Jump to content

Morgoe

Members
  • Posts

    18
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Have done as you said. Strangely, the sspro_48.exe files were over a year old. And I haven't used Outlook on this computer ever.. so thats also from over a year ago. May just be dormant viruses. I have scanned the whole system, as well as my USB and external HD multiple times with Malwarebytes, Kaspersky and Avira. Nothing has been detected. I don't know if the virus is still there as the only 'symptom' was the AV's popping up all the time. So it looks like I've cured it. I'm installing Windows 7 tomorrow afternoon though, a clean install, just to be safe. Thanks so much for your help. I'll resurrect this thread later on if the infection comes back. For scanning my external HD, will any scanner be 'better' than another at picking up hard-to-find infections? Just want to be totally sure before I go reinstalling everything. I have scanned it with Malwarebytes and Kaspersky (which seems to be quite good), and will scan with Avira now. Probably overkill but considering I still don't know how I got the virus I think its warranted. I'll also be switching to Mozilla with NoScript, from GoogleChrome (even though Google has a warning page when you enter a risky website, it seems this isn't enough).
  2. I disabled Autorun with TweakUI and then scanned my USB stick with Malware and Avira and the Kaspersky Online Scanner and neither one found any traces of a virus. I'm still a little concerned as I never found the root virus so it hid itself quite well and could still be lurking. I'm scanning my external HD atm with Malware and then with Kaspersky.
  3. Here's the scan report. Took AGES to update and scan. the Z: and W: drives are external harddrives connected via the network. NOT the external HD I was talking about before, which I am yet to scan (will do that later on). -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0 REPORT Sunday, May 10, 2009 Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Program database last update: Saturday, May 09, 2009 14:42:48 Records in database: 2151052 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: C:\ D:\ E:\ F:\ W:\ Z:\ Scan statistics: Files scanned: 214040 Threat name: 2 Infected objects: 3 Suspicious objects: 0 Duration of the scan: 04:04:17 File name / Threat name / Threats count C:\Documents and Settings\Nic\Local Settings\Application Data\Microsoft\Outlook\backup.pst Infected: Trojan.Win32.Pakes.bmo 1 C:\Documents and Settings\Nic\My Documents\My Music\sspro_48.exe Infected: not-a-virus:Downloader.Win32.Agent.r 1 Z:\Nic\Downloads\sspro_48.exe Infected: not-a-virus:Downloader.Win32.Agent.r 1 The selected area was scanned.
  4. Did both of those things. Attached are Combofix2.txt and ComoFix-quarantined-files.txt. There was no ComboFix3.txt. COMBOFIX2.txt: ComboFix 09-05-07.06 - Nic 08/05/2009 19:03.1 - NTFSx86Microsoft Windows XP Professional 5.1.2600.3.1252.61.1033.18.2046.1414 [GMT 10:00]Running from: g:\downloads\ComboFix.exeAV: AVG Anti-Virus Free *On-access scanning enabled* (Updated). ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))). c:\docume~1\Nic\LOCALS~1\Temp\catchme.dllc:\documents and settings\Nic\Local Settings\Temp\catchme.dllc:\documents and settings\Nic\Local Settings\Temporary Internet Files\bestwiner.sttc:\documents and settings\Nic\Local Settings\Temporary Internet Files\Cpvff.sttc:\documents and settings\Nic\Local Settings\Temporary Internet Files\fbk.stsc:\documents and settings\Nic\Local Settings\Temporary Internet Files\yvawa._syc:\windows\IE4 Error Log.txtc:\windows\system32\lsprst7.dllc:\windows\system32\ssprs.dllc:\windows\system32\TDSSiero.datG:\Autorun.inf .((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))). -------\Legacy_PACKET-------\Legacy_tdssserv.sys-------\Service_tdssserv.sys ((((((((((((((((((((((((( Files Created from 2009-04-08 to 2009-05-08 ))))))))))))))))))))))))))))))). 2009-05-07 20:36 . 2009-05-07 20:36 664 ----a-w c:\windows\system32\d3d9caps.dat2009-04-30 09:48 . 2009-04-30 09:48 1025 ----a-w c:\windows\system32\clauth1.dll2009-04-30 09:48 . 2009-04-30 09:48 1025 ----a-w c:\windows\system32\clauth2.dll2009-04-30 09:48 . 2009-04-30 09:48 1025 ----a-w c:\windows\system32\sysprs7.dll2009-04-30 09:48 . 2009-04-30 09:48 -------- d-----w c:\documents and settings\All Users\Application Data\Minnetonka Audio Software2009-04-27 07:10 . 2009-04-27 07:10 -------- d-----w c:\documents and settings\Danica\Application Data\SmartCom2009-04-24 11:49 . 2008-04-13 14:16 51200 -c--a-w c:\windows\system32\dllcache\msdv.sys2009-04-24 11:49 . 2008-04-13 14:16 51200 ----a-w c:\windows\system32\drivers\msdv.sys2009-04-23 12:48 . 2008-04-13 14:09 5376 ----a-w c:\windows\system32\MSPCLOCK.sys2009-04-23 12:48 . 2001-11-04 23:23 299923 ----a-w c:\windows\system32\drivers\sonyhcs.sys2009-04-23 12:48 . 2001-11-04 23:23 38739 ----a-w c:\windows\system32\drivers\sonyhcc.sys2009-04-23 12:48 . 2001-07-03 10:39 3654 ----a-w c:\windows\system32\drivers\Sonyhcp.dll2009-04-23 12:48 . 2001-11-04 23:23 6097 ----a-w c:\windows\system32\drivers\sonyhcb.sys2009-04-23 12:48 . 2001-07-03 10:33 53248 ----a-w c:\windows\system32\SONYHCY.DLL2009-04-23 12:48 . 2002-10-15 12:41 102220 ----a-w c:\windows\system32\drivers\sonypvs1.sys2009-04-23 12:36 . 2008-04-13 14:15 60032 -c--a-w c:\windows\system32\dllcache\usbaudio.sys2009-04-23 12:36 . 2008-04-13 14:15 60032 ----a-w c:\windows\system32\drivers\USBAUDIO.sys2009-04-23 12:25 . 2009-04-23 12:25 -------- d-----w c:\program files\Adobe Media Player2009-04-23 12:23 . 2009-04-23 12:23 -------- d-----w c:\program files\Common Files\Adobe AIR2009-04-19 07:18 . 2009-04-19 07:18 -------- d-----w c:\documents and settings\All Users\Application Data\id Software2009-04-19 00:03 . 2009-03-06 14:22 284160 -c----w c:\windows\system32\dllcache\pdh.dll2009-04-19 00:03 . 2009-02-06 10:39 35328 -c----w c:\windows\system32\dllcache\sc.exe2009-04-19 00:03 . 2009-02-09 12:10 401408 -c----w c:\windows\system32\dllcache\rpcss.dll2009-04-19 00:03 . 2009-02-06 11:11 110592 -c----w c:\windows\system32\dllcache\services.exe2009-04-19 00:03 . 2009-02-09 12:10 473600 -c----w c:\windows\system32\dllcache\fastprox.dll2009-04-19 00:03 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe2009-04-19 00:02 . 2009-02-09 12:10 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll2009-04-19 00:02 . 2009-02-09 12:10 729088 -c----w c:\windows\system32\dllcache\lsasrv.dll2009-04-19 00:02 . 2009-02-09 12:10 617472 -c----w c:\windows\system32\dllcache\advapi32.dll2009-04-19 00:02 . 2009-02-09 12:10 714752 -c----w c:\windows\system32\dllcache\ntdll.dll2009-04-18 23:57 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll2009-04-18 23:57 . 2008-04-21 12:08 215552 -c----w c:\windows\system32\dllcache\wordpad.exe .(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2009-05-08 09:09 . 2008-09-14 03:27 -------- d-----w c:\program files\AVG82009-05-08 08:31 . 2009-03-30 07:46 -------- d-----w c:\program files\Malwarebytes' Anti-Malware2009-05-08 04:51 . 2008-11-12 08:40 11952 ----a-w c:\windows\system32\avgrsstx.dll2009-05-08 04:51 . 2008-11-12 08:40 325896 ----a-w c:\windows\system32\drivers\avgldx86.sys2009-05-08 04:51 . 2008-11-12 08:40 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys2009-05-07 20:52 . 2006-10-29 18:00 -------- d-----w c:\program files\Microsoft SQL Server2009-04-27 04:06 . 2009-04-08 05:46 96456 ----a-w c:\documents and settings\Danica\Local Settings\Application Data\GDIPFONTCACHEV1.DAT2009-04-23 12:48 . 2006-08-28 20:42 -------- d--h--w c:\program files\InstallShield Installation Information2009-04-23 12:35 . 2007-02-15 12:39 96456 ----a-w c:\documents and settings\Nic\Local Settings\Application Data\GDIPFONTCACHEV1.DAT2009-04-23 12:28 . 2006-08-28 22:35 -------- d-----w c:\program files\Common Files\Adobe2009-04-22 07:02 . 2009-03-14 04:53 138944 ----a-w c:\windows\system32\drivers\PnkBstrK.sys2009-04-22 07:02 . 2009-03-14 04:53 189784 ----a-w c:\windows\system32\PnkBstrB.exe2009-04-19 07:19 . 2009-03-14 04:53 22328 ----a-w c:\documents and settings\Nic\Application Data\PnkBstrK.sys2009-04-19 07:19 . 2009-03-14 04:52 2246144 ----a-w c:\windows\system32\pbsvc.exe2009-04-08 07:40 . 2009-02-20 02:51 77446 ----a-w c:\windows\War3Unin.dat2009-04-06 05:32 . 2009-03-30 07:46 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys2009-04-06 05:32 . 2009-03-30 07:46 15504 ----a-w c:\windows\system32\drivers\mbam.sys2009-04-05 08:00 . 2009-04-05 08:00 410984 ----a-w c:\windows\system32\deploytk.dll2009-04-05 08:00 . 2006-08-28 22:33 -------- d-----w c:\program files\Java2009-03-30 08:16 . 2007-03-11 22:56 -------- d-----w c:\program files\CommSec Professional Trader2009-03-30 08:15 . 2007-02-21 19:41 -------- d-----w c:\program files\Siber Systems2009-03-27 21:59 . 2009-03-27 21:59 50 ----a-w c:\windows\system32\bridf08b.dat2009-03-27 21:59 . 2009-03-27 21:58 -------- d-----w c:\program files\Brother2009-03-27 21:58 . 2009-03-27 21:58 -------- d-----w c:\program files\Nuance2009-03-27 21:55 . 2009-03-27 21:55 -------- d-----w c:\program files\Common Files\ScanSoft Shared2009-03-27 21:55 . 2006-08-28 20:42 -------- d-----w c:\program files\Common Files\InstallShield2009-03-27 21:55 . 2009-03-27 21:55 -------- d-----w c:\program files\ScanSoft2009-03-26 08:35 . 2009-03-14 04:52 75064 ----a-w c:\windows\system32\PnkBstrA.exe2009-03-21 10:22 . 2009-03-21 10:22 -------- d-----w c:\program files\D-Link2009-03-21 00:26 . 2009-03-21 00:26 -------- d-----w c:\program files\iTunes2009-03-21 00:26 . 2009-03-21 00:26 -------- d-----w c:\program files\iPod2009-03-21 00:26 . 2008-09-14 03:30 -------- d-----w c:\program files\Common Files\Apple2009-03-20 08:40 . 2009-03-20 05:54 -------- d-----w c:\program files\Canon2009-03-20 04:39 . 2009-03-20 04:39 -------- d-----w c:\program files\Common Files\Canon2009-03-17 20:08 . 2007-04-15 06:39 -------- d-----w c:\program files\Notebook Hardware Control2009-03-17 20:06 . 2009-03-17 20:06 -------- d-----w c:\program files\DIY DataRecovery iRecover2009-03-17 19:59 . 2009-03-17 19:59 -------- d-----w c:\program files\Recover Files2009-03-17 10:44 . 2009-03-17 10:44 -------- d-----w c:\program files\DiskInternals2009-03-15 08:07 . 2009-03-15 08:07 -------- d-----w c:\program files\AbleMP32009-03-15 05:46 . 2009-03-15 05:46 -------- d-----w c:\program files\Seagate2009-03-13 07:33 . 2009-03-13 07:33 -------- d-----w c:\program files\Common Files\PACE Anti-Piracy2009-03-12 09:21 . 2009-03-12 09:21 -------- d-----w c:\program files\Antares Audio Technologies2009-03-11 00:52 . 2008-05-21 01:47 -------- d-----w c:\program files\Microsoft Silverlight2009-03-10 07:18 . 2009-03-10 07:18 -------- d-----w c:\program files\PreSonus2009-03-08 08:10 . 2009-03-08 08:10 356352 ----a-w c:\windows\eSellerateEngine.dll2009-03-06 14:22 . 2006-08-28 01:45 284160 ----a-w c:\windows\system32\pdh.dll2009-03-03 00:18 . 2006-08-28 01:45 826368 ----a-w c:\windows\system32\wininet.dll2009-02-20 18:09 . 2006-08-28 01:45 78336 ----a-w c:\windows\system32\ieencode.dll2009-02-20 03:03 . 2009-02-20 02:51 2829 ----a-w c:\windows\War3Unin.pif2009-02-20 03:03 . 2009-02-20 02:51 139264 ----a-w c:\windows\War3Unin.exe2009-02-09 12:10 . 2006-08-28 01:45 729088 ----a-w c:\windows\system32\lsasrv.dll2009-02-09 12:10 . 2006-08-28 01:45 401408 ----a-w c:\windows\system32\rpcss.dll2009-02-09 12:10 . 2006-08-28 01:45 714752 ----a-w c:\windows\system32\ntdll.dll2009-02-09 12:10 . 2006-08-28 01:45 617472 ----a-w c:\windows\system32\advapi32.dll2009-02-09 11:13 . 2006-08-28 01:45 1846784 ----a-w c:\windows\system32\win32k.sys2008-11-12 04:04 . 2008-11-12 04:04 17209 ----a-w c:\program files\Common Files\yzuzaluqu.lib2008-11-12 04:04 . 2008-11-12 04:04 14491 ----a-w c:\program files\Common Files\jyquhaq._dl2008-10-21 02:39 . 2008-10-21 02:39 604 ---ha-w c:\program files\STLL Notifier2007-07-16 11:26 . 2007-03-27 21:25 135680 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll. ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]2008-09-07 07:20 143360 ----a-w d:\program files\Dropbox\DropboxExt.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]2008-09-07 07:20 143360 ----a-w d:\program files\Dropbox\DropboxExt.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]2008-09-07 07:20 143360 ----a-w d:\program files\Dropbox\DropboxExt.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]"SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2006-05-08 81920]"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]"SandboxieControl"="d:\program files\Sandboxie\SbieCtrl.exe" [2009-04-13 365568]"Google Update"="c:\documents and settings\Nic\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-04-08 133104] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-08 7561216]"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-11-17 118784]"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2006-10-16 1164912]"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2006-10-16 1941784]"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2006-10-16 87584]"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]"KONICA MINOLTA magicolor 2500W STD"="c:\windows\system32\MSTMON02.EXE" [2006-03-08 192512]"AVG8_TRAY"="c:\progra~1\AVG8\avgtray.exe" [2009-05-08 1947928]"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2008-10-28 181544]"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-12 342312]"D-Link Network USB Utility"="c:\program files\D-Link\SharePort\SharePort Network USB Utility.exe" [2008-12-26 2605312]"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-24 210472]"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-10-11 29984]"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-10-11 46368]"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-30 328992]"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2008-02-18 1089536]"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-12-21 86016]"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-05 148888]"Mouse Suite 98 Daemon"="ICO.EXE" - c:\windows\system32\ico.exe [2002-03-14 45056] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"ctfmon.exe"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-23 437160] c:\documents and settings\Administrator\Start Menu\Programs\Startup\E-Flyer.lnk - c:\program files\Sony\E-Flyer\E-Flyer.exe [2006-8-29 491520] c:\documents and settings\Guest\Start Menu\Programs\Startup\E-Flyer.lnk - c:\program files\Sony\E-Flyer\E-Flyer.exe [2006-8-29 491520] c:\documents and settings\Nic\Start Menu\Programs\Startup\Dropbox.lnk - d:\program files\Dropbox\Dropbox.exe [2008-9-26 24096981] c:\documents and settings\All Users\Start Menu\Programs\Startup\FP10 Control Panel.lnk - c:\program files\PreSonus\1394AudioDriver_FP10\FP10.exe [2009-3-10 1126400] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]2009-05-08 04:51 11952 ----a-w c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati6jqxx.sys]@="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\security center]"AntiVirusOverride"=dword:00000001"FirewallOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]"DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\Program Files\\Messenger\\msmsgs.exe"="c:\\Program Files\\MusicBrainz Picard\\picard.exe"="c:\\Program Files\\Laplink\\PCmover\\PCmover.exe"="c:\\Program Files\\Xi\\NetXfer\\NetTransport.exe"="c:\\Program Files\\IEPro\\MiniDM.exe"="c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="c:\\Program Files\\Bonjour\\mDNSResponder.exe"="c:\\Program Files\\uTorrent\\uTorrent.exe"="c:\\WINDOWS\\system32\\winver.exe"="c:\\Program Files\\AVG8\\avgemc.exe"="c:\\Program Files\\AVG8\\avgupd.exe"="d:\\Program Files\\Ventrilo\\Ventrilo.exe"="c:\\WINDOWS\\system32\\PnkBstrA.exe"="c:\\WINDOWS\\system32\\PnkBstrB.exe"="c:\\Program Files\\Cakewalk Sonar\\SONAR 6 Producer Edition\\Shared Utilities\\VstScan.exe"="d:\\Program Files\\Cakewalk\\Sonar 8 Studio\\SONARSTD.EXE"="c:\\Program Files\\Mozilla Firefox\\firefox.exe"="c:\\Program Files\\iTunes\\iTunes.exe"="c:\\Program Files\\D-Link\\SharePort\\SharePort Network USB Utility.exe"="d:\\Program Files\\Adobe\\Adobe After Effects CS4\\Support Files\\AfterFX.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"67:UDP"= 67:UDP:DHCP Discovery Service"9303:UDP"= 9303:UDP:SharePort Network USB Utility UDP Port"4602:TCP"= 4602:TCP:Akamai NetSession Interface"5000:UDP"= 5000:UDP:Akamai NetSession Interface"3592:TCP"= 3592:TCP:Akamai NetSession Interface"1822:TCP"= 1822:TCP:Akamai NetSession Interface"2467:TCP"= 2467:TCP:Akamai NetSession Interface"3181:TCP"= 3181:TCP:Akamai NetSession Interface"3847:TCP"= 3847:TCP:Akamai NetSession Interface"3906:TCP"= 3906:TCP:Akamai NetSession Interface"1037:TCP"= 1037:TCP:Akamai NetSession Interface [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]"AllowInboundTimestampRequest"= 1 (0x1)"AllowInboundMaskRequest"= 1 (0x1)"AllowInboundRouterRequest"= 1 (0x1)"AllowOutboundDestinationUnreachable"= 1 (0x1)"AllowOutboundSourceQuench"= 1 (0x1)"AllowOutboundParameterProblem"= 1 (0x1)"AllowOutboundTimeExceeded"= 1 (0x1)"AllowRedirect"= 1 (0x1)"AllowOutboundPacketTooBig"= 1 (0x1) R0 WPXT;WinPcap Packet Driver (WPXT);c:\windows\system32\drivers\wpxt.sys [19/12/2007 5:34 PM 35328]R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [12/11/2008 6:40 PM 325896]R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [12/11/2008 6:40 PM 108552]R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG8\avgemc.exe [12/11/2008 6:40 PM 908568]R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG8\avgwdsvc.exe [12/11/2008 6:40 PM 298776]R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [11/01/2008 5:50 PM 30312]R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [28/10/2008 3:42 PM 156968]R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB [?]R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3/11/2006 6:19 PM 13592]R3 DlinkUDSMBus;UDS Master Bus of Kernel USB Software Bus by TCP;c:\windows\system32\drivers\DlinkUDSMBus.sys [11/11/2008 2:01 PM 74624]R3 DlinkUDSTcpBus;DlinkUDSTcpBus;c:\windows\system32\drivers\DlinkUDSTcpBus.sys [11/11/2008 2:01 PM 97664]R3 L6DP;L6DP;c:\windows\system32\drivers\l6dp.sys [30/09/2006 2:05 AM 29312]R3 SbieDrv;SbieDrv;d:\program files\Sandboxie\SbieDrv.sys [14/04/2009 2:51 AM 107520]R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [28/08/2006 11:46 AM 30080]R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [28/08/2006 11:46 AM 808448]S0 ati6jqxx;ati6jqxx;c:\windows\system32\Drivers\ati6jqxx.sys --> c:\windows\system32\Drivers\ati6jqxx.sys [?]S0 sonyhcb;Sony Digital Imaging Base;c:\windows\system32\drivers\sonyhcb.sys [23/04/2009 10:48 PM 6097]S3 L6PODX3LV;POD X3 Live Service;c:\windows\system32\drivers\L6PODX3LV.sys [25/08/2008 7:30 PM 530560]S3 L6TPortB;Service - Line 6 TonePort UX2;c:\windows\system32\drivers\L6TPortB.sys [30/09/2006 2:01 AM 530560]S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [26/02/2008 10:08 PM 29183504]S3 sonyhcs;Sony Digital Imaging Video;c:\windows\system32\drivers\sonyhcs.sys [23/04/2009 10:48 PM 299923]S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB [?].Contents of the 'Scheduled Tasks' folder 2009-05-08 c:\windows\Tasks\Google Software Updater.job- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-30 06:56] 2009-05-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-449545699-1370044024-995057197-1005.job- c:\documents and settings\Nic\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-08 02:00] 2009-05-08 c:\windows\Tasks\MP Scheduled Scan.job- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 08:20] 2009-05-07 c:\windows\Tasks\OGADaily.job- c:\windows\system32\OGAVerify.exe [2008-12-31 06:04] 2009-05-08 c:\windows\Tasks\OGALogon.job- c:\windows\system32\OGAVerify.exe [2008-12-31 06:04].- - - - ORPHANS REMOVED - - - - HKCU-Run-AdobeBridge - (no file)HKU-Default-Run-RoboForm - c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exeSafeBoot-ati7vexx.sys .------- Supplementary Scan -------.uStart Page = hxxp://www.google.comuSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8mStart Page = hxxp://www.google.comuInternet Connection Wizard,ShellNext = hxxp://vaio-online.sony.com/uInternet Settings,ProxyOverride = *.localIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTMIE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTMIE: {{1fb575b2-eb1c-431b-8873-9fb454379b62} - {1fb575b2-eb1c-431b-8873-9fb454379b62} - mscoree.dllIE: {{e05e75e9-a653-42a3-8d05-f2f7e309bdca} - {e05e75e9-a653-42a3-8d05-f2f7e309bdca} - mscoree.dllTrusted Zone: iress.com.au\webTrusted Zone: line6.netTrusted Zone: macquarie.com.au\wwwTrusted Zone: macquariecfd.com.au\wwwHandler: ssp - {1E8068DE-05AD-11D4-ACC8-EF447469245C} - c:\program files\WebArchiver\ssp.dllDPF: {15A02B79-60BB-42B8-814E-BF8364106B9E} - hxxp://images.commsec.com.au/downloads/pco3/Pco3X_Commsec.cabDPF: {D00E9550-440D-4EF8-BFCE-174300890C05} - hxxp://www.gomusic.ru/cabs/xdownloader.cabFF - ProfilePath - c:\documents and settings\Nic\Application Data\Mozilla\Firefox\Profiles\musrczsx.default\FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=FF - prefs.js: browser.search.selectedEngine - GoogleFF - prefs.js: browser.startup.homepage - hxxp://www.quakelive.com/#homeFF - plugin: c:\documents and settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dllFF - plugin: c:\documents and settings\Nic\Local Settings\Application Data\Google\Update\1.2.145.5\npGoogleOneClick8.dllFF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dllFF - plugin: c:\program files\Mozilla Firefox\plugins\NPPco3_Commsec.dll. ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2009-05-08 19:11Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfullyhidden files: 0 **************************************************************************.--------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]"Version"=hex:02,25,ec,9f,c6,da,40,46,45,5c,73,e9,4a,d4,7b,32,2c,e9,05,30,06, dc,cd,1f,1f,90,30,5e,ac,c9,d7,a4,34,2a,8b,6f,bd,7a,ab,b3,a0,22,b5,6f,65,57,\ [HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]"Version"=hex:02,25,ec,9f,c6,da,40,46,45,5c,73,e9,4a,d4,7b,32,2c,e9,05,30,06, dc,cd,1f,1f,90,30,5e,ac,c9,d7,a4,34,2a,8b,6f,bd,7a,ab,b3,a0,22,b5,6f,65,57,\.--------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'lsass.exe'(1388)c:\windows\system32\relog_ap.dll - - - - - - - > 'explorer.exe'(1608)d:\program files\Dropbox\DropboxExt.dllc:\windows\system32\WPDShServiceObj.dllc:\program files\Common Files\SmartCom\DragnDropCopyHook.dllc:\windows\system32\PortableDeviceTypes.dllc:\windows\system32\PortableDeviceApi.dll.------------------------ Other Running Processes ------------------------.c:\program files\Intel\Wireless\Bin\EvtEng.exec:\program files\Intel\Wireless\Bin\S24EvMon.exec:\windows\system32\scardsvr.exec:\program files\Common Files\Acronis\Schedule2\schedul2.exec:\program files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exec:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exec:\program files\Bonjour\mDNSResponder.exec:\program files\Java\jre6\bin\jqs.exec:\windows\system32\msiexec.exec:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exec:\windows\system32\nvsvc32.exec:\windows\system32\PnkBstrA.exec:\program files\Intel\Wireless\Bin\RegSrvc.exed:\program files\Sandboxie\SbieSvc.exec:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exec:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exec:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exec:\program files\AVG8\avgrsx.exec:\progra~1\AVG8\avgnsx.exec:\program files\AVG8\avgcsrvx.exec:\program files\Apoint\ApntEx.exec:\program files\Brother\ControlCenter3\BrccMCtl.exec:\program files\Brother\Brmfcmon\BrMfcMon.exec:\program files\iPod\bin\iPodService.exe.**************************************************************************.Completion time: 2009-05-08 19:19 - machine was rebootedComboFix-quarantined-files.txt 2009-05-08 09:18 Pre-Run: 2,400,960,512 bytes freePost-Run: 3,247,828,992 bytes free Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4370 --- E O F --- 2009-05-07 20:53COMBOFIX-QUARANTINED-FILES.txt: 2009-05-08 09:17:22 . 2009-05-08 09:17:22 558 ----a-w C:\Qoobox\Quarantine\Registry_backups\SafeBoot-ati7vexx.sys.reg.dat2009-05-08 09:17:13 . 2009-05-08 09:17:13 166 ----a-w C:\Qoobox\Quarantine\Registry_backups\HKU-Default-Run-RoboForm.reg.dat2009-05-08 09:17:11 . 2009-05-08 09:17:11 98 ----a-w C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-AdobeBridge.reg.dat2009-05-08 09:11:53 . 2009-05-08 09:11:53 53,248 ----a-w C:\Qoobox\Quarantine\C\Documents and Settings\Nic\Local Settings\Temp\catchme.dll.vir2009-05-08 09:05:14 . 2009-05-08 09:05:14 2,432 ----a-w C:\Qoobox\Quarantine\Registry_backups\Service_tdssserv.sys.reg.dat2009-05-08 09:05:13 . 2009-05-08 09:05:13 1,084 ----a-w C:\Qoobox\Quarantine\Registry_backups\Legacy_tdssserv.sys.reg.dat2009-05-08 09:05:13 . 2009-05-08 09:05:13 282 ----a-w C:\Qoobox\Quarantine\Registry_backups\Legacy_PACKET.reg.dat2009-05-08 09:05:05 . 2009-05-09 11:30:57 9,257 ----a-w C:\Qoobox\Quarantine\Registry_backups\tcpip.reg2009-05-08 08:58:21 . 2009-05-09 11:26:59 153 ----a-w C:\Qoobox\Quarantine\catchme.log2009-05-07 09:35:41 . 2009-05-07 09:35:41 4,095 ----a-w C:\Qoobox\Quarantine\C\Documents and Settings\Nic\Local Settings\Temporary Internet Files\Cpvff.stt.vir2009-05-06 22:40:12 . 2009-05-06 22:40:12 4,095 ----a-w C:\Qoobox\Quarantine\C\Documents and Settings\Nic\Local Settings\Temporary Internet Files\bestwiner.stt.vir2009-05-05 12:46:26 . 2009-05-05 12:46:26 4,095 ----a-w C:\Qoobox\Quarantine\C\Documents and Settings\Nic\Local Settings\Temporary Internet Files\fbk.sts.vir2009-04-30 09:48:00 . 2009-05-07 13:10:44 73 ----a-w C:\Qoobox\Quarantine\C\WINDOWS\system32\ssprs.dll.vir2009-04-30 09:48:00 . 2009-05-07 13:10:44 205 ----a-w C:\Qoobox\Quarantine\C\WINDOWS\system32\lsprst7.dll.vir2008-11-12 04:04:21 . 2008-11-12 04:04:21 13,228 ----a-w C:\Qoobox\Quarantine\C\Documents and Settings\Nic\Local Settings\Temporary Internet Files\yvawa._sy.vir2008-11-12 00:40:42 . 2008-11-12 03:58:39 527 -c--a-w C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSiero.dat.vir2007-07-22 21:26:02 . 2007-07-22 21:26:03 1,316 ----a-w C:\Qoobox\Quarantine\C\WINDOWS\IE4 Error Log.txt.vir
  5. Here's the ComboFix log. ComboFix 09-05-08.03 - Nic 09/05/2009 21:27.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.61.1033.18.2046.1468 [GMT 10:00] Running from: c:\documents and settings\Nic\Desktop\ComboFix.exe AV: AntiVir Desktop *On-access scanning disabled* (Updated) . ((((((((((((((((((((((((( Files Created from 2009-04-09 to 2009-05-09 ))))))))))))))))))))))))))))))) . 2009-05-08 11:33 . 2009-03-24 06:08 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys 2009-05-08 11:32 . 2009-05-08 11:32 -------- d-----w c:\documents and settings\All Users\Application Data\Avira 2009-05-07 20:36 . 2009-05-07 20:36 664 ----a-w c:\windows\system32\d3d9caps.dat 2009-04-30 09:48 . 2009-04-30 09:48 1025 ----a-w c:\windows\system32\clauth1.dll 2009-04-30 09:48 . 2009-04-30 09:48 1025 ----a-w c:\windows\system32\clauth2.dll 2009-04-30 09:48 . 2009-04-30 09:48 1025 ----a-w c:\windows\system32\sysprs7.dll 2009-04-30 09:48 . 2009-04-30 09:48 -------- d-----w c:\documents and settings\All Users\Application Data\Minnetonka Audio Software 2009-04-27 07:10 . 2009-04-27 07:10 -------- d-----w c:\documents and settings\Danica\Application Data\SmartCom 2009-04-24 11:49 . 2008-04-13 14:16 51200 -c--a-w c:\windows\system32\dllcache\msdv.sys 2009-04-24 11:49 . 2008-04-13 14:16 51200 ----a-w c:\windows\system32\drivers\msdv.sys 2009-04-23 12:48 . 2008-04-13 14:09 5376 ----a-w c:\windows\system32\MSPCLOCK.sys 2009-04-23 12:48 . 2001-11-04 23:23 299923 ----a-w c:\windows\system32\drivers\sonyhcs.sys 2009-04-23 12:48 . 2001-11-04 23:23 38739 ----a-w c:\windows\system32\drivers\sonyhcc.sys 2009-04-23 12:48 . 2001-07-03 10:39 3654 ----a-w c:\windows\system32\drivers\Sonyhcp.dll 2009-04-23 12:48 . 2001-11-04 23:23 6097 ----a-w c:\windows\system32\drivers\sonyhcb.sys 2009-04-23 12:48 . 2001-07-03 10:33 53248 ----a-w c:\windows\system32\SONYHCY.DLL 2009-04-23 12:48 . 2002-10-15 12:41 102220 ----a-w c:\windows\system32\drivers\sonypvs1.sys 2009-04-23 12:36 . 2008-04-13 14:15 60032 -c--a-w c:\windows\system32\dllcache\usbaudio.sys 2009-04-23 12:36 . 2008-04-13 14:15 60032 ----a-w c:\windows\system32\drivers\USBAUDIO.sys 2009-04-23 12:25 . 2009-04-23 12:25 -------- d-----w c:\program files\Adobe Media Player 2009-04-23 12:23 . 2009-04-23 12:23 -------- d-----w c:\program files\Common Files\Adobe AIR 2009-04-19 07:18 . 2009-04-19 07:18 -------- d-----w c:\documents and settings\All Users\Application Data\id Software 2009-04-19 00:03 . 2009-03-06 14:22 284160 -c----w c:\windows\system32\dllcache\pdh.dll 2009-04-19 00:03 . 2009-02-06 10:39 35328 -c----w c:\windows\system32\dllcache\sc.exe 2009-04-19 00:03 . 2009-02-09 12:10 401408 -c----w c:\windows\system32\dllcache\rpcss.dll 2009-04-19 00:03 . 2009-02-06 11:11 110592 -c----w c:\windows\system32\dllcache\services.exe 2009-04-19 00:03 . 2009-02-09 12:10 473600 -c----w c:\windows\system32\dllcache\fastprox.dll 2009-04-19 00:03 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe 2009-04-19 00:02 . 2009-02-09 12:10 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll 2009-04-19 00:02 . 2009-02-09 12:10 729088 -c----w c:\windows\system32\dllcache\lsasrv.dll 2009-04-19 00:02 . 2009-02-09 12:10 617472 -c----w c:\windows\system32\dllcache\advapi32.dll 2009-04-19 00:02 . 2009-02-09 12:10 714752 -c----w c:\windows\system32\dllcache\ntdll.dll 2009-04-18 23:57 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll 2009-04-18 23:57 . 2008-04-21 12:08 215552 -c----w c:\windows\system32\dllcache\wordpad.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-05-09 11:17 . 2008-09-14 03:27 -------- d-----w c:\program files\AVG8 2009-05-09 00:28 . 2006-10-29 18:00 -------- d-----w c:\program files\Microsoft SQL Server 2009-05-08 08:31 . 2009-03-30 07:46 -------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-04-27 04:06 . 2009-04-08 05:46 96456 ----a-w c:\documents and settings\Danica\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-04-23 12:48 . 2006-08-28 20:42 -------- d--h--w c:\program files\InstallShield Installation Information 2009-04-23 12:35 . 2007-02-15 12:39 96456 ----a-w c:\documents and settings\Nic\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-04-23 12:28 . 2006-08-28 22:35 -------- d-----w c:\program files\Common Files\Adobe 2009-04-22 07:02 . 2009-03-14 04:53 138944 ----a-w c:\windows\system32\drivers\PnkBstrK.sys 2009-04-22 07:02 . 2009-03-14 04:53 189784 ----a-w c:\windows\system32\PnkBstrB.exe 2009-04-19 07:19 . 2009-03-14 04:53 22328 ----a-w c:\documents and settings\Nic\Application Data\PnkBstrK.sys 2009-04-19 07:19 . 2009-03-14 04:52 2246144 ----a-w c:\windows\system32\pbsvc.exe 2009-04-08 07:40 . 2009-02-20 02:51 77446 ----a-w c:\windows\War3Unin.dat 2009-04-06 05:32 . 2009-03-30 07:46 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-04-06 05:32 . 2009-03-30 07:46 15504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-04-05 08:00 . 2009-04-05 08:00 410984 ----a-w c:\windows\system32\deploytk.dll 2009-04-05 08:00 . 2006-08-28 22:33 -------- d-----w c:\program files\Java 2009-03-30 08:16 . 2007-03-11 22:56 -------- d-----w c:\program files\CommSec Professional Trader 2009-03-30 08:15 . 2007-02-21 19:41 -------- d-----w c:\program files\Siber Systems 2009-03-27 21:59 . 2009-03-27 21:59 50 ----a-w c:\windows\system32\bridf08b.dat 2009-03-27 21:59 . 2009-03-27 21:58 -------- d-----w c:\program files\Brother 2009-03-27 21:58 . 2009-03-27 21:58 -------- d-----w c:\program files\Nuance 2009-03-27 21:55 . 2009-03-27 21:55 -------- d-----w c:\program files\Common Files\ScanSoft Shared 2009-03-27 21:55 . 2006-08-28 20:42 -------- d-----w c:\program files\Common Files\InstallShield 2009-03-27 21:55 . 2009-03-27 21:55 -------- d-----w c:\program files\ScanSoft 2009-03-26 08:35 . 2009-03-14 04:52 75064 ----a-w c:\windows\system32\PnkBstrA.exe 2009-03-21 10:22 . 2009-03-21 10:22 -------- d-----w c:\program files\D-Link 2009-03-21 00:26 . 2009-03-21 00:26 -------- d-----w c:\program files\iTunes 2009-03-21 00:26 . 2009-03-21 00:26 -------- d-----w c:\program files\iPod 2009-03-21 00:26 . 2008-09-14 03:30 -------- d-----w c:\program files\Common Files\Apple 2009-03-20 08:40 . 2009-03-20 05:54 -------- d-----w c:\program files\Canon 2009-03-20 04:39 . 2009-03-20 04:39 -------- d-----w c:\program files\Common Files\Canon 2009-03-17 20:08 . 2007-04-15 06:39 -------- d-----w c:\program files\Notebook Hardware Control 2009-03-17 20:06 . 2009-03-17 20:06 -------- d-----w c:\program files\DIY DataRecovery iRecover 2009-03-17 19:59 . 2009-03-17 19:59 -------- d-----w c:\program files\Recover Files 2009-03-17 10:44 . 2009-03-17 10:44 -------- d-----w c:\program files\DiskInternals 2009-03-15 08:07 . 2009-03-15 08:07 -------- d-----w c:\program files\AbleMP3 2009-03-15 05:46 . 2009-03-15 05:46 -------- d-----w c:\program files\Seagate 2009-03-13 07:33 . 2009-03-13 07:33 -------- d-----w c:\program files\Common Files\PACE Anti-Piracy 2009-03-12 09:21 . 2009-03-12 09:21 -------- d-----w c:\program files\Antares Audio Technologies 2009-03-11 00:52 . 2008-05-21 01:47 -------- d-----w c:\program files\Microsoft Silverlight 2009-03-08 08:10 . 2009-03-08 08:10 356352 ----a-w c:\windows\eSellerateEngine.dll 2009-03-06 14:22 . 2006-08-28 01:45 284160 ----a-w c:\windows\system32\pdh.dll 2009-03-03 00:18 . 2006-08-28 01:45 826368 ----a-w c:\windows\system32\wininet.dll 2009-02-20 18:09 . 2006-08-28 01:45 78336 ----a-w c:\windows\system32\ieencode.dll 2009-02-20 03:03 . 2009-02-20 02:51 2829 ----a-w c:\windows\War3Unin.pif 2009-02-20 03:03 . 2009-02-20 02:51 139264 ----a-w c:\windows\War3Unin.exe 2009-02-09 12:10 . 2006-08-28 01:45 729088 ----a-w c:\windows\system32\lsasrv.dll 2009-02-09 12:10 . 2006-08-28 01:45 401408 ----a-w c:\windows\system32\rpcss.dll 2009-02-09 12:10 . 2006-08-28 01:45 714752 ----a-w c:\windows\system32\ntdll.dll 2009-02-09 12:10 . 2006-08-28 01:45 617472 ----a-w c:\windows\system32\advapi32.dll 2009-02-09 11:13 . 2006-08-28 01:45 1846784 ----a-w c:\windows\system32\win32k.sys 2008-11-12 04:04 . 2008-11-12 04:04 17209 ----a-w c:\program files\Common Files\yzuzaluqu.lib 2008-11-12 04:04 . 2008-11-12 04:04 14491 ----a-w c:\program files\Common Files\jyquhaq._dl 2008-10-21 02:39 . 2008-10-21 02:39 604 ---ha-w c:\program files\STLL Notifier 2007-07-16 11:26 . 2007-03-27 21:25 135680 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll . ((((((((((((((((((((((((((((( SnapShot@2009-05-08_09.11.55 ))))))))))))))))))))))))))))))))))))))))) . + 2007-11-06 16:19 . 2007-11-06 16:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll + 2008-07-28 22:05 . 2008-07-28 22:05 62976 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll + 2008-07-28 22:05 . 2008-07-28 22:05 46080 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll + 2008-07-28 22:05 . 2008-07-28 22:05 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll + 2008-07-28 22:05 . 2008-07-28 22:05 64512 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll + 2008-07-28 22:05 . 2008-07-28 22:05 66048 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll + 2008-07-28 22:05 . 2008-07-28 22:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll + 2008-07-28 22:05 . 2008-07-28 22:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll + 2008-07-28 22:05 . 2008-07-28 22:05 56832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll + 2008-07-28 22:05 . 2008-07-28 22:05 66560 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll + 2008-07-28 22:05 . 2008-07-28 22:05 39936 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll + 2008-07-28 22:05 . 2008-07-28 22:05 38912 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll + 2008-07-28 20:07 . 2008-07-28 20:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll + 2008-07-28 20:07 . 2008-07-28 20:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll + 2009-05-09 11:17 . 2009-05-09 11:17 16384 c:\windows\Temp\Perflib_Perfdata_594.dat + 2009-05-09 11:17 . 2009-05-09 11:17 16384 c:\windows\Temp\Perflib_Perfdata_344.dat + 2009-05-08 11:33 . 2009-02-13 02:50 28376 c:\windows\system32\drivers\ssmdrv.sys + 2009-05-08 11:33 . 2009-03-30 00:33 96104 c:\windows\system32\drivers\avipbb.sys + 2009-05-08 11:33 . 2009-02-13 02:29 22360 c:\windows\system32\drivers\avgntmgr.sys + 2009-05-08 11:33 . 2009-02-13 02:17 45416 c:\windows\system32\drivers\avgntdd.sys + 2008-07-28 22:05 . 2008-07-28 22:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll + 2008-07-28 22:05 . 2008-07-28 22:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll + 2008-07-28 17:54 . 2008-07-28 17:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll + 2008-07-28 22:05 . 2008-07-28 22:05 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll + 2008-07-28 22:05 . 2008-07-28 22:05 3783672 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll + 2008-07-28 22:05 . 2008-07-28 22:05 3768312 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2008-09-07 07:20 143360 ----a-w d:\program files\Dropbox\DropboxExt.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2008-09-07 07:20 143360 ----a-w d:\program files\Dropbox\DropboxExt.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2008-09-07 07:20 143360 ----a-w d:\program files\Dropbox\DropboxExt.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] "SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2006-05-08 81920] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184] "SandboxieControl"="d:\program files\Sandboxie\SbieCtrl.exe" [2009-04-13 365568] "Google Update"="c:\documents and settings\Nic\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-04-08 133104] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-08 7561216] "Apoint"="c:\program files\Apoint\Apoint.exe" [2004-11-17 118784] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952] "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] "ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768] "TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2006-10-16 1164912] "AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2006-10-16 1941784] "Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2006-10-16 87584] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "KONICA MINOLTA magicolor 2500W STD"="c:\windows\system32\MSTMON02.EXE" [2006-03-08 192512] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696] "MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2008-10-28 181544] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-12 342312] "D-Link Network USB Utility"="c:\program files\D-Link\SharePort\SharePort Network USB Utility.exe" [2008-12-26 2605312] "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-24 210472] "PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-10-11 29984] "IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-10-11 46368] "PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-30 328992] "BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2008-02-18 1089536] "ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-12-21 86016] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-05 148888] "avgnt"="d:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "Mouse Suite 98 Daemon"="ICO.EXE" - c:\windows\system32\ico.exe [2002-03-14 45056] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-23 437160] c:\documents and settings\Administrator\Start Menu\Programs\Startup\ E-Flyer.lnk - c:\program files\Sony\E-Flyer\E-Flyer.exe [2006-8-29 491520] c:\documents and settings\Guest\Start Menu\Programs\Startup\ E-Flyer.lnk - c:\program files\Sony\E-Flyer\E-Flyer.exe [2006-8-29 491520] c:\documents and settings\Nic\Start Menu\Programs\Startup\ Dropbox.lnk - d:\program files\Dropbox\Dropbox.exe [2008-9-26 24096981] c:\documents and settings\All Users\Start Menu\Programs\Startup\ FP10 Control Panel.lnk - c:\program files\PreSonus\1394AudioDriver_FP10\FP10.exe [2009-3-10 1126400] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati6jqxx.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\MusicBrainz Picard\\picard.exe"= "c:\\Program Files\\Laplink\\PCmover\\PCmover.exe"= "c:\\Program Files\\Xi\\NetXfer\\NetTransport.exe"= "c:\\Program Files\\IEPro\\MiniDM.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\WINDOWS\\system32\\winver.exe"= "d:\\Program Files\\Ventrilo\\Ventrilo.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Program Files\\Cakewalk Sonar\\SONAR 6 Producer Edition\\Shared Utilities\\VstScan.exe"= "d:\\Program Files\\Cakewalk\\Sonar 8 Studio\\SONARSTD.EXE"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\D-Link\\SharePort\\SharePort Network USB Utility.exe"= "d:\\Program Files\\Adobe\\Adobe After Effects CS4\\Support Files\\AfterFX.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "67:UDP"= 67:UDP:DHCP Discovery Service "9303:UDP"= 9303:UDP:SharePort Network USB Utility UDP Port "4602:TCP"= 4602:TCP:Akamai NetSession Interface "5000:UDP"= 5000:UDP:Akamai NetSession Interface "3592:TCP"= 3592:TCP:Akamai NetSession Interface "1822:TCP"= 1822:TCP:Akamai NetSession Interface "2467:TCP"= 2467:TCP:Akamai NetSession Interface "3181:TCP"= 3181:TCP:Akamai NetSession Interface "3847:TCP"= 3847:TCP:Akamai NetSession Interface "3906:TCP"= 3906:TCP:Akamai NetSession Interface "1037:TCP"= 1037:TCP:Akamai NetSession Interface [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundTimestampRequest"= 1 (0x1) "AllowInboundMaskRequest"= 1 (0x1) "AllowInboundRouterRequest"= 1 (0x1) "AllowOutboundDestinationUnreachable"= 1 (0x1) "AllowOutboundSourceQuench"= 1 (0x1) "AllowOutboundParameterProblem"= 1 (0x1) "AllowOutboundTimeExceeded"= 1 (0x1) "AllowRedirect"= 1 (0x1) "AllowOutboundPacketTooBig"= 1 (0x1) R0 sonyhcb;Sony Digital Imaging Base;c:\windows\system32\drivers\sonyhcb.sys [23/04/2009 10:48 PM 6097] R0 WPXT;WinPcap Packet Driver (WPXT);c:\windows\system32\drivers\wpxt.sys [19/12/2007 5:34 PM 35328] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;d:\program files\Avira\AntiVir Desktop\sched.exe [8/05/2009 9:33 PM 108289] R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [11/01/2008 5:50 PM 30312] R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [28/10/2008 3:42 PM 156968] R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB [?] R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3/11/2006 6:19 PM 13592] R3 DlinkUDSMBus;UDS Master Bus of Kernel USB Software Bus by TCP;c:\windows\system32\drivers\DlinkUDSMBus.sys [11/11/2008 2:01 PM 74624] R3 L6DP;L6DP;c:\windows\system32\drivers\l6dp.sys [30/09/2006 2:05 AM 29312] R3 SbieDrv;SbieDrv;d:\program files\Sandboxie\SbieDrv.sys [14/04/2009 2:51 AM 107520] R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [28/08/2006 11:46 AM 30080] R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [28/08/2006 11:46 AM 808448] S0 ati6jqxx;ati6jqxx;c:\windows\system32\Drivers\ati6jqxx.sys --> c:\windows\system32\Drivers\ati6jqxx.sys [?] S3 DlinkUDSTcpBus;DlinkUDSTcpBus;c:\windows\system32\drivers\DlinkUDSTcpBus.sys [11/11/2008 2:01 PM 97664] S3 L6PODX3LV;POD X3 Live Service;c:\windows\system32\drivers\L6PODX3LV.sys [25/08/2008 7:30 PM 530560] S3 L6TPortB;Service - Line 6 TonePort UX2;c:\windows\system32\drivers\L6TPortB.sys [30/09/2006 2:01 AM 530560] S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [26/02/2008 10:08 PM 29183504] S3 sonyhcs;Sony Digital Imaging Video;c:\windows\system32\drivers\sonyhcs.sys [23/04/2009 10:48 PM 299923] S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB [?] . Contents of the 'Scheduled Tasks' folder 2009-05-09 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-30 06:56] 2009-05-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-449545699-1370044024-995057197-1005.job - c:\documents and settings\Nic\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-08 02:00] 2009-05-09 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 08:20] 2009-05-09 c:\windows\Tasks\OGADaily.job - c:\windows\system32\OGAVerify.exe [2008-12-31 06:04] 2009-05-09 c:\windows\Tasks\OGALogon.job - c:\windows\system32\OGAVerify.exe [2008-12-31 06:04] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mStart Page = hxxp://www.google.com uInternet Connection Wizard,ShellNext = hxxp://vaio-online.sony.com/ uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM IE: {{1fb575b2-eb1c-431b-8873-9fb454379b62} - {1fb575b2-eb1c-431b-8873-9fb454379b62} - mscoree.dll IE: {{e05e75e9-a653-42a3-8d05-f2f7e309bdca} - {e05e75e9-a653-42a3-8d05-f2f7e309bdca} - mscoree.dll Trusted Zone: iress.com.au\web Trusted Zone: line6.net Trusted Zone: macquarie.com.au\www Trusted Zone: macquariecfd.com.au\www Handler: ssp - {1E8068DE-05AD-11D4-ACC8-EF447469245C} - c:\program files\WebArchiver\ssp.dll DPF: {15A02B79-60BB-42B8-814E-BF8364106B9E} - hxxp://images.commsec.com.au/downloads/pco3/Pco3X_Commsec.cab DPF: {D00E9550-440D-4EF8-BFCE-174300890C05} - hxxp://www.gomusic.ru/cabs/xdownloader.cab FF - ProfilePath - c:\documents and settings\Nic\Application Data\Mozilla\Firefox\Profiles\musrczsx.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.quakelive.com/#home . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-05-09 21:31 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version] "Version"=hex:02,25,ec,9f,c6,da,40,46,45,5c,73,e9,4a,d4,7b,32,2c,e9,05,30,06, dc,cd,1f,1f,90,30,5e,ac,c9,d7,a4,34,2a,8b,6f,bd,7a,ab,b3,a0,22,b5,6f,65,57,\ [HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version] "Version"=hex:02,25,ec,9f,c6,da,40,46,45,5c,73,e9,4a,d4,7b,32,2c,e9,05,30,06, dc,cd,1f,1f,90,30,5e,ac,c9,d7,a4,34,2a,8b,6f,bd,7a,ab,b3,a0,22,b5,6f,65,57,\ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'lsass.exe'(1404) c:\windows\system32\relog_ap.dll - - - - - - - > 'explorer.exe'(1000) d:\program files\Dropbox\DropboxExt.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2009-05-09 21:34 ComboFix-quarantined-files.txt 2009-05-09 11:33 ComboFix2.txt 2009-05-08 09:19 Pre-Run: 2,702,573,568 bytes free Post-Run: 2,720,911,360 bytes free Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4 332 --- E O F --- 2009-05-09 00:28
  6. Sorry, didn't know I wasn't meant to run it. Hope it wont affect things too badly. I'm uninstalling AVG as I speak, then I'll run ComboFix. What I mean that ComboFix 'not totally working', in that the virus was still present afterwards. It ran fine.
  7. I didn't take action immediately.. I had the virus for at least a couple of days while using it. I didn't think it was anything serious. AVG was my old one. Avira is the one I've just downloaded because this site recommended it. Thanks for the link on how to turn off AVG... I tried right-clicking and exiting, as well as disabling all the Task Manager files but it kept coming back on. I did run ComboFix yesterday. Didn't totally work. Will run it later tonight.
  8. Thanks Posted here: http://www.malwarebytes.org/forums/index.php?showtopic=15242
  9. Carried on from this thread (http://www.malwarebytes.org/forums/index.php?showtopic=15198&st=0&gopid=79224entry79224). It has been fine for all of today, no new viruses. But I haven't used it or connected to the internet at all. No virus scanners have specifically found a 'Virut' infection, just various Trojans and Spyware which seem to be symptoms of Virut. Malware Log and HijackThis Log are both here. If it looks like there is NO infection.. should I keep on using it or be rather wary? I have an external HD with ALL my data on it. So I don't mind reformatting, but I REALLY don't want the external HD to get infected. Malwarebytes' Anti-Malware 1.36 Database version: 2091 Windows 5.1.2600 Service Pack 3 9/05/2009 6:18:33 PM mbam-log-2009-05-09 (18-18-33).txt Scan type: Quick Scan Objects scanned: 102953 Time elapsed: 5 minute(s), 36 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:34:47 PM, on 9/05/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16827) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\AVG8\avgwdsvc.exe C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe D:\Program Files\Sandboxie\SbieSvc.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\PROGRA~1\AVG8\avgrsx.exe C:\PROGRA~1\AVG8\avgemc.exe C:\PROGRA~1\AVG8\avgnsx.exe C:\Program Files\AVG8\avgcsrvx.exe C:\Program Files\Apoint\Apoint.exe C:\Program Files\Apoint\Apntex.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ICO.EXE C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\D-Link\SharePort\SharePort Network USB Utility.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe D:\Program Files\Sandboxie\SbieCtrl.exe C:\Documents and Settings\Nic\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\Program Files\Brother\ControlCenter3\brccMCtl.exe C:\Program Files\PreSonus\1394AudioDriver_FP10\FP10.exe D:\Program Files\Dropbox\Dropbox.exe C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\explorer.exe D:\Program Files\Avira\AntiVir Desktop\avguard.exe D:\Program Files\Avira\AntiVir Desktop\sched.exe D:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\iTunes\iTunes.exe C:\Program Files\VLCPlayer\vlc.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\Nic\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\Documents and Settings\Nic\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Nic\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Nic\Local Settings\Application Data\Google\Chrome\Application\chrome.exe D:\Program Files\HijackThis\HijackThis.exe C:\WINDOWS\system32\NOTEPAD.EXE R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://vaio-online.sony.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG8\avgssie.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG8\AVGTOO~1.DLL O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: NetXfer - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Program Files\Xi\NetXfer\NXToolBar.dll O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG8\AVGTOO~1.DLL O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE O4 - HKLM\..\Run: [iSBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [KONICA MINOLTA magicolor 2500W STD] C:\WINDOWS\system32\MSTMON02.EXE STARTUP O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG8\avgtray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [D-Link Network USB Utility] C:\Program Files\D-Link\SharePort\SharePort Network USB Utility.exe -mini O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" O4 - HKLM\..\Run: [indexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini" O4 - HKLM\..\Run: [brMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [ssAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [sandboxieControl] "D:\Program Files\Sandboxie\SbieCtrl.exe" O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Nic\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - .DEFAULT User Startup: E-Flyer.lnk = C:\Program Files\Sony\E-Flyer\E-Flyer.exe (User 'Default user') O4 - .DEFAULT User Startup: VAIO Launcher.lnk = C:\Program Files\Sony\VAIO Launcher\Launcher.exe (User 'Default user') O4 - Startup: Dropbox.lnk = D:\Program Files\Dropbox\Dropbox.exe O4 - Global Startup: FP10 Control Panel.lnk = C:\Program Files\PreSonus\1394AudioDriver_FP10\FP10.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll O9 - Extra button: (no name) - {1fb575b2-eb1c-431b-8873-9fb454379b62} - mscoree.dll (file missing) O9 - Extra 'Tools' menuitem: MuvExToE - IE Aliases Setup - {1fb575b2-eb1c-431b-8873-9fb454379b62} - mscoree.dll (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: Open Last Closed Tab - {e05e75e9-a653-42a3-8d05-f2f7e309bdca} - mscoree.dll (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://vaio-online.sony.com/ O15 - Trusted Zone: http://web.iress.com.au O15 - Trusted Zone: *.line6.net O15 - Trusted Zone: www.macquariecfd.com.au O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813 O16 - DPF: {15A02B79-60BB-42B8-814E-BF8364106B9E} (Pco3 Window (Commsec) Control) - http://images.commsec.com.au/downloads/pco...o3X_Commsec.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.2.cab O16 - DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_ind.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1171615652593 O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetupml.cab O16 - DPF: {D00E9550-440D-4EF8-BFCE-174300890C05} (DMList Class) - http://www.gomusic.ru/cabs/xdownloader.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG8\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: ssp - {1E8068DE-05AD-11D4-ACC8-EF447469245C} - C:\Program Files\WebArchiver\SSP.DLL O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - D:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG8\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Sandboxie Service (SbieSvc) - tzuk - D:\Program Files\Sandboxie\SbieSvc.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- End of file - 15499 bytes
  10. I'm not ON Vista. I'm on XP, but its on a laptop that came with it. So I don't have the CD. So I have to use a Vista CD that we bought a while ago to reinstall.
  11. I'll be installing Vista tonight But.. I left my computer on, running, all day. Didn't use it. I had the WiFi disconnected (its a laptop), so I couldn't get on the net and no-one could get on. Did a virus scan this evening and there are no new viruses. Could it be a different virus? Or does Virut only spread when you actually use the applications, in which case its the fact that I didn't use the computer rather than the fact that it had no net that led to me having no new viruses?
  12. Ok well I've got a Windows Vista which I can reinstall with (using XP before) so this'll at least give me a clean start. The only thing I'm worried about is.. You say my External HD 'should' be safe. I had all my downloads on there, so it did have some .exe's and stuff. Is the external HD 'immune' to the virus? Or will it just not regenerate after cleaning? If I plug it into another computer to scan it, and the HD IS infected (dunno if this is possible), will that infect the new computer? If so, is there a way to scan it without the risk of infection? I don't want to plug it back in to the already infected computer in fear that it will infect the external HD, although it has been plugged in for at least a day while the infection was running. Thanks so much for your help so far.
  13. Sorry for all these double posts, I keep remembering stuff to post after I've hit post and theres no edit button. How do you think I got Virut? Is it something you can 'catch' just by visiting a dodgy site? (I was using Google Chrome.. so no NoScript running but it does have its own filter which basically warns you. I think I may switch back to Mozilla now, even though its a lot slower). Or is it something that you can get by downloading a bad file? All I've downloaded in the last few weeks have been videos and mp3s.. The most annoying part is that I can't work out how I got it.
  14. Ok thanks This hopefully won't be too detrimental as I've been meaning to wipe a clean slate on the computer for months. Is there a program that can determine whether it definitely IS Virut? None of the scanners have actually picked up 'Virut', just various trojans and stuff.
  15. Ok unfortunately I'm fairly sure I've got Virut. Firstly.. how do I check that I DO have it? I'm just estimating that I have it based on the research I've done. I don't mind formatting my hard drive (this is basically a clean slate, have to reinstall EVERYTHING if I understand correctly? I got this computer from my Dad so a fresh install would be good to clear off the junk), because all my data is saved on an external HD. How do I know that the HD is not also infected, though? I've disconnected it, and it holds no .exe files, just pure data, I run the programs off the computer's harddrive.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.