBA Bluetooth HID port driver) - c:\windows\system32\drivers\toshidpt.sys <Not Verified; TOSHIBA Corporation.; TOSHIBA Bluetooth HID Mini Port Driver>
S3 Tosrfbd (Bluetooth RFBUS from TOSHIBA) - c:\windows\system32\drivers\tosrfbd.sys <Not Verified; TOSHIBA CORPORATION; Bluetooth BUS Driver(WindowsXP,Windows2000)>
S3 Tosrfbnp (Bluetooth RFBNEP from TOSHIBA) - c:\windows\system32\drivers\tosrfbnp.sys <Not Verified; TOSHIBA Corporation; Bluetooth RFBNEP Driver from TOSHIBA>
S3 Tosrfhid (Bluetooth RFHID from TOSHIBA) - c:\windows\system32\drivers\tosrfhid.sys <Not Verified; TOSHIBA Corporation.; Bluetooth HID Driver from TOSHIBA>
S3 tosrfnds (Bluetooth Personal Area Network from TOSHIBA) - c:\windows\system32\drivers\tosrfnds.sys <Not Verified; TOSHIBA Corporation.; Bluetooth BNEP Driver from TOSHIBA>
S3 TosRfSnd (Bluetooth Audio Device (WDM) from TOSHIBA) - c:\windows\system32\drivers\tosrfsnd.sys <Not Verified; TOSHIBA Corporation; Bluetooth Audio Driver>
S3 Tosrfusb (Bluetooth USB Controller) - c:\windows\system32\drivers\tosrfusb.sys <Not Verified; TOSHIBA CORPORATION; Microsoft(R) Windows NT(R) Operating System>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 DynDNS Updater - c:\program files\dyndns updater\dynupsvc.exe <Not Verified; Dynamic Network Services, Inc.; DynDNS® Updater>
R2 RegSrvc (Intel(R) PROSet/Wireless Registry Service) - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; Intel(R) PROSet/Wireless Registry Service>
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>

S2 macidwe (macidwe Service) - c:\windows\system32\macidwe.exe (file missing)
S2 perfs (perfs Service) - c:\windows\system32\perfs.exe (file missing)
S2 Routing (Routing Service) - c:\windows\system32\routing.exe (file missing)
S2 tdxdowkc (tdxdowkc Service) - c:\windows\system32\tdxdowkc.exe (file missing)
S2 WServing (WServing Service) - c:\windows\system32\wserving.exe (file missing)
S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe
S3 WmcCds (Windows Media Connect (WMC)) - c:\program files\windows media connect\mswmccds.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 WmcCdsLs (Windows Media Connect (WMC) Helper) - c:\program files\windows media connect\mswmcls.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S4 AFinding (AFinding Service) - c:\windows\system32\afinding.exe
S4 NOBICYT (NOBICYT Service) - c:\windows\system32\nobicyt.exe
S4 perfmons - c:\windows\system32\perfs.exe (file missing)
S4 sobicyt - c:\windows\system32\sobicyt.exe (file missing)

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Scheduled Tasks -------------------------------------------------------------

2008-08-07 08:09:18 234 --a------ C:\WINDOWS\Tasks\German1.job
2008-07-30 19:58:32 408 --a------ C:\WINDOWS\Tasks\Money 2007 Home & Business.job

-- Files created between 2008-07-08 and 2008-08-08 -----------------------------

2008-08-08 00:58:27 0 d-------- C:\ie-spyad_zo
2008-08-08 00:45:11 0 d-------- C:\Documents and Settings\Tan Pham\Application Data\Uniblue
2008-08-08 00:44:50 0 d-------- C:\Program Files\Uniblue
2008-08-08 00:30:36 0 d-------- C:\Program Files\Trend Micro
2008-08-07 21:43:12 0 d-------- C:\NVIDIA
2008-08-07 19:07:24 0 d-------- C:\Documents and Settings\Tan Pham\Application Data\InstallShield Installation Information
2008-08-07 18:45:51 0 d-------- C:\Program Files\Unreal Tournament 3
2008-08-07 18:45:04 0 d-------- C:\WINDOWS\system32\AGEIA
2008-08-07 18:45:03 0 d-------- C:\Program Files\AGEIA Technologies
2008-08-07 01:48:27 0 d-------- C:\Documents and Settings\Tan Pham\Application Data\.SwarmPlayer
2008-08-07 01:48:16 0 d-------- C:\Documents and Settings\Tan Pham\Application Data\.Tribler
2008-08-07 01:47:23 0 d-------- C:\Program Files\SwarmPlayer
2008-08-06 11:54:25 0 d-------- C:\Documents and Settings\LocalService\Application Data\AdobeUM
2008-08-06 01:35:18 170768 --a------ C:\WINDOWS\system32\jit.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-08-06 01:35:18 139536 --a------ C:\WINDOWS\system32\javaee.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-08-06 01:35:18 313856 --a------ C:\WINDOWS\system32\dx3j.dll <Not Verified; Microsoft Corporation; Microsoft® DirectX for Java>
2008-08-06 01:35:18 46352 --a------ C:\WINDOWS\setdebug.exe <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-08-06 01:35:18 6550 --a------ C:\WINDOWS\jautoexp.dat
2008-08-06 01:35:13 113 --a------ C:\WINDOWS\system32\zonedon.reg
2008-08-06 01:35:13 113 --a------ C:\WINDOWS\system32\zonedoff.reg
2008-08-06 01:35:13 162576 --a------ C:\WINDOWS\system32\wjview.exe <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-08-06 01:35:12 249616 --a------ C:\WINDOWS\system32\vmhelper.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-08-06 01:35:12 21264 --a------ C:\WINDOWS\system32\msjdbc10.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-08-06 01:35:12 934160 --a------ C:\WINDOWS\system32\msjava.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-08-06 01:35:12 153872 --a------ C:\WINDOWS\system32\msawt.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-08-06 01:35:12 169232 --a------ C:\WINDOWS\system32\jview.exe <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-08-06 01:35:12 15120 --a------ C:\WINDOWS\system32\jdbgmgr.exe <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-08-06 01:35:11 365328 --a------ C:\WINDOWS\system32\javart.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-08-06 01:35:11 34576 --a------ C:\WINDOWS\system32\javaprxy.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-08-06 01:35:11 192784 --a------ C:\WINDOWS\system32\javacypt.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-08-06 01:35:10 49424 --a------ C:\WINDOWS\system32\clspack.exe <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-08-06 01:26:13 0 d-------- C:\Program Files\UltraISO
2008-08-06 01:26:13 0 d-------- C:\Program Files\Common Files\EZB Systems
2008-08-05 22:55:15 0 d-------- C:\Documents and Settings\Tan Pham\Application Data\EndNote
2008-08-05 22:55:10 0 d-------- C:\Program Files\Common Files\Risxtd
2008-08-05 22:55:06 0 d-------- C:\Program Files\Common Files\ResearchSoft
2008-08-05 22:52:08 0 d-------- C:\Program Files\EndNote X2
2008-08-05 22:51:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Thomson.ResearchSoft.Installers
2008-08-04 03:14:46 0 d-------- C:\Program Files\Vivaty
2008-08-03 21:58:40 0 d-------- C:\Program Files\AOL Companion
2008-08-03 21:58:38 0 d-------- C:\WINDOWS\occache
2008-08-03 21:58:38 0 d-------- C:\Program Files\Learn2.com
2008-08-03 21:56:42 153088 --a------ C:\WINDOWS\system32\jgdwmie.dll <Not Verified; America Online; JG Decoder>
2008-08-03 21:56:42 24659 --a------ C:\WINDOWS\system32\aolddial.dll <Not Verified; America Online, Inc.; America Online>
2008-08-03 21:56:10 65536 --a------ C:\WINDOWS\wanmpsvc.exe <Not Verified; America Online, Inc.; America Online>
2008-08-03 21:55:56 0 d-------- C:\Program Files\Common Files\aolshare
2008-08-03 21:55:45 0 d-------- C:\Program Files\America Online 9.0
2008-08-03 00:02:27 0 d-------- C:\Documents and Settings\LocalService\Application Data\Macromedia
2008-08-03 00:02:27 0 d-------- C:\Documents and Settings\LocalService\Application Data\Adobe
2008-08-02 16:14:50 0 d-------- C:\Program Files\Samsung
2008-08-02 14:40:44 0 d-------- C:\Documents and Settings\Tan Pham\Application Data\Yahoo!
2008-08-02 14:40:44 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-08-02 00:04:08 0 d---s---- C:\Documents and Settings\NetworkService\UserData
2008-08-01 23:26:30 0 d-------- C:\Documents and Settings\NetworkService\My Documents
2008-08-01 23:25:47 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Real
2008-08-01 20:52:09 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-08-01 20:24:16 0 d-------- C:\Program Files\Motorola
2008-08-01 20:02:03 5936 --a------ C:\WINDOWS\system32\drivers\mqdmwhnt.sys <Not Verified; MCCI; Motorola DM Composite Driver>
2008-08-01 20:02:03 5936 --a------ C:\WINDOWS\system32\drivers\mqdmwh.sys <Not Verified; MCCI; Motorola DM Composite Driver>
2008-08-01 20:02:03 79328 --a------ C:\WINDOWS\system32\drivers\mqdmserd.sys <Not Verified; MCCI; Motorola USB Diag>
2008-08-01 20:02:03 92064 --a------ C:\WINDOWS\system32\drivers\mqdmmdm.sys <Not Verified; MCCI; Motorola USB Modem>
2008-08-01 20:02:03 9232 --a------ C:\WINDOWS\system32\drivers\mqdmmdfl.sys <Not Verified; MCCI; Motorola USB Modem Filter>
2008-08-01 20:02:03 6208 --a------ C:\WINDOWS\system32\drivers\mqdmcmnt.sys <Not Verified; MCCI; Motorola USB DIAG>
2008-08-01 20:02:03 6208 --a------ C:\WINDOWS\system32\drivers\mqdmcm.sys <Not Verified; MCCI; Motorola USB DIAG>
2008-08-01 20:02:03 66656 --a------ C:\WINDOWS\system32\drivers\mqdmbus.sys <Not Verified; MCCI; Motorola DM Composite Driver>
2008-08-01 20:02:03 5936 --a------ C:\Documents and Settings\Tan Pham\mqdmwhnt.sys <Not Verified; MCCI; Motorola DM Composite Driver>
2008-08-01 20:02:03 79328 --a------ C:\Documents and Settings\Tan Pham\mqdmserd.sys <Not Verified; MCCI; Motorola USB Diag>
2008-08-01 20:02:03 92064 --a------ C:\Documents and Settings\Tan Pham\mqdmmdm.sys <Not Verified; MCCI; Motorola USB Modem>
2008-08-01 20:02:03 9232 --a------ C:\Documents and Settings\Tan Pham\mqdmmdfl.sys <Not Verified; MCCI; Motorola USB Modem Filter>
2008-08-01 20:02:03 4048 --a------ C:\Documents and Settings\Tan Pham\mqdmcr.sys <Not Verified; MCCI; Motorola USB DIAG>
2008-08-01 20:02:03 6208 --a------ C:\Documents and Settings\Tan Pham\mqdmcmnt.sys <Not Verified; MCCI; Motorola USB DIAG>
2008-08-01 20:02:03 66656 --a------ C:\Documents and Settings\Tan Pham\mqdmbus.sys <Not Verified; MCCI; Motorola DM Composite Driver>
2008-08-01 20:02:02 6947 --a------ C:\Documents and Settings\Tan Pham\1217635322-(null)
2008-08-01 18:01:35 0 d-------- C:\Program Files\Avanquest update
2008-08-01 18:00:37 0 d-------- C:\Program Files\Motorola Phone Tools
2008-08-01 18:00:07 22768 --a------ C:\Documents and Settings\Tan Pham\usbsermpt.sys <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System>
2008-07-31 23:19:36 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Macromedia
2008-07-31 23:19:36 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Adobe
2008-07-31 21:02:29 0 d-------- C:\Documents and Settings\Tan Pham\Application Data\acccore
2008-07-31 20:40:28 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-07-31 20:40:03 0 d-------- C:\Program Files\Apple Software Update
2008-07-31 20:40:02 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-07-31 20:32:59 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-07-31 20:32:07 0 d-------- C:\Program Files\Yahoo!
2008-07-30 22:32:12 0 d-------- C:\VundoFix Backups
2008-07-30 14:59:30 0 d-------- C:\Program Files\Common Files\AnswerWorks 5.0
2008-07-30 14:59:15 1843200 --a------ C:\WINDOWS\system32\acXMLParser.dll <Not Verified; Apache Software Foundation; Xerces-C Version 2.7.0>
2008-07-30 14:58:25 0 d-------- C:\Program Files\Quicken
2008-07-30 14:56:07 116736 --a------ C:\WINDOWS\system32\drivers\mcdbus.sys <Not Verified; MagicISO, Inc.; MagicISO SCSI Host Controller>
2008-07-30 14:56:06 0 d-------- C:\Program Files\MagicDisc
2008-07-30 01:19:38 0 d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-07-29 21:51:07 0 d-------- C:\Documents and Settings\Tan Pham\Application Data\Protector Suite
2008-07-29 16:52:46 0 d-------- C:\Program Files\Trillian Astra
2008-07-26 18:18:50 0 d-------- C:\Program Files\Microsoft Money 2007
2008-07-25 17:34:08 0 d-------- C:\Documents and Settings\Tan Pham\Application Data\Viewpoint
2008-07-25 17:33:34 0 d-------- C:\Program Files\Common Files\Nullsoft
2008-07-25 17:32:58 54784 --a------ C:\WINDOWS\system32\Inetwh32.dll <Not Verified; Blue Sky Software Corporation.; Blue Sky Software - INETWH32>
2008-07-25 17:32:57 1044480 --a------ C:\WINDOWS\system32\roboex32.dll <Not Verified; eHelp Corporation.; RoboHELP for WinHelp 9>
2008-07-24 22:07:28 102400 --a------ C:\WINDOWS\system32\OBroker.exe <Not Verified; ; Orbiscom Broker Module>
2008-07-24 22:07:28 532480 --a------ C:\WINDOWS\system32\FFCore.dll <Not Verified; Orbiscom Ltd.
All rights reserved.; Form Fill Components>
2008-07-24 22:07:28 0 d-------- C:\Program Files\Virtual Account Numbers
2008-07-24 22:07:24 0 d-------- C:\Documents and Settings\Tan Pham\Application Data\InstallShield
2008-07-24 21:39:48 0 d-------- C:\Program Files\Netflix
2008-07-24 18:12:31 0 d-------- C:\Documents and Settings\Tan Pham\Application Data\AdobeUM
2008-07-24 00:58:59 0 d-------- C:\Documents and Settings\Tan Pham\Application Data\dvdcss
2008-07-24 00:21:04 0 d-------- C:\WINDOWS\IIS Temporary Compressed Files
2008-07-24 00:20:40 0 d-------- C:\WINDOWS\system32\Cache
2008-07-24 00:20:35 0 d-------- C:\WINDOWS\system32\FxsTmp
2008-07-23 21:02:16 0 d-------- C:\Program Files\Toshiba
2008-07-23 20:58:21 0 d-------- C:\Documents and Settings\All Users\Application Data\VAIO Media Platform
2008-07-23 20:57:25 2981888 --a------ C:\WINDOWS\system32\iplw7.dll <Not Verified; Intel Corporation.; Intel® Image Processing Library>
2008-07-23 20:57:25 2502656 --a------ C:\WINDOWS\system32\iplpx.dll <Not Verified; Intel Corporation.; Intel® Image Processing Library>
2008-07-23 20:57:25 2531328 --a------ C:\WINDOWS\system32\iplp6.dll <Not Verified; Intel Corporation.; Intel® Image Processing Library>
2008-07-23 20:57:25 2785280 --a------ C:\WINDOWS\system32\iplm6.dll <Not Verified; Intel Corporation.; Intel® Image Processing Library>
2008-07-23 20:57:24 2686976 --a------ C:\WINDOWS\system32\iplm5.dll <Not Verified; Intel Corporation.; Intel® Image Processing Library>
2008-07-23 20:57:24 2973696 --a------ C:\WINDOWS\system32\ipla6.dll <Not Verified; Intel Corporation.; Intel® Image Processing Library>
2008-07-23 20:57:24 53248 --a------ C:\WINDOWS\system32\ipl.dll <Not Verified; Intel Corporation.; Intel® Image Processing Library>
2008-07-23 20:57:24 19968 --a------ C:\WINDOWS\system32\Cpuinf32.dll
2008-07-23 20:34:46 0 d-------- C:\Program Files\Common Files\Protector Suite QL
2008-07-23 20:34:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-07-23 20:34:21 0 d-------- C:\Program Files\Viewpoint
2008-07-23 20:34:21 0 d-------- C:\Documents and Settings\All Users\Application Data\acccore
2008-07-23 20:26:51 0 d-------- C:\Program Files\Common Files\xing shared
2008-07-23 20:26:43 0 d-------- C:\Program Files\Real
2008-07-23 20:26:42 0 d-------- C:\Program Files\Common Files\Real
2008-07-23 20:20:40 0 d-------- C:\Program Files\AIM6
2008-07-23 12:05:38 0 d-------- C:\Program Files\Winamp
2008-07-23 10:54:30 0 d-------- C:\Program Files\TechSmith
2008-07-23 10:50:41 0 d-------- C:\Program Files\SlySoft
2008-07-23 10:48:51 0 d-------- C:\Program Files\Elaborate Bytes
2008-07-23 10:44:09 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-07-23 10:32:13 0 d-------- C:\Documents and Settings\Tan Pham\Application Data\WinRAR
2008-07-23 09:49:02 0 d-------- C:\Program Files\Google
2008-07-23 09:48:53 0 d-------- C:\Program Files\Picasa2
2008-07-23 09:46:34 0 d-------- C:\Program Files\Lavasoft
2008-07-23 09:45:53 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-23 01:08:30 0 d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-07-23 01:08:29 0 d-------- C:\Program Files\DVD Shrink
2008-07-23 00:59:24 0 d-------- C:\My Shared
2008-07-23 00:57:19 0 d-------- C:\Program Files\Combined Community Codec Pack
2008-07-23 00:40:39 0 d-------- C:\Program Files\Microsoft Silverlight
2008-07-23 00:31:34 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-07-23 00:31:17 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-07-23 00:29:13 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-07-22 23:55:48 0 d-------- C:\Program Files\Microsoft Picture It! 10
2008-07-22 23:28:24 0 d-------- C:\Program Files\PowerISO
2008-07-22 23:17:59 0 d-------- C:\temp
2008-07-22 23:16:37 0 d-------- C:\b9443697b46952f30f4e
2008-07-22 23:14:37 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2008-07-22 23:11:21 0 d-------- C:\Program Files\Nero
2008-07-22 23:11:21 0 d-------- C:\Program Files\Common Files\Ahead
2008-07-22 23:10:48 0 d-------- C:\93d30018e2b6dac1d9564130
2008-07-22 19:44:14 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-07-22 19:20:03 35382 --a------ C:\WINDOWS\scunin.dat
2008-07-22 19:20:02 967 --a------ C:\WINDOWS\ScUnin.pif
2008-07-22 19:20:02 94208 --a------ C:\WINDOWS\ScUnin.exe <Not Verified; Blizzard Entertainment; Starcraft Uninstaller>
2008-07-22 19:18:47 0 d-------- C:\Program Files\Starcraft
2008-07-22 19

51 0 d-------- C:\WINDOWS\Prefetch
2008-07-22 18:46:52 0 d--h----- C:\WINDOWS\system32\GroupPolicy
2008-07-22 18:29:37 0 d--hs---- C:\WINDOWS\CSC
2008-07-22 01:40:07 0 d-------- C:\Program Files\MSXML 4.0
2008-07-22 01:37:27 0 d-------- C:\Documents and Settings\Tan Pham\Application Data\vlc
2008-07-22 01:12:04 0 d-------- C:\Program Files\Stardock
2008-07-22 01:12:04 0 d-------- C:\Program Files\Common Files\Stardock
2008-07-22 01:00:09 0 d-------- C:\WINDOWS\system32\PreInstall
2008-07-22 00:58:28 1929216 --a------ C:\WINDOWS\system32\cdintf250.dll <Not Verified; Amyuni Technologies
http://www.amyuni.com; Amyuni Common Driver Interface>
2008-07-22 00:58:26 0 --a------ C:\WINDOWS\system32\ssprs.dll
2008-07-22 00:58:26 0 --a------ C:\WINDOWS\system32\serauth2.dll
2008-07-22 00:58:26 0 --a------ C:\WINDOWS\system32\serauth1.dll
2008-07-22 00:58:26 0 --a------ C:\WINDOWS\system32\nsprs.dll
2008-07-22 00:58:26 1024 --a------ C:\WINDOWS\system32\clauth2.dll
2008-07-22 00:58:26 1024 --a------ C:\WINDOWS\system32\clauth1.dll
2008-07-22 00:57:00 0 d-------- C:\Program Files\SPSS Evaluation
2008-07-22 00:56:51 1025 --a------ C:\WINDOWS\system32\sysprs7.dll
2008-07-22 00:56:51 205 --a------ C:\WINDOWS\system32\lsprst7.dll
2008-07-22 00:54:40 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-07-22 00:46:14 0 d-------- C:\Program Files\VideoLAN
2008-07-22 00:31:50 0 d-------- C:\WINDOWS\system32\appmgmt
2008-07-22 00:24:08 0 d-------- C:\Program Files\uTorrent
2008-07-22 00:18:59 0 d-------- C:\lj2100
2008-07-22 00:17:05 0 d-------- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2008-07-22 00:16:11 0 d-------- C:\HP-UPD-45_PCL5-32
2008-07-22 00:14:29 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-07-22 00:14:26 0 d-------- C:\Documents and Settings\Tan Pham\Application Data\skypePM
2008-07-22 00:13:00 0 d-------- C:\Program Files\Common Files\Skype
2008-07-22 00:11:49 0 d-------- C:\Program Files\QuickTime
2008-07-22 00:04:14 0 d-------- C:\Program Files\DynDNS Updater
2008-07-21 23:56:10 0 d-------- C:\WINDOWS\pss
2008-07-21 23:55:50 0 d-------- C:\WINDOWS\Sun
2008-07-21 23:35:01 0 d-------- C:\Documents and Settings\Tan Pham\winja_cache
2008-07-21 23:35:00 0 d---s---- C:\Documents and Settings\Tan Pham\UserData
2008-07-21 23:34:25 0 d-------- C:\Documents and Settings\Tan Pham\ChikkaDefault
2008-07-21 23:34:24 0 d-------- C:\Documents and Settings\Tan Pham\Application Data\yoclient
2008-07-21 23:34:24 0 d-------- C:\Documents and Settings\Tan Pham\Application Data\Winamp
2008-07-21 23:34:23 0 d-------- C:\Documents and Settings\Tan Pham\Application Data\Wal-Mart
2008-07-21 23:34:18 0 d-------- C:\Documents and Settings\Tan Pham\Application Data\uTorrent
2008-07-21 23:34:18 0 d-------- C:\Documents and Settings\Tan Pham\Application Data\Trillian
2008-07-21 23:34:18 0 d-------- C:\Documents and Settings\Tan Pham\Application Data\Template
2008-07-21 23:34:18 0 d-------- C:\Documents and Settings\Tan Pham\Application Data\Sun
2008-07-21 23:34:18 0 d-------- C:\Documents and Settings\Tan Pham\Application Data\Southwest Airlines
2008-07-21 23:34:17 0 d-------- C:\Documents and Settings\Tan Pham\Application Data\Skype
2008-07-21 23:34:17 0 d-------- C:\Documents and Settings\Tan Pham\Application Data\Real
2008-07-21 23:34:17 0 d-------- C:\Documents and Settings\Tan Pham\Application Data\Publish Providers
2008-07-21 23:34:16 0 d-------- C:\Documents and Settings\Tan Pham\Application Data\Paltalk
2008-07-21 23:34:16 0 d-------- C:\Documents and Settings\Tan Pham\Application Data\Opera
2008-07-21 23:34:16 0 d-------- C:\Documents and Settings\Tan Pham\Application Data\OfficeUpdate12
2008-07-21 23:34:16 0 d-------- C:\Documents and Settings\Tan Pham\Application Data\Netscape
2008-07-21 23:34:16 0 d-------- C:\Documents and Settings\Tan Pham\Application Data\Nero
2008-07-21 23:34:16 0 d-------- C:\Documents and Settings\Tan Pham\Application Data\MySpace
2008-07-21 23:34:06 0 d-------- C:\Documents and Settings\Tan Pham\Application Data\Macromedia
2008-07-21 23:34:05 0 d-------- C:\Documents and Settings\Tan Pham\Application Data\LimeWire
2008-07-21 23:34:05 0 d-------- C:\Documents and Settings\Tan Pham\Application Data\Juniper Networks
2008-07-21 23:34:05 0 d-------- C:\Documents and Settings\Tan Pham\Application Data\Intuit
2008-07-21 23:34:05 0 d-------- C:\Documents and Settings\Tan Pham\Application Data\Infineon
2008-07-21 23:34:05 0 d-------- C:\Documents and Settings\Tan Pham\Application Data\Gizmo Project
2008-07-21 23:34:05 0 d-------- C:\Documents and Settings\Tan Pham\Application Data\FrostWire
2008-07-21 23:34:05 0 d-------- C:\Documents and Settings\Tan Pham\Application Data\Apple Computer
2008-07-21 23:34:05 0 d-------- C:\Documents and Settings\Tan Pham\Application Data\AOL
2008-07-21 23:34:04 0 d-------- C:\Documents and Settings\Tan Pham\Application Data\American Airlines DealFinder
2008-07-21 23:34:04 0 d-------- C:\Documents and Settings\Tan Pham\Application Data\Ahead
2008-07-21 23:34:03 0 d-------- C:\Documents and Settings\Tan Pham\Application Data\.purple
2008-07-21 23:31:09 0 d-------- C:\Documents and Settings\Tan Pham\usrusmt2.tmp
2008-07-21 23:30:50 0 d-------- C:\WINDOWS\system32\XPSViewer
2008-07-21 23:30:41 0 d-------- C:\WINDOWS\system32\LogFiles
2008-07-21 23:30:38 0 d-------- C:\WINDOWS\SQLHotfix
2008-07-21 23:29:56 0 d-------- C:\Program Files\Windows Media Connect 2
2008-07-21 23:28:32 0 d-------- C:\Program Files\Symantec
2008-07-21 23:28:32 0 d-------- C:\Program Files\Symantec AntiVirus
2008-07-21 23:28:09 0 d-------- C:\Program Files\Skype
2008-07-21 23:25:14 0 d-------- C:\Program Files\Riva
2008-07-21 23:25:13 0 d-------- C:\Program Files\Reference Assemblies
2008-07-21 23:25:09 0 d-------- C:\Program Files\Protector Suite QL
2008-07-21 23:25:07 0 d-------- C:\Program Files\Pidgin
2008-07-21 23:24:12 0 d-------- C:\Program Files\MSN Messenger
2008-07-21 23:20:17 0 d-------- C:\Program Files\DC++
2008-07-21 23:20:07 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-07-21 23:20:05 0 d-------- C:\Program Files\Common Files\Nero
2008-07-21 23:20:05 0 d-------- C:\Program Files\Common Files\Motorola Shared
2008-07-21 23:20:04 0 d-------- C:\Program Files\Common Files\Macromedia
2008-07-21 23:20:04 0 d-------- C:\Program Files\Common Files\GTK
2008-07-21 23:20:04 0 d-------- C:\Program Files\Common Files\GPL Ghostscript Shared
2008-07-21 23:20:00 0 d-------- C:\Program Files\Common Files\AOL
2008-07-21 23:19:56 0 d-------- C:\Program Files\AltBinz
2008-07-21 23:19:46 0 d-------- C:\Intel
2008-07-21 23:19:45 0 d-------- C:\Infineon
2008-07-21 23:19:45 0 d-------- C:\Inetpub
2008-07-21 23:19:43 0 d-------- C:\drivers
2008-07-21 23:19:42 0 d-------- C:\Documents and Settings\All Users\Application Data\WholeSecurity
2008-07-21 23:19:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Wal-Mart
2008-07-21 23:19:41 0 d-------- C:\Documents and Settings\All Users\Application Data\TechSmith
2008-07-21 23:19:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-07-21 23:19:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-21 23:19:31 0 d-------- C:\Documents and Settings\All Users\Application Data\NVIDIA
2008-07-21 23:19:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-07-21 23:19:26 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-21 23:19:25 0 d-------- C:\Documents and Settings\All Users\Application Data\Kodak
2008-07-21 23:19:24 0 d-------- C:\Documents and Settings\All Users\Application Data\Intuit
2008-07-21 23:19:24 0 d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-07-21 23:19:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2008-07-21 23:19:23 0 d-------- C:\Documents and Settings\All Users\Application Data\G7PS
2008-07-21 23:19:23 0 d-------- C:\Documents and Settings\All Users\Application Data\DynDNS
2008-07-21 23:19:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Digital Interactive Systems Corporation
2008-07-21 23:19:23 0 d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2008-07-21 23:19:17 0 d-------- C:\Documents and Settings\All Users\Application Data\BVRP Software
2008-07-21 23:19:16 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-07-21 23:19:16 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-07-21 23:19:14 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL
2008-07-21 23

55 0 d-------- C:\Program Files\Microsoft.NET
2008-07-21 23:03:45 724992 --a------ C:\WINDOWS\system32\ebCrypt.dll <Not Verified; EB Design Pty Ltd; ebCrypt>
2008-07-21 23:03:43 0 d-------- C:\Program Files\chatClient
2008-07-21 23:00:25 0 d-------- C:\WINDOWS\SHELLNEW
2008-07-21 22:59:36 0 d-------- C:\WINDOWS\system32\NtmsData
2008-07-21 22:59:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-07-21 22:50:33 0 dr-h----- C:\MSOCache
2008-07-21 22:45:46 0 d-------- C:\Documents and Settings\Tan Pham\Application Data\Adobe
2008-07-21 22:43:33 0 d-------- C:\Program Files\Trillian
2008-07-21 22:41:15 0 d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-07-21 22:35:22 0 d-------- C:\WINDOWS\system32\scripting
2008-07-21 22:35:21 0 d-------- C:\WINDOWS\l2schemas
2008-07-21 22:35:20 0 d-------- C:\WINDOWS\system32\en
2008-07-21 22:35:20 0 d-------- C:\WINDOWS\system32\bits
2008-07-21 22:31:37 0 d-------- C:\Program Files\MozBackup
2008-07-21 22:30:56 0 d-------- C:\WINDOWS\network diagnostic
2008-07-21 22:25:04 335 --a------ C:\WINDOWS\nsreg.dat
2008-07-21 22:25:01 0 d-------- C:\Documents and Settings\Tan Pham\Application Data\Mozilla
2008-07-21 22:21:19 0 d-------- C:\WINDOWS\ServicePackFiles
2008-07-21 22:10:18 0 d-------- C:\Documents and Settings\All Users\Application Data\Logishrd
2008-07-21 22:10:15 0 d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2008-07-21 22:10:14 0 d-------- C:\Program Files\Logitech
2008-07-21 22:05:49 0 d-------- C:\Program Files\Common Files\logishrd
2008-07-21 22:02:29 0 dr------- C:\Documents and Settings\Tan Pham\Favorites
2008-07-21 22:02:29 0 dr------- C:\Documents and Settings\Tan Pham\Desktop
2008-07-21 22:02:29 0 d---s---- C:\Documents and Settings\Tan Pham\Cookies
2008-07-21 22:02:29 0 dr-h----- C:\Documents and Settings\Tan Pham\Application Data
2008-07-21 22:02:29 0 d-------- C:\Documents and Settings\Tan Pham\Application Data\Sony Corporation
2008-07-21 22:02:29 0 d-------- C:\Documents and Settings\Tan Pham\Application Data\Intel
2008-07-21 22:02:29 0 d-------- C:\Documents and Settings\Tan Pham\Application Data\Identities
2008-07-21 22:02:28 0 d--h----- C:\Documents and Settings\Tan Pham\Templates
2008-07-21 22:02:28 0 dr------- C:\Documents and Settings\Tan Pham\Start Menu
2008-07-21 22:02:28 0 dr-h----- C:\Documents and Settings\Tan Pham\SendTo
2008-07-21 22:02:28 0 dr-h----- C:\Documents and Settings\Tan Pham\Recent
2008-07-21 22:02:28 0 d--h----- C:\Documents and Settings\Tan Pham\PrintHood
2008-07-21 22:02:28 7602176 --ah----- C:\Documents and Settings\Tan Pham\NTUSER.DAT
2008-07-21 22:02:28 0 d--h----- C:\Documents and Settings\Tan Pham\NetHood
2008-07-21 22:02:28 0 dr------- C:\Documents and Settings\Tan Pham\My Documents
2008-07-21 22:02:28 0 d--h----- C:\Documents and Settings\Tan Pham\Local Settings
2008-07-21 22:02:06 262144 --a------ C:\Documents and Settings\All Users\NTUSER.DAT
2008-07-21 22:01:59 0 d-------- C:\Documents and Settings\Default User\Application Data\Sony Corporation
2008-07-21 22:01:59 0 d-------- C:\Documents and Settings\Default User\Application Data\Intel
2008-07-21 22:01:41 0 d-------- C:\WINDOWS\system32\SoftwareDistribution

-- Find3M Report ---------------------------------------------------------------

2008-08-06 01:26:13 0 d-------- C:\Program Files\Common Files
2008-08-06 01:15:09 0 d-------- C:\Program Files\Sony
2008-08-06 01:15:09 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-08-03 03:18:55 0 d-------- C:\Program Files\Common Files\Adobe
2008-08-01 20:52:57 2528 --a------ C:\Documents and Settings\Tan Pham\Application Data\$_hpcst$.hpc
2008-07-23 20:59:09 0 d-------- C:\Program Files\Common Files\Sony Shared
2008-07-22 18:58:59 0 d-------- C:\Program Files\Messenger
2008-07-22 18:58:36 0 d-------- C:\Program Files\Movie Maker
2008-07-22 18:55:43 0 d-------- C:\Program Files\Windows NT
2008-07-21 23:21:10 0 d-------- C:\Program Files\Java

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{246D8DEE-5F51-4351-B33C-009E3F33D131}]
C:\WINDOWS\system32\uRLDvwwV.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BE961036-940B-42C8-9180-FF943717739b}]
C:\WINDOWS\system32\esqeobds.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c45908b5-baf9-4162-a53f-a07e7410fe14}]
C:\WINDOWS\system32\vmjmwi.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [12/17/2005 03:08 PM]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [12/17/2005 03:08 PM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [12/17/2005 03:08 PM]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [11/17/2004 11:47 PM]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [02/28/2006 05:25 PM]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [02/28/2006 05:25 PM]
"EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [02/28/2006 05:29 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [06/20/2006 08:45 PM]
"VAIO Recovery"="C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe" [04/20/2003 12:08 AM]
"SonyPowerCfg"="C:\Program Files\Sony\VAIO Power Management\SPMgr.exe" [06/13/2006 01:22 PM]
"ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [02/20/2004 05:12 PM]
"Switcher.exe"="C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe" [02/14/2006 03:11 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [07/19/2006 07:26 PM]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [09/27/2006 08:33 PM]
"Biomenu"="C:\Program Files\Protector Suite QL\menusw.exe" [02/22/2006 06:10 PM]
"VAIOCameraUtility"="C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe" [12/27/2005 01:58 PM]
"PartSeal"="C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe" [04/20/2003 12:08 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [05/27/2008 10:50 AM]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [04/23/2008 02:08 AM]
"@"="" []
"VAIO Update 3"="C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe" [05/15/2007 08:46 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [05/30/2008 03:54 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/14/2008 05:42 AM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [07/07/2008 09:42 AM]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [11/13/2006 01:39 PM]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [07/23/2008 01:16 PM]

C:\Documents and Settings\Tan Pham\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [7/22/2008 1:12:04 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [8/2/2008 10:31:48 PM]
America Online 9.0 Tray Icon.lnk - C:\Program Files\America Online 9.0\aoltray.exe [8/3/2008 9:56:30 PM]
DynDNS Updater Tray Icon.lnk - C:\Program Files\DynDNS Updater\DynTray.exe [6/23/2008 3:04:20 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
fusstub.dll 02/22/2006 06:11 PM 39936 C:\WINDOWS\system32\fusstub.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
VESWinlogon.dll 03/09/2006 05:51 PM 73728 C:\WINDOWS\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\uRLDvwwV
"Notification Packages"= fusstub

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 8.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 8.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 8.0 Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk
backup=C:\WINDOWS\pss\Bluetooth Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Tan Pham^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\Tan Pham\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Tan Pham^Start Menu^Programs^Startup^MagicDisc.lnk]
path=C:\Documents and Settings\Tan Pham\Start Menu\Programs\Startup\MagicDisc.lnk
backup=C:\WINDOWS\pss\MagicDisc.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\58a63c70]
rundll32.exe "C:\WINDOWS\system32\wsghmmht.dll",b

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
"C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
"C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Citi Virtual Account Numbers]
C:\PROGRA~1\VIRTUA~1\CitiVAN.exe /lang=en_RG /dontopenmycards

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
"C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
"C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
"C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell]
C:\Program Files\Napster\napster.exe /systray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe AcPro7_0_0

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIOSecurity]
"C:\Program Files\Sony\VAIO Security Center\VSC.exe" 1

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc
HPZ12 Pml Driver HPZ12 Net Driver HPZ12

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc

-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

8940 more entries in hosts file.

-- End of Deckard's System Scanner: finished at 2008-08-08 01:21:49 ------------

tetonbob · 08-10-2008, 06:10 PM

Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery mode if needed. This allows us to help you in the case that your computer has a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

For Windows XP Service Pack 3, you may use the Recovery Console package for Windows XP Professional Service Pack 2.

http://www.microsoft.com/downloads/d...displaylang=en

As part of installing the Recovery Console, ComboFix will begin to run. Follow the prompts to install the Recovery Console. Your desktop may disappear. This is normal. It will return.

Once the Recovery Console is installed using ComboFix, you should see a message that says:

The Recovery Console was successfully installed.

Please continue as follows:

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

If you have any questions along the way, STOP and ask them before proceeding.

tppiii · 08-14-2008, 08:20 AM

Attached is the combofix and hjthis log as you requested. Sorry for the delay.

I had to run combofix twice. The first time around, my computer powered off since the battery died. So I had to plug in the laptop and reran things. I ended up leaving combofix running and went to bed, and when i came back, my computer was restarted and I logged into Windows and it made the log.

Thank you so much for your help.

ComboFix 08-08-13.02 - Tan Pham 2008-08-14 2:01:37.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1364 [GMT -4:00]
Running from: C:\Documents and Settings\Tan Pham\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\LocalService\Application Data\macromedia\Flash Player\#SharedObjects\LBDJGAAP\interclick.com
C:\Documents and Settings\LocalService\Application Data\macromedia\Flash Player\#SharedObjects\LBDJGAAP\interclick.com\ud.sol
C:\Documents and Settings\LocalService\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\LocalService\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\NetworkService\Application Data\macromedia\Flash Player\#SharedObjects\8VMXRE2T\interclick.com
C:\Documents and Settings\NetworkService\Application Data\macromedia\Flash Player\#SharedObjects\8VMXRE2T\interclick.com\ud.sol
C:\Documents and Settings\NetworkService\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\NetworkService\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\Tan Pham\Application Data\macromedia\Flash Player\#SharedObjects\TXQYMC2Z\interclick.com
C:\Documents and Settings\Tan Pham\Application Data\macromedia\Flash Player\#SharedObjects\TXQYMC2Z\interclick.com\ud.sol
C:\Documents and Settings\Tan Pham\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Tan Pham\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\Tan Pham\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\WINDOWS\BM5b950fec.txt
C:\WINDOWS\system32\hytdbxav.ini
C:\WINDOWS\system32\jbhprwlq.ini
C:\WINDOWS\system32\lsprst7.dll
C:\WINDOWS\system32\nsprs.dll
C:\WINDOWS\system32\oqrxtpnd.ini
C:\WINDOWS\system32\serauth1.dll
C:\WINDOWS\system32\serauth2.dll
C:\WINDOWS\system32\ssprs.dll
C:\WINDOWS\system32\thmmhgsw.ini
C:\WINDOWS\system32\vofgwgac.ini
.
---- Previous Run -------
.
C:\WINDOWS\cookies.ini
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\setup.exe
C:\WINDOWS\system32\afinding.exe
C:\WINDOWS\system32\atsxyzd.sys
C:\WINDOWS\system32\Cache
C:\WINDOWS\system32\comsa32.sys
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\Nobicyt.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_AFINDING
-------\Legacy_MACIDWE
-------\Legacy_PERFMONS
-------\Legacy_PERFS
-------\Legacy_ROUTING
-------\Legacy_SOBICYT
-------\Legacy_TDXDOWKC
-------\Legacy_WSERVING
-------\Service_AFinding
-------\Service_macidwe
-------\Service_perfmons
-------\Service_perfs
-------\Service_Routing
-------\Service_sobicyt
-------\Service_tdxdowkc
-------\Service_WServing

((((((((((((((((((((((((( Files Created from 2008-07-14 to 2008-08-14 )))))))))))))))))))))))))))))))
.

2008-08-11 18:43 . 2008-08-11 18:43 <DIR> d-------- C:\Nokia
2008-08-11 18:43 . 2008-08-11 18:43 <DIR> d-------- C:\Documents and Settings\Tan Pham\.Nokia
2008-08-11 18:38 . 2008-08-11 18:43 <DIR> d--h----- C:\Program Files\Zero G Registry
2008-08-11 18:38 . 2008-08-11 18:38 <DIR> d--h----- C:\Documents and Settings\Tan Pham\InstallAnywhere
2008-08-11 04:16 . 2008-08-11 04:16 169,312 --a------ C:\Babyboy.mp3
2008-08-11 01:01 . 2006-11-05 08:36 184,737 --a------ C:\robot.mp3
2008-08-08 20:27 . 2008-02-15 12:45 172,032 --a------ C:\WINDOWS\system32\igfxres.dll
2008-08-08 15:43 . 2008-08-08 15:43 <DIR> d-------- C:\WINDOWS\system32\Lang
2008-08-08 15:43 . 2008-02-15 13:12 5,854,752 --a------ C:\WINDOWS\system32\drivers\igxpmp32.sys
2008-08-08 15:43 . 2008-02-15 13:12 2,643,968 --a------ C:\WINDOWS\system32\igxpdx32.dll
2008-08-08 15:43 . 2008-02-15 13:12 1,670,144 --a------ C:\WINDOWS\system32\igxpdv32.dll
2008-08-08 15:43 . 2008-03-07 12:56 920,088 --a------ C:\WINDOWS\system32\igxpun.exe
2008-08-08 15:43 . 2008-02-15 12:49 176,128 --a------ C:\WINDOWS\system32\igfxrsky.lrc
2008-08-08 15:43 . 2008-02-15 12:49 172,032 --a------ C:\WINDOWS\system32\igfxrslv.lrc
2008-08-08 15:43 . 2008-02-15 13:12 151,040 --a------ C:\WINDOWS\system32\igxpgd32.dll
2008-08-08 15:43 . 2008-02-15 13:21 147,456 --a------ C:\WINDOWS\system32\igfxCoIn_v4926.dll
2008-08-08 15:43 . 2008-02-15 13:12 57,344 --a------ C:\WINDOWS\system32\igxprd32.dll
2008-08-08 15:32 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-08-08 15:29 . 2008-08-08 15:29 <DIR> d-------- C:\Program Files\Viewpoint
2008-08-08 01:01 . 2008-08-08 01:01 <DIR> d-------- C:\Deckard
2008-08-08 00:58 . 2008-08-08 00:58 <DIR> d-------- C:\ie-spyad_zo
2008-08-08 00:45 . 2008-08-08 00:45 <DIR> d-------- C:\Documents and Settings\Tan Pham\Application Data\Uniblue
2008-08-08 00:30 . 2008-08-08 00:30 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-07 21:43 . 2008-08-07 21:43 <DIR> d-------- C:\NVIDIA
2008-08-07 21:43 . 2007-12-18 21:06 356,352 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2008-08-07 19:07 . 2008-08-07 19:07 <DIR> d-------- C:\Documents and Settings\Tan Pham\Application Data\InstallShield Installation Information
2008-08-07 18:45 . 2008-08-07 18:45 <DIR> d-------- C:\Program Files\Unreal Tournament 3
2008-08-07 18:45 . 2008-08-07 18:45 <DIR> d-------- C:\Program Files\AGEIA Technologies
2008-08-07 01:48 . 2008-08-07 01:48 <DIR> d-------- C:\Documents and Settings\Tan Pham\Application Data\.Tribler
2008-08-07 01:48 . 2008-08-07 01:48 <DIR> d-------- C:\Documents and Settings\Tan Pham\Application Data\.SwarmPlayer
2008-08-07 01:47 . 2008-08-07 01:48 <DIR> d-------- C:\Program Files\SwarmPlayer
2008-08-06 11:54 . 2008-08-06 11:54 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AdobeUM
2008-08-06 01:35 . 1999-03-10 17:07 934,160 --a------ C:\WINDOWS\system32\msjava.dll
2008-08-06 01:26 . 2008-08-06 01:26 <DIR> d-------- C:\Program Files\UltraISO
2008-08-06 01:26 . 2008-08-06 01:26 <DIR> d-------- C:\Program Files\Common Files\EZB Systems
2008-08-05 22:55 . 2008-08-05 22:55 <DIR> d-------- C:\Program Files\Common Files\Risxtd
2008-08-05 22:55 . 2008-08-05 22:55 <DIR> d-------- C:\Program Files\Common Files\ResearchSoft
2008-08-05 22:55 . 2008-08-13 21:14 <DIR> d-------- C:\Documents and Settings\Tan Pham\Application Data\EndNote
2008-08-05 22:52 . 2008-08-05 22:55 <DIR> d-------- C:\Program Files\EndNote X2
2008-08-05 22:51 . 2008-08-05 22:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Thomson.ResearchSoft.Installers
2008-08-04 03:14 . 2008-08-04 03:14 <DIR> d-------- C:\Program Files\Vivaty
2008-08-03 21:58 . 2008-08-03 21:58 <DIR> d-------- C:\WINDOWS\occache
2008-08-03 21:58 . 2008-08-03 21:58 <DIR> d-------- C:\Program Files\Learn2.com
2008-08-03 21:58 . 2008-08-03 22:07 <DIR> d-------- C:\Program Files\AOL Companion
2008-08-03 21:56 . 2003-05-30 13:46 1,706,800 --a------ C:\WINDOWS\system32\gdiplus.dll
2008-08-03 21:56 . 2003-08-15 15:17 153,088 --a------ C:\WINDOWS\system32\jgdwmie.dll
2008-08-03 21:56 . 2003-01-10 17:13 65,536 --a------ C:\WINDOWS\wanmpsvc.exe
2008-08-03 21:56 . 2003-01-10 17:13 33,588 --a------ C:\WINDOWS\system32\drivers\wanatw4.sys
2008-08-03 21:56 . 2003-08-15 15:16 24,659 --a------ C:\WINDOWS\system32\aolddial.dll
2008-08-03 21:55 . 2008-08-03 21:58 <DIR> d-------- C:\Program Files\Common Files\aolshare
2008-08-03 21:55 . 2008-08-12 22:32 <DIR> d-------- C:\Program Files\America Online 9.0
2008-08-02 16:44 . 2008-08-02 16:44 2 --a------ C:\WINDOWS\msoffice.ini
2008-08-02 16:14 . 2008-08-03 00:25 <DIR> d-------- C:\Program Files\Samsung
2008-08-02 14:40 . 2008-08-02 14:41 <DIR> d-------- C:\Documents and Settings\Tan Pham\Application Data\Yahoo!
2008-08-02 14:40 . 2008-08-02 14:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-08-02 00:04 . 2008-08-02 00:04 <DIR> d---s---- C:\Documents and Settings\NetworkService\UserData
2008-08-01 20:52 . 2008-08-01 20:52 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2008-08-01 20:24 . 2008-08-01 20:24 <DIR> d-------- C:\Program Files\Motorola
2008-08-01 20:24 . 2006-07-28 08:12 40,960 --a------ C:\WINDOWS\system32\drivers\motodrv.sys
2008-08-01 20:02 . 2008-08-01 20:02 92,064 --a------ C:\WINDOWS\system32\drivers\mqdmmdm.sys
2008-08-01 20:02 . 2008-08-01 20:02 92,064 --a------ C:\Documents and Settings\Tan Pham\mqdmmdm.sys
2008-08-01 20:02 . 2008-08-01 20:02 79,328 --a------ C:\WINDOWS\system32\drivers\mqdmserd.sys
2008-08-01 20:02 . 2008-08-01 20:02 79,328 --a------ C:\Documents and Settings\Tan Pham\mqdmserd.sys
2008-08-01 20:02 . 2008-08-01 20:02 66,656 --a------ C:\WINDOWS\system32\drivers\mqdmbus.sys
2008-08-01 20:02 . 2008-08-01 20:02 66,656 --a------ C:\Documents and Settings\Tan Pham\mqdmbus.sys
2008-08-01 20:02 . 2008-08-01 20:02 9,232 --a------ C:\WINDOWS\system32\drivers\mqdmmdfl.sys
2008-08-01 20:02 . 2008-08-01 20:02 9,232 --a------ C:\Documents and Settings\Tan Pham\mqdmmdfl.sys
2008-08-01 20:02 . 2008-08-01 20:02 6,208 --a------ C:\WINDOWS\system32\drivers\mqdmcmnt.sys
2008-08-01 20:02 . 2008-08-01 20:02 6,208 --a------ C:\WINDOWS\system32\drivers\mqdmcm.sys
2008-08-01 20:02 . 2008-08-01 20:02 6,208 --a------ C:\Documents and Settings\Tan Pham\mqdmcmnt.sys
2008-08-01 20:02 . 2008-08-01 20:02 5,936 --a------ C:\WINDOWS\system32\drivers\mqdmwhnt.sys
2008-08-01 20:02 . 2008-08-01 20:02 5,936 --a------ C:\WINDOWS\system32\drivers\mqdmwh.sys
2008-08-01 20:02 . 2008-08-01 20:02 5,936 --a------ C:\Documents and Settings\Tan Pham\mqdmwhnt.sys
2008-08-01 20:02 . 2008-08-01 20:02 4,048 --a------ C:\Documents and Settings\Tan Pham\mqdmcr.sys
2008-08-01 18:01 . 2008-08-01 18:45 <DIR> d-------- C:\Program Files\Avanquest update
2008-08-01 18:01 . 2008-04-14 00:15 26,112 --a------ C:\WINDOWS\system32\drivers\usbser.sys
2008-08-01 18:01 . 2008-04-14 00:15 26,112 --a--c--- C:\WINDOWS\system32\dllcache\usbser.sys
2008-08-01 18:00 . 2008-08-01 20:02 <DIR> d-------- C:\Program Files\Motorola Phone Tools
2008-08-01 18:00 . 2008-08-01 20:02 25,600 --a------ C:\Documents and Settings\Tan Pham\usbsermptxp.sys
2008-08-01 18:00 . 2008-08-01 20:02 22,768 --a------ C:\Documents and Settings\Tan Pham\usbsermpt.sys
2008-07-31 21:02 . 2008-07-31 21:02 <DIR> d-------- C:\Documents and Settings\Tan Pham\Application Data\acccore
2008-07-31 20:40 . 2008-07-31 20:40 <DIR> d-------- C:\Program Files\Apple Software Update
2008-07-31 20:40 . 2008-07-31 20:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-07-31 20:40 . 2008-07-31 20:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-07-31 20:32 . 2008-07-31 20:32 <DIR> d-------- C:\Program Files\Yahoo!
2008-07-31 20:32 . 2008-07-31 20:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-07-30 22:32 . 2008-07-31 00:32 <DIR> d-------- C:\VundoFix Backups
2008-07-30 14:59 . 2008-07-30 20:01 <DIR> d-------- C:\Program Files\Common Files\AnswerWorks 5.0
2008-07-30 14:59 . 2007-07-26 17:13 3,518,464 --a------ C:\WINDOWS\system32\cdintf300.dll
2008-07-30 14:59 . 2007-07-26 17:13 1,843,200 --a------ C:\WINDOWS\system32\acXMLParser.dll
2008-07-30 14:58 . 2008-07-30 20:02 <DIR> d-------- C:\Program Files\Quicken
2008-07-30 14:58 . 2008-07-30 20:02 76 --a------ C:\WINDOWS\QUICKEN.INI
2008-07-30 14:56 . 2008-07-30 14:56 <DIR> d-------- C:\Program Files\MagicDisc
2008-07-30 14:56 . 2008-07-28 17:19 116,736 --a------ C:\WINDOWS\system32\drivers\mcdbus.sys
2008-07-30 01:19 . 2008-07-30 01:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-07-30 00:51 . 2008-07-30 00:51 0 --a------ C:\WINDOWS\BM5b950fec.xml
2008-07-29 21:54 . 2008-07-29 21:54 0 --a------ C:\WINDOWS\tosOBEX.INI
2008-07-29 21:51 . 2008-07-29 21:51 <DIR> d-------- C:\Documents and Settings\Tan Pham\Application Data\Protector Suite
2008-07-29 16:52 . 2008-07-31 20:59 <DIR> d-------- C:\Program Files\Trillian Astra
2008-07-26 18:18 . 2008-07-30 19:41 <DIR> d-------- C:\Program Files\Microsoft Money 2007
2008-07-25 17:33 . 2008-08-03 21:58 <DIR> d-------- C:\Program Files\Common Files\Nullsoft
2008-07-25 17:33 . 2008-04-14 05:42 1,499,136 --a------ C:\WINDOWS\system32\shdocvw.bak
2008-07-25 17:32 . 2003-08-15 15:17 1,044,480 --a------ C:\WINDOWS\system32\roboex32.dll
2008-07-25 17:32 . 2003-08-15 15:17 54,784 --a------ C:\WINDOWS\system32\Inetwh32.dll
2008-07-25 17:32 . 2003-08-15 15:17 29,184 --a------ C:\WINDOWS\system32\popup.ocx
2008-07-24 22:07 . 2008-07-24 22:07 <DIR> d-------- C:\Program Files\Virtual Account Numbers
2008-07-24 22:07 . 2008-07-24 22:07 <DIR> d-------- C:\Documents and Settings\Tan Pham\Application Data\InstallShield
2008-07-24 22:07 . 2007-12-07 15:51 532,480 --a------ C:\WINDOWS\system32\FFCore.dll
2008-07-24 22:07 . 2007-12-07 15:51 102,400 --a------ C:\WINDOWS\system32\OBroker.exe
2008-07-24 21:39 . 2008-07-24 21:39 <DIR> d-------- C:\Program Files\Netflix
2008-07-24 18:12 . 2008-08-07 22:11 <DIR> d-------- C:\Documents and Settings\Tan Pham\Application Data\AdobeUM
2008-07-24 00:58 . 2008-08-09 20:40 <DIR> d-------- C:\Documents and Settings\Tan Pham\Application Data\dvdcss
2008-07-24 00:21 . 2008-07-24 00:21 <DIR> d-------- C:\WINDOWS\IIS Temporary Compressed Files
2008-07-23 21:02 . 2008-07-23 21:02 <DIR> d-------- C:\Program Files\Toshiba
2008-07-23 20:58 . 2008-07-23 20:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\VAIO Media Platform
2008-07-23 20:57 . 2005-11-11 16:00 2,981,888 --a------ C:\WINDOWS\system32\iplw7.dll
2008-07-23 20:57 . 2005-11-11 16:00 2,973,696 --a------ C:\WINDOWS\system32\ipla6.dll
2008-07-23 20:57 . 2005-11-11 16:00 2,785,280 --a------ C:\WINDOWS\system32\iplm6.dll
2008-07-23 20:57 . 2005-11-11 16:00 2,686,976 --a------ C:\WINDOWS\system32\iplm5.dll
2008-07-23 20:57 . 2005-11-11 16:00 2,531,328 --a------ C:\WINDOWS\system32\iplp6.dll
2008-07-23 20:57 . 2005-11-11 16:00 2,502,656 --a------ C:\WINDOWS\system32\iplpx.dll
2008-07-23 20:57 . 2005-11-11 16:00 53,248 --a------ C:\WINDOWS\system32\ipl.dll
2008-07-23 20:57 . 2005-11-11 16:00 19,968 --a------ C:\WINDOWS\system32\Cpuinf32.dll
2008-07-23 20:34 . 2008-07-23 20:34 <DIR> d-------- C:\Program Files\Common Files\Protector Suite QL
2008-07-23 20:34 . 2008-08-08 15:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-08 19:32 --------- d-----w C:\Program Files\Java
2008-08-06 05:15 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-06 05:15 --------- d-----w C:\Program Files\Sony
2008-08-03 07:18 --------- d-----w C:\Program Files\Common Files\Adobe
2008-07-24 00:59 --------- d-----w C:\Program Files\Common Files\Sony Shared
2008-07-22 04:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Napster
2008-07-22 03:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony Corporation
2008-07-22 01:54 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Sony Corporation
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 09:42 2156368]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-05-30 15:54 21718312]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 05:42 15360]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 13:39 1289000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-09-27 20:33 125168]
"VAIOCameraUtility"="C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe" [2005-12-27 13:58 69632]
"VAIO Update 3"="C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe" [2007-05-15 20:46 551032]
"VAIO Recovery"="C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 00:08 28672]
"Switcher.exe"="C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2006-02-14 15:11 176128]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"SonyPowerCfg"="C:\Program Files\Sony\VAIO Power Management\SPMgr.exe" [2006-06-13 13:22 217088]
"PartSeal"="C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 00:08 28672]
"ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 17:12 32768]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-02-28 17:25 667718]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-02-28 17:25 602182]
"EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [2006-02-28 17:29 569413]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-07-19 19:26 52896]
"Biomenu"="C:\Program Files\Protector Suite QL\menusw.exe" [2006-02-22 18:10 1354240]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-11-17 23:47 118784]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2008-02-15 12:46 135168]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2008-02-15 12:46 159744]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2008-02-15 12:46 131072]

C:\Documents and Settings\Tan Pham\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2008-07-22 01:12:04 3450608]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2006-04-07 16:37:00 1773568]
DynDNS Updater Tray Icon.lnk - C:\Program Files\DynDNS Updater\DynTray.exe [2008-06-23 15:04:20 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2006-02-22 18:11 39936 C:\WINDOWS\system32\fusstub.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2006-03-09 17:51 73728 C:\WINDOWS\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= C:\PROGRA~1\COMMON~1\SONYSH~1\VideoLib\sonydv.dll
"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
"vidc.wmv3"= C:\PROGRA~1\COMBIN~1\Filters\wmv9vcm.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 8.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 8.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 8.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Tan Pham^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\Tan Pham\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Tan Pham^Start Menu^Programs^Startup^MagicDisc.lnk]
path=C:\Documents and Settings\Tan Pham\Start Menu\Programs\Startup\MagicDisc.lnk
backup=C:\WINDOWS\pss\MagicDisc.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
--a------ 2008-04-23 02:08 483328 C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2006-11-16 19:04 139264 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Citi Virtual Account Numbers]
--a------ 2007-12-07 15:52 270336 C:\PROGRA~1\VIRTUA~1\CitiVAN.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
--a------ 2006-09-28 15:21 57344 C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-14 05:42 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2006-11-13 13:39 1289000 C:\Program Files\Microsoft ActiveSync\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
--a------ 2007-10-25 19:33 563984 C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
--a------ 2007-10-25 19:37 2178832 C:\Program Files\Logitech\QuickCam\Quickcam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 15:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2006-06-20 20:45 7561216 C:\WINDOWS\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2006-11-06 04:27 200704 C:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-07-23 20:26 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
--a------ 2006-03-30 16:45 313472 C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--------- 2006-10-18 20:05 204288 C:\Program Files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WServing"=2 (0x2)
"VAIO Entertainment TV Device Arbitration Service"=3 (0x3)
"tdxdowkc"=2 (0x2)
"SavRoam"=3 (0x3)
"Routing"=2 (0x2)
"perfs"=2 (0x2)
"PACSPTISVR"=3 (0x3)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"NBService"=3 (0x3)
"MSCSPTISRV"=3 (0x3)
"macidwe"=2 (0x2)
"LVSrvLauncher"=2 (0x2)
"IDriverT"=3 (0x3)
"gusvc"=3 (0x3)
"AOL ACS"=2 (0x2)
"Adobe LM Service"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Starcraft\\StarCraft.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\DC++\\DCPlusPlus.exe"=
"C:\\Program Files\\Trillian\\trillian.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Motorola\\Software Update\\msu.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\SwarmPlayer\\swarmplayer.exe"=
"C:\\Program Files\\Unreal Tournament 3\\Binaries\\UT3.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\acsd.exe"=
"C:\\Program Files\\America Online 9.0\\waol.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"1904:UDP"= 1904:UDP:Windows Media Format SDK (ceswxfst.sys)
"1905:UDP"= 1905:UDP:Windows Media Format SDK (ceswxfst.sys)

R0 shpf;Sony HDD Protection Filter Driver;C:\WINDOWS\system32\DRIVERS\shpf.sys [2005-11-21 18:06]
R2 DynDNS Updater;DynDNS Updater;C:\Program Files\DynDNS Updater\DynUpSvc.exe [2008-06-23 15:04]
R2 FdRedir;FdRedir;C:\Program Files\Common Files\Protector Suite QL\Drivers\FdRedir.sys [2006-02-22 18:13]
R2 FileDisk2;FileDisk Protector Kernel Driver;C:\Program Files\Common Files\Protector Suite QL\Drivers\filedisk.sys [2006-02-22 18:13]
R3 IFXTPM;IFXTPM;C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2005-10-21 15:19]
R3 SonyImgF;Sony Image Conversion Filter Driver;C:\WINDOWS\system32\DRIVERS\SonyImgF.sys [2006-03-06 22:39]
R3 SPI;Sony Programmable I/O Control Device;C:\WINDOWS\system32\DRIVERS\SonyPI.sys [2003-06-18 20:12]
R3 ti21sony;ti21sony;C:\WINDOWS\system32\drivers\ti21sony.sys [2006-02-21 22:32]
S3 MotDev;Motorola Inc. USB Device;C:\WINDOWS\system32\DRIVERS\motodrv.sys [2006-07-28 08:12]
S3 mqdmbus;Motorola DM Composite Driver (WDM);C:\WINDOWS\system32\DRIVERS\mqdmbus.sys [2008-08-01 20:02]
S3 mqdmmdfl;Motorola USB Modem (Filter);C:\WINDOWS\system32\DRIVERS\mqdmmdfl.sys [2008-08-01 20:02]
S3 mqdmmdm;Motorola USB Modem;C:\WINDOWS\system32\DRIVERS\mqdmmdm.sys [2008-08-01 20:02]
S3 mqdmserd;Motorola USB Diag;C:\WINDOWS\system32\DRIVERS\mqdmserd.sys [2008-08-01 20:02]
S4 NOBICYT;NOBICYT Service;C:\WINDOWS\system32\Nobicyt.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2008-07-30 C:\WINDOWS\Tasks\Money 2007 Home & Business.job
- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Money 2007 Home & Business\Money 2007 Home & Business.lnk [2008-07-26 18:19]

2008-08-14 C:\WINDOWS\Tasks\You Cant Answer This Phone.job
- C:\My Shared\Torrents\400+Amusing Ringtones\400+Amusing Ringtones\You Cant Answer This Phone.mp3 [2006-11-07 09:50]
.
- - - - ORPHANS REMOVED - - - -

BHO-{246D8DEE-5F51-4351-B33C-009E3F33D131} - C:\WINDOWS\system32\uRLDvwwV.dll
BHO-{BE961036-940B-42C8-9180-FF943717739b} - C:\WINDOWS\system32\esqeobds.dll
BHO-{c45908b5-baf9-4162-a53f-a07e7410fe14} - C:\WINDOWS\system32\vmjmwi.dll
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
WebBrowser-{ECDEE021-0D17-467F-A1FF-C7A115230949} - (no file)
MSConfigStartUp-58a63c70 - C:\WINDOWS\system32\wsghmmht.dll
MSConfigStartUp-Acrobat Assistant 8 - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
MSConfigStartUp-AdobeUpdater - C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
MSConfigStartUp-NapsterShell - C:\Program Files\Napster\napster.exe
MSConfigStartUp-VAIOSecurity - C:\Program Files\Sony\VAIO Security Center\VSC.exe

.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Tan Pham\Application Data\Mozilla\Firefox\Profiles\tc03u3ug.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com
FF -: plugin - C:\Documents and Settings\Tan Pham\Application Data\Mozilla\Firefox\Profiles\tc03u3ug.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp07074039.dll
FF -: plugin - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF -: plugin - C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF -: plugin - C:\Program Files\Yahoo!\Shared\npYState.dll

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-14 08:04:46
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\logishrd\LVCOMSER\LVComSer.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Apoint\ApntEx.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2008-08-14 8:10:09 - machine was rebooted [Tan Pham]
ComboFix-quarantined-files.txt 2008-08-14 12:10:04

Pre-Run: 33,247,748,096 bytes free
Post-Run: 33,262,632,960 bytes free

432

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:16:09 AM, on 8/14/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\DynDNS Updater\DynUpSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Protector Suite QL\menusw.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\DynDNS Updater\DynTray.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\rdpclip.exe
C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
C:\WINDOWS\System32\logon.scr
C:\Program Files\chatClient\chatcli.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netflix.com/MemberHome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CitiUS Shared Browser Helper Object - {387EDF53-1CF2-4523-BC2F-13462651BE8C} - C:\PROGRA~1\VIRTUA~1\BhoCitUS.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe"
O4 - HKLM\..\Run: [VAIO Update 3] "C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SonyPowerCfg] "C:\Program Files\Sony\VAIO Power Management\SPMgr.exe"
O4 - HKLM\..\Run: [PartSeal] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Biomenu] "C:\Program Files\Protector Suite QL\menusw.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: DynDNS Updater Tray Icon.lnk = C:\Program Files\DynDNS Updater\DynTray.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Virtual Account Numbers - {DE700910-58F7-4D2E-B7E6-3BA2DA1B6806} - C:\PROGRA~1\VIRTUA~1\CitiVAN.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {03A99563-4F42-4DCF-A069-C728A71164A3} (VivatyCtrl Class) - http://apps.vivaty.com/downloads/player/install.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DynDNS Updater - Dynamic Network Services, Inc. - C:\Program Files\DynDNS Updater\DynUpSvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 14653 bytes

tetonbob · 08-14-2008, 09:03 AM

Looks much better.

Copy and paste the following into Notepad (don't forget to copy and paste REGEDIT4):

Quote:

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WServing"=-
"tdxdowkc"=-
"Routing"=-
"perfs"=-

Save the file as "delete.reg". Make sure to save it with the quotes. It should look like this:

Close Notepad.

Double click on the delete.reg file and choose Yes to merge/add it to the registry. You may delete the file afterwards.

---------------------------------------------------------------------------------------------

Using Windows Explorer or Windows Search, locate and delete the following:

C:\VundoFix Backups

Establish an internet connection & perform an online scan with Firefox or Internet Explorer at Kaspersky Online Scanner

Click Accept, when prompted to download and install the program files and database of malware definitions.

Click Run at the Security prompt.
The program will then begin downloading and installing and will also update the database.
Please be patient as this can take several minutes.
Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
Click View scan report at the bottom.
Click the Save Report As... button.
Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

**Note**

To optimize scanning time and produce a more sensible report for review:

Close any open programs
Turn off the real time scanner of any existing antivirus program while performing the online scan.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

---------------------------------------------------------------------------------------------

How is the machine behaving?

tppiii · 08-15-2008, 09:02 AM

Thank you so much for your quick reply, it is greatly appreciated. The computer seems to be running better, since I started this process and defrag my HD with Auslogics Disk Defrag (for some reason Windows couldn't fully defrag my hard drive). I haven't been using my computer as much, other than remote desktoping in from work, but the little exposure I have to the computer at home seems fine.

I ran a scan last night when I went to bed and attached are the results. I couldn't upload the HTML file, so I am uploading a PDF print out of the HTML file.

tetonbob · 08-15-2008, 09:37 AM

Kaspersky has uncovered some items I'd like to both delete, and collect samples of. We'll use ComboFix to do just that.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.

Open notepad and copy/paste the text in the quotebox below into it:

Quote:

http://www.techsupportforum.com/security-center/hijackthis-log-help/278133-random-audio-ads-music-scenes-routing-exe-macidwe-exe-perfs-exe-tdxdowkc-exe.html

Collect::
C:\WINDOWS\system32\ceswxfst.sys
C:\WINDOWS\system32\cfexfst.sys
C:\WINDOWS\system32\otaxyzd.sys
C:\WINDOWS\system32\sxtsyctd.sys

Save this as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe

Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

When ComboFix finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture a file to submit for analysis.

Ensure you are connected to the internet and click OK. A browser will open. Simply follow the instructions to copy/paste/send the requested file.
Ensure your AntiVirus and AntiSpyware applications are re-enabled. A reboot should have done this.

---------------------------------------------------------------------------------------------
Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.

---------------------------------------------------------------------------------------------

tppiii · 08-17-2008, 09:53 AM

How was your weekend? Hope you had time to relax.

I submitted the files you requested via the uploader. Attached are the logs.

There seem to be an error on my computer since this morning. I am using Symantec Antivirus 10.1.7 that is through my school and whenever I run it now the I get a error message "an error occured while loading savrt32.dll." it happened this morning so I uninstalled it and reinstalled it. Now after I disabled it did the combofix which rebooted my computer, and try to turn on my antivirus, i get the same message again. If you have any input on this, it would be great.

And oh yeah I am running on Windows XP SP2 now, I had to downgrade from SP3 since Netflix online videos did not support it.

Thanks for your help!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:51:56 AM, on 8/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\DynDNS Updater\DynUpSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\Protector Suite QL\menusw.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\DynDNS Updater\DynTray.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Trillian\trillian.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\chatClient\chatcli.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netflix.com/MemberHome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.uconn.edu:80
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CitiUS Shared Browser Helper Object - {387EDF53-1CF2-4523-BC2F-13462651BE8C} - C:\PROGRA~1\VIRTUA~1\BhoCitUS.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe"
O4 - HKLM\..\Run: [VAIO Update 3] "C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SonyPowerCfg] "C:\Program Files\Sony\VAIO Power Management\SPMgr.exe"
O4 - HKLM\..\Run: [PartSeal] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [Biomenu] "C:\Program Files\Protector Suite QL\menusw.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: DynDNS Updater Tray Icon.lnk = C:\Program Files\DynDNS Updater\DynTray.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O15 - Trusted Zone: http://www.netflix.com
O16 - DPF: {03A99563-4F42-4DCF-A069-C728A71164A3} (VivatyCtrl Class) - http://apps.vivaty.com/downloads/player/install.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DynDNS Updater - Dynamic Network Services, Inc. - C:\Program Files\DynDNS Updater\DynUpSvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 13075 bytes

tetonbob · 08-17-2008, 10:14 AM

I had a great weekend, thanks, still enjoying it. Hope you are also. We received some much needed rain in drought-stricken Western North Carolina, and I enjoyed listening to it.

Watched some Olympic coverage.

I'm not a big fan of Norton/Symantec products. If another reboot does not solve the issue, perhaps another repair install. If still no joy, ask your Uni help desk. Is Symantec required to be on their network? Perhaps I can offer you another AntiVirus solution which is not as difficult to control.

Thanks for uploading the file. Please now delete [4]-Submit_2008-08-16@23.22.zip from your desktop.

Logs look good, just a bit of cleanup.

Go to Start > Run and copy/paste the following, then press Enter:

sc stop NOBICYT

Go to Start > Run and copy/paste the following, then press Enter:

sc delete NOBICYT

Let me know if you receive any error messages.

tppiii · 08-17-2008, 11:50 PM

ok i did that. thanks for your help. I did what you asked.

Sadly i have to use Symantec antivirus, it looks very unuserfriendly. I have to wait till September to contact them. I am in this weird transitional phase on being a student then nonstudent and then student again (transferring from undergraduate to graduate) at the same university.

tetonbob · 08-18-2008, 09:23 AM

Ok, If Symantec is functioning properly again, we should be done here.

Your logs appear clean.You should be good to go. We still have a few items to address.

Go to

-> Run -> copy/paste in the following single line command & click OK

combofix /u

This will uninstall ComboFix. It will also implement some cleanup procedures and reset System Restore points.

Now that your system is clean, to help protect your computer in the future I recommend that you follow these steps and look into the following free programs:

Microsoft Windows Update - http://www.windowsupdate.com
Visit regularly. This will ensure your computer always has the latest security updates. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
SpywareBlaster to help prevent spyware from installing in the first place.
- Install & update SpywareBlaster with the latest definitions.
  After you have updated, click the button - enable protection for all unprotected items
Winpatrol

Winpatrol is heuristic protection program, meaning it looks for patterns in codes that work like malware. It also takes a snapshot of your system's critical resources and alerts you to any changes that may occur without you knowing. You can read more about Winpatrol's features here.

You can get a free copy of Winpatrol or use the Plus version for more features.

You can read Winpatrol's FAQ if you run into problems.
MVPS HOST FILE
The MVPS Hosts file replaces your current HOSTS file with one that will restrict known ad sites form serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer.
- Download Host.zip to your desktop.
- From your Desktop right-click (hosts.zip) and select:
  Extract All from the menu.
- Click Next, click Next, select the option:
  "Show Extracted files", click Finish
- This will open the newly created hosts folder on your Desktop.
- Double-click on the included mvps.bat file, this will rename the existing HOSTS file to HOSTS.MVP, then it will copy the included updated HOSTS file to the correct location on your machine.
- Once updated you should see another prompt that the task was completed.
ANTIVIRUS SOFTWARE
It is very important that you have anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. It is imperative that you update your antivirus software at least once a week (even more if you wish). If you do not update your antivirus software then it will not be able to catch new malware that may have come out.

Do not install more than one AntiVirus program because they will conflict with each other.
FIREWALL
Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. A tutorial on Firewalls and a listing of some available ones can be found here

Do not install more than one firewall program because they will conflict with each other.

Scan here http://secunia.com/software_inspector/ for out of date & vulnerable common applications on your computer

Here are some additional utilities that will further enhance your safety.

http://www.trillian.cc ? Trillian or http://www.miranda-im.com ? Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
http://www.mozilla.org/products/firefox/ - Firefox - Use this alternate browser. While Internet Explorer is not a bad browser, almost every exploit crafted is targeted to take advantage of an IE weakness.
http://java.com/en/index.jsp - Sun's Java - It's much more secure than Microsoft's Java Virtual Machine.
http://www.aumha.org/downloads/erunt-setup.exe - ERUNT - A useful freeware utility for users of Windows 2000/XP//Vista. It's made up of two parts - ERUNT & NTREGOPT.

ERUNT will create daily complete backups of your computer's Registry. Whilst System Restore does the same thing, a corrupt registry file may prevent Windows from booting & this effectively renders disables System Restore. With ERUNT, you're able to restore the damaged Registry.

NTREGOPT works by recreating each registry hive "from scratch", thus removing any slack space that may be left from previously modified or deleted keys. In other words, it compacts the Registry to a small size which allows Windows to load & perform faster.

In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles

If you want to fight back the Malware Writers that have made your life a misery, please take a look here and read what you can do against it.

Please respond to this thread one more time so we can mark this thread as resolved.

tppiii · 08-19-2008, 09:58 PM

Thank you for all your help, you have been helpful

tetonbob · 08-19-2008, 10:07 PM

You're welcome for the help.

Surf Safely, and Think Prevention!

Since this issue is resolved, this topic will be archived.

08-10-2008, 06:10 PM	#2 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,210 OS: 2000 Pro; XP Pro; XP Home	Re: Random audio ads/music/scenes, routing.exe, macidwe.exe, perfs.exe, tdxdowkc.exe Please visit this webpage for instructions for downloading and running ComboFix: http://www.bleepingcomputer.com/comb...o-use-combofix Please ensure you read this guide carefully and install the Recovery Console first. The Windows Recovery Console will allow you to boot up into a special recovery mode if needed. This allows us to help you in the case that your computer has a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time. For Windows XP Service Pack 3, you may use the Recovery Console package for Windows XP Professional Service Pack 2. http://www.microsoft.com/downloads/d...displaylang=en As part of installing the Recovery Console, ComboFix will begin to run. Follow the prompts to install the Recovery Console. Your desktop may disappear. This is normal. It will return. Once the Recovery Console is installed using ComboFix, you should see a message that says: The Recovery Console was successfully installed. Please continue as follows: Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Click Yes to allow ComboFix to continue scanning for malware. When the tool is finished, it will produce a report for you. Post the log from ComboFix when you've accomplished that, along with a new HijackThis log. If you have any questions along the way, STOP and ask them before proceeding. __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

08-17-2008, 10:14 AM	#8 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,210 OS: 2000 Pro; XP Pro; XP Home	Re: Random audio ads/music/scenes, routing.exe, macidwe.exe, perfs.exe, tdxdowkc.exe I had a great weekend, thanks, still enjoying it. Hope you are also. We received some much needed rain in drought-stricken Western North Carolina, and I enjoyed listening to it. Watched some Olympic coverage. I'm not a big fan of Norton/Symantec products. If another reboot does not solve the issue, perhaps another repair install. If still no joy, ask your Uni help desk. Is Symantec required to be on their network? Perhaps I can offer you another AntiVirus solution which is not as difficult to control. Thanks for uploading the file. Please now delete [4]-Submit_2008-08-16@23.22.zip from your desktop. Logs look good, just a bit of cleanup. Go to Start > Run and copy/paste the following, then press Enter: sc stop NOBICYT Go to Start > Run and copy/paste the following, then press Enter: sc delete NOBICYT Let me know if you receive any error messages. __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

08-17-2008, 11:50 PM	#9 (permalink)
tppiii Registered User Join Date: Aug 2008 Location: Connecticut Posts: 10 OS: Windows XP Sp3	Re: Random audio ads/music/scenes, routing.exe, macidwe.exe, perfs.exe, tdxdowkc.exe ok i did that. thanks for your help. I did what you asked. Sadly i have to use Symantec antivirus, it looks very unuserfriendly. I have to wait till September to contact them. I am in this weird transitional phase on being a student then nonstudent and then student again (transferring from undergraduate to graduate) at the same university. Last edited by tppiii; 08-17-2008 at 11:56 PM.

08-18-2008, 09:23 AM	#10 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,210 OS: 2000 Pro; XP Pro; XP Home	Re: Random audio ads/music/scenes, routing.exe, macidwe.exe, perfs.exe, tdxdowkc.exe Ok, If Symantec is functioning properly again, we should be done here. Your logs appear clean.You should be good to go. We still have a few items to address. Go to -> Run -> copy/paste in the following single line command & click OK combofix /u This will uninstall ComboFix. It will also implement some cleanup procedures and reset System Restore points. Now that your system is clean, to help protect your computer in the future I recommend that you follow these steps and look into the following free programs: Microsoft Windows Update - http://www.windowsupdate.com Visit regularly. This will ensure your computer always has the latest security updates. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates. SpywareBlaster to help prevent spyware from installing in the first place. Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items Winpatrol Winpatrol is heuristic protection program, meaning it looks for patterns in codes that work like malware. It also takes a snapshot of your system's critical resources and alerts you to any changes that may occur without you knowing. You can read more about Winpatrol's features here. You can get a free copy of Winpatrol or use the Plus version for more features. You can read Winpatrol's FAQ if you run into problems. MVPS HOST FILE The MVPS Hosts file replaces your current HOSTS file with one that will restrict known ad sites form serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer. Download Host.zip to your desktop. From your Desktop right-click (hosts.zip) and select: Extract All from the menu. Click Next, click Next, select the option: "Show Extracted files", click Finish This will open the newly created hosts folder on your Desktop. Double-click on the included mvps.bat file, this will rename the existing HOSTS file to HOSTS.MVP, then it will copy the included updated HOSTS file to the correct location on your machine. Once updated you should see another prompt that the task was completed. ANTIVIRUS SOFTWARE It is very important that you have anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. It is imperative that you update your antivirus software at least once a week (even more if you wish). If you do not update your antivirus software then it will not be able to catch new malware that may have come out. Do not install more than one AntiVirus program because they will conflict with each other. FIREWALL Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. A tutorial on Firewalls and a listing of some available ones can be found here Do not install more than one firewall program because they will conflict with each other. Scan here http://secunia.com/software_inspector/ for out of date & vulnerable common applications on your computer Here are some additional utilities that will further enhance your safety. http://www.trillian.cc ? Trillian or http://www.miranda-im.com ? Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN) http://www.mozilla.org/products/firefox/ - Firefox - Use this alternate browser. While Internet Explorer is not a bad browser, almost every exploit crafted is targeted to take advantage of an IE weakness. http://java.com/en/index.jsp - Sun's Java - It's much more secure than Microsoft's Java Virtual Machine. http://www.aumha.org/downloads/erunt-setup.exe - ERUNT - A useful freeware utility for users of Windows 2000/XP//Vista. It's made up of two parts - ERUNT & NTREGOPT. ERUNT will create daily complete backups of your computer's Registry. Whilst System Restore does the same thing, a corrupt registry file may prevent Windows from booting & this effectively renders disables System Restore. With ERUNT, you're able to restore the damaged Registry. NTREGOPT works by recreating each registry hive "from scratch", thus removing any slack space that may be left from previously modified or deleted keys. In other words, it compacts the Registry to a small size which allows Windows to load & perform faster. In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles HOW DID I GET INFECTED IN THE FIRST PLACE? MAKING INTERNET EXPLORER SAFER If you want to fight back the Malware Writers that have made your life a misery, please take a look here and read what you can do against it. Please respond to this thread one more time so we can mark this thread as resolved. __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

08-19-2008, 09:58 PM	#11 (permalink)
tppiii Registered User Join Date: Aug 2008 Location: Connecticut Posts: 10 OS: Windows XP Sp3	Re: Random audio ads/music/scenes, routing.exe, macidwe.exe, perfs.exe, tdxdowkc.exe Thank you for all your help, you have been helpful

08-19-2008, 10:07 PM	#12 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,210 OS: 2000 Pro; XP Pro; XP Home	Re: Random audio ads/music/scenes, routing.exe, macidwe.exe, perfs.exe, tdxdowkc.exe You're welcome for the help. Surf Safely, and Think Prevention! Since this issue is resolved, this topic will be archived. __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009