Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page probable spyware +windows alert messages
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
 
LinkBack Thread Tools
Old 11-08-2008, 03:25 PM   #1 (permalink)
Registered User
 
Join Date: Nov 2008
Posts: 7
OS: xp sp3


probable spyware +windows alert messages
Hi all,
I followed the instructions for posting here and I will try to stick to them.

This morning I was installing a cracked game and since then some alert messages are popping out every 5-10 minutes.

One message says that windows security system finds that my computer is under the control of another user with the following IP address 297.4.167.118 , another one says that I have a Spyware.IEMonster.b.
Both recommend me to click ok to download some protection software, but I never clicked yes.

Plus I lost control of my desktop: basically I do not have my background image anymore, and when I click control panel/display I only have the options for the screen saver but I do not have the color, resolution etc..tabs

Sometimes IE opens up to some weird webpages in which basically there is no information...

I would really appreciate some help,

thanks

log.txt

Logfile of random's system information tool 1.04 (written by random/random)
Run by Owner at 2008-11-08 17:58:44
Microsoft Windows XP Professional Service Pack 3
System drive C: has 89 GB (61%) free of 145 GB
Total RAM: 2046 MB (56% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:58:47 PM, on 11/8/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Program Files\Napster\napster.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\Protector Suite QL\menusw.exe
C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
C:\Program Files\Common Files\AOL\1224971836\ee\AOLSoftware.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\winlogun.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\winlogin.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Documents and Settings\Owner\Application Data\gadcom\gadcom.exe
C:\WINDOWS\system32\msupdate.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\WINDOWS\system32\mkrnl.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Trend Micro\Tmas\Tmas.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\DOCUME~1\Owner\LOCALS~1\Temp\csrssc.exe
C:\Documents and Settings\Owner\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Owner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SonyPowerCfg] "C:\Program Files\Sony\VAIO Power Management\SPMgr.exe"
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe
O4 - HKLM\..\Run: [Biomenu] "C:\Program Files\Protector Suite QL\menusw.exe"
O4 - HKLM\..\Run: [VAIOSurvey] c:\program files\sony\vaio survey\surveysa.exe
O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1224971836\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [PartSeal] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NI.GSCNS] "C:\DOCUME~1\Owner\LOCALS~1\Temp\winvsnet.exe"
O4 - HKLM\..\Run: [jsg8jfgfdfhfhf] C:\DOCUME~1\Owner\LOCALS~1\Temp\winlogun.exe
O4 - HKLM\..\Run: [xsjfn83jkemfofght] C:\DOCUME~1\Owner\LOCALS~1\Temp\winlogin.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [gadcom] "C:\Documents and Settings\Owner\Application Data\gadcom\gadcom.exe" 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139
O4 - HKCU\..\Run: [jsg8jfgfdfhfhf] C:\DOCUME~1\Owner\LOCALS~1\Temp\winlogun.exe
O4 - HKCU\..\Run: [msupdate.exe] C:\WINDOWS\system32\msupdate.exe -check
O4 - HKCU\..\Run: [xsjfn83jkemfofght] C:\DOCUME~1\Owner\LOCALS~1\Temp\winlogin.exe
O4 - HKCU\..\Run: [Jnskdfmf9eldfd] C:\DOCUME~1\Owner\LOCALS~1\Temp\csrssc.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O15 - Trusted Zone: http://*.mcafee.com
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1224974123968
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: lke3iemrl490kgfgdsfd - {C5AF42A3-94F3-42BD-F434-3604832C897D} - C:\WINDOWS\system32\siejf93.dll
O22 - SharedTaskScheduler: mcb7uehuj3n8weuhejsw - {C5BF49A2-94F3-42BD-F434-3604812C897D} - C:\WINDOWS\system32\jsne87fidgf.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

--
End of file - 16420 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C5AF42A3-94F3-42BD-F434-3604832C897D}]
C:\WINDOWS\system32\siejf93.dll - C:\WINDOWS\system32\siejf93.dll [2008-11-08 10000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{DE9C389F-3316-41A7-809B-AA305ED9D922} - AOL Toolbar - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll [2006-02-16 585728]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006-12-18 231160]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-12-17 98304]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-12-17 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-12-17 118784]
"Apoint"=C:\Program Files\Apoint\Apoint.exe [2004-11-17 118784]
"IntelZeroConfig"=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2006-02-28 667718]
"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2006-02-28 602182]
"EOUApp"=C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe [2006-02-28 569413]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-06-20 7561216]
"VAIO Recovery"=C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe [2003-04-19 28672]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"SonyPowerCfg"=C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2006-06-13 217088]
"ISBMgr.exe"=C:\Program Files\Sony\ISB Utility\ISBMgr.exe [2004-02-20 32768]
"VAIO Update 2"=C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe [2005-10-11 151552]
"NapsterShell"=C:\Program Files\Napster\napster.exe [2006-06-29 319488]
"Switcher.exe"=C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe [2006-02-14 176128]
"DISCover"=C:\Program Files\DISC\DISCover.exe [2006-06-01 1077248]
"Biomenu"=C:\Program Files\Protector Suite QL\menusw.exe [2006-02-22 1354240]
""= []
"VAIOSurvey"=c:\program files\sony\vaio survey\surveysa.exe [2005-06-13 258048]
"VAIOCameraUtility"=C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe [2005-12-27 69632]
"URLLSTCK.exe"=C:\Program Files\Norton Internet Security\UrlLstCk.exe [2005-10-22 23168]
"HostManager"=C:\Program Files\Common Files\AOL\1224971836\ee\AOLSoftware.exe [2006-04-13 50792]
"PartSeal"=C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe [2003-04-19 28672]
"ShStatEXE"=C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE [2008-01-24 111952]
"McAfeeUpdaterUI"=C:\Program Files\McAfee\Common Framework\UdaterUI.exe [2007-10-25 136512]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]
"Acrobat Assistant 7.0"=C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [2008-04-23 483328]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]
"NI.GSCNS"=C:\DOCUME~1\Owner\LOCALS~1\Temp\winvsnet.exe [2008-11-08 54784]
"jsg8jfgfdfhfhf"=C:\DOCUME~1\Owner\LOCALS~1\Temp\winlogun.exe [2008-11-08 15000]
"xsjfn83jkemfofght"=C:\DOCUME~1\Owner\LOCALS~1\Temp\winlogin.exe [2008-11-08 15000]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2008-09-23 21755688]
"BitTorrent DNA"=C:\Program Files\DNA\btdna.exe [2008-10-29 342336]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288]
"gadcom"=C:\Documents and Settings\Owner\Application Data\gadcom\gadcom.exe [2008-11-08 56832]
"jsg8jfgfdfhfhf"=C:\DOCUME~1\Owner\LOCALS~1\Temp\winlogun.exe [2008-11-08 15000]
"msupdate.exe"=C:\WINDOWS\system32\msupdate.exe [2008-11-08 150528]
"xsjfn83jkemfofght"=C:\DOCUME~1\Owner\LOCALS~1\Temp\winlogin.exe [2008-11-08 15000]
"Jnskdfmf9eldfd"=C:\DOCUME~1\Owner\LOCALS~1\Temp\csrssc.exe [2008-11-08 21505]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
Trend Micro Anti-Spyware.lnk - C:\Program Files\Trend Micro\Tmas\Tmas.exe
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-12-17 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\psfus]
C:\WINDOWS\system32\fusstub.dll [2006-02-22 39936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\VESWinlogon]
C:\WINDOWS\system32\VESWinlogon.dll [2006-03-09 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-06 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
lke3iemrl490kgfgdsfd - {C5AF42A3-94F3-42BD-F434-3604832C897D} - C:\WINDOWS\system32\siejf93.dll [2008-11-08 10000]
mcb7uehuj3n8weuhejsw - {C5BF49A2-94F3-42BD-F434-3604812C897D} - C:\WINDOWS\system32\jsne87fidgf.dll [2008-11-08 10000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{03A80B1D-5C6A-42c2-9DFB-81B6005D8023}"=C:\Program Files\Trend Micro\Tmas\sshook.dll [2008-10-25 77824]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
fusstub

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableRegistryTools"=1
"NoDispBackgroundPage"=1
"NoDispSettingsPage"=1
"NoDispAppearancePage"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=8
"NoFolderOptions"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\DISC\DISCover.exe"="C:\Program Files\DISC\DISCover.exe:*:Enabled:DISCover Drop & Play System"
"C:\Program Files\DISC\DiscStreamHub.exe"="C:\Program Files\DISC\DiscStreamHub.exe:*:Enabled:DISCover Stream Hub"
"C:\Program Files\DISC\myFTP.exe"="C:\Program Files\DISC\myFTP.exe:*:Enabled:DISCover FTP"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\McAfee\Common Framework\FrameworkService.exe"="C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\cygwin\usr\X11R6\bin\XWin.exe"="C:\cygwin\usr\X11R6\bin\XWin.exe:*:Enabled:XWin"
"C:\Program Files\BitTorrent\BitTorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"F:\programs\BitTorrent\BitTorrent.exe"="F:\programs\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\Program Files\StreamerOne\StreamerOne.exe"="C:\Program Files\StreamerOne\StreamerOne.exe:*:Enabled:StreamerOne"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\SopCast\adv\SopAdver.exe"="C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\Program Files\SopCast\SopCast.exe"="C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application"
"F:\Pro.Evolution.Soccer.2009-RELOADED\rld-pro9\rld-pro9\program files\KONAMI\Pro Evolution Soccer 2009\pes2009.exe"="F:\Pro.Evolution.Soccer.2009-RELOADED\rld-pro9\rld-pro9\program files\KONAMI\Pro Evolution Soccer 2009\pes2009.exe:*:Enabled:Pro Evolution Soccer 2009"
"F:\Pro.Evolution.Soccer.2009-RELOADED\rld-pro9\rld-pro9\Crack\pes2009.exe"="F:\Pro.Evolution.Soccer.2009-RELOADED\rld-pro9\rld-pro9\Crack\pes2009.exe:*:Enabled:Pro Evolution Soccer 2009"
"F:\Pro.Evolution.Soccer.2009-RELOADED\rld-pro9\rld-pro9\pes2009.exe"="F:\Pro.Evolution.Soccer.2009-RELOADED\rld-pro9\rld-pro9\pes2009.exe:*:Enabled:Pro Evolution Soccer 2009"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2008-11-08 17:58:44 ----D---- C:\rsit
2008-11-08 17:37:59 ----A---- C:\WINDOWS\gmer.ini
2008-11-08 17:37:57 ----A---- C:\WINDOWS\gmer_uninstall.cmd
2008-11-08 17:37:57 ----A---- C:\WINDOWS\gmer.dll
2008-11-08 17:37:56 ----A---- C:\WINDOWS\gmer.exe
2008-11-08 16:35:23 ----D---- C:\Documents and Settings\All Users\Application Data\NVIDIA
2008-11-08 14:30:26 ----D---- C:\Documents and Settings\Owner\Application Data\McAfee
2008-11-08 13:38:14 ----D---- C:\WINDOWS\system32\appmgmt
2008-11-08 13:38:11 ----SHD---- C:\Config.Msi
2008-11-08 13:30:30 ----D---- C:\WINDOWS\Minidump
2008-11-08 13:29:29 ----A---- C:\WINDOWS\system32\TDSSktpa.dll
2008-11-08 13:21:42 ----A---- C:\sydp.exe
2008-11-08 13:21:31 ----A---- C:\qjpirgg.exe
2008-11-08 13:10:10 ----A---- C:\WINDOWS\system32\jsne87fidgf.dll
2008-11-08 13:10:07 ----D---- C:\Documents and Settings\Owner\Application Data\gadcom
2008-11-08 13:10:07 ----A---- C:\WINDOWS\system32\mkrnl.exe
2008-11-08 13:10:06 ----A---- C:\WINDOWS\system32\msupdate.exe
2008-11-08 13:09:56 ----D---- C:\Documents and Settings\Owner\Application Data\NI.GSCNS
2008-11-08 13:09:56 ----A---- C:\WINDOWS\system32\siejf93.dll
2008-11-08 13:09:44 ----D---- C:\WINDOWS\system32\sX3i19
2008-11-08 13:09:44 ----D---- C:\Temp
2008-11-08 13:09:33 ----A---- C:\WINDOWS\system32\prun.exe
2008-11-08 13:09:32 ----D---- C:\QUARANTINE
2008-11-08 12:49:35 ----A---- C:\WINDOWS\system32\CmdLineExt.dll
2008-11-08 12:22:35 ----A---- C:\WINDOWS\system32\xactengine2_5.dll
2008-11-08 12:22:34 ----A---- C:\WINDOWS\system32\d3dx9_32.dll
2008-11-08 12:22:32 ----A---- C:\WINDOWS\system32\xactengine2_4.dll
2008-11-08 12:22:32 ----A---- C:\WINDOWS\system32\x3daudio1_1.dll
2008-11-08 12:22:30 ----A---- C:\WINDOWS\system32\xinput1_3.dll
2008-11-08 12:22:29 ----A---- C:\WINDOWS\system32\d3dx9_31.dll
2008-11-08 12:22:27 ----A---- C:\WINDOWS\system32\xactengine2_3.dll
2008-11-08 12:22:26 ----A---- C:\WINDOWS\system32\xinput1_2.dll
2008-11-08 12:22:24 ----A---- C:\WINDOWS\system32\xactengine2_2.dll
2008-11-08 12:22:23 ----A---- C:\WINDOWS\system32\xinput1_1.dll
2008-11-08 12:22:23 ----A---- C:\WINDOWS\system32\xactengine2_1.dll
2008-11-08 12:21:58 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2008-11-08 12:21:56 ----A---- C:\WINDOWS\system32\xactengine2_0.dll
2008-11-08 12:21:56 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll
2008-11-08 12:21:55 ----A---- C:\WINDOWS\system32\d3dx9_29.dll
2008-11-08 12:21:53 ----A---- C:\WINDOWS\system32\d3dx9_28.dll
2008-11-08 12:21:52 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll
2008-11-08 12:21:51 ----A---- C:\WINDOWS\system32\d3dx9_27.dll
2008-11-08 12:21:50 ----A---- C:\WINDOWS\system32\d3dx9_26.dll
2008-11-08 12:21:47 ----A---- C:\WINDOWS\system32\d3dx9_25.dll
2008-11-08 12:21:40 ----A---- C:\WINDOWS\system32\d3dx9_24.dll
2008-11-08 11:58:35 ----D---- C:\Documents and Settings\Owner\Application Data\Sonic
2008-11-08 11:58:24 ----D---- C:\Documents and Settings\Owner\Application Data\Leadertech
2008-11-08 11:58:01 ----D---- C:\Documents and Settings\Owner\Application Data\DAEMON Tools
2008-11-07 17:17:17 ----A---- C:\WINDOWS\system32\javaws.exe
2008-11-07 17:17:17 ----A---- C:\WINDOWS\system32\javaw.exe
2008-11-07 17:17:17 ----A---- C:\WINDOWS\system32\java.exe
2008-11-05 14:25:25 ----D---- C:\WINDOWS\Applian FLV Player
2008-11-05 14:25:25 ----D---- C:\Program Files\FLV Player
2008-11-05 14:25:14 ----A---- C:\WINDOWS\Applian FLV Player Setup Log.txt
2008-11-05 13:30:06 ----D---- C:\Program Files\SopCast
2008-11-01 17:01:53 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-11-01 16:58:49 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2008-11-01 16:58:21 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP11$
2008-11-01 16:58:00 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2008-11-01 16:46:51 ----N---- C:\WINDOWS\system32\spmsg.dll
2008-11-01 16:45:01 ----D---- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-10-31 14:32:08 ----D---- C:\WINDOWS\Sun
2008-10-31 10:15:00 ----D---- C:\Documents and Settings\Owner\Application Data\Windows Search
2008-10-30 17:33:22 ----D---- C:\Documents and Settings\Owner\Application Data\Apple Computer
2008-10-30 17:33:12 ----A---- C:\WINDOWS\system32\GEARAspi.dll
2008-10-30 17:32:46 ----D---- C:\Program Files\iPod
2008-10-30 17:32:44 ----D---- C:\Program Files\iTunes
2008-10-30 17:32:44 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-30 17:31:12 ----D---- C:\Program Files\QuickTime
2008-10-30 17:31:10 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-10-30 17:30:43 ----D---- C:\Program Files\Apple Software Update
2008-10-30 17:29:23 ----D---- C:\Program Files\Common Files\Apple
2008-10-30 17:29:23 ----D---- C:\Documents and Settings\All Users\Application Data\Apple
2008-10-30 17:16:40 ----A---- C:\WINDOWS\system32\ptpusb.dll
2008-10-30 17:16:39 ----A---- C:\WINDOWS\system32\ptpusd.dll
2008-10-29 17:40:16 ----D---- C:\Documents and Settings\Owner\Application Data\vlc
2008-10-29 17:28:24 ----D---- C:\Program Files\VideoLAN
2008-10-29 17:28:18 ----D---- C:\Program Files\StreamerOne
2008-10-29 13:54:14 ----D---- C:\Program Files\DNA
2008-10-29 13:54:14 ----D---- C:\Documents and Settings\Owner\Application Data\DNA
2008-10-27 18:27:35 ----D---- C:\Program Files\WinSCP
2008-10-27 18:15:53 ----D---- C:\cygwin
2008-10-27 18:15:14 ----D---- C:\Program Files\cygwin
2008-10-27 13:44:22 ----D---- C:\Documents and Settings\Owner\Application Data\skypePM
2008-10-27 13:43:54 ----D---- C:\Documents and Settings\Owner\Application Data\Skype
2008-10-27 13:43:30 ----D---- C:\Program Files\Skype
2008-10-27 13:43:30 ----D---- C:\Program Files\Common Files\Skype
2008-10-27 13:43:21 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2008-10-27 13:28:19 ----A---- C:\WINDOWS\system32\spdifcp.dll
2008-10-27 13:25:04 ----A---- C:\WINDOWS\Model.txt
2008-10-27 13:22:57 ----D---- C:\Documents and Settings\Owner\Application Data\Windows Desktop Search
2008-10-27 13:21:03 ----D---- C:\WINDOWS\system32\GroupPolicy
2008-10-27 13:21:03 ----D---- C:\Program Files\Windows Desktop Search
2008-10-27 13:20:32 ----HDC---- C:\WINDOWS\$NtUninstallKB940157$
2008-10-27 13:20:17 ----HDC---- C:\WINDOWS\$NtUninstallKB915800-v4$
2008-10-27 13:18:16 ----A---- C:\WINDOWS\system32\muweb.dll
2008-10-27 13:18:16 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2008-10-27 13:18:16 ----A---- C:\WINDOWS\system32\mucltui.dll
2008-10-27 12:57:10 ----D---- C:\Documents and Settings\Owner\Application Data\MathWorks
2008-10-27 12:34:58 ----D---- C:\Program Files\MATLAB
2008-10-27 09:36:21 ----D---- C:\Documents and Settings\Owner\Application Data\AdobeUM
2008-10-27 09:32:45 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-10-27 09:28:06 ----D---- C:\Program Files\Common Files\Adobe Systems Shared
2008-10-27 09:26:21 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-10-27 09:20:54 ----D---- C:\swp55
2008-10-27 09:08:03 ----A---- C:\WINDOWS\system32\msonpmon.dll
2008-10-27 09:05:44 ----D---- C:\Program Files\MSBuild
2008-10-27 09:05:18 ----D---- C:\Program Files\Microsoft Visual Studio
2008-10-27 09:05:17 ----D---- C:\Program Files\Common Files\DESIGNER
2008-10-27 09:04:21 ----D---- C:\Program Files\Microsoft.NET
2008-10-27 09:02:14 ----D---- C:\Documents and Settings\Owner\Application Data\Sun
2008-10-27 08:59:54 ----D---- C:\Program Files\Microsoft Visual Studio 8
2008-10-27 08:58:30 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-10-27 07:02:46 ----D---- C:\Documents and Settings\Owner\Application Data\Macromedia
2008-10-27 07:02:46 ----D---- C:\Documents and Settings\Owner\Application Data\Adobe
2008-10-27 00:15:05 ----D---- C:\research2
2008-10-26 17:13:20 ----D---- C:\Documents and Settings\Owner\Application Data\Roxio
2008-10-26 12:54:58 ----D---- C:\Program Files\Common Files\Cisco Systems
2008-10-26 12:54:58 ----A---- C:\WINDOWS\system32\epoPGPsdk.dll.sig
2008-10-26 12:54:58 ----A---- C:\WINDOWS\system32\epoPGPsdk.dll
2008-10-26 12:54:57 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2008-10-26 12:54:24 ----D---- C:\Program Files\McAfee
2008-10-26 12:54:24 ----D---- C:\Program Files\Common Files\McAfee
2008-10-26 12:50:56 ----A---- C:\WINDOWS\system32\LuResult.txt
2008-10-26 12:41:53 ----D---- C:\Documents and Settings\Owner\Application Data\Mozilla
2008-10-26 12:41:45 ----D---- C:\Program Files\Mozilla Firefox
2008-10-25 18:59:09 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-25 18:59:03 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-25 18:58:56 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-25 18:58:51 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-25 18:58:46 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-25 18:58:42 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-25 18:55:05 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-10-25 18:55:01 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-10-25 18:54:55 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-10-25 18:54:50 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-10-25 18:54:45 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-10-25 18:54:41 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-10-25 18:54:36 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-10-25 18:54:30 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-10-25 18:54:24 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-10-25 18:54:20 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-10-25 18:54:15 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-10-25 18:54:13 ----D---- C:\Program Files\MSXML 4.0
2008-10-25 18:54:06 ----HDC---- C:\WINDOWS\$NtUninstallKB923689$
2008-10-25 18:53:52 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-10-25 18:53:10 ----D---- C:\WINDOWS\ie7updates
2008-10-25 18:52:42 ----D---- C:\WINDOWS\WBEM
2008-10-25 18:51:28 ----HDC---- C:\WINDOWS\ie7
2008-10-25 18:51:20 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
2008-10-25 18:51:05 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
2008-10-25 18:49:50 ----A---- C:\WINDOWS\system32\MRT.exe
2008-10-25 18:46:20 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2008-10-25 18:46:06 ----D---- C:\Program Files\Windows Media Connect 2
2008-10-25 18:45:56 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
2008-10-25 18:45:22 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2008-10-25 18:44:59 ----D---- C:\WINDOWS\system32\LogFiles
2008-10-25 18:44:54 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$
2008-10-25 18:43:38 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2008-10-25 18:31:42 ----D---- C:\WINDOWS\Prefetch
2008-10-25 18:30:01 ----A---- C:\WINDOWS\tosOBEX.INI
2008-10-25 18:24:27 ----D---- C:\WINDOWS\system32\en-us
2008-10-25 18:24:26 ----D---- C:\WINDOWS\system32\scripting
2008-10-25 18:24:25 ----D---- C:\WINDOWS\system32\en
2008-10-25 18:24:25 ----D---- C:\WINDOWS\l2schemas
2008-10-25 18:24:25 ----D---- C:\Program Files\msn
2008-10-25 18:24:24 ----D---- C:\WINDOWS\system32\bits
2008-10-25 18:22:37 ----D---- C:\WINDOWS\ServicePackFiles
2008-10-25 18:20:24 ----D---- C:\WINDOWS\network diagnostic
2008-10-25 18:17:41 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-10-25 17:59:32 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-10-25 17:50:28 ----D---- C:\WINDOWS\system32\PreInstall
2008-10-25 17:50:27 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2008-10-25 17:35:18 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2008-10-25 17:23:55 ----D---- C:\Documents and Settings\Owner\Application Data\Protector Suite
2008-10-25 17:23:27 ----SD---- C:\Documents and Settings\Owner\Application Data\Microsoft
2008-10-25 17:23:27 ----D---- C:\Documents and Settings\Owner\Application Data\Sony Corporation
2008-10-25 17:23:27 ----D---- C:\Documents and Settings\Owner\Application Data\Intuit
2008-10-25 17:23:27 ----D---- C:\Documents and Settings\Owner\Application Data\Intel
2008-10-25 17:23:27 ----D---- C:\Documents and Settings\Owner\Application Data\Identities
2008-10-25 17:23:27 ----ASH---- C:\Documents and Settings\Owner\Application Data\desktop.ini
2008-10-25 17:00:06 ----A---- C:\WINDOWS\system32\IVIresizeW7.dll
2008-10-25 17:00:06 ----A---- C:\WINDOWS\system32\IVIresizePX.dll
2008-10-25 17:00:06 ----A---- C:\WINDOWS\system32\IVIresizeP6.dll
2008-10-25 17:00:06 ----A---- C:\WINDOWS\system32\IVIresizeM6.dll
2008-10-25 17:00:06 ----A---- C:\WINDOWS\system32\IVIresizeA6.dll
2008-10-25 17:00:06 ----A---- C:\WINDOWS\system32\IVIresize.dll
2008-10-25 17:00:04 ----D---- C:\Program Files\InterVideo
2008-10-25 16:59:27 ----D---- C:\Infineon
2008-10-25 16:58:12 ----D---- C:\Program Files\Microsoft Digital Image 2006
2008-10-25 16:57:22 ----D---- C:\Documents and Settings\All Users\Application Data\AOL
2008-10-25 16:57:06 ----D---- C:\Program Files\Common Files\AOL
2008-10-25 16:57:04 ----D---- C:\Program Files\AOL
2008-10-25 16:55:45 ----D---- C:\Program Files\Toshiba
2008-10-25 16:52:49 ----D---- C:\Program Files\Norton Internet Security
2008-10-25 16:52:00 ----A---- C:\WINDOWS\system32\S32EVNT1.DLL
2008-10-25 16:51:34 ----D---- C:\Program Files\Symantec
2008-10-25 16:51:34 ----A---- C:\WINDOWS\system32\capicom.dll
2008-10-25 16:51:31 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2008-10-25 16:51:20 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-10-25 16:49:56 ----D---- C:\Program Files\Sony Pictures Games
2008-10-25 16:48:37 ----D---- C:\Documents and Settings\All Users\Application Data\VAIO Media Platform
2008-10-25 16:48:13 ----A---- C:\WINDOWS\system32\iplw7.dll
2008-10-25 16:48:13 ----A---- C:\WINDOWS\system32\iplpx.dll
2008-10-25 16:48:13 ----A---- C:\WINDOWS\system32\iplp6.dll
2008-10-25 16:48:13 ----A---- C:\WINDOWS\system32\iplm6.dll
2008-10-25 16:48:13 ----A---- C:\WINDOWS\system32\iplm5.dll
2008-10-25 16:48:13 ----A---- C:\WINDOWS\system32\ipla6.dll
2008-10-25 16:48:13 ----A---- C:\WINDOWS\system32\ipl.dll
2008-10-25 16:48:13 ----A---- C:\WINDOWS\system32\Cpuinf32.dll
2008-10-25 16:47:32 ----D---- C:\WINDOWS\Downloaded Installations
2008-10-25 16:47:10 ----A---- C:\WINDOWS\system32\cdintf250.dll
2008-10-25 16:47:02 ----D---- C:\Program Files\Common Files\Palo Alto Software
2008-10-25 16:46:56 ----D---- C:\Program Files\Common Files\Intuit
2008-10-25 16:46:54 ----D---- C:\Program Files\Quicken
2008-10-25 16:46:52 ----A---- C:\WINDOWS\QUICKEN.INI
2008-10-25 16:46:50 ----D---- C:\Documents and Settings\All Users\Application Data\Intuit
2008-10-25 16:46:00 ----D---- C:\Program Files\Common Files\Protector Suite QL
2008-10-25 16:45:59 ----D---- C:\Program Files\Protector Suite QL
2008-10-25 16:41:00 ----D---- C:\WINDOWS\system32\Backup
2008-10-25 16:40:41 ----D---- C:\WINDOWS\SQLHotfix
2008-10-25 16:39:54 ----A---- C:\WINDOWS\system32\dbmsqlgc.dll
2008-10-25 16:39:54 ----A---- C:\WINDOWS\system32\dbmsgnet.dll
2008-10-25 16:39:22 ----D---- C:\Program Files\Microsoft Visual Studio .NET 2003
2008-10-25 16:39:22 ----D---- C:\Program Files\Common Files\Crystal Decisions
2008-10-25 16:39:16 ----D---- C:\Program Files\Microsoft SQL Server
2008-10-25 16:39:08 ----A---- C:\WINDOWS\ODBC.INI
2008-10-25 16:39:00 ----A---- C:\WINDOWS\system32\mdimon.dll
2008-10-25 16:38:16 ----D---- C:\WINDOWS\SHELLNEW
2008-10-25 16:37:38 ----RHD---- C:\MSOCache
2008-10-25 16:36:42 ----D---- C:\Program Files\Microsoft Office
2008-10-25 16:35:46 ----D---- C:\Program Files\Microsoft Works
2008-10-25 16:35:33 ----D---- C:\Documents and Settings\All Users\Application Data\Digital Interactive Systems Corporation
2008-10-25 16:35:32 ----D---- C:\Program Files\DISC
2008-10-25 16:33:53 ----A---- C:\WINDOWS\system32\tmmute.ini
2008-10-25 16:33:52 ----D---- C:\Program Files\Trend Micro
2008-10-25 16:33:26 ----A---- C:\WINDOWS\system32\SonyAIwo.dll
2008-10-25 16:33:26 ----A---- C:\WINDOWS\system32\SonyAIwd.dll
2008-10-25 16:33:26 ----A---- C:\WINDOWS\system32\SonyAIds.dll
2008-10-25 16:31:53 ----A---- C:\WINDOWS\system32\CDDBUISony.dll
2008-10-25 16:31:53 ----A---- C:\WINDOWS\system32\CddbPlaylist2Sony.dll
2008-10-25 16:31:53 ----A---- C:\WINDOWS\system32\CddbMusicIDSony.dll
2008-10-25 16:31:53 ----A---- C:\WINDOWS\system32\CddbLinkSony.dll
2008-10-25 16:31:53 ----A---- C:\WINDOWS\system32\CDDBControlSony.dll
2008-10-25 16:25:25 ----A---- C:\WINDOWS\system32\wmpns.dll
2008-10-25 16:25:22 ----D---- C:\WINDOWS\Temp

======List of files/folders modified in the last 1 months======

2008-11-08 17:37:59 ----D---- C:\WINDOWS
2008-11-08 17:37:57 ----D---- C:\WINDOWS\system32\drivers
2008-11-08 16:47:17 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-08 14:30:56 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-11-08 1435 ----SHD---- C:\WINDOWS\Installer
2008-11-08 1433 ----RD---- C:\Program Files
2008-11-08 13:38:14 ----D---- C:\WINDOWS\system32
2008-11-08 13:10:36 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-11-08 12:22:39 ----D---- C:\WINDOWS\system32\DirectX
2008-11-08 12:22:36 ----HD---- C:\WINDOWS\inf
2008-11-08 12:22:22 ----RSD---- C:\WINDOWS\assembly
2008-11-08 12:22:03 ----D---- C:\WINDOWS\Microsoft.NET
2008-11-08 12:21:42 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-07 17:17:16 ----D---- C:\Program Files\Java
2008-11-07 01:20:54 ----A---- C:\WINDOWS\win.ini
2008-11-04 09:54:03 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-01 16:58:53 ----A---- C:\WINDOWS\imsins.BAK
2008-11-01 16:57:00 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-01 16:52:15 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-11-01 16:48:12 ----D---- C:\WINDOWS\system32\CatRoot
2008-10-31 22:28:59 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-10-31 17:23:14 ----D---- C:\Program Files\Common Files\Adobe
2008-10-31 17:20:55 ----D---- C:\WINDOWS\WinSxS
2008-10-30 17:33:12 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-10-30 17:32:04 ----D---- C:\Program Files\Internet Explorer
2008-10-30 17:30:52 ----SD---- C:\WINDOWS\Tasks
2008-10-30 17:29:23 ----D---- C:\Program Files\Common Files
2008-10-29 09:28:16 ----SHD---- C:\RECYCLER
2008-10-27 13:27:46 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-10-27 13:21:03 ----D---- C:\WINDOWS\system32\wbem
2008-10-27 13:09:29 ----RSD---- C:\WINDOWS\Fonts
2008-10-27 09:20:54 ----HD---- C:\Program Files\InstallShield Installation Information
2008-10-27 09:13:09 ----D---- C:\Program Files\Common Files\System
2008-10-27 09:07:41 ----D---- C:\WINDOWS\system32\config
2008-10-25 19:03:43 ----D---- C:\WINDOWS\Help
2008-10-25 18:54:43 ----D---- C:\Program Files\Messenger
2008-10-25 18:52:36 ----D---- C:\WINDOWS\Media
2008-10-25 18:49:52 ----D---- C:\WINDOWS\Debug
2008-10-25 18:46:05 ----D---- C:\Program Files\Windows Media Player
2008-10-25 18:44:42 ----D---- C:\Program Files\Windows Media Connect
2008-10-25 18:32:19 ----A---- C:\WINDOWS\OEWABLog.txt
2008-10-25 18:31:30 ----A---- C:\WINDOWS\setuplog.txt
2008-10-25 18:30:56 ----D---- C:\WINDOWS\system32\Setup
2008-10-25 18:30:56 ----D---- C:\WINDOWS\AppPatch
2008-10-25 18:30:19 ----D---- C:\WINDOWS\security
2008-10-25 18:24:37 ----D---- C:\WINDOWS\system32\inetsrv
2008-10-25 18:24:37 ----D---- C:\WINDOWS\ime
2008-10-25 18:24:27 ----D---- C:\WINDOWS\system32\usmt
2008-10-25 18:24:24 ----D---- C:\WINDOWS\PeerNet
2008-10-25 18:24:24 ----D---- C:\Program Files\Movie Maker
2008-10-25 18:22:27 ----D---- C:\WINDOWS\system32\Restore
2008-10-25 18:22:26 ----D---- C:\WINDOWS\system32\npp
2008-10-25 18:22:26 ----D---- C:\WINDOWS\mui
2008-10-25 18:22:25 ----D---- C:\WINDOWS\msagent
2008-10-25 18:22:24 ----D---- C:\WINDOWS\srchasst
2008-10-25 18:22:23 ----D---- C:\Program Files\NetMeeting
2008-10-25 18:22:22 ----D---- C:\WINDOWS\system32\Com
2008-10-25 18:22:19 ----D---- C:\Program Files\Windows NT
2008-10-25 18:22:19 ----D---- C:\Program Files\Outlook Express
2008-10-25 18:22:00 ----D---- C:\WINDOWS\system32\oobe
2008-10-25 18:21:58 ----D---- C:\WINDOWS\system
2008-10-25 18:17:40 ----D---- C:\WINDOWS\ehome
2008-10-25 17:35:30 ----D---- C:\WINDOWS\SoftwareDistribution
2008-10-25 17:23:26 ----D---- C:\Documents and Settings
2008-10-25 17:23:05 ----SHD---- C:\System Volume Information
2008-10-25 17:23:00 ----RASH---- C:\boot.ini
2008-10-25 17:17:28 ----D---- C:\WINDOWS\Registration
2008-10-25 17:13:34 ----A---- C:\WINDOWS\system.ini
2008-10-25 17:10:21 ----D---- C:\WINDOWS\repair
2008-10-25 16:59:34 ----D---- C:\Program Files\Sony
2008-10-25 16:57:05 ----D---- C:\Program Files\Online Services
2008-10-25 16:50:17 ----D---- C:\WINDOWS\SONYSYS
2008-10-25 16:49:19 ----D---- C:\Program Files\Common Files\Sony Shared
2008-10-25 16:49:13 ----D---- C:\Documents and Settings\All Users\Application Data\Sony Corporation
2008-10-25 16:39:54 ----HD---- C:\Program Files\Uninstall Information
2008-10-15 11:34:24 ----A---- C:\WINDOWS\system32\netapi32.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 DMICall;Sony DMI Call service; C:\WINDOWS\system32\DRIVERS\DMICall.sys [2000-12-05 3952]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 mferkdk;VSCore mferkdk; \??\C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys []
R1 mfetdik;McAfee Inc.; C:\WINDOWS\system32\drivers\mfetdik.sys [2008-01-24 52104]
R1 Tosrfcom;Bluetooth RFCOMM from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfcom.sys [2005-08-01 64896]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.10.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2006-07-22 21275]
R2 FdRedir;FdRedir; \??\C:\Program Files\Common Files\Protector Suite QL\Drivers\FdRedir.sys []
R2 FileDisk2;FileDisk Protector Kernel Driver; \??\C:\Program Files\Common Files\Protector Suite QL\Drivers\filedisk.sys []
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-05 12544]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2006-02-28 13568]
R2 symlcbrd;symlcbrd; \??\C:\WINDOWS\system32\drivers\symlcbrd.sys []
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2004-11-22 108767]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-10-18 998656]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2005-10-18 202112]
R3 IFXTPM;IFXTPM; C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2005-10-21 36352]
R3 mfeapfk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfeapfk.sys [2008-01-24 64232]
R3 mfeavfk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfeavfk.sys [2008-01-24 72936]
R3 mfebopk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfebopk.sys [2008-01-24 33960]
R3 mfehidk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfehidk.sys [2008-01-24 171400]
R3 Mvc25U870_VID_1262&PID_25FD;Sony Visual Communication Camera VGP-VCC2; C:\WINDOWS\System32\Drivers\Mvc25U870.sys [2005-12-29 55680]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-06-20 3662400]
R3 SNC;Sony Notebook Control Device; C:\WINDOWS\System32\Drivers\SonyNC.sys [2000-11-09 48896]
R3 SonyImgF;Sony Image Conversion Filter Driver; C:\WINDOWS\system32\DRIVERS\SonyImgF.sys [2006-03-06 30080]
R3 SPI;Sony Programmable I/O Control Device; C:\WINDOWS\system32\DRIVERS\SonyPI.sys [2003-06-18 71961]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2005-11-17 1076472]
R3 TcUsb;TC USB Kernel Driver; C:\WINDOWS\System32\Drivers\tcusb.sys [2006-02-22 28800]
R3 ti21sony;ti21sony; C:\WINDOWS\system32\drivers\ti21sony.sys [2006-02-21 226304]
R3 tosporte;Bluetooth Port Driver from Toshiba; C:\WINDOWS\system32\DRIVERS\tosporte.sys [2006-02-10 47488]
R3 Tosrfbd;Bluetooth RFBUS from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfbd.sys [2006-04-13 108928]
R3 Tosrfbnp;Bluetooth RFBNEP from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfbnp.sys [2006-03-16 37632]
R3 Tosrfhid;Bluetooth RFHID from TOSHIBA; C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys [2006-02-08 62848]
R3 tosrfnds;Bluetooth Personal Area Network from TOSHIBA; C:\WINDOWS\system32\DRIVERS\tosrfnds.sys [2005-01-06 18612]
R3 Tosrfusb;Bluetooth USB Controller; C:\WINDOWS\System32\Drivers\tosrfusb.sys [2006-02-24 40192]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 w39n51;Intel(R) PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2006-02-26 1428480]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-10-18 721280]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2005-10-17 241408]
S1 d3f96ca3;d3f96ca3; C:\WINDOWS\System32\drivers\d3f96ca3.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2008-11-08 85969]
S3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-12-17 1353820]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-02-28 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
S3 toshidpt;TOSHIBA Bluetooth HID port driver; C:\WINDOWS\system32\drivers\Toshidpt.sys [2005-07-11 3712]
S3 TosRfSnd;Bluetooth Audio Device (WDM) from TOSHIBA; C:\WINDOWS\system32\drivers\TosRfSnd.sys [2006-03-15 52864]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-10-01 32000]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2006-02-28 114753]
R2 McAfeeFramework;McAfee Framework Service; C:\Program Files\McAfee\Common Framework\FrameworkService.exe [2007-10-25 103744]
R2 McShield;McAfee McShield; C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe [2008-01-24 144704]
R2 McTaskManager;McAfee Task Manager; C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe [2008-01-24 54608]
R2 MSSQL$MICROSOFTBCM;MSSQL$MICROSOFTBCM; C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe [2003-05-31 7544916]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-06-20 143428]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2006-02-28 217164]
R2 S24EventMonitor;Intel(R) PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2006-02-28 540745]
R2 VAIO Event Service;VAIO Event Service; C:\Program Files\Sony\VAIO Event Service\VESMgr.exe [2006-04-13 176128]
R2 VzCdbSvc;VAIO Entertainment Database Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [2005-11-28 131072]
R2 VzFw;VAIO Entertainment File Import Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe [2005-11-28 118784]
R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]
R3 Vcsw;VAIO Entertainment UPnP Client Adapter; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [2006-04-04 274432]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-10-27 69632]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment; C:\Program Files\Sony\Image Converter 2\IcVzMon.exe [2005-07-14 32768]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 MSCSPTISRV;MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [2006-04-27 53337]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PACSPTISVR;PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [2006-04-27 49241]
S3 SPTISRV;Sony SPTI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [2006-04-27 69718]
S3 SQLAgent$MICROSOFTBCM;SQLAgent$MICROSOFTBCM; C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlagent.EXE [2002-12-17 311872]
S3 SSScsiSV;SonicStage SCSI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe [2006-05-08 69632]
S3 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [2008-10-25 1120960]
S3 VAIO Entertainment TV Device Arbitration Service;VAIO Entertainment TV Device Arbitration Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe [2005-11-25 73728]
S3 VAIOMediaPlatform-IntegratedServer-AppServer;VAIO Media Integrated Server; C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe [2006-06-13 2084864]
S3 VAIOMediaPlatform-IntegratedServer-HTTP;VAIO Media Integrated Server (HTTP); C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2006-05-18 57344]
S3 VAIOMediaPlatform-IntegratedServer-UPnP;VAIO Media Integrated Server (UPnP); C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2006-05-18 770048]
S3 VAIOMediaPlatform-Mobile-Gateway;VAIO Media Gateway Server; C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe [2006-06-07 155648]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------
Attached Files
File Type: txt Gmer.txt (99.0 KB, 1 views)
File Type: txt info.txt (29.7 KB, 1 views)
minaccia is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Sponsored Links
Old 11-11-2008, 02:07 AM   #2 (permalink)
Analyst, Security Team
 
sjb007's Avatar
 
Join Date: Dec 2007
Location: Lincoln UK
Posts: 2,089
OS: Vista Premium 64x

My System

Re: probable spyware +windows alert messages
Hi there

Thank you for your patience. I will be helping you deal with the issues raised in your log from this point onwards

Before we start jumping into things, here is a quick basic note which I mention to everyone. The fix which I have provided for you is for this computer only, it should not be used on any other computer. Each fix is tailor made for the specific task in hand. If for some reason you have system restore disabled, then please re-enable it before proceeding, an infected restore is better than none. Please read through the fix first and set enough time aside to complete the task in one session. If there is anything you feel needs clarification then please ask - do not guess! Please copy and paste any requested logs into replies rather than add as attachments, this makes it easier for analysis.

Please note that the forum is very busy and if I don't hear from you within three days of this post this thread will be closed.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription

If this is a computer from a work place then please advise your IT department of the concerning issues before commencing past this point.

Please follow these directions in the order they are set out for you.

From looking at your log I see a few issues which need attention. I do notice that you have 2 anti virus applications running:

AV: Norton Internet Security 2006
AV: McAfee VirusScan Enterprise

Although this may seem like a sound idea to double your protection, you are actually putting your system at risk from conflicts and slowdowns as they fight for superiority. I would choose from just one from what you are running and uninstall the other.

Cracked (Illegal) Software

This is the main reason your computer is infected. Visiting cracksites/warezsites - and other questionable/illegal sites is always a risk.

Even a single click on the site can drop multiple forms of very serious malware, many of which disable your onboard protection, and System Restore.

If you install the cracked software, you are running executable files from these dubious, unknown sources. You are in effect giving these sources access to information on your hard disk, and potential control over the operation of your computer.

Additionally, cracked programs are illegal. Before posting for help, uninstall any such applications.

Referring to the Forum Rules which you should have read at the time of Registering at this forum, TSF does not support illegal activity. As such, be advised that any request for assistance in removing malware may go unanswered, or may be discontinued, if the cracked (illegal) software is still present on the machine

On with the fix....

Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Please include in your next post

> C:\ComboFix.txt
> New HijackThis log.
__________________
Better to die than be a coward - The Gurkha Motto
The Gurkha Justice Campaign

If we have helped you then please consider donating
sjb007 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 11-11-2008, 07:49 AM   #3 (permalink)
Registered User
 
Join Date: Nov 2008
Posts: 7
OS: xp sp3


Re: probable spyware +windows alert messages
Hi thanks for your reply.
I thought I already removed Norton, through the remove programs application in control panel, but I saw some Norton folders were still there, and I deleted those.
I removed the cracked software as asked.
Below you can find the .log files you asked me.

I hope to hear from you soon,

Thanks!

Combo fix:

ComboFix 08-11-10.01 - Owner 2008-11-11 10:29:16.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1333 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Owner\Application Data\gadcom
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\fbk.sts
c:\program files\Mjcore
c:\program files\Mjcore\Mjcore.dll
c:\windows\setup.exe
c:\windows\system32\Drivers\TDSSpxoe.sys
c:\windows\system32\MSINET.oca
c:\windows\system32\pac.txt
c:\windows\system32\TDSSktpa.dll

.
((((((((((((((((((((((((( Files Created from 2008-10-11 to 2008-11-11 )))))))))))))))))))))))))))))))
.

2008-11-09 13:20 . 2008-11-10 14:25 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-11-09 13:20 . 2008-11-10 14:55 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-08 17:58 . 2008-11-08 17:58 <DIR> d-------- C:\rsit
2008-11-08 17:37 . 2008-11-08 17:40 250 --a------ c:\windows\gmer.ini
2008-11-08 16:35 . 2008-11-08 16:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\NVIDIA
2008-11-08 14:30 . 2008-11-08 14:30 <DIR> d-------- c:\documents and settings\Owner\Application Data\McAfee
2008-11-08 13:15 . 2008-11-09 23:42 58 --a------ c:\windows\system32\winwp.bmp
2008-11-08 13:10 . 2008-11-09 16:24 150,528 --a------ c:\windows\system32\mkrnl.exe
2008-11-08 13:10 . 2008-11-08 13:10 10,000 --a------ c:\windows\system32\jsne87fidgf.dll
2008-11-08 13:09 . 2008-11-08 13:21 <DIR> d-------- c:\windows\system32\sX3i19
2008-11-08 13:09 . 2008-11-08 13:09 <DIR> d-------- c:\temp\PRE45
2008-11-08 13:09 . 2008-11-08 13:09 <DIR> d-------- C:\Temp
2008-11-08 13:09 . 2008-11-11 10:34 <DIR> d-------- C:\QUARANTINE
2008-11-08 13:09 . 2008-11-08 16:49 <DIR> d-------- c:\documents and settings\Owner\Application Data\NI.GSCNS
2008-11-08 13:09 . 2008-11-08 13:09 34,816 --a------ c:\windows\system32\prun.exe
2008-11-08 13:09 . 2008-11-08 13:09 10,000 --a------ c:\windows\system32\siejf93.dll
2008-11-08 12:49 . 2008-11-08 12:49 107,888 --a------ c:\windows\system32\CmdLineExt.dll
2008-11-08 12:22 . 2006-11-29 13:06 3,426,072 --a------ c:\windows\system32\d3dx9_32.dll
2008-11-08 12:22 . 2006-09-28 16:05 2,414,360 --a------ c:\windows\system32\d3dx9_31.dll
2008-11-08 12:22 . 2006-12-08 12:02 251,672 --a------ c:\windows\system32\xactengine2_5.dll
2008-11-08 12:22 . 2006-09-28 16:05 237,848 --a------ c:\windows\system32\xactengine2_4.dll
2008-11-08 12:22 . 2006-07-28 09:30 236,824 --a------ c:\windows\system32\xactengine2_3.dll
2008-11-08 12:22 . 2006-09-28 16:04 68,888 --a------ c:\windows\system32\xinput1_3.dll
2008-11-08 12:22 . 2006-07-28 09:30 62,744 --a------ c:\windows\system32\xinput1_2.dll
2008-11-08 12:22 . 2006-11-15 11:38 15,128 --a------ c:\windows\system32\x3daudio1_1.dll
2008-11-08 12:21 . 2005-05-26 15:34 2,297,552 --a------ c:\windows\system32\d3dx9_26.dll
2008-11-08 11:58 . 2008-11-08 11:58 <DIR> d-------- c:\documents and settings\Owner\Application Data\Sonic
2008-11-08 11:58 . 2008-11-08 11:58 <DIR> d-------- c:\documents and settings\Owner\Application Data\Leadertech
2008-11-08 11:58 . 2008-11-08 11:58 <DIR> d-------- c:\documents and settings\Owner\Application Data\DAEMON Tools
2008-11-07 17:17 . 2008-06-10 02:32 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-11-05 14:25 . 2008-11-05 14:25 <DIR> d-------- c:\windows\Applian FLV Player
2008-11-05 14:25 . 2008-11-05 14:25 <DIR> d-------- c:\program files\FLV Player
2008-11-05 13:30 . 2008-11-05 13:30 <DIR> d-------- c:\program files\SopCast
2008-11-01 16:45 . 2008-11-01 16:45 <DIR> d-------- c:\program files\Microsoft CAPICOM 2.1.0.2
2008-10-31 14:32 . 2008-10-31 14:32 <DIR> d-------- c:\windows\Sun
2008-10-31 10:15 . 2008-10-31 10:15 <DIR> d-------- c:\documents and settings\Owner\Application Data\Windows Search
2008-10-30 17:33 . 2008-10-31 22:34 <DIR> d-------- c:\documents and settings\Owner\Application Data\Apple Computer
2008-10-30 17:33 . 2008-04-17 12:12 107,368 --a------ c:\windows\system32\GEARAspi.dll
2008-10-30 17:33 . 2008-04-17 12:12 15,464 --a------ c:\windows\system32\drivers\GEARAspiWDM.sys
2008-10-30 17:32 . 2008-10-30 17:33 <DIR> d-------- c:\program files\iTunes
2008-10-30 17:32 . 2008-10-30 17:32 <DIR> d-------- c:\program files\iPod
2008-10-30 17:32 . 2008-10-30 17:33 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-30 17:31 . 2008-10-30 17:32 <DIR> d-------- c:\program files\QuickTime
2008-10-30 17:31 . 2008-10-30 17:32 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple Computer
2008-10-30 17:30 . 2008-10-30 17:30 <DIR> d-------- c:\program files\Apple Software Update
2008-10-30 17:30 . 2008-10-01 12:01 32,000 --a------ c:\windows\system32\drivers\usbaapl.sys
2008-10-30 17:29 . 2008-10-30 17:31 <DIR> d-------- c:\program files\Common Files\Apple
2008-10-30 17:29 . 2008-10-30 17:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple
2008-10-30 17:16 . 2008-04-13 16:12 159,232 --a------ c:\windows\system32\ptpusd.dll
2008-10-30 17:16 . 2008-04-13 10:45 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2008-10-30 17:16 . 2008-04-13 10:45 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys
2008-10-30 17:16 . 2001-08-17 21:36 5,632 --a------ c:\windows\system32\ptpusb.dll
2008-10-29 17:40 . 2008-10-29 17:40 <DIR> d-------- c:\documents and settings\Owner\Application Data\vlc
2008-10-29 17:28 . 2008-10-29 17:28 <DIR> d-------- c:\program files\VideoLAN
2008-10-29 17:28 . 2008-10-29 17:28 <DIR> d-------- c:\program files\StreamerOne
2008-10-29 13:54 . 2008-11-11 10:35 <DIR> d-------- c:\program files\DNA
2008-10-29 13:54 . 2008-11-11 10:35 <DIR> d-------- c:\documents and settings\Owner\Application Data\DNA
2008-10-27 18:27 . 2008-10-27 18:27 <DIR> d-------- c:\program files\WinSCP
2008-10-27 18:15 . 2008-10-27 18:15 <DIR> d-------- c:\program files\cygwin
2008-10-27 18:15 . 2008-10-27 19:39 <DIR> d-------- C:\cygwin
2008-10-27 13:44 . 2008-11-11 09:37 <DIR> d-------- c:\documents and settings\Owner\Application Data\skypePM
2008-10-27 13:44 . 2008-10-27 13:44 56 --ah----- c:\windows\system32\ezsidmv.dat
2008-10-27 13:43 . 2008-10-27 13:43 <DIR> d-------- c:\program files\Skype
2008-10-27 13:43 . 2008-10-27 13:43 <DIR> d-------- c:\program files\Common Files\Skype
2008-10-27 13:43 . 2008-11-11 10:13 <DIR> d-------- c:\documents and settings\Owner\Application Data\Skype
2008-10-27 13:43 . 2008-10-27 13:43 <DIR> d-------- c:\documents and settings\All Users\Application Data\Skype
2008-10-27 13:28 . 2005-06-18 17:57 25,088 --a------ c:\windows\system32\spdifcp.dll
2008-10-27 13:22 . 2008-10-27 13:22 <DIR> d-------- c:\documents and settings\Owner\Application Data\Windows Desktop Search
2008-10-27 13:21 . 2008-10-27 13:21 <DIR> d-------- c:\windows\system32\GroupPolicy
2008-10-27 13:21 . 2008-10-27 13:21 <DIR> d-------- c:\program files\Windows Desktop Search
2008-10-27 13:19 . 2008-03-07 12:02 192,000 -----c--- c:\windows\system32\dllcache\offfilt.dll
2008-10-27 13:19 . 2008-03-07 12:02 98,304 -----c--- c:\windows\system32\dllcache\nlhtml.dll
2008-10-27 13:19 . 2008-03-07 12:02 29,696 -----c--- c:\windows\system32\dllcache\mimefilt.dll
2008-10-27 13:18 . 2007-07-30 18:19 271,224 --a------ c:\windows\system32\mucltui.dll
2008-10-27 13:18 . 2007-07-30 18:19 207,736 --a------ c:\windows\system32\muweb.dll
2008-10-27 13:18 . 2007-07-30 18:19 30,072 --a------ c:\windows\system32\mucltui.dll.mui
2008-10-27 12:57 . 2008-10-27 12:57 <DIR> d-------- c:\documents and settings\Owner\Application Data\MathWorks
2008-10-27 12:34 . 2008-10-27 12:34 <DIR> d-------- c:\program files\MATLAB
2008-10-27 09:36 . 2008-10-31 17:45 <DIR> d-------- c:\documents and settings\Owner\Application Data\AdobeUM
2008-10-27 09:20 . 2008-11-11 09:58 <DIR> d-------- C:\swp55
2008-10-27 09:08 . 2006-10-26 18:56 32,592 --a------ c:\windows\system32\msonpmon.dll
2008-10-27 08:58 . 2008-11-11 09:51 <DIR> d-------- c:\documents and settings\All Users\Application Data\Microsoft Help
2008-10-27 08:31 . 2008-11-08 16:50 229,376 --a------ c:\documents and settings\Owner\cwshredder.dll
2008-10-27 00:15 . 2008-10-27 00:15 <DIR> d-------- C:\research2
2008-10-26 17:13 . 2008-10-26 17:13 <DIR> d-------- c:\documents and settings\Owner\Application Data\Roxio
2008-10-26 12:54 . 2008-10-26 12:54 <DIR> d-------- c:\program files\McAfee
2008-10-26 12:54 . 2008-10-26 12:54 <DIR> d-------- c:\program files\Common Files\McAfee
2008-10-26 12:54 . 2008-10-26 12:54 <DIR> d-------- c:\program files\Common Files\Cisco Systems
2008-10-26 12:54 . 2008-11-08 14:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\McAfee
2008-10-26 12:54 . 2007-10-25 17:06 1,495,552 --a------ c:\windows\system32\epoPGPsdk.dll
2008-10-26 12:54 . 2008-01-24 22:50 171,400 --a------ c:\windows\system32\drivers\mfehidk.sys
2008-10-26 12:54 . 2008-01-24 22:50 72,936 --a------ c:\windows\system32\drivers\mfeavfk.sys
2008-10-26 12:54 . 2008-01-24 22:50 64,232 --a------ c:\windows\system32\drivers\mfeapfk.sys
2008-10-26 12:54 . 2008-01-24 22:50 52,104 --a------ c:\windows\system32\drivers\mfetdik.sys
2008-10-26 12:54 . 2008-01-24 22:50 33,960 --a------ c:\windows\system32\drivers\mfebopk.sys
2008-10-26 12:54 . 2007-10-25 17:06 280 --a------ c:\windows\system32\epoPGPsdk.dll.sig
2008-10-26 12:41 . 2008-10-26 12:41 0 --a------ c:\windows\nsreg.dat
2008-10-25 18:54 . 2008-10-25 18:54 <DIR> d-------- c:\program files\MSXML 4.0
2008-10-25 18:52 . 2008-10-03 12:41 6,066,176 -----c--- c:\windows\system32\dllcache\ieframe.dll
2008-10-25 18:52 . 2007-04-17 04:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat
2008-10-25 18:52 . 2007-03-08 00:10 991,232 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui
2008-10-25 18:52 . 2008-08-26 02:24 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll
2008-10-25 18:52 . 2008-08-26 02:24 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll
2008-10-25 18:52 . 2008-08-26 02:24 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll
2008-10-25 18:52 . 2008-08-26 02:24 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll
2008-10-25 18:52 . 2008-08-26 02:24 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll
2008-10-25 18:52 . 2008-08-25 03:38 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe
2008-10-25 18:46 . 2008-10-25 18:46 <DIR> d-------- c:\program files\Windows Media Connect 2
2008-10-25 18:44 . 2008-10-25 18:44 <DIR> d-------- c:\windows\system32\LogFiles
2008-10-25 18:44 . 2008-10-25 18:45 <DIR> d-------- c:\windows\system32\drivers\UMDF
2008-10-25 18:40 . 2008-09-08 05:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys
2008-10-25 18:40 . 2008-06-13 06:05 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys
2008-10-25 18:40 . 2008-07-07 15:26 253,952 -----c--- c:\windows\system32\dllcache\es.dll
2008-10-25 18:40 . 2008-05-08 09:02 203,136 -----c--- c:\windows\system32\dllcache\rmcast.sys
2008-10-25 18:40 . 2008-05-09 05:53 180,224 -----c--- c:\windows\system32\dllcache\scrobj.dll
2008-10-25 18:40 . 2008-05-09 05:53 172,032 -----c--- c:\windows\system32\dllcache\scrrun.dll
2008-10-25 18:40 . 2008-05-08 06:24 155,648 -----c--- c:\windows\system32\dllcache\wscript.exe
2008-10-25 18:40 . 2008-05-09 03:45 135,168 -----c--- c:\windows\system32\dllcache\cscript.exe
2008-10-25 18:40 . 2008-05-09 05:53 90,112 -----c--- c:\windows\system32\dllcache\wshext.dll
2008-10-25 18:40 . 2008-06-24 11:43 74,240 -----c--- c:\windows\system32\dllcache\mscms.dll
2008-10-25 18:39 . 2008-09-15 07:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys
2008-10-25 18:39 . 2008-05-07 00:12 1,288,192 -----c--- c:\windows\system32\dllcache\quartz.dll
2008-10-25 18:38 . 2008-08-14 05:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-25 18:38 . 2008-08-14 05:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-25 18:38 . 2008-08-14 04:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-11 15:04 --------- d-----w c:\program files\Common Files\Adobe
2008-11-11 15:02 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-07 22:17 --------- d-----w c:\program files\Java
2008-10-25 23:44 --------- d-----w c:\program files\Windows Media Connect
2008-10-25 21:59 --------- d-----w c:\program files\Sony
2008-10-25 21:49 --------- d-----w c:\program files\Common Files\Sony Shared
2008-10-25 21:49 --------- d-----w c:\documents and settings\All Users\Application Data\Sony Corporation
2008-10-25 21:26 --------- d-----w c:\documents and settings\Administrator\Application Data\Sony Corporation
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C5AF42A3-94F3-42BD-F434-3604832C897D}]
2008-11-08 13:09 10000 --a------ c:\windows\system32\siejf93.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-09-23 21755688]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-10-29 342336]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-17 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-17 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-17 118784]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-11-17 118784]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-02-28 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-02-28 602182]
"EOUApp"="c:\program files\Intel\Wireless\Bin\EOUWiz.exe" [2006-02-28 569413]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-20 7561216]
"VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-19 28672]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2006-06-13 217088]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]
"VAIO Update 2"="c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-10-11 151552]
"NapsterShell"="c:\program files\Napster\napster.exe" [2006-06-29 319488]
"Switcher.exe"="c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2006-02-14 176128]
"DISCover"="c:\program files\DISC\DISCover.exe" [2006-06-01 1077248]
"Biomenu"="c:\program files\Protector Suite QL\menusw.exe" [2006-02-22 1354240]
"VAIOSurvey"="c:\program files\sony\vaio survey\surveysa.exe" [2005-06-13 258048]
"VAIOCameraUtility"="c:\program files\Sony\VAIO Camera Utility\VCUServe.exe" [2005-12-27 69632]
"HostManager"="c:\program files\Common Files\AOL\1224971836\ee\AOLSoftware.exe" [2006-04-13 50792]
"PartSeal"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-19 28672]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-01-24 111952]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2007-10-25 136512]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 29696]
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2006-04-07 1773568]
Trend Micro Anti-Spyware.lnk - c:\program files\Trend Micro\Tmas\Tmas.exe [2008-10-25 1310720]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{C5AF42A3-94F3-42BD-F434-3604832C897D}"= "c:\windows\system32\siejf93.dll" [2008-11-08 10000]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{03A80B1D-5C6A-42c2-9DFB-81B6005D8023}"= "c:\program files\Trend Micro\Tmas\sshook.dll" [2008-10-25 77824]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2006-02-22 20:11 39936 c:\windows\system32\fusstub.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2006-03-09 16:51 73728 c:\windows\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= c:\progra~1\COMMON~1\SONYSH~1\VideoLib\sonydv.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli fusstub

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\cygwin\\usr\\X11R6\\bin\\XWin.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\StreamerOne\\StreamerOne.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 shpf;Sony HDD Protection Filter Driver;c:\windows\system32\DRIVERS\shpf.sys [2005-11-21 9216]
R2 FdRedir;FdRedir;c:\program files\Common Files\Protector Suite QL\Drivers\FdRedir.sys [2006-02-22 13440]
R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\Common Files\Protector Suite QL\Drivers\filedisk.sys [2006-02-22 33024]
R3 IFXTPM;IFXTPM;c:\windows\system32\DRIVERS\IFXTPM.SYS [2005-10-21 36352]
R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\DRIVERS\SonyImgF.sys [2006-03-06 30080]
R3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\DRIVERS\SonyPI.sys [2003-06-18 71961]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2006-02-21 226304]
S1 d3f96ca3;d3f96ca3;c:\windows\system32\drivers\d3f96ca3.sys [ ]
S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment;c:\program files\Sony\Image Converter 2\IcVzMon.exe [2005-07-14 32768]
.
Contents of the 'Scheduled Tasks' folder

2008-10-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
- - - - ORPHANS REMOVED - - - -

BHO-{C5BF49A2-94F3-42BD-F434-3604812C897D} - (no file)
HKCU-Run-msupdate.exe - c:\windows\system32\msupdate.exe
HKCU-Run-GetPack24 - c:\program files\GetPack\GetPack24.exe
HKCU-Run-jsg8jfgfdfhfhf - c:\docume~1\Owner\LOCALS~1\Temp\winlogun.exe
HKLM-Run-URLLSTCK.exe - c:\program files\Norton Internet Security\UrlLstCk.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\g4tuw41u.default\
FF -: plugin - c:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - c:\program files\DNA\plugins\npbtdna.dll
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-11 10:34:22
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\program files\McAfee\VirusScan Enterprise\Mcshield.exe
c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe
c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
c:\program files\McAfee\Common Framework\naPrdMgr.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\searchindexer.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
c:\program files\Apoint\ApntEx.exe
c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\DISC\DiscStreamHub.exe
c:\program files\McAfee\Common Framework\Mctray.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Completion time: 2008-11-11 10:41:55 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-11 15:41:50

Pre-Run: 96,380,911,616 bytes free
Post-Run: 96,399,880,192 bytes free

309 --- E O F --- 2008-11-01 22:12:28

hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:45:07 AM, on 11/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Program Files\Napster\napster.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\Protector Suite QL\menusw.exe
C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
C:\Program Files\Common Files\AOL\1224971836\ee\AOLSoftware.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\Tmas\Tmas.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll
O2 - BHO: C:\WINDOWS\system32\siejf93.dll - {C5AF42A3-94F3-42BD-F434-3604832C897D} - C:\WINDOWS\system32\siejf93.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SonyPowerCfg] "C:\Program Files\Sony\VAIO Power Management\SPMgr.exe"
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe
O4 - HKLM\..\Run: [Biomenu] "C:\Program Files\Protector Suite QL\menusw.exe"
O4 - HKLM\..\Run: [VAIOSurvey] c:\program files\sony\vaio survey\surveysa.exe
O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1224971836\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [PartSeal] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1224974123968
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: lke3iemrl490kgfgdsfd - {C5AF42A3-94F3-42BD-F434-3604832C897D} - C:\WINDOWS\system32\siejf93.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

--
End of file - 12879 bytes

thanks again
minaccia is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 11-11-2008, 04:23 PM   #4 (permalink)
Analyst, Security Team
 
sjb007's Avatar
 
Join Date: Dec 2007
Location: Lincoln UK
Posts: 2,089
OS: Vista Premium 64x

My System

Re: probable spyware +windows alert messages
Hi there minaccia

I notice that you have Tea timer running which is part of Spybot's Search & Destroy. While this is a great tool to have, it can stop the fix from working correctly. We need to disable your TeaTimer for now

1) Run Spybot-S&D
2) Go to the Mode menu, and make sure "Advanced Mode" is selected
3) On the left hand side, choose Tools -> Resident
4) Uncheck "Resident TeaTimer" and OK any prompts
5) Restart your computer.

After all of the fixes are complete it is very important that you enable TeaTimer again, I will let you know when it is safe to do so.

Download ResetTeaTimer.bat by right-clicking on the link, and choosing Save As.

* Save it to your Desktop.
* Double-click ResetTeaTimer.zip
* Double-click ResetTeaTimer.bat and click Run to remove all entries set by TeaTimer.

A Tutorial for Tea Timer can be found here -> http://russelltexas.com/malware/teatimer.htm

Next Steps....

I notice that the recovery console was not installed during the run of combofix. We need to install this before we proceed further.

Go to Microsoft's website => http://support.microsoft.com/kb/310994
Select the download that's appropriate for your Operating System



Download the file & save it as it's originally named, next to ComboFix.exe.



Now close all open windows and programs, including all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Drag the setup package onto ComboFix.exe and drop it.
  • Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.
  • At the next prompt, click 'NO' to exit ComboFix.

Once done.....

Go to start menu - Select Run and in the command box type in notepad
Next - copy/paste the text in the code box below into it:

Quote:
File::
c:\windows\system32\winwp.bmp
c:\windows\system32\mkrnl.exe
c:\windows\system32\jsne87fidgf.dll
c:\windows\system32\prun.exe
c:\windows\system32\siejf93.dll

Folder::
c:\windows\system32\sX3i19
c:\temp\PRE45
C:\Documents and Settings\Owner\Application Data\NI.GSCNS

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C5AF42A3-94F3-42BD-F434-3604832C897D}]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{C5AF42A3-94F3-42BD-F434-3604832C897D}"=-

- Save this to your desktop as CFScript.txt
- Drag the CFScript.txt over onto Combofix.exe and release.



Combofix will then execute the script and produce a fresh log
If your computer does not reboot on completion then reboot it now and generate and fresh HJT log.

Post both logs back to me in your next reply.
__________________
Better to die than be a coward - The Gurkha Motto
The Gurkha Justice Campaign

If we have helped you then please consider donating
sjb007 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 11-12-2008, 09:24 AM   #5 (permalink)
Registered User
 
Join Date: Nov 2008
Posts: 7
OS: xp sp3


Re: probable spyware +windows alert messages
Hi thanks again for your help.
I followed your instructions.
Below you may find the logs:

HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:21:22 PM, on 11/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Program Files\Napster\napster.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\Protector Suite QL\menusw.exe
C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
C:\Program Files\Common Files\AOL\1224971836\ee\AOLSoftware.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Trend Micro\Tmas\Tmas.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SonyPowerCfg] "C:\Program Files\Sony\VAIO Power Management\SPMgr.exe"
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe
O4 - HKLM\..\Run: [Biomenu] "C:\Program Files\Protector Suite QL\menusw.exe"
O4 - HKLM\..\Run: [VAIOSurvey] c:\program files\sony\vaio survey\surveysa.exe
O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1224971836\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [PartSeal] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1224974123968
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

--
End of file - 12485 bytes

Combofix log:

ComboFix 08-11-11.01 - Owner 2008-11-12 12:05:35.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1330 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
* Created a new restore point

FILE ::
c:\windows\system32\jsne87fidgf.dll
c:\windows\system32\mkrnl.exe
c:\windows\system32\prun.exe
c:\windows\system32\siejf93.dll
c:\windows\system32\winwp.bmp
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Owner\Application Data\NI.GSCNS
c:\documents and settings\Owner\Application Data\NI.GSCNS\dl.ini
c:\documents and settings\Owner\Application Data\NI.GSCNS\settings.ini
c:\temp\PRE45
c:\windows\system32\jsne87fidgf.dll
c:\windows\system32\mkrnl.exe
c:\windows\system32\prun.exe
c:\windows\system32\siejf93.dll
c:\windows\system32\sX3i19
c:\windows\system32\winwp.bmp

.
((((((((((((((((((((((((( Files Created from 2008-10-12 to 2008-11-12 )))))))))))))))))))))))))))))))
.

2008-11-11 18:44 . 2008-10-24 06:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-11 18:43 . 2008-09-04 12:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-11 14:05 . 2008-11-11 14:06 <DIR> d-------- c:\program files\McAfee
2008-11-11 14:05 . 2008-11-11 14:05 <DIR> d-------- c:\program files\Common Files\McAfee
2008-11-11 14:05 . 2008-01-24 20:50 171,400 --a------ c:\windows\system32\drivers\mfehidk.sys
2008-11-11 14:05 . 2008-01-24 20:50 72,936 --a------ c:\windows\system32\drivers\mfeavfk.sys
2008-11-11 14:05 . 2008-01-24 20:50 64,232 --a------ c:\windows\system32\drivers\mfeapfk.sys
2008-11-11 14:05 . 2008-01-24 20:50 52,104 --a------ c:\windows\system32\drivers\mfetdik.sys
2008-11-11 14:05 . 2008-01-24 20:50 33,960 --a------ c:\windows\system32\drivers\mfebopk.sys
2008-11-09 13:20 . 2008-11-12 10:57 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-11-09 13:20 . 2008-11-12 10:56 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-08 17:58 . 2008-11-08 17:58 <DIR> d-------- C:\rsit
2008-11-08 17:37 . 2008-11-08 17:40 250 --a------ c:\windows\gmer.ini
2008-11-08 16:35 . 2008-11-08 16:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\NVIDIA
2008-11-08 14:30 . 2008-11-08 14:30 <DIR> d-------- c:\documents and settings\Owner\Application Data\McAfee
2008-11-08 13:09 . 2008-11-12 12:05 <DIR> d-------- C:\Temp
2008-11-08 13:09 . 2008-11-12 10:07 <DIR> d-------- C:\QUARANTINE
2008-11-08 12:49 . 2008-11-08 12:49 107,888 --a------ c:\windows\system32\CmdLineExt.dll
2008-11-08 12:22 . 2006-11-29 13:06 3,426,072 --a------ c:\windows\system32\d3dx9_32.dll
2008-11-08 12:22 . 2006-09-28 16:05 2,414,360 --a------ c:\windows\system32\d3dx9_31.dll
2008-11-08 12:22 . 2006-12-08 12:02 251,672 --a------ c:\windows\system32\xactengine2_5.dll
2008-11-08 12:22 . 2006-09-28 16:05 237,848 --a------ c:\windows\system32\xactengine2_4.dll
2008-11-08 12:22 . 2006-07-28 09:30 236,824 --a------ c:\windows\system32\xactengine2_3.dll
2008-11-08 12:22 . 2006-09-28 16:04 68,888 --a------ c:\windows\system32\xinput1_3.dll
2008-11-08 12:22 . 2006-07-28 09:30 62,744 --a------ c:\windows\system32\xinput1_2.dll
2008-11-08 12:22 . 2006-11-15 11:38 15,128 --a------ c:\windows\system32\x3daudio1_1.dll
2008-11-08 12:21 . 2005-05-26 15:34 2,297,552 --a------ c:\windows\system32\d3dx9_26.dll
2008-11-08 11:58 . 2008-11-08 11:58 <DIR> d-------- c:\documents and settings\Owner\Application Data\Sonic
2008-11-08 11:58 . 2008-11-08 11:58 <DIR> d-------- c:\documents and settings\Owner\Application Data\Leadertech
2008-11-08 11:58 . 2008-11-08 11:58 <DIR> d-------- c:\documents and settings\Owner\Application Data\DAEMON Tools
2008-11-07 17:17 . 2008-06-10 02:32 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-11-05 14:25 . 2008-11-05 14:25 <DIR> d-------- c:\windows\Applian FLV Player
2008-11-05 14:25 . 2008-11-05 14:25 <DIR> d-------- c:\program files\FLV Player
2008-11-05 13:30 . 2008-11-05 13:30 <DIR> d-------- c:\program files\SopCast
2008-11-01 16:45 . 2008-11-01 16:45 <DIR> d-------- c:\program files\Microsoft CAPICOM 2.1.0.2
2008-10-31 14:32 . 2008-10-31 14:32 <DIR> d-------- c:\windows\Sun
2008-10-31 10:15 . 2008-10-31 10:15 <DIR> d-------- c:\documents and settings\Owner\Application Data\Windows Search
2008-10-30 17:33 . 2008-10-31 22:34 <DIR> d-------- c:\documents and settings\Owner\Application Data\Apple Computer
2008-10-30 17:33 . 2008-04-17 12:12 107,368 --a------ c:\windows\system32\GEARAspi.dll
2008-10-30 17:33 . 2008-04-17 12:12 15,464 --a------ c:\windows\system32\drivers\GEARAspiWDM.sys
2008-10-30 17:32 . 2008-10-30 17:33 <DIR> d-------- c:\program files\iTunes
2008-10-30 17:32 . 2008-10-30 17:32 <DIR> d-------- c:\program files\iPod
2008-10-30 17:32 . 2008-10-30 17:33 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-30 17:31 . 2008-10-30 17:32 <DIR> d-------- c:\program files\QuickTime
2008-10-30 17:31 . 2008-10-30 17:32 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple Computer
2008-10-30 17:30 . 2008-10-30 17:30 <DIR> d-------- c:\program files\Apple Software Update
2008-10-30 17:30 . 2008-10-01 12:01 32,000 --a------ c:\windows\system32\drivers\usbaapl.sys
2008-10-30 17:29 . 2008-10-30 17:31 <DIR> d-------- c:\program files\Common Files\Apple
2008-10-30 17:29 . 2008-10-30 17:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple
2008-10-30 17:16 . 2008-04-13 16:12 159,232 --a------ c:\windows\system32\ptpusd.dll
2008-10-30 17:16 . 2008-04-13 10:45 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2008-10-30 17:16 . 2008-04-13 10:45 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys
2008-10-30 17:16 . 2001-08-17 21:36 5,632 --a------ c:\windows\system32\ptpusb.dll
2008-10-29 17:40 . 2008-10-29 17:40 <DIR> d-------- c:\documents and settings\Owner\Application Data\vlc
2008-10-29 17:28 . 2008-10-29 17:28 <DIR> d-------- c:\program files\VideoLAN
2008-10-29 17:28 . 2008-10-29 17:28 <DIR> d-------- c:\program files\StreamerOne
2008-10-29 13:54 . 2008-11-12 11:36 <DIR> d-------- c:\program files\DNA
2008-10-29 13:54 . 2008-11-12 12:07 <DIR> d-------- c:\documents and settings\Owner\Application Data\DNA
2008-10-27 18:27 . 2008-10-27 18:27 <DIR> d-------- c:\program files\WinSCP
2008-10-27 18:15 . 2008-10-27 18:15 <DIR> d-------- c:\program files\cygwin
2008-10-27 18:15 . 2008-10-27 19:39 <DIR> d-------- C:\cygwin
2008-10-27 13:44 . 2008-11-12 11:23 <DIR> d-------- c:\documents and settings\Owner\Application Data\skypePM
2008-10-27 13:44 . 2008-10-27 13:44 56 --ah----- c:\windows\system32\ezsidmv.dat
2008-10-27 13:43 . 2008-10-27 13:43 <DIR> d-------- c:\program files\Skype
2008-10-27 13:43 . 2008-10-27 13:43 <DIR> d-------- c:\program files\Common Files\Skype
2008-10-27 13:43 . 2008-11-12 11:24 <DIR> d-------- c:\documents and settings\Owner\Application Data\Skype
2008-10-27 13:43 . 2008-10-27 13:43 <DIR> d-------- c:\documents and settings\All Users\Application Data\Skype
2008-10-27 13:28 . 2005-06-18 17:57 25,088 --a------ c:\windows\system32\spdifcp.dll
2008-10-27 13:22 . 2008-10-27 13:22 <DIR> d-------- c:\documents and settings\Owner\Application Data\Windows Desktop Search
2008-10-27 13:21 . 2008-10-27 13:21 <DIR> d-------- c:\windows\system32\GroupPolicy
2008-10-27 13:21 . 2008-10-27 13:21 <DIR> d-------- c:\program files\Windows Desktop Search
2008-10-27 13:19 . 2008-03-07 12:02 192,000 -----c--- c:\windows\system32\dllcache\offfilt.dll
2008-10-27 13:19 . 2008-03-07 12:02 98,304 -----c--- c:\windows\system32\dllcache\nlhtml.dll
2008-10-27 13:19 . 2008-03-07 12:02 29,696 -----c--- c:\windows\system32\dllcache\mimefilt.dll
2008-10-27 13:18 . 2007-07-30 18:19 271,224 --a------ c:\windows\system32\mucltui.dll
2008-10-27 13:18 . 2007-07-30 18:19 207,736 --a------ c:\windows\system32\muweb.dll
2008-10-27 13:18 . 2007-07-30 18:19 30,072 --a------ c:\windows\system32\mucltui.dll.mui
2008-10-27 12:57 . 2008-10-27 12:57 <DIR> d-------- c:\documents and settings\Owner\Application Data\MathWorks
2008-10-27 12:34 . 2008-10-27 12:34 <DIR> d-------- c:\program files\MATLAB
2008-10-27 09:36 . 2008-10-31 17:45 <DIR> d-------- c:\documents and settings\Owner\Application Data\AdobeUM
2008-10-27 09:20 . 2008-11-11 09:58 <DIR> d-------- C:\swp55
2008-10-27 09:08 . 2006-10-26 18:56 32,592 --a------ c:\windows\system32\msonpmon.dll
2008-10-27 08:58 . 2008-11-11 09:51 <DIR> d-------- c:\documents and settings\All Users\Application Data\Microsoft Help
2008-10-27 08:31 . 2008-11-08 16:50 229,376 --a------ c:\documents and settings\Owner\cwshredder.dll
2008-10-27 00:15 . 2008-10-27 00:15 <DIR> d-------- C:\research2
2008-10-26 17:13 . 2008-10-26 17:13 <DIR> d-------- c:\documents and settings\Owner\Application Data\Roxio
2008-10-26 12:54 . 2008-10-26 12:54 <DIR> d-------- c:\program files\Common Files\Cisco Systems
2008-10-26 12:54 . 2008-11-11 14:06 <DIR> d-------- c:\documents and settings\All Users\Application Data\McAfee
2008-10-26 12:54 . 2007-10-25 17:06 1,495,552 --a------ c:\windows\system32\epoPGPsdk.dll
2008-10-26 12:54 . 2007-10-25 17:06 280 --a------ c:\windows\system32\epoPGPsdk.dll.sig
2008-10-26 12:41 . 2008-10-26 12:41 0 --a------ c:\windows\nsreg.dat
2008-10-25 18:54 . 2008-10-25 18:54 <DIR> d-------- c:\program files\MSXML 4.0
2008-10-25 18:52 . 2008-10-03 12:41 6,066,176 -----c--- c:\windows\system32\dllcache\ieframe.dll
2008-10-25 18:52 . 2007-04-17 04:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat
2008-10-25 18:52 . 2007-03-08 00:10 991,232 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui
2008-10-25 18:52 . 2008-08-26 02:24 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll
2008-10-25 18:52 . 2008-08-26 02:24 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll
2008-10-25 18:52 . 2008-08-26 02:24 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll
2008-10-25 18:52 . 2008-08-26 02:24 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll
2008-10-25 18:52 . 2008-08-26 02:24 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll
2008-10-25 18:52 . 2008-08-25 03:38 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe
2008-10-25 18:46 . 2008-10-25 18:46 <DIR> d-------- c:\program files\Windows Media Connect 2
2008-10-25 18:44 . 2008-10-25 18:44 <DIR> d-------- c:\windows\system32\LogFiles
2008-10-25 18:44 . 2008-10-25 18:45 <DIR> d-------- c:\windows\system32\drivers\UMDF
2008-10-25 18:40 . 2008-09-08 05:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys
2008-10-25 18:40 . 2008-06-13 06:05 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys
2008-10-25 18:40 . 2008-07-07 15:26 253,952 -----c--- c:\windows\system32\dllcache\es.dll
2008-10-25 18:40 . 2008-05-08 09:02 203,136 -----c--- c:\windows\system32\dllcache\rmcast.sys
2008-10-25 18:40 . 2008-05-09 05:53 180,224 -----c--- c:\windows\system32\dllcache\scrobj.dll
2008-10-25 18:40 . 2008-05-09 05:53 172,032 -----c--- c:\windows\system32\dllcache\scrrun.dll
2008-10-25 18:40 . 2008-05-08 06:24 155,648 -----c--- c:\windows\system32\dllcache\wscript.exe
2008-10-25 18:40 . 2008-05-09 03:45 135,168 -----c--- c:\windows\system32\dllcache\cscript.exe
2008-10-25 18:40 . 2008-05-09 05:53 90,112 -----c--- c:\windows\system32\dllcache\wshext.dll
2008-10-25 18:40 . 2008-06-24 11:43 74,240 -----c--- c:\windows\system32\dllcache\mscms.dll
2008-10-25 18:39 . 2008-09-15 07:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys
2008-10-25 18:39 . 2008-05-07 00:12 1,288,192 -----c--- c:\windows\system32\dllcache\quartz.dll
2008-10-25 18:38 . 2008-08-14 05:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-25 18:38 . 2008-08-14 05:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-25 18:38 . 2008-08-14 04:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-25 18:38 . 2008-08-14 04:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-10-25 18:35 . 2008-04-11 14:04 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll
2008-10-25 18:35 . 2008-05-01 09:33 331,776 -----c--- c:\windows\system32\dllcache\msadce.dll
2008-10-25 18:34 . 2008-10-15 11:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2008-10-25 18:30 . 2008-10-25 18:30 0 --a------ c:\windows\tosOBEX.INI
2008-10-25 18:24 . 2008-10-25 18:24 <DIR> d-------- c:\windows\system32\scripting

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-11 15:04 --------- d-----w c:\program files\Common Files\Adobe
2008-11-11 15:02 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-07 22:17 --------- d-----w c:\program files\Java
2008-10-25 23:44 --------- d-----w c:\program files\Windows Media Connect
2008-10-25 21:59 --------- d-----w c:\program files\Sony
2008-10-25 21:49 --------- d-----w c:\program files\Common Files\Sony Shared
2008-10-25 21:49 --------- d-----w c:\documents and settings\All Users\Application Data\Sony Corporation
2008-10-25 21:26 --------- d-----w c:\documents and settings\Administrator\Application Data\Sony Corporation
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
.

((((((((((((((((((((((((((((( snapshot@2008-11-11_10.41.29.65 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-24 11:21:09 455,296 ------w c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2008-11-11 23:44:54 32,768 ----a-r c:\windows\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}\icon.exe
- 2008-04-14 00:12:01 1,306,624 -c----w c:\windows\system32\dllcache\msxml6.dll
+ 2008-09-10 01:14:56 1,307,648 -c----w c:\windows\system32\dllcache\msxml6.dll
- 2008-10-07 19:19:42 16,721,856 ----a-w c:\windows\system32\MRT.exe
+ 2008-11-04 00:10:25 17,318,336 ----a-w c:\windows\system32\MRT.exe
- 2008-04-14 00:12:01 1,104,896 ----a-w c:\windows\system32\msxml3.dll
+ 2008-09-04 17:15:04 1,106,944 ----a-w c:\windows\system32\msxml3.dll
- 2007-05-08 22:03:04 1,275,392 ----a-w c:\windows\system32\msxml4.dll
+ 2008-09-30 21:43:34 1,286,152 ----a-w c:\windows\system32\msxml4.dll
- 2008-04-14 00:12:01 1,306,624 ------w c:\windows\system32\msxml6.dll
+ 2008-09-10 01:14:56 1,307,648 ----a-w c:\windows\system32\msxml6.dll
- 2007-07-27 17:41:40 16,760 ------w c:\windows\system32\spmsg.dll
+ 2008-07-08 13:02:01 17,272 ------w c:\windows\system32\spmsg.dll
+ 2008-11-12 17:08:39 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_8c.dat
+ 2008-09-30 21:42:08 1,286,152 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9870.0_x-ww_a32d74cf\msxml4.dll
+ 2008-09-30 21:45:12 91,656 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.1.0_x-ww_2a41bceb\msxml4r.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-09-23 21755688]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-11-11 342336]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-17 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-17 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-17 118784]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-11-17 118784]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-02-28 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-02-28 602182]
"EOUApp"="c:\program files\Intel\Wireless\Bin\EOUWiz.exe" [2006-02-28 569413]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-20 7561216]
"VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-19 28672]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2006-06-13 217088]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]
"VAIO Update 2"="c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-10-11 151552]
"NapsterShell"="c:\program files\Napster\napster.exe" [2006-06-29 319488]
"Switcher.exe"="c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2006-02-14 176128]
"DISCover"="c:\program files\DISC\DISCover.exe" [2006-06-01 1077248]
"Biomenu"="c:\program files\Protector Suite QL\menusw.exe" [2006-02-22 1354240]
"VAIOSurvey"="c:\program files\sony\vaio survey\surveysa.exe" [2005-06-13 258048]
"VAIOCameraUtility"="c:\program files\Sony\VAIO Camera Utility\VCUServe.exe" [2005-12-27 69632]
"HostManager"="c:\program files\Common Files\AOL\1224971836\ee\AOLSoftware.exe" [2006-04-13 50792]
"PartSeal"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-19 28672]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-01-24 111952]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2007-10-25 136512]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 29696]
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2006-04-07 1773568]
Trend Micro Anti-Spyware.lnk - c:\program files\Trend Micro\Tmas\Tmas.exe [2008-10-25 1310720]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{03A80B1D-5C6A-42c2-9DFB-81B6005D8023}"= "c:\program files\Trend Micro\Tmas\sshook.dll" [2008-10-25 77824]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2006-02-22 20:11 39936 c:\windows\system32\fusstub.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2006-03-09 16:51 73728 c:\windows\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= c:\progra~1\COMMON~1\SONYSH~1\VideoLib\sonydv.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli fusstub

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\cygwin\\usr\\X11R6\\bin\\XWin.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\StreamerOne\\StreamerOne.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 shpf;Sony HDD Protection Filter Driver;c:\windows\system32\DRIVERS\shpf.sys [2005-11-21 9216]
R2 FdRedir;FdRedir;c:\program files\Common Files\Protector Suite QL\Drivers\FdRedir.sys [2006-02-22 13440]
R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\Common Files\Protector Suite QL\Drivers\filedisk.sys [2006-02-22 33024]
R3 IFXTPM;IFXTPM;c:\windows\system32\DRIVERS\IFXTPM.SYS [2005-10-21 36352]
R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\DRIVERS\SonyImgF.sys [2006-03-06 30080]
R3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\DRIVERS\SonyPI.sys [2003-06-18 71961]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2006-02-21 226304]
S1 d3f96ca3;d3f96ca3;c:\windows\system32\drivers\d3f96ca3.sys [ ]
S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment;c:\program files\Sony\Image Converter 2\IcVzMon.exe [2005-07-14 32768]
.
Contents of the 'Scheduled Tasks' folder

2008-10-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-12 12:09:25
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe
c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
c:\program files\McAfee\Common Framework\naPrdMgr.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\searchindexer.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
c:\program files\Apoint\ApntEx.exe
c:\program files\McAfee\VirusScan Enterprise\Mcshield.exe
c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\DISC\DiscStreamHub.exe
c:\program files\McAfee\Common Framework\Mctray.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Completion time: 2008-11-12 12:16:41 - machine was rebooted [Owner]
ComboFix-quarantined-files.txt 2008-11-12 17:16:35
ComboFix2.txt 2008-11-11 15:41:57

Pre-Run: 100,894,142,464 bytes free
Post-Run: 100,871,458,816 bytes free

319 --- E O F --- 2008-11-01 22:12:28

Thanks again
minaccia is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 11-12-2008, 03:51 PM   #6 (permalink)
Analyst, Security Team
 
sjb007's Avatar
 
Join Date: Dec 2007
Location: Lincoln UK
Posts: 2,089
OS: Vista Premium 64x

My System

Re: probable spyware +windows alert messages
Hi minaccia, great work. So far so good.

Just a couple more files to take care of, then I want you to run an online scan with kaspersky...

Go to start menu - Select Run and in the command box type in notepad
Next - copy/paste the text in the code box below into it:

Quote:
File::
c:\windows\system32\epoPGPsdk.dll
c:\windows\system32\epoPGPsdk.dll.sig
- Save this to your desktop as CFScript.txt
- Drag the CFScript.txt over onto Combofix.exe and release.



Combofix will then execute the script and produce a fresh log
If your computer does not reboot on completion then reboot it now and generate and fresh HJT log.

Now lets clear out some unwanted junk...

Download and scan with CCleaner lite
1.Double click the file and install ccleaner

2. Before first use, select Options > Advanced and UNCHECK "Only delete files in Windows Temp folder older than 48 hours"

3. Then select the items you wish to clean up.

In the Windows Tab:
  • Clean all entries in the "Internet Explorer" section.
  • Clean all the entries in the "Windows Explorer" section.
  • Clean all entries in the "System" section.
  • Clean all entries in the "Advanced" section.
  • Clean any others that you choose.
In the Applications Tab:
  • Clean all in the Firefox/Mozilla section if you use it.
  • Clean all in the Opera section if you use it.
  • Clean Sun Java in the Internet Section.
  • Clean any others that you choose.
4. Click the "Run Cleaner" button.
5. A pop up box will appear advising this process will permanently delete files from your system.
6. Click "OK" and it will scan and clean your system.
7. Click "exit" when done.

Next.....

Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online Scanner.

Click Accept, when prompted to download and install the program files and database of malware definitions.
  • Click Run at the Security prompt.
  • The program will then begin downloading and installing and will also update the database.
  • Please be patient as this can take several minutes.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.
  • Click the Save Report As... button.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

This animation will guide you through the process:


**Note**

To optimize scanning time and produce a more sensible report for review:
Close any open programs
Turn off the real time scanner of any existing antivirus program while performing the online scan. You may disconnect from the internet once you begin the scan.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

Please post back with the resulting logs from combofix and kaspersky
__________________
Better to die than be a coward - The Gurkha Motto
The Gurkha Justice Campaign

If we have helped you then please consider donating
sjb007 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 11-13-2008, 10:08 AM   #7 (permalink)
Registered User
 
Join Date: Nov 2008
Posts: 7
OS: xp sp3


Re: probable spyware +windows alert messages
Hi sjb007, thanks for your effort again.
Again I followed your instructions and below you may find the reports:

Combofix

ComboFix 08-11-11.01 - Owner 2008-11-12 19:29:13.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.997 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active


FILE ::
c:\windows\system32\epoPGPsdk.dll
c:\windows\system32\epoPGPsdk.dll.sig
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\epoPGPsdk.dll
c:\windows\system32\epoPGPsdk.dll.sig

.
((((((((((((((((((((((((( Files Created from 2008-10-13 to 2008-11-13 )))))))))))))))))))))))))))))))
.

2008-11-11 18:44 . 2008-10-24 06:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-11 18:43 . 2008-09-04 12:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-11 14:05 . 2008-11-11 14:06 <DIR> d-------- c:\program files\McAfee
2008-11-11 14:05 . 2008-11-11 14:05 <DIR> d-------- c:\program files\Common Files\McAfee
2008-11-11 14:05 . 2008-01-24 20:50 171,400 --a------ c:\windows\system32\drivers\mfehidk.sys
2008-11-11 14:05 . 2008-01-24 20:50 72,936 --a------ c:\windows\system32\drivers\mfeavfk.sys
2008-11-11 14:05 . 2008-01-24 20:50 64,232 --a------ c:\windows\system32\drivers\mfeapfk.sys
2008-11-11 14:05 . 2008-01-24 20:50 52,104 --a------ c:\windows\system32\drivers\mfetdik.sys
2008-11-11 14:05 . 2008-01-24 20:50 33,960 --a------ c:\windows\system32\drivers\mfebopk.sys
2008-11-09 13:20 . 2008-11-12 10:57 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-11-09 13:20 . 2008-11-12 10:56 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-08 17:58 . 2008-11-08 17:58 <DIR> d-------- C:\rsit
2008-11-08 17:37 . 2008-11-08 17:40 250 --a------ c:\windows\gmer.ini
2008-11-08 16:35 . 2008-11-08 16:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\NVIDIA
2008-11-08 14:30 . 2008-11-08 14:30 <DIR> d-------- c:\documents and settings\Owner\Application Data\McAfee
2008-11-08 13:09 . 2008-11-12 12:05 <DIR> d-------- C:\Temp
2008-11-08 13:09 . 2008-11-12 19:29 <DIR> d-------- C:\QUARANTINE
2008-11-08 12:49 . 2008-11-08 12:49 107,888 --a------ c:\windows\system32\CmdLineExt.dll
2008-11-08 12:22 . 2006-11-29 13:06 3,426,072 --a------ c:\windows\system32\d3dx9_32.dll
2008-11-08 12:22 . 2006-09-28 16:05 2,414,360 --a------ c:\windows\system32\d3dx9_31.dll
2008-11-08 12:22 . 2006-12-08 12:02 251,672 --a------ c:\windows\system32\xactengine2_5.dll
2008-11-08 12:22 . 2006-09-28 16:05 237,848 --a------ c:\windows\system32\xactengine2_4.dll
2008-11-08 12:22 . 2006-07-28 09:30 236,824 --a------ c:\windows\system32\xactengine2_3.dll
2008-11-08 12:22 . 2006-09-28 16:04 68,888 --a------ c:\windows\system32\xinput1_3.dll
2008-11-08 12:22 . 2006-07-28 09:30 62,744 --a------ c:\windows\system32\xinput1_2.dll
2008-11-08 12:22 . 2006-11-15 11:38 15,128 --a------ c:\windows\system32\x3daudio1_1.dll
2008-11-08 12:21 . 2005-05-26 15:34 2,297,552 --a------ c:\windows\system32\d3dx9_26.dll
2008-11-08 11:58 . 2008-11-08 11:58 <DIR> d-------- c:\documents and settings\Owner\Application Data\Sonic
2008-11-08 11:58 . 2008-11-08 11:58 <DIR> d-------- c:\documents and settings\Owner\Application Data\Leadertech
2008-11-08 11:58 . 2008-11-08 11:58 <DIR> d-------- c:\documents and settings\Owner\Application Data\DAEMON Tools
2008-11-07 17:17 . 2008-06-10 02:32 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-11-05 14:25 . 2008-11-05 14:25 <DIR> d-------- c:\windows\Applian FLV Player
2008-11-05 14:25 . 2008-11-05 14:25 <DIR> d-------- c:\program files\FLV Player
2008-11-05 13:30 . 2008-11-05 13:30 <DIR> d-------- c:\program files\SopCast
2008-11-01 16:45 . 2008-11-01 16:45 <DIR> d-------- c:\program files\Microsoft CAPICOM 2.1.0.2
2008-10-31 14:32 . 2008-10-31 14:32 <DIR> d-------- c:\windows\Sun
2008-10-31 10:15 . 2008-10-31 10:15 <DIR> d-------- c:\documents and settings\Owner\Application Data\Windows Search
2008-10-30 17:33 . 2008-10-31 22:34 <DIR> d-------- c:\documents and settings\Owner\Application Data\Apple Computer
2008-10-30 17:33 . 2008-04-17 12:12 107,368 --a------ c:\windows\system32\GEARAspi.dll
2008-10-30 17:33 . 2008-04-17 12:12 15,464 --a------ c:\windows\system32\drivers\GEARAspiWDM.sys
2008-10-30 17:32 . 2008-10-30 17:33 <DIR> d-------- c:\program files\iTunes
2008-10-30 17:32 . 2008-10-30 17:32 <DIR> d-------- c:\program files\iPod
2008-10-30 17:32 . 2008-10-30 17:33 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-30 17:31 . 2008-10-30 17:32 <DIR> d-------- c:\program files\QuickTime
2008-10-30 17:31 . 2008-10-30 17:32 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple Computer
2008-10-30 17:30 . 2008-10-30 17:30 <DIR> d-------- c:\program files\Apple Software Update
2008-10-30 17:30 . 2008-10-01 12:01 32,000 --a------ c:\windows\system32\drivers\usbaapl.sys
2008-10-30 17:29 . 2008-10-30 17:31 <DIR> d-------- c:\program files\Common Files\Apple
2008-10-30 17:29 . 2008-10-30 17:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple
2008-10-30 17:16 . 2008-04-13 16:12 159,232 --a------ c:\windows\system32\ptpusd.dll
2008-10-30 17:16 . 2008-04-13 10:45 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2008-10-30 17:16 . 2008-04-13 10:45 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys
2008-10-30 17:16 . 2001-08-17 21:36 5,632 --a------ c:\windows\system32\ptpusb.dll
2008-10-29 17:40 . 2008-10-29 17:40 <DIR> d-------- c:\documents and settings\Owner\Application Data\vlc
2008-10-29 17:28 . 2008-10-29 17:28 <DIR> d-------- c:\program files\VideoLAN
2008-10-29 17:28 . 2008-10-29 17:28 <DIR> d-------- c:\program files\StreamerOne
2008-10-29 13:54 . 2008-11-12 19:35 <DIR> d-------- c:\program files\DNA
2008-10-29 13:54 . 2008-11-12 19:35 <DIR> d-------- c:\documents and settings\Owner\Application Data\DNA
2008-10-27 18:27 . 2008-10-27 18:27 <DIR> d-------- c:\program files\WinSCP
2008-10-27 18:15 . 2008-10-27 18:15 <DIR> d-------- c:\program files\cygwin
2008-10-27 18:15 . 2008-10-27 19:39 <DIR> d-------- C:\cygwin
2008-10-27 13:44 . 2008-11-12 19:36 <DIR> d-------- c:\documents and settings\Owner\Application Data\skypePM
2008-10-27 13:44 . 2008-10-27 13:44 56 --ah----- c:\windows\system32\ezsidmv.dat
2008-10-27 13:43 . 2008-10-27 13:43 <DIR> d-------- c:\program files\Skype
2008-10-27 13:43 . 2008-10-27 13:43 <DIR> d-------- c:\program files\Common Files\Skype
2008-10-27 13:43 . 2008-11-12 19:36 <DIR> d-------- c:\documents and settings\Owner\Application Data\Skype
2008-10-27 13:43 . 2008-10-27 13:43 <DIR> d-------- c:\documents and settings\All Users\Application Data\Skype
2008-10-27 13:28 . 2005-06-18 17:57 25,088 --a------ c:\windows\system32\spdifcp.dll
2008-10-27 13:22 . 2008-10-27 13:22 <DIR> d-------- c:\documents and settings\Owner\Application Data\Windows Desktop Search
2008-10-27 13:21 . 2008-10-27 13:21 <DIR> d-------- c:\windows\system32\GroupPolicy
2008-10-27 13:21 . 2008-10-27 13:21 <DIR> d-------- c:\program files\Windows Desktop Search
2008-10-27 13:19 . 2008-03-07 12:02 192,000 -----c--- c:\windows\system32\dllcache\offfilt.dll
2008-10-27 13:19 . 2008-03-07 12:02 98,304 -----c--- c:\windows\system32\dllcache\nlhtml.dll
2008-10-27 13:19 . 2008-03-07 12:02 29,696 -----c--- c:\windows\system32\dllcache\mimefilt.dll
2008-10-27 13:18 . 2007-07-30 18:19 271,224 --a------ c:\windows\system32\mucltui.dll
2008-10-27 13:18 . 2007-07-30 18:19 207,736 --a------ c:\windows\system32\muweb.dll
2008-10-27 13:18 . 2007-07-30 18:19 30,072 --a------ c:\windows\system32\mucltui.dll.mui
2008-10-27 12:57 . 2008-10-27 12:57 <DIR> d-------- c:\documents and settings\Owner\Application Data\MathWorks
2008-10-27 12:34 . 2008-10-27 12:34 <DIR> d-------- c:\program files\MATLAB
2008-10-27 09:36 . 2008-10-31 17:45 <DIR> d-------- c:\documents and settings\Owner\Application Data\AdobeUM
2008-10-27 09:20 . 2008-11-11 09:58 <DIR> d-------- C:\swp55
2008-10-27 09:08 . 2006-10-26 18:56 32,592 --a------ c:\windows\system32\msonpmon.dll
2008-10-27 08:58 . 2008-11-11 09:51 <DIR> d-------- c:\documents and settings\All Users\Application Data\Microsoft Help
2008-10-27 08:31 . 2008-11-08 16:50 229,376 --a------ c:\documents and settings\Owner\cwshredder.dll
2008-10-27 00:15 . 2008-10-27 00:15 <DIR> d-------- C:\research2
2008-10-26 17:13 . 2008-10-26 17:13 <DIR> d-------- c:\documents and settings\Owner\Application Data\Roxio
2008-10-26 12:54 . 2008-10-26 12:54 <DIR> d-------- c:\program files\Common Files\Cisco Systems
2008-10-26 12:54 . 2008-11-11 14:06 <DIR> d-------- c:\documents and settings\All Users\Application Data\McAfee
2008-10-26 12:41 . 2008-10-26 12:41 0 --a------ c:\windows\nsreg.dat
2008-10-25 18:54 . 2008-10-25 18:54 <DIR> d-------- c:\program files\MSXML 4.0
2008-10-25 18:52 . 2008-10-03 12:41 6,066,176 -----c--- c:\windows\system32\dllcache\ieframe.dll
2008-10-25 18:52 . 2007-04-17 04:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat
2008-10-25 18:52 . 2007-03-08 00:10 991,232 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui
2008-10-25 18:52 . 2008-08-26 02:24 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll
2008-10-25 18:52 . 2008-08-26 02:24 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll
2008-10-25 18:52 . 2008-08-26 02:24 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll
2008-10-25 18:52 . 2008-08-26 02:24 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll
2008-10-25 18:52 . 2008-08-26 02:24 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll
2008-10-25 18:52 . 2008-08-25 03:38 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe
2008-10-25 18:46 . 2008-10-25 18:46 <DIR> d-------- c:\program files\Windows Media Connect 2
2008-10-25 18:44 . 2008-10-25 18:44 <DIR> d-------- c:\windows\system32\LogFiles
2008-10-25 18:44 . 2008-10-25 18:45 <DIR> d-------- c:\windows\system32\drivers\UMDF
2008-10-25 18:40 . 2008-09-08 05:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys
2008-10-25 18:40 . 2008-06-13 06:05 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys
2008-10-25 18:40 . 2008-07-07 15:26 253,952 -----c--- c:\windows\system32\dllcache\es.dll
2008-10-25 18:40 . 2008-05-08 09:02 203,136 -----c--- c:\windows\system32\dllcache\rmcast.sys
2008-10-25 18:40 . 2008-05-09 05:53 180,224 -----c--- c:\windows\system32\dllcache\scrobj.dll
2008-10-25 18:40 . 2008-05-09 05:53 172,032 -----c--- c:\windows\system32\dllcache\scrrun.dll
2008-10-25 18:40 . 2008-05-08 06:24 155,648 -----c--- c:\windows\system32\dllcache\wscript.exe
2008-10-25 18:40 . 2008-05-09 03:45 135,168 -----c--- c:\windows\system32\dllcache\cscript.exe
2008-10-25 18:40 . 2008-05-09 05:53 90,112 -----c--- c:\windows\system32\dllcache\wshext.dll
2008-10-25 18:40 . 2008-06-24 11:43 74,240 -----c--- c:\windows\system32\dllcache\mscms.dll
2008-10-25 18:39 . 2008-09-15 07:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys
2008-10-25 18:39 . 2008-05-07 00:12 1,288,192 -----c--- c:\windows\system32\dllcache\quartz.dll
2008-10-25 18:38 . 2008-08-14 05:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-25 18:38 . 2008-08-14 05:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-25 18:38 . 2008-08-14 04:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-25 18:38 . 2008-08-14 04:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-10-25 18:35 . 2008-04-11 14:04 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll
2008-10-25 18:35 . 2008-05-01 09:33 331,776 -----c--- c:\windows\system32\dllcache\msadce.dll
2008-10-25 18:34 . 2008-10-15 11:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2008-10-25 18:30 . 2008-10-25 18:30 0 --a------ c:\windows\tosOBEX.INI
2008-10-25 18:24 . 2008-10-25 18:24 <DIR> d-------- c:\windows\system32\scripting
2008-10-25 18:24 . 2008-10-25 18:24 <DIR> d-------- c:\windows\system32\en
2008-10-25 18:24 . 2008-10-25 18:24 <DIR> d-------- c:\windows\system32\bits

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-11 15:04 --------- d-----w c:\program files\Common Files\Adobe
2008-11-11 15:02 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-07 22:17 --------- d-----w c:\program files\Java
2008-10-25 23:44 --------- d-----w c:\program files\Windows Media Connect
2008-10-25 21:59 --------- d-----w c:\program files\Sony
2008-10-25 21:49 --------- d-----w c:\program files\Common Files\Sony Shared
2008-10-25 21:49 --------- d-----w c:\documents and settings\All Users\Application Data\Sony Corporation
2008-10-25 21:26 --------- d-----w c:\documents and settings\Administrator\Application Data\Sony Corporation
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
.

((((((((((((((((((((((((((((( snapshot@2008-11-11_10.41.29.65 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-24 11:21:09 455,296 ------w c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2008-11-11 23:44:54 32,768 ----a-r c:\windows\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}\icon.exe
- 2008-04-14 00:12:01 1,306,624 -c----w c:\windows\system32\dllcache\msxml6.dll
+ 2008-09-10 01:14:56 1,307,648 -c----w c:\windows\system32\dllcache\msxml6.dll
- 2008-10-07 19:19:42 16,721,856 ----a-w c:\windows\system32\MRT.exe
+ 2008-11-04 00:10:25 17,318,336 ----a-w c:\windows\system32\MRT.exe
- 2008-04-14 00:12:01 1,104,896 ----a-w c:\windows\system32\msxml3.dll
+ 2008-09-04 17:15:04 1,106,944 ----a-w c:\windows\system32\msxml3.dll
- 2007-05-08 22:03:04 1,275,392 ----a-w c:\windows\system32\msxml4.dll
+ 2008-09-30 21:43:34 1,286,152 ----a-w c:\windows\system32\msxml4.dll
- 2008-04-14 00:12:01 1,306,624 ------w c:\windows\system32\msxml6.dll
+ 2008-09-10 01:14:56 1,307,648 ----a-w c:\windows\system32\msxml6.dll
- 2007-07-27 17:41:40 16,760 ------w c:\windows\system32\spmsg.dll
+ 2008-07-08 13:02:01 17,272 ------w c:\windows\system32\spmsg.dll
+ 2008-11-13 00:33:20 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_2e0.dat
+ 2008-09-30 21:42:08 1,286,152 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9870.0_x-ww_a32d74cf\msxml4.dll
+ 2008-09-30 21:45:12 91,656 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.1.0_x-ww_2a41bceb\msxml4r.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-09-23 21755688]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-11-11 342336]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-17 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-17 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-17 118784]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-11-17 118784]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-02-28 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-02-28 602182]
"EOUApp"="c:\program files\Intel\Wireless\Bin\EOUWiz.exe" [2006-02-28 569413]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-20 7561216]
"VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-19 28672]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2006-06-13 217088]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]
"VAIO Update 2"="c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-10-11 151552]
"NapsterShell"="c:\program files\Napster\napster.exe" [2006-06-29 319488]
"Switcher.exe"="c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2006-02-14 176128]
"DISCover"="c:\program files\DISC\DISCover.exe" [2006-06-01 1077248]
"Biomenu"="c:\program files\Protector Suite QL\menusw.exe" [2006-02-22 1354240]
"VAIOSurvey"="c:\program files\sony\vaio survey\surveysa.exe" [2005-06-13 258048]
"VAIOCameraUtility"="c:\program files\Sony\VAIO Camera Utility\VCUServe.exe" [2005-12-27 69632]
"HostManager"="c:\program files\Common Files\AOL\1224971836\ee\AOLSoftware.exe" [2006-04-13 50792]
"PartSeal"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-19 28672]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-01-24 111952]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2007-10-25 136512]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 29696]
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2006-04-07 1773568]
Trend Micro Anti-Spyware.lnk - c:\program files\Trend Micro\Tmas\Tmas.exe [2008-10-25 1310720]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{03A80B1D-5C6A-42c2-9DFB-81B6005D8023}"= "c:\program files\Trend Micro\Tmas\sshook.dll" [2008-10-25 77824]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2006-02-22 20:11 39936 c:\windows\system32\fusstub.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2006-03-09 16:51 73728 c:\windows\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= c:\progra~1\COMMON~1\SONYSH~1\VideoLib\sonydv.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli fusstub

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\cygwin\\usr\\X11R6\\bin\\XWin.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\StreamerOne\\StreamerOne.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 shpf;Sony HDD Protection Filter Driver;c:\windows\system32\DRIVERS\shpf.sys [2005-11-21 9216]
R2 FdRedir;FdRedir;c:\program files\Common Files\Protector Suite QL\Drivers\FdRedir.sys [2006-02-22 13440]
R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\Common Files\Protector Suite QL\Drivers\filedisk.sys [2006-02-22 33024]
R3 IFXTPM;IFXTPM;c:\windows\system32\DRIVERS\IFXTPM.SYS [2005-10-21 36352]
R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\DRIVERS\SonyImgF.sys [2006-03-06 30080]
R3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\DRIVERS\SonyPI.sys [2003-06-18 71961]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2006-02-21 226304]
S1 d3f96ca3;d3f96ca3;c:\windows\system32\drivers\d3f96ca3.sys [ ]
S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment;c:\program files\Sony\Image Converter 2\IcVzMon.exe [2005-07-14 32768]
.
Contents of the 'Scheduled Tasks' folder

2008-10-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-12 19:35:27
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\program files\McAfee\VirusScan Enterprise\Mcshield.exe
c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe
c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\windows\system32\searchindexer.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Apoint\ApntEx.exe
c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\McAfee\Common Framework\Mctray.exe
c:\program files\DISC\DiscStreamHub.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Completion time: 2008-11-12 19:41:32 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-13 00:41:26
ComboFix2.txt 2008-11-12 17:16:43
ComboFix3.txt 2008-11-11 15:41:57

Pre-Run: 100,820,160,512 bytes free
Post-Run: 100,807,163,904 bytes free

309 --- E O F --- 2008-11-01 22:12:28

Kaspersky

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Thursday, November 13, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, November 12, 2008 22:52:42
Records in database: 1382106
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Files scanned: 173904
Threat name: 2
Infected objects: 2
Suspicious objects: 0
Duration of the scan: 01:51:30


File name / Threat name / Threats count
C:\Qoobox\Quarantine\C\WINDOWS\system32\mkrnl.exe.vir Infected: Trojan.Win32.FraudPack.guu 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\prun.exe.vir Infected: Trojan.Win32.VB.gop 1

The selected area was scanned.


Thanks again
minaccia is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 11-13-2008, 03:52 PM   #8 (permalink)
Analyst, Security Team
 
sjb007's Avatar
 
Join Date: Dec 2007
Location: Lincoln UK
Posts: 2,089
OS: Vista Premium 64x

My System

Re: probable spyware +windows alert messages
Hi minaccia

What kaspersky found in the report is already held in quarantine by combofix and will be flushed out at the end of the fix. Just one file I am curoius about

We will need to unhide hidden files:
Double click on your computer
From the tools menu select folder options
Click on the view tab
Scrol down to where it says hidden files and folder
Place a check in the box entitled show hidden files and folders
remove the check mark next to hide protected operating system files (recommended)
Click on apply
Click on ok

Please go to: VirusTotal
  • In the middle of the page you'll find a "Browse" button.



    Click the "Browse" button and browse to this file in RED:

    c:\windows\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}\icon.exe
    (please note that the long string of digits within brackets is actually a folder name)

  • Click "Open".
  • Then click the "Send File" button at the bottom of the VirusTotal page.
  • This will scan the file. Please be patient.
  • Once scanned, copy and paste the results in your next reply.

Update me on how you computer is running now
__________________
Better to die than be a coward - The Gurkha Motto
The Gurkha Justice Campaign

If we have helped you then please consider donating
sjb007 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 11-13-2008, 08:30 PM   #9 (permalink)
Registered User
 
Join Date: Nov 2008
Posts: 7
OS: xp sp3


Re: probable spyware +windows alert messages
Hi again:

here is the report from Virus total:

File icon.exe received on 11.14.2008 05:22:52 (CET)
Current status: finished
Result: 0/36 (0.00%)
Compact Compact
Print results Print results
Antivirus Version Last Update Result
AhnLab-V3 2008.11.14.0 2008.11.14 -
AntiVir 7.9.0.31 2008.11.13 -
Authentium 5.1.0.4 2008.11.14 -
Avast 4.8.1281.0 2008.11.14 -
AVG 8.0.0.199 2008.11.14 -
BitDefender 7.2 2008.11.14 -
CAT-QuickHeal 10.00 2008.11.13 -
ClamAV 0.94.1 2008.11.13 -
DrWeb 4.44.0.09170 2008.11.14 -
eSafe 7.0.17.0 2008.11.13 -
eTrust-Vet 31.6.6208 2008.11.13 -
Ewido 4.0 2008.11.13 -
F-Prot 4.4.4.56 2008.11.13 -
F-Secure 8.0.14332.0 2008.11.14 -
Fortinet 3.117.0.0 2008.11.13 -
GData 19 2008.11.14 -
Ikarus T3.1.1.45.0 2008.11.14 -
K7AntiVirus 7.10.524 2008.11.13 -
Kaspersky 7.0.0.125 2008.11.14 -
McAfee 5433 2008.11.13 -
Microsoft 1.4104 2008.11.14 -
NOD32 3612 2008.11.13 -
Norman 5.80.02 2008.11.13 -
Panda 9.0.0.4 2008.11.14 -
PCTools 4.4.2.0 2008.11.13 -
Prevx1 V2 2008.11.14 -
Rising 21.03.31.00 2008.11.13 -
SecureWeb-Gateway 6.7.6 2008.11.14 -
Sophos 4.35.0 2008.11.14 -
Sunbelt 3.1.1785.2 2008.11.11 -
Symantec 10 2008.11.14 -
TheHacker 6.3.1.1.152 2008.11.13 -
TrendMicro 8.700.0.1004 2008.11.13 -
VBA32 3.12.8.9 2008.11.13 -
ViRobot 2008.11.13.1466 2008.11.13 -
VirusBuster 4.5.11.0 2008.11.13 -
Additional information
File size: 32768 bytes
MD5...: c82dcdcab8aff3d50bfc1d0aa5b82157
SHA1..: fc20b297edd27a66d68e399b8acbaef4a1c11d37
SHA256: 1b9e755356bbe2e2a14595aaf827a3f339619a898ad6232492297b0083fec625
SHA512: 2760e91ba5005e80db7132b75e7ca50e6f0e63efc362debe5852922caeed82ca
62e0e0d59d135a3fba4d6a046bb7b993e86ba1861c921fbd11bb90dc740c5120
PEiD..: Armadillo v1.71
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x401010
timedatestamp.....: 0x3b8c2646 (Tue Aug 28 23:16:22 2001)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x288e 0x3000 5.91 5c750246800ed8cf9f2a2a31395672ec
.rdata 0x4000 0x736 0x1000 3.01 0081f7ef1a173dc3908c7477e1f91b23
.data 0x5000 0x9bc 0x1000 0.87 5dd0366f742b8f20fd3b8ef03763cab4
.rsrc 0x6000 0x13e8 0x2000 2.06 a874f34c3aeb816236bac9d9b242410c

( 1 imports )
> KERNEL32.dll: VirtualFree, GetStartupInfoA, GetCommandLineA, GetVersion, ExitProcess, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, GetModuleFileNameA, FreeEnvironmentStringsA, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStrings, GetEnvironmentStringsW, SetHandleCount, GetStdHandle, GetFileType, HeapDestroy, HeapCreate, GetModuleHandleA, HeapFree, RtlUnwind, WriteFile, GetCPInfo, GetACP, GetOEMCP, HeapAlloc, VirtualAlloc, HeapReAlloc, GetProcAddress, LoadLibraryA, MultiByteToWideChar, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW

( 0 exports )
ThreatExpert info: http://www.threatexpert.com/report.a...fc1d0aa5b82157

My computer seems working fine right now, but I still have McAfee and TeaTimer disabled, so I don't know if those programs will signal the presence of any malaware once enabled...but I guess you are able to tell me if my computer is still infected.

Thanks again for your time,

and I will wait for your next reply
minaccia is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 11-13-2008, 11:57 PM   #10 (permalink)
Analyst, Security Team
 
sjb007's Avatar
 
Join Date: Dec 2007
Location: Lincoln UK
Posts: 2,089
OS: Vista Premium 64x

My System

Re: probable spyware +windows alert messages
Hi there minaccia

Your logs are looking clear. You may now re-enable any programs. You may also now re-hide system files.

Your Adobe Acrobat Reader is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Adobe Reader is a large program and if you prefer a smaller program you can get Foxit 2.0 from http://www.foxitsoftware.com/pdf/rd_intro.php

There is a newer version of Adobe Acrobat Reader available.
  • Please go to this link Adobe Acrobat Reader Download Link
  • Click Download
  • On the right Untick Adobe Phototshop Album Starter Edition if you do not wish to include this in the installation.
  • Click the Continue button
  • Click Run, and click Run again
  • Next click the Install Now button and follow the on screen prompts

When the installation is complete go to Add/Remove Programs and uninstall all previous versions.

You also have some old versions of java running. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
Please download JavaRa and unzip it to your desktop.

***Please close any instances of Internet Explorer before continuing!***
  • Double-click on JavaRa.exe to start the program.
  • From the drop-down menu, choose English and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location.
Then download and install Java Runtime Environment (JRE) 6 Update 10.

You can delete JavaRa.Zip, and the unzipped JavaRa.exe. It's job is finished.

Lets tidy up after ourselves

Go start menu select run (vista users press windows key & r) to bring up the run dialog
In the command line type in combofix /u - Note the space between combofix & /u)

This will clear out the backups and quarantines created by the fix. It will also reset your System Restore by flushing out previous restore points (which contain the infections) and create a new restore point.

Now that you appear to be free from malware lets help you stay that way!

Update windows on a regular basis - If you do not have automatic updates enabled then

Visit Microsoft's Update Page and update your computer from there
Update your virus checker on a regular basis - It is no use having a virus checker with out of date definitions.
Keep an eye on your firewall. check what it wants to allow, do not simply allow everything, If there is any processes that you are unsure of then dont be afraid to ask for advice. For more information on firewalls read this article here

Make your Internet Explorer more secure - This can be done by following these simple instructions:

Open Internet Explorer, click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.

Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialise and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.

Next press the Apply button and then the OK to exit the Internet Properties page.

Safer Browsing
Use software such as Trendprotect or Sitehound to help you stay away from unsuspecting sites that have malicious purposes.
Use Spywareblaster to help prevent the installation of unwanted BHO's (Browser Helper Objects)

Use an alternative browser
Other browsers tend to be more secure than IE as they do not make use of active x objects, active x objects can be used by spyware as an infection point on your computer. Safer non active x browsers include Opera browser and, more recently, Firefox browser.

Computer Maintenance
Malware can breed in temporary locations. Use a program such as ccleaner slim to clear out temporary files your computer on a regular basis.

Scan your computer regularly for malware
Scan on a regular basis to keep your computer clean, free software such as Spybot's Search & Destroy and Adaware 2007 Free by Lavasoft can help you keep clear. These products are scan on demand and do not have active back ground scanning. These two products can be installed together without any complications.

Other alternative software that runs under licience and monitors your computer continuously in the background for malware is Malwarebytes Anti-Malware (MBAM) - Please note that this product can also be run as free without a licience but the background protection will not be active.

I have included some security related articles that I advise you read through in your own time. These articles will give you tips and advice on preveting malware, and how to stay safe whilst browsing the internet.

-> So How Did I Get Infected In First Place - By TonyKlein
-> How to prevent Malware - By miekiemoes
-> I'm not pulling your leg, honest - By Sandi Hardmeie

**Kindly respond one more time and let me know if we may consider this thread resolved.
__________________
Better to die than be a coward - The Gurkha Motto
The Gurkha Justice Campaign

If we have helped you then please consider donating
sjb007 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 11-14-2008, 01:49 PM   #11 (permalink)
Registered User
 
Join Date: Nov 2008
Posts: 7
OS: xp sp3


Re: probable spyware +windows alert messages
Hi many thanks again.
One last thing.
When I try to surf the web with internet explorer I can see images of the web pages, basically I can just see the text...any idea??

Thanks
minaccia is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 11-14-2008, 03:41 PM   #12 (permalink)
Analyst, Security Team
 
sjb007's Avatar
 
Join Date: Dec 2007
Location: Lincoln UK
Posts: 2,089
OS: Vista Premium 64x

My System

Re: probable spyware +windows alert messages
Hi minaccia

Lets reset explorer and see if that solves the problem...

Go to control panel...
Select internet options

Click on the advanced tab

First Select restore advanced settings button
Now select the reset button underneath
Now click on the apply button
Now click on the OK button

Once done restart Internet Explorer.
__________________
Better to die than be a coward - The Gurkha Motto
The Gurkha Justice Campaign

If we have helped you then please consider donating
sjb007 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 11-14-2008, 04:00 PM   #13 (permalink)
Registered User
 
Join Date: Nov 2008
Posts: 7
OS: xp sp3


Re: probable spyware +windows alert messages
Thank you sooo much!
I really appreciate you help.
Everything is working fine now.
You can consider the issue solved!
minaccia is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 11-14-2008, 04:11 PM   #14 (permalink)
Analyst, Security Team
 
sjb007's Avatar
 
Join Date: Dec 2007
Location: Lincoln UK
Posts: 2,089
OS: Vista Premium 64x

My System

Re: probable spyware +windows alert messages
Only too glad to help, Good luck and happy surfing
__________________
Better to die than be a coward - The Gurkha Motto
The Gurkha Justice Campaign

If we have helped you then please consider donating
sjb007 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
 

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 11:47 PM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84