Jump to content

Random987

Members
 View Profile  See their activity

  • Posts

    13

  • Joined

  • Last visited

Reputation

0 Neutral
  1. Random987
    Well, I cut and pasted my netsvcs entries on my desktop to my laptop. This worked! It looks like the malware changed the values in my netsvcs. Here is the big question, should I now do a system restore to an earlier date to make sure things are rolled back? Or should I just leave it as is?
  2. Random987
    When looking at the netsvcs in the registry editor, I get the following: FastUserSwitchingCompatibility Themes WMIS WinErp WinErp WinErp WinErp WinErp WinErp WinErp WinErp WinErp WinErp WinErp BITS ShellHWDetection E E wuauserv I can't seem to find any reference to winerp? Did the malware do this? I checked this registry entry on my home desktop computer and it is very different from the above. Does this help?
  3. Random987
    That didn't work. Could the original malware have turned something on/off with respect to the netsvcs to cause all of the services to stop and not be able to start?
  4. Random987
    Same problems with starting services that run through svchost.exe -k netsvcs. I can't start Help, System Restore, Audio, Wireless Zero Performance, etc. I just fiddled around with some of the services and I was able to start wired autoconfig that has a path to executable of "windows\system32\svchost.exe -k dot3svc. So does this help narrow in on the problem as something involving the "netsvcs"? Attached are the mbam and hijack logs. hijackthis.txt mbam_log_2008_11_28__16_43_48_.txt hijackthis.txt mbam_log_2008_11_28__16_43_48_.txt
  5. Random987
    Ok, just ran the sigverif. Attached is the log. SIGVERIF.TXT SIGVERIF.TXT
  6. Random987
    Its windows xp professional (SP3 (build 2600). It may or may not be OEM as it was a company computer that I was given when I left the firm. It is a Sony Vaio VGN-S380P (R4905126).
  7. Random987
    Yeah, that is the problem. I can't find the windows cd. It has been a while (and a number of moves).
  8. Random987
    I just ran sdfix and it gave me the following log: SDFix: Version 1.240 Run by admin on Wed 11/26/2008 at 11:31 AM Microsoft Windows XP [Version 5.1.2600] Running From: C:\SDFix Checking Services : Restoring Default Security Values Restoring Default Hosts File Rebooting Checking Files : No Trojan Files Found Removing Temp Files ADS Check : Final Check : catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-26 12:05:25 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\00014a138967] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\00014a2948a0] "0007e082b55e"=hex:48,9b,0a,c6,47,85,4c,4f,a0,b4,68,06,b3,26,9a,7a [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00014a138967] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00014a2948a0] "0007e082b55e"=hex:48,9b,0a,c6,47,85,4c,4f,a0,b4,68,06,b3,26,9a,7a [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00014a138967] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00014a2948a0] "0007e082b55e"=hex:48,9b,0a,c6,47,85,4c,4f,a0,b4,68,06,b3,26,9a,7a scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Ares\\Ares.exe"="C:\\Program Files\\Ares\\Ares.exe:*:Enabled:Ares" "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes" "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\Swarmcast\\swarmcast-MLB-TV-Mosaic.exe"="C:\\Program Files\\Swarmcast\\swarmcast-MLB-TV-Mosaic.exe:*:Enabled:swarmcast-MLB-TV-Mosaic" "C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox" "C:\\Program Files\\MLB TV Mosaic\\Swarmcast\\swarmcast-MLB-TV-Mosaic.exe"="C:\\Program Files\\MLB TV Mosaic\\Swarmcast\\swarmcast-MLB-TV-Mosaic.exe:*:Enabled:swarmcast-MLB-TV-Mosaic" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger" "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server" "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\Swarmcast\\swarmcast-MLB-TV-Mosaic.exe"="C:\\Program Files\\Swarmcast\\swarmcast-MLB-TV-Mosaic.exe:*:Enabled:swarmcast-MLB-TV-Mosaic" Remaining Files : Files with Hidden Attributes : Sat 22 Nov 2008 114,688 ..SH. --- "C:\Program Files\Symantec AntiVirus\ttt.dll" Sat 28 Apr 2007 0 A.SH. --- "C:\RECYCLER\S-1-5-21-1267076549-4102689964-1099705597-1231\Dc129.tmp" Fri 11 Nov 2005 36,864 A..H. --- "C:\RECYCLER\S-1-5-21-1267076549-4102689964-1099705597-1231\Dc14.tmp" Tue 29 Nov 2005 46,592 A..H. --- "C:\RECYCLER\S-1-5-21-1267076549-4102689964-1099705597-1231\Dc15.tmp" Mon 14 May 2007 114,176 A..H. --- "C:\RECYCLER\S-1-5-21-1267076549-4102689964-1099705597-1231\Dc709.tmp" Tue 25 Jul 2006 58,880 A..H. --- "C:\RECYCLER\S-1-5-21-1267076549-4102689964-1099705597-1231\Dc710.tmp" Tue 25 Jul 2006 52,736 A..H. --- "C:\RECYCLER\S-1-5-21-1267076549-4102689964-1099705597-1231\Dc711.tmp" Wed 14 Dec 2005 43,008 A..H. --- "C:\RECYCLER\S-1-5-21-1267076549-4102689964-1099705597-1231\Dc765.tmp" Mon 10 Apr 2006 59,392 A..H. --- "C:\RECYCLER\S-1-5-21-1267076549-4102689964-1099705597-1231\Dc768.tmp" Thu 13 Apr 2006 71,680 A..H. --- "C:\RECYCLER\S-1-5-21-1267076549-4102689964-1099705597-1231\Dc769.tmp" Mon 27 Feb 2006 49,664 A..H. --- "C:\RECYCLER\S-1-5-21-1267076549-4102689964-1099705597-1231\Dc775.tmp" Tue 14 Feb 2006 68,608 A..H. --- "C:\RECYCLER\S-1-5-21-1267076549-4102689964-1099705597-1231\Dc776.tmp" Fri 3 Feb 2006 38,912 A..H. --- "C:\RECYCLER\S-1-5-21-1267076549-4102689964-1099705597-1231\Dc777.tmp" Thu 2 Feb 2006 49,152 A..H. --- "C:\RECYCLER\S-1-5-21-1267076549-4102689964-1099705597-1231\Dc778.tmp" Thu 2 Feb 2006 40,448 A..H. --- "C:\RECYCLER\S-1-5-21-1267076549-4102689964-1099705597-1231\Dc779.tmp" Mon 27 Feb 2006 49,664 A..H. --- "C:\RECYCLER\S-1-5-21-1267076549-4102689964-1099705597-1231\Dc780.tmp" Tue 14 Feb 2006 67,072 A..H. --- "C:\RECYCLER\S-1-5-21-1267076549-4102689964-1099705597-1231\Dc781.tmp" Mon 27 Feb 2006 51,200 A..H. --- "C:\RECYCLER\S-1-5-21-1267076549-4102689964-1099705597-1231\Dc782.tmp" Mon 6 Feb 2006 36,352 A..H. --- "C:\RECYCLER\S-1-5-21-1267076549-4102689964-1099705597-1231\Dc783.tmp" Fri 31 Mar 2006 73,216 A..H. --- "C:\RECYCLER\S-1-5-21-1267076549-4102689964-1099705597-1231\Dc790.tmp" Fri 31 Mar 2006 52,736 A..H. --- "C:\RECYCLER\S-1-5-21-1267076549-4102689964-1099705597-1231\Dc791.tmp" Tue 21 Mar 2006 66,048 A..H. --- "C:\RECYCLER\S-1-5-21-1267076549-4102689964-1099705597-1231\Dc792.tmp" Tue 14 Mar 2006 47,104 A..H. --- "C:\RECYCLER\S-1-5-21-1267076549-4102689964-1099705597-1231\Dc793.tmp" Mon 22 Jan 2007 27,648 A..H. --- "C:\RECYCLER\S-1-5-21-1267076549-4102689964-1099705597-1231\Dc817.tmp" Tue 7 Mar 2006 23,040 A..H. --- "C:\RECYCLER\S-1-5-21-1267076549-4102689964-1099705597-1231\Dc818.tmp" Fri 2 Dec 2005 70,144 A..H. --- "C:\RECYCLER\S-1-5-21-1267076549-4102689964-1099705597-1231\Dc819.tmp" Tue 25 Jul 2006 58,880 A..H. --- "C:\RECYCLER\S-1-5-21-1267076549-4102689964-1099705597-1231\Dc820.tmp" Tue 7 Mar 2006 24,064 A..H. --- "C:\RECYCLER\S-1-5-21-1267076549-4102689964-1099705597-1231\Dc821.tmp" Tue 8 Nov 2005 48,640 A..H. --- "C:\RECYCLER\S-1-5-21-1267076549-4102689964-1099705597-1231\Dc822.tmp" Mon 13 Feb 2006 85,504 A..H. --- "C:\RECYCLER\S-1-5-21-1267076549-4102689964-1099705597-1231\Dc823.tmp" Tue 6 Feb 2007 123,904 A..H. --- "C:\RECYCLER\S-1-5-21-1267076549-4102689964-1099705597-1231\Dc824.tmp" Sun 5 Mar 2006 38,912 A..H. --- "C:\RECYCLER\S-1-5-21-1267076549-4102689964-1099705597-1231\Dc825.tmp" Sat 26 May 2007 0 A..H. --- "C:\RECYCLER\S-1-5-21-1267076549-4102689964-1099705597-1231\Dc836.tmp" Sat 22 Nov 2008 112,640 ..SH. --- "C:\WINDOWS\system32\bost.dll" Sat 22 Nov 2008 114,688 ..SH. --- "C:\WINDOWS\system32\WinErp.dll" Sat 3 Dec 2005 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak" Thu 14 Jun 2007 95,744 ...H. --- "C:\Documents and Settings\tbudd\My Documents\~WRL2283.tmp" Tue 17 Oct 2006 304,736 A..H. --- "C:\Program Files\Canon\MP Navigator 3.0\Maint.exe" Tue 17 Oct 2006 61,440 A..H. --- "C:\Program Files\Canon\MP Navigator 3.0\uinstrsc.dll" Mon 13 Oct 2008 181,760 ...H. --- "C:\Documents and Settings\tbudd\My Documents\Trust Documents\~WRL0723.tmp" Sun 15 Jun 2008 62,464 ...H. --- "C:\Documents and Settings\tbudd\My Documents\work\~WRL1321.tmp" Thu 20 Jul 2006 89,600 ...H. --- "C:\Documents and Settings\tbudd\Application Data\Microsoft\Templates\~WRL1081.tmp" Thu 12 Jan 2006 51,200 ...H. --- "C:\Documents and Settings\tbudd\Application Data\Microsoft\Templates\~WRL2387.tmp" Thu 20 Oct 2005 32,256 ...H. --- "C:\Documents and Settings\tbudd\Application Data\Microsoft\Templates\~WRL3936.tmp" Wed 1 Feb 2006 54,272 ...H. --- "C:\Documents and Settings\tbudd\Application Data\Microsoft\Word\~WRL0002.tmp" Mon 21 Nov 2005 34,304 ...H. --- "C:\Documents and Settings\tbudd\Application Data\Microsoft\Word\~WRL0003.tmp" Fri 3 Feb 2006 55,296 ...H. --- "C:\Documents and Settings\tbudd\Application Data\Microsoft\Word\~WRL0004.tmp" Mon 30 Jan 2006 56,320 ...H. --- "C:\Documents and Settings\tbudd\Application Data\Microsoft\Word\~WRL0405.tmp" Thu 6 Apr 2006 115,712 ...H. --- "C:\Documents and Settings\tbudd\Application Data\Microsoft\Word\~WRL1304.tmp" Tue 31 Jan 2006 54,272 ...H. --- "C:\Documents and Settings\tbudd\Application Data\Microsoft\Word\~WRL1311.tmp" Tue 16 Sep 2008 238,592 ...H. --- "C:\Documents and Settings\tbudd\Application Data\Microsoft\Word\~WRL1322.tmp" Thu 6 Nov 2008 239,616 ...H. --- "C:\Documents and Settings\tbudd\Application Data\Microsoft\Word\~WRL1737.tmp" Tue 7 Mar 2006 64,000 ...H. --- "C:\Documents and Settings\tbudd\Application Data\Microsoft\Word\~WRL2011.tmp" Wed 1 Feb 2006 54,272 ...H. --- "C:\Documents and Settings\tbudd\Application Data\Microsoft\Word\~WRL2069.tmp" Mon 2 Apr 2007 133,120 ...H. --- "C:\Documents and Settings\tbudd\Application Data\Microsoft\Word\~WRL3098.tmp" Mon 22 Jan 2007 115,200 ...H. --- "C:\Documents and Settings\tbudd\Application Data\Microsoft\Word\~WRL3125.tmp" Thu 9 Nov 2006 102,400 ...H. --- "C:\Documents and Settings\tbudd\Application Data\Microsoft\Word\~WRL3147.tmp" Tue 4 Nov 2008 238,592 ...H. --- "C:\Documents and Settings\tbudd\Application Data\Microsoft\Word\~WRL3817.tmp" Thu 2 Feb 2006 55,296 ...H. --- "C:\Documents and Settings\tbudd\Application Data\Microsoft\Word\~WRL3938.tmp" Fri 27 Jun 2008 228,864 ...H. --- "C:\Documents and Settings\tbudd\Application Data\Microsoft\Word\~WRL4011.tmp" Mon 12 Feb 2007 3,096,576 A..H. --- "C:\Documents and Settings\tbudd\Application Data\U3\temp\Launchpad Removal.exe" Finished! I am a little worried about the files in bold. This was when I started experiencing the problems.....
  9. Random987
    Ok, I just ran dial a fix. I got the following error: Error -2147221165 was encountered trying to unregister C:Windows\system32\wups.dll. The error text is: Invalid value for registry. Dial-a-fix has not suggestions for this error code. Please email. . . " I get the same error code with wups2.dll I rebooted and ran it again, and didn't get those error codes......but got a different error code....An error occurred during registration of the file C:\windows\system32\shsvcs.dll (version 6.00.2900.5512). Error 1878588368 was encountered when trying to register c:\windows\system32\shsvcs.dll. The error text is (this appears garbled, there is an "a" with an accent above it and a mishappened 0). Dial a fix currently has no suggestions...... I am still having the same problems and all of the services associated with svchost.exe are stopped and cannot be started. Another thing I have notice since this whole thing started is I get a "Press Any Key to Boot..." prompt when starting up the computer.
  10. Random987
    Whoops. I already deleted the entsver.exe. I read in another thread that it was bad. Under my device manager, the soundcard is "working properly". I have nothing listed under network connections even though I had a Lan and a wireless connection earlier. It is like the entire menu was erased. When trying to start any service, system restore, help and support etc. I get an error code. For example, I tried to troubleshoot the soundcard and I got the following error "Windows cannot open Help and Support because a system service is not running. To fix this problem, start the service named "Help and Support". When I try to start help and support from the Computer Management module, I get the following error: "Could not start the Help and Support service on Local Computer. Error 1083: The executable program that this service is configured to run in does not implement the service." (again the path to executable is Windows\system32\svchost.exe -k netsvcs It seems that many of the services are stopped and can't be started: system restore, help and support, network connections service, task scheduler, windows audio properties, etc. It appears to be most services that run through svchost.
  11. Random987
    Ok, I figured it out and updated MBAM, ran another scan, deleted all of the malware and ran the scan again to insure that it was clean. Next, I ran a hijackthis scan to get the following log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:15:34 AM, on 11/25/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\$sys$filesystem\$sys$DRMServer.exe C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Symantec AntiVirus\SavRoam.exe C:\Program Files\Spyware Terminator\sp_rsser.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\sYSTEM32\svchost.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Apoint\Apoint.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [VAIO Update 3] "C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe" /Stationary O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-21-1267076549-4102689964-1099705597-1231\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?') O4 - HKUS\S-1-5-21-1267076549-4102689964-1099705597-1231\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User '?') O4 - Global Startup: AutorunsDisabled O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1211596890703 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = springelfink.com O17 - HKLM\Software\..\Telephony: DomainName = springelfink.com O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = springelfink.com O18 - Protocol: bw+0 - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: offline-8876480 - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O23 - Service: Plug and Play Device Manager ($sys$DRMServer) - First 4 Internet Ltd - C:\WINDOWS\system32\$sys$filesystem\$sys$DRMServer.exe O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe O23 - Service: VAIO Entertainment Task Scheduler - Sony Corporation - C:\Program Files\Sony\vaio entertainment\VzTaskScheduler.exe O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe O23 - Service: Windows Storage Service v2.0 - Unknown owner - C:\WINDOWS\system32\drivers\svchost.exe (file missing) O23 - Service: Ent58ComServer (WindowsEntServer2008) - Unknown owner - C:\WINDOWS\EntSver.exe -- End of file - 23693 bytes I still cannot do a system restore (still get the 1083 error if I try to start the service), I still have no network connections and I noticed last night that I can't control the volume on the notebook, it says there is "no audio device" in any sound and audio device properties. (in the path to executable for the NLA properties it leads to windows/system32/svchost exe -k netsvcs, same with system restore)
  12. Random987
    I can't connect to the internet on the notebook as it deleted all of my network settings (and I can't figure out how to do an end around to connect). Can I update through a file I can download to a thumb drive and then transfer?
  13. Random987
    When I started my notebook computer today (Sony Vaio VGN-S380p), running Windows XP Pro, SP 3 (build 2600), I noticed that all of my network connections were gone. In particular my wireless connection was gone, thus starting my panic. I ran the only spyware program that I had on my notebook, Spyware Terminator and it found the w32.delf.scv virus. I deleted it and then attempted to run a system restore. When I ran the system restore I got the following message: System Restore is not able to protect your computer. Please restart computer and then run System Restore again. (restarting didn't help). I think checked the Computer Management module under Services/System Restore. It was stopped. When I tried to start the service I got the following error: Could not start the System Restore Service on Local Computer Error 1083: The executable program that this service is configured to run in does not implement the service (the path to executable was: C\windows\system32\svchost exe -k netsvcs). I ran Hijackthis that lead to the following log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:37:01 PM, on 11/24/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\$sys$filesystem\$sys$DRMServer.exe C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe C:\WINDOWS\system32\perfs.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Symantec AntiVirus\SavRoam.exe C:\Program Files\Spyware Terminator\sp_rsser.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\sYSTEM32\svchost.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\Explorer.EXE C:\Program Files\Apoint\Apoint.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\mmc.exe C:\Program Files\Spyware Terminator\SpywareTerminator.exe C:\Documents and Settings\tbudd\Application Data\U3\0000188E567162E2\LaunchPad.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32Info.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [VAIO Update 3] "C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe" /Stationary O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-21-1267076549-4102689964-1099705597-1231\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?') O4 - HKUS\S-1-5-21-1267076549-4102689964-1099705597-1231\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User '?') O4 - Global Startup: AutorunsDisabled O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1211596890703 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = springelfink.com O17 - HKLM\Software\..\Telephony: DomainName = springelfink.com O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = springelfink.com O18 - Protocol: bw+0 - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: offline-8876480 - {1CCC79E8-2A1D-44D3-8662-B010BFFD210D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O23 - Service: Plug and Play Device Manager ($sys$DRMServer) - First 4 Internet Ltd - C:\WINDOWS\system32\$sys$filesystem\$sys$DRMServer.exe O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Network Connections Logs (Netlogs) - Unknown owner - C:\WINDOWS\system32\perfs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe O23 - Service: VAIO Entertainment Task Scheduler - Sony Corporation - C:\Program Files\Sony\vaio entertainment\VzTaskScheduler.exe O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe O23 - Service: Windows Storage Service v2.0 - Unknown owner - C:\WINDOWS\system32\drivers\svchost.exe (file missing) O23 - Service: Ent58ComServer (WindowsEntServer2008) - Unknown owner - C:\WINDOWS\EntSver.exe -- End of file - 24054 bytes THEN I ran Malwarebytes and got the following log: Malwarebytes' Anti-Malware 1.30 Database version: 1306 Windows 5.1.2600 Service Pack 3 11/24/2008 3:15:18 PM mbam-log-2008-11-24 (15-15-03).txt Scan type: Quick Scan Objects scanned: 61213 Time elapsed: 12 minute(s), 55 second(s) Memory Processes Infected: 1 Memory Modules Infected: 0 Registry Keys Infected: 6 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 18 Memory Processes Infected: C:\WINDOWS\system32\perfs.exe (Trojan.Downloader) -> No action taken. Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> No action taken. HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\netlogs (Trojan.Downloader) -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\netlogs (Trojan.Downloader) -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\netlogs (Trojan.Downloader) -> No action taken. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\comsa32.sys (Trojan.Agent) -> No action taken. C:\WINDOWS\system32\drmgs.sys (Rootkit.Agent) -> No action taken. C:\WINDOWS\system32\perfs.exe (Trojan.Downloader) -> No action taken. C:\Documents and Settings\tbudd\Local Settings\Temp\bng1.tmp (Trojan.Agent) -> No action taken. C:\Documents and Settings\tbudd\Local Settings\Temp\bng2.tmp (Trojan.Agent) -> No action taken. C:\Documents and Settings\tbudd\Local Settings\Temp\bng3.tmp (Trojan.Agent) -> No action taken. C:\Documents and Settings\tbudd\Local Settings\Temp\bng4.tmp (Trojan.Agent) -> No action taken. C:\Documents and Settings\tbudd\Local Settings\Temp\bng5.tmp (Trojan.Agent) -> No action taken. C:\Documents and Settings\tbudd\Local Settings\Temp\bng6.tmp (Trojan.Agent) -> No action taken. C:\Documents and Settings\tbudd\Local Settings\Temp\bng7.tmp (Trojan.Agent) -> No action taken. C:\Documents and Settings\tbudd\Local Settings\Temp\bng8.tmp (Trojan.Agent) -> No action taken. C:\Documents and Settings\tbudd\Local Settings\Temp\bng9.tmp (Trojan.Agent) -> No action taken. C:\Documents and Settings\tbudd\Local Settings\Temp\bngA.tmp (Trojan.Agent) -> No action taken. C:\Documents and Settings\tbudd\Local Settings\Temp\bngB.tmp (Trojan.Agent) -> No action taken. C:\Documents and Settings\tbudd\Local Settings\Temp\bngC.tmp (Trojan.Agent) -> No action taken. C:\Documents and Settings\tbudd\Local Settings\Temp\bngD.tmp (Trojan.Agent) -> No action taken. C:\Documents and Settings\tbudd\Local Settings\Temp\bngE.tmp (Trojan.Agent) -> No action taken. C:\Documents and Settings\tbudd\Local Settings\Temp\bngF.tmp (Trojan.Agent) -> No action taken. Before I delete anything, I wanted to make sure I did it correctly. Can anyone walk me through this? How can I restore the processes that were interrupted/deleted? Thanks
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.