Jump to content

Malwarebytes runs for 2 seconds then quits


Recommended Posts

If I run Malwarebytes, it scans for about 2 seconds, then quits. If I try to run the program again, I get the following message: "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item."

I attempted to run HijackThis. When I opened the program, a command prompt-looking screen appeared for about half a second, and then closed. Nothing else happened.

I currently have no logs for either MBAM or HijackThis.

This comes after my computer was infected with Total Security. I found a tutorial on how to remove it at BleepingComputer.com. I used Process Manager to prevent it from running, but the next step required was to run Malwarebytes, and as I've said, it runs for 2 seconds, then quits. I've used Inherit to restore access to Malwarebytes, but every time I try to use it the same thing happens.

The same thing happened when I tried to run RootRepeal (following a suggestion on this website). It ran for a few seconds, quit, and then gave me the same error message as above ("Windows cannot access the specified device," etc.)

In the meantime, my computer's been experiencing a number of minor problems indicating that it's still infected. Some of my Google searches are hijacked. Sometimes I have to enter a URL twice before the web page will open. Embedded videos and other media in web pages are having difficulty opening. I can't open the Windows Task Manager. Etc.

Thanks in advance for any help that can be provided!

Link to post
Share on other sites

Hmm, this didn't work. The command prompt window appeared for a moment, then a dialog box pops up with the header "16 bit MS-DOS Subsystem," and which says:

The NTVDM CPU has encountered an illegal instruction.

CS:0562 IP:0111 OP:63 72 69 70 74 Choose 'Close' to terminate the application.

There are two choices: Close and Ignore. Regardless of which one I click, the application closes. No log is produced.

Link to post
Share on other sites

Okay, here's the log:

Volume in drive C has no label.

Volume Serial Number is 30DC-071B

ECHO is off.

Volume in drive C has no label.

Volume Serial Number is 30DC-071B

Directory of C:\WINDOWS\$NtServicePackUninstall$

08/04/2004 08:00 AM 55,808 eventlog.dll

1 File(s) 55,808 bytes

Directory of C:\WINDOWS\ServicePackFiles\i386

04/13/2008 08:11 PM 56,320 eventlog.dll

1 File(s) 56,320 bytes

Directory of C:\WINDOWS\system32

04/13/2008 08:11 PM 62,464 eventlog.dll

1 File(s) 62,464 bytes

Total Files Listed:

3 File(s) 174,592 bytes

0 Dir(s) 62,605,869,056 bytes free

ECHO is off.

Volume in drive C has no label.

Volume Serial Number is 30DC-071B

Directory of C:\WINDOWS\system32

04/13/2008 08:11 PM 56,320 logevent.dll

1 File(s) 56,320 bytes

Total Files Listed:

1 File(s) 56,320 bytes

0 Dir(s) 62,605,864,960 bytes free

Link to post
Share on other sites

1. Please download The Avenger2 by Swandog46 to your Desktop.

  • Right click on the Avenger.zip folder and select "Extract All..."
  • Follow the prompts and extract the avenger folder to your desktop

2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Files to move:
C:\WINDOWS\system32\logevent.dll | C:\WINDOWS\system32\eventlog.dll

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, open the avenger folder and start The Avenger program by clicking on its icon.

  • Right click on the window under Input script here:, and select Paste.
  • You can also Paste the text copied to the clipboard into this window by pressing (Ctrl+V), or click on the third button under the menu to paste it from the clipboard.
  • Click on Execute
  • Answer "Yes" twice when prompted.

4. The Avenger will automatically do the following:

[*]It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete" or "Drivers to Disable", The Avenger will actually restart your system twice.)

[*]On reboot, it will briefly open a black command window on your desktop, this is normal.

[*]After the restart, it creates a log file that should open with the results of Avenger

Link to post
Share on other sites

All right, this mostly worked. My logs are below. Avenger and HijackThis seemed to run without problems. Win32KDiag would not run -- I received the same error message as before (see Post #3). ComboFix seemed to work, but when the computer restarted, another rogue program appeared in the taskbar. A red shield icon appeared, with a balloon saying:

Your computer might be at risk

Antivirus software might not be installed

Click this balloon to fix this problem.

I was able to close this program (wscntfy.exe) through Process Explorer, although at first, every time I killed the process, it instantly reappeared. I got it by killing the svchost.exe process that it branched out from.

LOGS

Avenger

Logfile of The Avenger Version 2.0, © by Swandog46

http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.

Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

No rootkits found!

File move operation "C:\WINDOWS\system32\logevent.dll|C:\WINDOWS\system32\eventlog.dll" completed successfully.

Completed script processing.

*******************

Finished! Terminate.

ComboFix

ComboFix 09-10-04.01 - Christopher Segall 10/04/2009 22:21.1.2 - NTFSx86

Running from: c:\documents and settings\Christopher Segall.CHRISTOPHER\Desktop\Combo-Fix.exe

FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\recycler\S-1-5-21-115078429-1587953384-2187281902-1003

c:\recycler\S-1-5-21-1760932159-2773793870-4211112602-1003

c:\recycler\S-1-5-21-1935655697-688789844-725345543-1003

c:\recycler\S-1-5-21-2983245545-561358137-1651675007-1003

c:\windows\Installer\2424fd.msp

c:\windows\Installer\48642a.msp

c:\windows\Installer\486467.msp

c:\windows\Installer\889ba.msp

c:\windows\Installer\WinRMSrv.msi

c:\windows\setup.exe

c:\windows\system32\41.exe

c:\windows\system32\lowsec

c:\windows\system32\winhelper.dll

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_UACD.SYS

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}

((((((((((((((((((((((((( Files Created from 2009-09-05 to 2009-10-05 )))))))))))))))))))))))))))))))

.

2009-09-29 12:22 . 2009-09-29 12:22 -------- d-----w- c:\program files\Lala.com

2009-09-29 12:22 . 2009-09-29 12:31 -------- d-----w- c:\documents and settings\Christopher Segall.CHRISTOPHER\Application Data\Lala Music Mover

2009-09-18 22:19 . 2009-09-18 22:19 -------- d-----w- c:\program files\iPod

2009-09-18 22:19 . 2009-09-18 22:20 -------- d-----w- c:\program files\iTunes

2009-09-18 22:19 . 2009-09-18 22:20 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

2009-09-18 22:18 . 2009-09-18 22:18 -------- d-----w- c:\program files\QuickTime

2009-09-15 14:05 . 2009-09-15 14:05 -------- d-----w- c:\program files\Skyhook Wireless

2009-09-15 14:05 . 2009-09-15 14:05 -------- d-----w- c:\program files\Boingo

2009-09-15 14:05 . 2009-09-15 14:05 -------- d-----w- c:\documents and settings\All Users\Application Data\GoBoingo

2009-09-14 12:25 . 2009-09-14 12:39 -------- d-----w- c:\program files\DAP

2009-09-12 03:51 . 2009-09-12 03:51 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com

2009-09-12 03:49 . 2009-09-12 03:49 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2009-09-12 03:48 . 2009-09-12 03:48 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache

2009-09-11 14:09 . 2009-10-04 17:51 -------- d-----w- c:\program files\Safari

2009-09-11 04:36 . 2009-09-11 04:36 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2009-09-11 04:36 . 2009-09-12 16:53 -------- d-----w- c:\program files\SUPERAntiSpyware

2009-09-11 04:36 . 2009-09-11 04:36 -------- d-----w- c:\documents and settings\Christopher Segall.CHRISTOPHER\Application Data\SUPERAntiSpyware.com

2009-09-11 03:05 . 2009-09-11 03:17 -------- d-----w- c:\windows\system32\NtmsData

2009-09-11 02:32 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-09-11 02:32 . 2009-10-01 01:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-09-11 02:32 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-09-10 23:35 . 2009-09-10 23:35 -------- d-----w- c:\documents and settings\Christopher Segall.CHRISTOPHER\Application Data\Malwarebytes

2009-09-10 21:16 . 2009-09-10 21:16 173 ----a-w- c:\windows\dxxdv34567.bat

2009-09-10 20:35 . 2008-12-11 12:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys

2009-09-10 20:35 . 2009-08-24 18:05 206256 ----a-w- c:\windows\system32\drivers\PCTCore.sys

2009-09-10 20:35 . 2009-08-19 15:01 86888 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys

2009-09-10 20:35 . 2009-09-10 20:35 -------- d-----w- c:\program files\Common Files\PC Tools

2009-09-10 20:35 . 2008-12-10 15:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys

2009-09-10 20:34 . 2009-09-10 22:23 -------- d-----w- c:\program files\Spyware Doctor

2009-09-10 20:34 . 2009-09-10 20:34 -------- d-----w- c:\documents and settings\Christopher Segall.CHRISTOPHER\Application Data\PC Tools

2009-09-10 20:34 . 2009-09-10 20:34 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools

2009-09-10 20:31 . 2009-09-10 20:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-09-10 20:09 . 2009-09-10 20:09 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache

2009-09-09 12:48 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-09-18 22:26 . 2006-11-10 22:07 -------- d-----w- c:\documents and settings\Christopher Segall.CHRISTOPHER\Application Data\Apple Computer

2009-09-18 22:19 . 2007-07-04 16:19 -------- d-----w- c:\program files\Common Files\Apple

2009-09-15 14:05 . 2009-06-08 13:43 13696 ----a-w- c:\windows\system32\drivers\wpsnuio.sys

2009-09-14 12:38 . 2008-08-04 04:03 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedBit

2009-09-14 12:38 . 2007-12-02 08:22 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2009-09-14 12:10 . 2008-04-21 12:40 664 ----a-w- c:\windows\system32\d3d9caps.dat

2009-09-12 03:07 . 2009-06-12 03:07 1064484 --sha-w- c:\windows\system32\jayosuto.exe

2009-09-12 03:07 . 2009-06-12 03:07 44970 --sha-w- c:\windows\system32\gisujewo.exe

2009-09-11 04:36 . 2006-11-28 18:07 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

2009-09-10 21:15 . 2009-06-10 21:15 1064996 --sha-w- c:\windows\system32\bodihovi.exe

2009-09-10 21:15 . 2009-06-10 21:15 53248 --sha-w- c:\windows\system32\bulawasi.exe

2009-09-10 21:15 . 2009-06-10 21:15 44970 --sha-w- c:\windows\system32\fabireze.exe

2009-09-09 16:10 . 2008-07-15 16:56 -------- d-----w- c:\program files\Microsoft Silverlight

2009-08-29 21:26 . 2008-09-07 22:11 -------- d-----w- c:\program files\MacGAMUT 6

2009-08-29 21:22 . 2008-09-07 22:09 -------- d-----w- c:\program files\MacGAMUT 6 Instructor

2009-08-24 19:22 . 2008-07-07 01:26 -------- d-----w- c:\documents and settings\Christopher Segall.CHRISTOPHER\Application Data\Move Networks

2009-08-21 13:32 . 2009-06-29 13:09 47664 ---ha-w- c:\windows\system32\mlfcache.dat

2009-08-19 04:16 . 2006-11-28 18:08 -------- d-----w- c:\program files\EndNote 9

2009-08-18 04:21 . 2005-12-18 03:23 -------- d-----w- c:\program files\Java

2009-08-15 16:24 . 2006-07-27 20:49 56816 ----a-w- c:\documents and settings\Christopher Segall.CHRISTOPHER\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-08-15 14:26 . 2009-08-15 14:26 -------- d-----w- c:\program files\MSBuild

2009-08-15 14:26 . 2009-08-15 14:26 -------- d-----w- c:\program files\Reference Assemblies

2009-08-14 10:58 . 2009-09-10 20:35 7396 ----a-w- c:\windows\system32\drivers\pctcore.cat

2009-08-11 15:00 . 2005-12-18 05:23 -------- d-----w- c:\program files\Common Files\Adobe

2009-08-08 21:35 . 2009-08-08 21:35 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2

2009-08-08 21:35 . 2006-02-11 04:42 -------- d-----w- c:\program files\Microsoft Works

2009-08-06 22:14 . 2009-08-06 14:37 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS

2009-08-06 22:14 . 2009-08-06 14:37 -------- d-----w- c:\program files\NOS

2009-08-05 09:01 . 2005-12-17 23:54 204800 ----a-w- c:\windows\system32\mswebdvd.dll

2009-07-25 09:23 . 2009-06-03 14:37 411368 ----a-w- c:\windows\system32\deploytk.dll

2009-07-17 19:01 . 2005-12-17 23:54 58880 ----a-w- c:\windows\system32\atl.dll

2009-07-14 03:43 . 2005-12-17 23:54 286208 ----a-w- c:\windows\system32\wmpdxm.dll

2006-09-08 03:40 . 2006-09-08 03:40 604 ---ha-w- c:\program files\STLL Notifier

2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll

2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-09-04 1994480]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-05 7340032]

"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-11-18 118784]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-25 98304]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-25 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-25 118784]

"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2005-12-14 217088]

"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]

"VAIO Update 2"="c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-10-12 151552]

"Biomenu"="c:\program files\Protector Suite QL\menusw.exe" [2005-11-09 1335808]

"HostManager"="c:\program files\Common Files\AOL\1139633303\ee\AOLHostManager.exe" [2005-11-04 159832]

"VAIOCameraUtility"="c:\program files\Sony\VAIO Camera Utility\VCUServe.exe" [2005-12-01 69632]

"VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672]

"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]

"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]

"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-07-03 802816]

"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-07-03 700416]

"EPSON Stylus C88 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE" [2005-01-27 98304]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]

"Switcher.exe"="c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2005-01-21 167936]

"Boingo Wi-Fi"="c:\program files\Boingo\Boingo Wi-Fi\Boingo.lnk" [2009-10-05 2179]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-09 305440]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2008-04-14 53760]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-BA7E-000000000002}\SC_Acrobat.exe [2006-9-8 25214]

Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]

Amazon Unbox.lnk - c:\program files\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe [2007-7-11 97320]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoSetActiveDesktop"= 1 (0x1)

"NoActiveDesktopChanges"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]

2005-11-09 01:49 39936 ----a-w- c:\windows\system32\fusstub.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]

2005-05-21 01:42 73728 ----a-w- c:\windows\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ scecli fusstub

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rootrepeal.sys]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\ScanSoft\\OmniPageSE2.0\\opwareSE2.exe"=

"c:\\Program Files\\Sony\\VAIO Camera Utility\\VCUServe.exe"=

"c:\\Program Files\\Sony\\VAIO Event Service\\VESMgr.exe"=

"c:\\WINDOWS\\system32\\wbem\\wmiprvse.exe"=

"c:\\Program Files\\Sony\\ISB Utility\\ISBMgr.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

R2 USBDriver;USBDriver;c:\windows\system32\svchost.exe [2008-04-14 14336]

R3 IFXTPM;IFXTPM;c:\windows\system32\DRIVERS\IFXTPM.SYS [2005-10-21 36352]

R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-09-04 7408]

R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-01-07 348752]

R3 USBNET;Instant Wireless USB Network Adapter ver.2.6 Driver;c:\windows\system32\DRIVERS\vnetusbl.sys [2004-03-26 107648]

S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-08-24 206256]

S0 shpf;Sony HDD Protection Filter Driver;c:\windows\system32\DRIVERS\shpf.sys [2005-11-21 9216]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-09-04 9968]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-09-04 74480]

S2 FdRedir;FdRedir;c:\program files\Common Files\Protector Suite QL\Drivers\FdRedir.sys [2005-11-09 13440]

S2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\Common Files\Protector Suite QL\Drivers\filedisk.sys [2005-11-09 33024]

S3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\DRIVERS\SonyImgF.sys [2005-12-06 29312]

S3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\DRIVERS\SonyPI.sys [2003-06-19 71961]

S3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2005-10-04 217472]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

USBDriver

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

Contents of the 'Scheduled Tasks' folder

2009-09-09 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:34]

2009-10-05 c:\windows\Tasks\User_Feed_Synchronization-{E9F75E29-E9FD-4972-8549-2094EBD3FAB2}.job

- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.nytimes.com/

uInternet Connection Wizard,ShellNext = hxxp://update.spysubtract.com/imbuy.php?sku=TMAS002&220=7B44354630333331362D414236392D346131662D424542302D3736303433314435313338

327D&431=&120=3.12&125=30126&160=1230436&170=Unknown&210=Other&310=4551&150=30&155=30&130=t&225=n&215=en-us&430=30dc071b&195=2.82&171=&172=&500=0&501=0

uInternet Settings,ProxyOverride = *.local

IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

IE: Transfer by Image Converter 2 Plus - c:\program files\Sony\Image Converter 2\menu.htm

FF - ProfilePath - c:\documents and settings\Christopher Segall.CHRISTOPHER\Application Data\Mozilla\Firefox\Profiles\ucoxdksh.default\

FF - plugin: c:\documents and settings\Christopher Segall.CHRISTOPHER\Application Data\Mozilla\Firefox\Profiles\ucoxdksh.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\nplalaDl.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

.

- - - - ORPHANS REMOVED - - - -

HKLM-Run-vabakuzuz - c:\windows\system32\zujopuhe.dll

HKLM-Run-ponarazufa - fadajaha.dll

SharedTaskScheduler-{258974f6-09a1-462f-99d7-98b0c0f6cb73} - c:\windows\system32\bikusono.dll

SSODL-gowefikak-{258974f6-09a1-462f-99d7-98b0c0f6cb73} - c:\windows\system32\bikusono.dll

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-10-04 22:31

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]

@Denied: (A 2) (Everyone)

@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]

@DACL=(02 0000)

"Installed"="1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]

@DACL=(02 0000)

"Installed"="1"

"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]

@DACL=(02 0000)

"Installed"="1"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(856)

c:\program files\SUPERAntiSpyware\SASWINLO.dll

c:\windows\system32\WININET.dll

c:\windows\system32\fusstub.dll

c:\program files\Protector Suite QL\infra.dll

c:\program files\Protector Suite QL\homefus.dll

c:\windows\system32\biologon.dll

c:\program files\Protector Suite QL\homepass.dll

c:\program files\Protector Suite QL\passport.dll

c:\program files\Protector Suite QL\BhTcAll.dll

c:\program files\Protector Suite QL\BhDevTfm.dll

c:\program files\Protector Suite QL\remote.dll

c:\windows\system32\VESWinlogon.dll

c:\program files\Protector Suite QL\AlgVer.dll

c:\program files\Protector Suite QL\TCBioLib.dll

c:\program files\Protector Suite QL\mysafe.dll

- - - - - - - > 'lsass.exe'(912)

c:\windows\system32\fusstub.dll

c:\program files\Protector Suite QL\infra.dll

c:\program files\Protector Suite QL\homefus.dll

- - - - - - - > 'explorer.exe'(824)

c:\windows\system32\WININET.dll

c:\program files\ScanSoft\OmniPageSE2.0\ophookSE2.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\program files\Protector Suite QL\mysafe.dll

c:\program files\Protector Suite QL\infra.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Intel\Wireless\Bin\EvtEng.exe

c:\program files\Intel\Wireless\Bin\S24EvMon.exe

c:\program files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Intel\Wireless\Bin\RegSrvc.exe

c:\program files\Sony\VAIO Event Service\VESMgr.exe

c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

c:\windows\system32\igfxext.exe

c:\windows\system32\igfxsrvc.exe

c:\windows\system32\wscntfy.exe

c:\windows\system32\igfxsrvc.exe

c:\program files\Common Files\AOL\1139633303\ee\AOLServiceHost.exe

c:\program files\Apoint\ApntEx.exe

c:\program files\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe

c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe

c:\program files\iPod\bin\iPodService.exe

.

**************************************************************************

.

Completion time: 2009-10-05 22:37 - machine was rebooted

ComboFix-quarantined-files.txt 2009-10-05 02:36

Pre-Run: 62,522,208,256 bytes free

Post-Run: 66,366,709,760 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

336 --- E O F --- 2009-09-09 16:08

HijackThis

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:43:18 PM, on 10/4/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Sony\VAIO Event Service\VESMgr.exe

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

C:\Program Files\Apoint\Apoint.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Sony\VAIO Power Management\SPMgr.exe

C:\Program Files\Sony\ISB Utility\ISBMgr.exe

C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe

C:\Program Files\Protector Suite QL\menusw.exe

C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe

C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\Program Files\Common Files\AOL\1139633303\ee\AOLServiceHost.exe

C:\Program Files\Apoint\Apntex.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe

C:\Program Files\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\System32\svchost.exe

C:\Documents and Settings\Christopher Segall.CHRISTOPHER\Desktop\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nytimes.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://update.spysubtract.com/imbuy.php?sk...500=0&501=0

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [sonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe

O4 - HKLM\..\Run: [iSBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe

O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary

O4 - HKLM\..\Run: [biomenu] "C:\Program Files\Protector Suite QL\menusw.exe"

O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1139633303\ee\AOLHostManager.exe

O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe"

O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe

O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"

O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [EPSON Stylus C88 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE /P23 "EPSON Stylus C88 Series" /O6 "USB001" /M "Stylus C88"

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe

O4 - HKLM\..\Run: [boingo Wi-Fi] "C:\Program Files\Boingo\Boingo Wi-Fi\Boingo.lnk"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-21-1040860506-2782868295-63884445-1006\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')

O4 - HKUS\S-1-5-21-1040860506-2782868295-63884445-1006\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (User '?')

O4 - HKUS\S-1-5-21-1040860506-2782868295-63884445-1006\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User '?')

O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User '?')

O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')

O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Amazon Unbox.lnk = ?

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Transfer by Image Converter 2 Plus - C:\Program Files\Sony\Image Converter 2\menu.htm

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Amazon Unbox Video Service (ADVService) - Amazon.com - C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe

O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe

O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe

O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe

O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe

O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe

O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

--

End of file - 13590 bytes

Link to post
Share on other sites

Please open Malwarebytes, update to the latest def's, run a quick scan. In your next reply, please include the log. Thanks

Go to start ---> Run ---> type regedit. Navigate to the following key

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\usbdriver

Right-click on the key

Choose Export

Save it as export.txt

Save File Type as .reg

Save it to your desktop.

Please include that log too. Thanks

Link to post
Share on other sites

Just want to say thanks for all your help so far!

Malwarebytes

Malwarebytes' Anti-Malware 1.41

Database version: 2911

Windows 5.1.2600 Service Pack 3

10/5/2009 8:39:29 PM

mbam-log-2009-10-05 (20-39-29).txt

Scan type: Quick Scan

Objects scanned: 118579

Time elapsed: 4 minute(s), 50 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 1

Folders Infected: 0

Files Infected: 6

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\system32\bodihovi.exe (Rogue.SystemSecurity) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\bulawasi.exe (Worm.Koobface) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\gisujewo.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\jayosuto.exe (Rogue.SystemSecurity) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\fabireze.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\dxxdv34567.bat (KoobFace.Trace) -> Quarantined and deleted successfully.

regedit

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\USBDriver]

"Type"=dword:00000020

"Start"=dword:00000002

"ErrorControl"=dword:00000000

"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\

74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\

00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\

6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00

"DisplayName"="USBDriver"

"ObjectName"="LocalSystem"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\USBDriver\Parameters]

"ServiceDll"=hex(2):43,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,00,53,\

00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,79,00,73,00,\

68,00,71,00,77,00,6f,00,6e,00,65,00,2e,00,64,00,6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\USBDriver\Security]

"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\

00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\

00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\

05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\

20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\

00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\

00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\USBDriver\Enum]

"0"="Root\\LEGACY_USBDRIVER\\0000"

"Count"=dword:00000001

"NextInstance"=dword:00000001

Link to post
Share on other sites

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Rootkit::
C:\WINDOWS\system32\yshqwone.dll
Driver::
USBDriver
NetSvc::
USBDriver

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

================================================

  • Click on Start->Run, and copy-paste the following command (the bolded text) into the "Open" box, and click OK.
  • When it's finished, there will be a log called Win32kDiag.txt on your desktop.
  • Please open it with notepad and post the contents here.

"%userprofile%\desktop\win32kdiag.exe" -f -r

How is everything runnning??

Link to post
Share on other sites

In general, the computer is running fine. While it's been infected, I've been able to use it for anything I've needed to do. As I mentioned above, the first time I ran ComboFix (yesterday), when the computer rebooted, a new rogue program appeared, and that's shown up in the taskbar every time I've started the computer since then. (I've used Process Explorer to stop it each time.)

When I tried to run Win32kDiag this time, at first I encountered the same problem as before. But I deleted the program and re-downloaded it, and that worked.

Logs:

ComboFix

ComboFix 09-10-04.01 - Christopher Segall 10/05/2009 22:13.2.2 - NTFSx86

Running from: c:\documents and settings\Christopher Segall.CHRISTOPHER\Desktop\Combo-Fix.exe

Command switches used :: c:\documents and settings\Christopher Segall.CHRISTOPHER\Desktop\CFScript.txt

FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_USBDRIVER

-------\Service_USBDriver

((((((((((((((((((((((((( Files Created from 2009-09-06 to 2009-10-06 )))))))))))))))))))))))))))))))

.

2009-09-29 12:22 . 2009-09-29 12:22 -------- d-----w- c:\program files\Lala.com

2009-09-29 12:22 . 2009-09-29 12:31 -------- d-----w- c:\documents and settings\Christopher Segall.CHRISTOPHER\Application Data\Lala Music Mover

2009-09-18 22:19 . 2009-09-18 22:19 -------- d-----w- c:\program files\iPod

2009-09-18 22:19 . 2009-09-18 22:20 -------- d-----w- c:\program files\iTunes

2009-09-18 22:19 . 2009-09-18 22:20 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

2009-09-18 22:18 . 2009-09-18 22:18 -------- d-----w- c:\program files\QuickTime

2009-09-15 14:05 . 2009-09-15 14:05 -------- d-----w- c:\program files\Skyhook Wireless

2009-09-15 14:05 . 2009-09-15 14:05 -------- d-----w- c:\program files\Boingo

2009-09-15 14:05 . 2009-09-15 14:05 -------- d-----w- c:\documents and settings\All Users\Application Data\GoBoingo

2009-09-14 12:25 . 2009-09-14 12:39 -------- d-----w- c:\program files\DAP

2009-09-12 03:51 . 2009-09-12 03:51 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com

2009-09-12 03:49 . 2009-09-12 03:49 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2009-09-12 03:48 . 2009-09-12 03:48 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache

2009-09-11 14:09 . 2009-10-04 17:51 -------- d-----w- c:\program files\Safari

2009-09-11 04:36 . 2009-09-11 04:36 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2009-09-11 04:36 . 2009-09-12 16:53 -------- d-----w- c:\program files\SUPERAntiSpyware

2009-09-11 04:36 . 2009-09-11 04:36 -------- d-----w- c:\documents and settings\Christopher Segall.CHRISTOPHER\Application Data\SUPERAntiSpyware.com

2009-09-11 03:05 . 2009-09-11 03:17 -------- d-----w- c:\windows\system32\NtmsData

2009-09-11 02:32 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-09-11 02:32 . 2009-10-01 01:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-09-11 02:32 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-09-10 23:35 . 2009-09-10 23:35 -------- d-----w- c:\documents and settings\Christopher Segall.CHRISTOPHER\Application Data\Malwarebytes

2009-09-10 20:35 . 2008-12-11 12:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys

2009-09-10 20:35 . 2009-08-24 18:05 206256 ----a-w- c:\windows\system32\drivers\PCTCore.sys

2009-09-10 20:35 . 2009-08-19 15:01 86888 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys

2009-09-10 20:35 . 2009-09-10 20:35 -------- d-----w- c:\program files\Common Files\PC Tools

2009-09-10 20:35 . 2008-12-10 15:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys

2009-09-10 20:34 . 2009-09-10 22:23 -------- d-----w- c:\program files\Spyware Doctor

2009-09-10 20:34 . 2009-09-10 20:34 -------- d-----w- c:\documents and settings\Christopher Segall.CHRISTOPHER\Application Data\PC Tools

2009-09-10 20:34 . 2009-09-10 20:34 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools

2009-09-10 20:31 . 2009-09-10 20:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-09-10 20:09 . 2009-09-10 20:09 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache

2009-09-09 12:48 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-10-05 02:43 . 2006-02-11 05:02 -------- d-----w- c:\program files\Trend Micro

2009-09-18 22:26 . 2006-11-10 22:07 -------- d-----w- c:\documents and settings\Christopher Segall.CHRISTOPHER\Application Data\Apple Computer

2009-09-18 22:19 . 2007-07-04 16:19 -------- d-----w- c:\program files\Common Files\Apple

2009-09-15 14:05 . 2009-06-08 13:43 13696 ----a-w- c:\windows\system32\drivers\wpsnuio.sys

2009-09-14 12:38 . 2008-08-04 04:03 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedBit

2009-09-14 12:38 . 2007-12-02 08:22 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2009-09-14 12:10 . 2008-04-21 12:40 664 ----a-w- c:\windows\system32\d3d9caps.dat

2009-09-11 04:36 . 2006-11-28 18:07 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

2009-09-09 16:10 . 2008-07-15 16:56 -------- d-----w- c:\program files\Microsoft Silverlight

2009-08-29 21:26 . 2008-09-07 22:11 -------- d-----w- c:\program files\MacGAMUT 6

2009-08-29 21:22 . 2008-09-07 22:09 -------- d-----w- c:\program files\MacGAMUT 6 Instructor

2009-08-24 19:22 . 2008-07-07 01:26 -------- d-----w- c:\documents and settings\Christopher Segall.CHRISTOPHER\Application Data\Move Networks

2009-08-21 13:32 . 2009-06-29 13:09 47664 ---ha-w- c:\windows\system32\mlfcache.dat

2009-08-19 04:16 . 2006-11-28 18:08 -------- d-----w- c:\program files\EndNote 9

2009-08-18 04:21 . 2005-12-18 03:23 -------- d-----w- c:\program files\Java

2009-08-15 16:24 . 2006-07-27 20:49 56816 ----a-w- c:\documents and settings\Christopher Segall.CHRISTOPHER\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-08-15 14:26 . 2009-08-15 14:26 -------- d-----w- c:\program files\MSBuild

2009-08-15 14:26 . 2009-08-15 14:26 -------- d-----w- c:\program files\Reference Assemblies

2009-08-14 10:58 . 2009-09-10 20:35 7396 ----a-w- c:\windows\system32\drivers\pctcore.cat

2009-08-11 15:00 . 2005-12-18 05:23 -------- d-----w- c:\program files\Common Files\Adobe

2009-08-08 21:35 . 2009-08-08 21:35 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2

2009-08-08 21:35 . 2006-02-11 04:42 -------- d-----w- c:\program files\Microsoft Works

2009-08-05 09:01 . 2005-12-17 23:54 204800 ----a-w- c:\windows\system32\mswebdvd.dll

2009-07-25 09:23 . 2009-06-03 14:37 411368 ----a-w- c:\windows\system32\deploytk.dll

2009-07-17 19:01 . 2005-12-17 23:54 58880 ----a-w- c:\windows\system32\atl.dll

2009-07-14 03:43 . 2005-12-17 23:54 286208 ----a-w- c:\windows\system32\wmpdxm.dll

2006-09-08 03:40 . 2006-09-08 03:40 604 ---ha-w- c:\program files\STLL Notifier

2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll

2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll

.

((((((((((((((((((((((((((((( SnapShot@2009-10-05_02.31.28 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-10-06 02:22 . 2009-10-06 02:22 16384 c:\windows\Temp\Perflib_Perfdata_110.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-09-04 1994480]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-05 7340032]

"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-11-18 118784]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-25 98304]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-25 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-25 118784]

"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2005-12-14 217088]

"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]

"VAIO Update 2"="c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-10-12 151552]

"Biomenu"="c:\program files\Protector Suite QL\menusw.exe" [2005-11-09 1335808]

"HostManager"="c:\program files\Common Files\AOL\1139633303\ee\AOLHostManager.exe" [2005-11-04 159832]

"VAIOCameraUtility"="c:\program files\Sony\VAIO Camera Utility\VCUServe.exe" [2005-12-01 69632]

"VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672]

"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]

"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]

"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-07-03 802816]

"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-07-03 700416]

"EPSON Stylus C88 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE" [2005-01-27 98304]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]

"Switcher.exe"="c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2005-01-21 167936]

"Boingo Wi-Fi"="c:\program files\Boingo\Boingo Wi-Fi\Boingo.lnk" [2009-10-06 2179]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-09 305440]

"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2008-04-14 53760]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-BA7E-000000000002}\SC_Acrobat.exe [2006-9-8 25214]

Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]

Amazon Unbox.lnk - c:\program files\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe [2007-7-11 97320]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoSetActiveDesktop"= 1 (0x1)

"NoActiveDesktopChanges"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]

2005-11-09 01:49 39936 ----a-w- c:\windows\system32\fusstub.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]

2005-05-21 01:42 73728 ----a-w- c:\windows\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ scecli fusstub

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rootrepeal.sys]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\ScanSoft\\OmniPageSE2.0\\opwareSE2.exe"=

"c:\\Program Files\\Sony\\VAIO Camera Utility\\VCUServe.exe"=

"c:\\Program Files\\Sony\\VAIO Event Service\\VESMgr.exe"=

"c:\\WINDOWS\\system32\\wbem\\wmiprvse.exe"=

"c:\\Program Files\\Sony\\ISB Utility\\ISBMgr.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

R3 IFXTPM;IFXTPM;c:\windows\system32\DRIVERS\IFXTPM.SYS [2005-10-21 36352]

R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-09-04 7408]

R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-01-07 348752]

R3 USBNET;Instant Wireless USB Network Adapter ver.2.6 Driver;c:\windows\system32\DRIVERS\vnetusbl.sys [2004-03-26 107648]

S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-08-24 206256]

S0 shpf;Sony HDD Protection Filter Driver;c:\windows\system32\DRIVERS\shpf.sys [2005-11-21 9216]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-09-04 9968]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-09-04 74480]

S2 FdRedir;FdRedir;c:\program files\Common Files\Protector Suite QL\Drivers\FdRedir.sys [2005-11-09 13440]

S2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\Common Files\Protector Suite QL\Drivers\filedisk.sys [2005-11-09 33024]

S3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\DRIVERS\SonyImgF.sys [2005-12-06 29312]

S3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\DRIVERS\SonyPI.sys [2003-06-19 71961]

S3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2005-10-04 217472]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

Contents of the 'Scheduled Tasks' folder

2009-09-09 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:34]

2009-10-06 c:\windows\Tasks\User_Feed_Synchronization-{E9F75E29-E9FD-4972-8549-2094EBD3FAB2}.job

- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.nytimes.com/

uInternet Connection Wizard,ShellNext = hxxp://update.spysubtract.com/imbuy.php?sku=TMAS002&220=7B44354630333331362D414236392D346131662D424542302D3736303433314435313338

327D&431=&120=3.12&125=30126&160=1230436&170=Unknown&210=Other&310=4551&150=30&155=30&130=t&225=n&215=en-us&430=30dc071b&195=2.82&171=&172=&500=0&501=0

uInternet Settings,ProxyOverride = *.local

IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

IE: Transfer by Image Converter 2 Plus - c:\program files\Sony\Image Converter 2\menu.htm

FF - ProfilePath - c:\documents and settings\Christopher Segall.CHRISTOPHER\Application Data\Mozilla\Firefox\Profiles\ucoxdksh.default\

FF - plugin: c:\documents and settings\Christopher Segall.CHRISTOPHER\Application Data\Mozilla\Firefox\Profiles\ucoxdksh.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\nplalaDl.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-10-05 22:22

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]

@Denied: (A 2) (Everyone)

@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]

@DACL=(02 0000)

"Installed"="1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]

@DACL=(02 0000)

"Installed"="1"

"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]

@DACL=(02 0000)

"Installed"="1"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(856)

c:\program files\SUPERAntiSpyware\SASWINLO.dll

c:\windows\system32\WININET.dll

c:\windows\system32\fusstub.dll

c:\program files\Protector Suite QL\infra.dll

c:\program files\Protector Suite QL\homefus.dll

c:\windows\system32\biologon.dll

c:\program files\Protector Suite QL\homepass.dll

c:\program files\Protector Suite QL\passport.dll

c:\program files\Protector Suite QL\config.dll

c:\program files\Protector Suite QL\BhTcAll.dll

c:\program files\Protector Suite QL\BhDevTfm.dll

c:\program files\Protector Suite QL\AlgVer.dll

c:\program files\Protector Suite QL\TCBioLib.dll

c:\program files\Protector Suite QL\remote.dll

c:\windows\system32\VESWinlogon.dll

c:\program files\Protector Suite QL\mysafe.dll

- - - - - - - > 'lsass.exe'(912)

c:\windows\system32\fusstub.dll

c:\program files\Protector Suite QL\infra.dll

c:\program files\Protector Suite QL\homefus.dll

- - - - - - - > 'explorer.exe'(3464)

c:\windows\system32\WININET.dll

c:\program files\ScanSoft\OmniPageSE2.0\ophookSE2.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\program files\Protector Suite QL\mysafe.dll

c:\program files\Protector Suite QL\infra.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Intel\Wireless\Bin\EvtEng.exe

c:\program files\Intel\Wireless\Bin\S24EvMon.exe

c:\program files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Intel\Wireless\Bin\RegSrvc.exe

c:\program files\Sony\VAIO Event Service\VESMgr.exe

c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

c:\windows\system32\igfxext.exe

c:\windows\system32\igfxsrvc.exe

c:\windows\system32\wscntfy.exe

c:\windows\system32\igfxsrvc.exe

c:\program files\Apoint\ApntEx.exe

c:\program files\Common Files\AOL\1139633303\ee\AOLServiceHost.exe

c:\program files\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe

c:\program files\Adobe\Acrobat 7.0\Acrobat\Acrobat_sl.exe

c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe

c:\program files\iPod\bin\iPodService.exe

.

**************************************************************************

.

Completion time: 2009-10-06 22:27 - machine was rebooted

ComboFix-quarantined-files.txt 2009-10-06 02:27

ComboFix2.txt 2009-10-05 02:37

Pre-Run: 66,380,595,200 bytes free

Post-Run: 66,348,646,400 bytes free

307 --- E O F --- 2009-10-06 00:48

Win32kDiag

Running from: C:\Documents and Settings\Christopher Segall.CHRISTOPHER\desktop\win32kdiag.exe

Log file at : C:\Documents and Settings\Christopher Segall.CHRISTOPHER\Desktop\Win32kDiag.txt

Removing all found mount points.

Attempting to reset file permissions.

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...

Found mount point : C:\WINDOWS\$hf_mig$\KB890046\KB890046

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB890046\KB890046

Found mount point : C:\WINDOWS\$hf_mig$\KB916281\KB916281

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB916281\KB916281

Found mount point : C:\WINDOWS\$hf_mig$\KB918899\KB918899

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB918899\KB918899

Found mount point : C:\WINDOWS\$hf_mig$\KB920213\KB920213

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB920213\KB920213

Found mount point : C:\WINDOWS\$hf_mig$\KB922760\KB922760

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB922760\KB922760

Found mount point : C:\WINDOWS\$hf_mig$\KB924496\KB924496

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB924496\KB924496

Found mount point : C:\WINDOWS\$hf_mig$\KB929338\KB929338

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB929338\KB929338

Found mount point : C:\WINDOWS\$hf_mig$\KB931784\KB931784

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB931784\KB931784

Found mount point : C:\WINDOWS\$hf_mig$\KB932168\KB932168

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB932168\KB932168

Found mount point : C:\WINDOWS\$hf_mig$\KB933729\KB933729

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB933729\KB933729

Found mount point : C:\WINDOWS\$hf_mig$\KB943460\KB943460

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB943460\KB943460

Found mount point : C:\WINDOWS\addins\addins

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\addins\addins

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP17B.tmp\ZAP17B.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP17B.tmp\ZAP17B.tmp

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP19A.tmp\ZAP19A.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP19A.tmp\ZAP19A.tmp

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP284.tmp\ZAP284.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP284.tmp\ZAP284.tmp

Found mount point : C:\WINDOWS\assembly\tmp\tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\tmp\tmp

Found mount point : C:\WINDOWS\Config\Config

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Config\Config

Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

Found mount point : C:\WINDOWS\Debug\UserMode\UserMode

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Debug\UserMode\UserMode

Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Cbz\Cbz

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Cbz\Cbz

Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Lib\Lib

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Lib\Lib

Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Wave\Wave

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Wave\Wave

Found mount point : C:\WINDOWS\ime\imejp\applets\applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imejp\applets\applets

Found mount point : C:\WINDOWS\ime\imejp98\imejp98

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imejp98\imejp98

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\68AB67CA33010000ABE7000000000020\7.0.0\7.0.0

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\68AB67CA33010000ABE7000000000020\7.0.0\7.0.0

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729

Found mount point : C:\WINDOWS\Installer\OfficeAssistant\Microsoft Office Tools\Microsoft Office Tools

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\OfficeAssistant\Microsoft Office Tools\Microsoft Office Tools

Found mount point : C:\WINDOWS\java\classes\classes

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\java\classes\classes

Found mount point : C:\WINDOWS\java\trustlib\trustlib

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\java\trustlib\trustlib

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

Found mount point : C:\WINDOWS\msapps\msinfo\msinfo

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\msapps\msinfo\msinfo

Found mount point : C:\WINDOWS\mui\mui

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\mui\mui

Found mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES

Found mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF

Found mount point : C:\WINDOWS\pchealth\ERRORREP\UserDumps\UserDumps

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\ERRORREP\UserDumps\UserDumps

Found mount point : C:\WINDOWS\pchealth\helpctr\BATCH\BATCH

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\BATCH\BATCH

Found mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint

Found mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles

Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs

Found mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS

Found mount point : C:\WINDOWS\pchealth\helpctr\System\News\News

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\System\News\News

Found mount point : C:\WINDOWS\pchealth\helpctr\System_OEM\System_OEM

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\System_OEM\System_OEM

Found mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp

Found mount point : C:\WINDOWS\Performance\WinSAT\DataStore\DataStore

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Performance\WinSAT\DataStore\DataStore

Found mount point : C:\WINDOWS\PIF\PIF

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\PIF\PIF

Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

Found mount point : C:\WINDOWS\repair\Backup\ServiceState\ServiceState

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\repair\Backup\ServiceState\ServiceState

Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\backup\backup

Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment

Found mount point : C:\WINDOWS\SxsCaPendDel\SxsCaPendDel

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SxsCaPendDel\SxsCaPendDel

Found mount point : C:\WINDOWS\system32\1025\1025

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\1025\1025

Found mount point : C:\WINDOWS\system32\1028\1028

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\1028\1028

Found mount point : C:\WINDOWS\system32\1031\1031

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\1031\1031

Found mount point : C:\WINDOWS\system32\1037\1037

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\1037\1037

Found mount point : C:\WINDOWS\system32\1041\1041

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\1041\1041

Found mount point : C:\WINDOWS\system32\1042\1042

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\1042\1042

Found mount point : C:\WINDOWS\system32\1054\1054

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\1054\1054

Found mount point : C:\WINDOWS\system32\2052\2052

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\2052\2052

Found mount point : C:\WINDOWS\system32\3076\3076

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\3076\3076

Found mount point : C:\WINDOWS\system32\3com_dmi\3com_dmi

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\3com_dmi\3com_dmi

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Google\Plugin\Plugin

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Google\Plugin\Plugin

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Identities\{A82E0857-782E-4F84-80B3-BEC4EA6DB06D}\{A82E0857-782E-4F84-80B3-BEC4EA6DB06D}

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Identities\{A82E0857-782E-4F84-80B3-BEC4EA6DB06D}\{A82E0857-782E-4F84-80B3-BEC4EA6DB06D}

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Intuit\Quicken\Config\Config

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Intuit\Quicken\Config\Config

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Intuit\Quicken\Data\Data

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Intuit\Quicken\Data\Data

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Credentials\S-1-5-21-1040860506-2782868295-63884445-1003\S-1-5-21-1040860506-2782868295-63884445-1003

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Credentials\S-1-5-21-1040860506-2782868295-63884445-1003\S-1-5-21-1040860506-2782868295-63884445-1003

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1040860506-2782868295-63884445-1003\S-1-5-21-1040860506-2782868295-63884445-1003

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1040860506-2782868295-63884445-1003\S-1-5-21-1040860506-2782868295-63884445-1003

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Media Player\Media Player

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Media Player\Media Player

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\MMC\MMC

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\MMC\MMC

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Sony Corporation\SonicStage\SonicStage

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Sony Corporation\SonicStage\SonicStage

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Sony Corporation\VAIO POWER MANAGEMENT\VAIO POWER MANAGEMENT

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Sony Corporation\VAIO POWER MANAGEMENT\VAIO POWER MANAGEMENT

Found mount point : C:\WINDOWS\system32\config\systemprofile\Desktop\Desktop

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Desktop\Desktop

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Google

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Google

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\CD Burning\CD Burning

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\CD Burning\CD Burning

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Credentials\S-1-5-21-1040860506-2782868295-63884445-1003\S-1-5-21-1040860506-2782868295-63884445-1003

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Credentials\S-1-5-21-1040860506-2782868295-63884445-1003\S-1-5-21-1040860506-2782868295-63884445-1003

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\OFFICE\OFFICE

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\OFFICE\OFFICE

Found mount point : C:\WINDOWS\system32\config\systemprofile\NetHood\NetHood

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\NetHood\NetHood

Found mount point : C:\WINDOWS\system32\config\systemprofile\PrintHood\PrintHood

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\PrintHood\PrintHood

Found mount point : C:\WINDOWS\system32\dhcp\dhcp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\dhcp\dhcp

Found mount point : C:\WINDOWS\system32\drivers\disdn\disdn

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\drivers\disdn\disdn

Cannot access: C:\WINDOWS\system32\dumprep.exe

Attempting to restore permissions of : C:\WINDOWS\system32\dumprep.exe

Found mount point : C:\WINDOWS\system32\export\export

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\export\export

Found mount point : C:\WINDOWS\system32\inetsrv\inetsrv

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\inetsrv\inetsrv

Found mount point : C:\WINDOWS\system32\LogFiles\WUDF\WUDF

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\LogFiles\WUDF\WUDF

Found mount point : C:\WINDOWS\system32\mui\dispspec\dispspec

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\mui\dispspec\dispspec

Found mount point : C:\WINDOWS\system32\NtmsData\Export\Export

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\NtmsData\Export\Export

Found mount point : C:\WINDOWS\system32\oobe\html\ispsgnup\ispsgnup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\oobe\html\ispsgnup\ispsgnup

Found mount point : C:\WINDOWS\system32\oobe\html\oemhw\oemhw

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\oobe\html\oemhw\oemhw

Found mount point : C:\WINDOWS\system32\oobe\html\oemreg\oemreg

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\oobe\html\oemreg\oemreg

Found mount point : C:\WINDOWS\system32\oobe\sample\sample

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\oobe\sample\sample

Found mount point : C:\WINDOWS\system32\ShellExt\ShellExt

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\ShellExt\ShellExt

Found mount point : C:\WINDOWS\system32\spool\PRINTERS\PRINTERS

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\spool\PRINTERS\PRINTERS

Found mount point : C:\WINDOWS\system32\wbem\mof\bad\bad

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\wbem\mof\bad\bad

Found mount point : C:\WINDOWS\system32\wbem\mof\good\good

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\wbem\mof\good\good

Cannot access: C:\WINDOWS\system32\wbem\SET16.tmp

Attempting to restore permissions of : C:\WINDOWS\system32\wbem\SET16.tmp

Cannot access: C:\WINDOWS\system32\wbem\SET18.tmp

Attempting to restore permissions of : C:\WINDOWS\system32\wbem\SET18.tmp

Found mount point : C:\WINDOWS\system32\wbem\snmp\snmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\wbem\snmp\snmp

Cannot access: C:\WINDOWS\system32\wbem\wmiprvse.exe

Attempting to restore permissions of : C:\WINDOWS\system32\wbem\wmiprvse.exe

Found mount point : C:\WINDOWS\system32\wins\wins

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\wins\wins

Found mount point : C:\WINDOWS\system32\xircom\xircom

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\xircom\xircom

Found mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp

Found mount point : C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2

Finished!

Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.41

Database version: 2915

Windows 5.1.2600 Service Pack 3

10/6/2009 12:59:55 PM

mbam-log-2009-10-06 (12-59-55).txt

Scan type: Quick Scan

Objects scanned: 119769

Time elapsed: 5 minute(s), 16 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Documents and Settings\Amanda Farmer\Local Settings\temp\bngE.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

Link to post
Share on other sites

Sorry for the slow reply, I was out of the country over the long weekend, without internet access.

Everything is running well. Looks like all of the problems I mentioned in my first post have been resolved.

The only thing that concerns me now is this program that opens in the taskbar when I start Windows. It's called Windows Security Center (wscntfy.exe), and I can only close it from Process Explorer. (If I go to Windows Task Manager and click "End Process," the program opens again immediately.) All it does is warn me that I'm not using antivirus software.

Is this malware? I did a quick Google search but got inconclusive results.

Link to post
Share on other sites

We need to see some additional information about what is happening in your machine.

Please perform the following scan:

  • Download DDS by sUBs from one of the following links. Save it to your desktop.

    [*]Double click on the DDS icon, allow it to run.

    [*]A small box will open, with an explanation about the tool.

    [*]When done, DDS will open two (2) logs

    1. DDS.txt

    2. Attach.txt

    [*] Save both reports to your desktop.

    [*] The instructions here ask you to attach the Attach.txt.

    DDS.jpg

    [*]Instead of attaching, please copy/past both logs into your next reply.

    [*]Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run.

After downloading the tool, disconnect from the internet and disable all antivirus protection.

Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

Link to post
Share on other sites

DDS (Ver_09-10-13.01) - NTFSx86

Run by Christopher Segall at 23:26:48.60 on Mon 10/12/2009

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15

FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

============== Running Processes ===============

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.nytimes.com/

uInternet Connection Wizard,ShellNext = hxxp://update.spysubtract.com/imbuy.php?sku=TMAS002&220=7B44354630333331362D414236392D346131662D424542302D3736303433314435313338

327D&431=&120=3.12&125=30126&160=1230436&170=Unknown&210=Other&310=4551&150=30&155=30&130=t&225=n&215=en-us&430=30dc071b&195=2.82&171=&172=&500=0&501=0

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: AOLSearchHook Class: {54eb34ea-e6be-4cfd-9f4f-c4a0c2eafa22} - c:\program files\aol\aol search enhancement\AOLSearch.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll

TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll

TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File

TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [Apoint] c:\program files\apoint\Apoint.exe

mRun: [igfxtray] c:\windows\system32\igfxtray.exe

mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe

mRun: [igfxpers] c:\windows\system32\igfxpers.exe

mRun: [sonyPowerCfg] c:\program files\sony\vaio power management\SPMgr.exe

mRun: [iSBMgr.exe] c:\program files\sony\isb utility\ISBMgr.exe

mRun: [VAIO Update 2] "c:\program files\sony\vaio update 2\VAIOUpdt.exe" /Stationary

mRun: [biomenu] "c:\program files\protector suite ql\menusw.exe"

mRun: [HostManager] c:\program files\common files\aol\1139633303\ee\AOLHostManager.exe

mRun: [VAIOCameraUtility] "c:\program files\sony\vaio camera utility\VCUServe.exe"

mRun: [VAIO Recovery] c:\windows\sonysys\vaio recovery\PartSeal.exe

mRun: [OpwareSE2] "c:\program files\scansoft\omnipagese2.0\OpwareSE2.exe"

mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"

mRun: [intelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"

mRun: [intelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

mRun: [EPSON Stylus C88 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATIABA.EXE /P23 "EPSON Stylus C88 Series" /O6 "USB001" /M "Stylus C88"

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

mRun: [switcher.exe] c:\program files\sony\wireless switch setting utility\Switcher.exe

mRun: [boingo Wi-Fi] "c:\program files\boingo\boingo wi-fi\Boingo.lnk"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

dRunOnce: [RunNarrator] Narrator.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-ba7e-000000000002}\SC_Acrobat.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\amazon~1.lnk - c:\program files\amazon\amazon unbox video\ADVWindowsClientSystemTray.exe

dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)

dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000

IE: Transfer by Image Converter 2 Plus - c:\program files\sony\image converter 2\menu.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL

DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader5.cab

DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: x-excid - {9D6CC632-1337-4a33-9214-2DA092E776F4} - c:\windows\downloaded program files\mimectl.dll

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll

Notify: igfxcui - igfxdev.dll

Notify: psfus - fusstub.dll

Notify: VESWinlogon - VESWinlogon.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

LSA: Notification Packages = scecli fusstub

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\christ~1.chr\applic~1\mozilla\firefox\profiles\ucoxdksh.default\

FF - plugin: c:\documents and settings\christopher segall.christopher\application data\mozilla\firefox\profiles\ucoxdksh.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071303000006.dll

FF - plugin: c:\program files\mozilla firefox\plugins\nplalaDl.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

=============== Created Last 30 ================

2009-10-04 22:35 227,840 a------- c:\windows\system32\wbem\SET18.tmp

2009-10-04 22:35 227,840 a------- c:\windows\system32\wbem\SET16.tmp

2009-10-04 22:18 <DIR> a-dshr-- C:\cmdcons

2009-10-04 22:17 229,888 a------- c:\windows\PEV.exe

2009-10-04 22:17 161,792 a------- c:\windows\SWREG.exe

2009-10-04 22:17 98,816 a------- c:\windows\sed.exe

2009-09-29 08:22 <DIR> --d----- c:\program files\Lala.com

2009-09-29 08:22 <DIR> --d----- c:\docume~1\christ~1.chr\applic~1\Lala Music Mover

2009-09-18 18:19 <DIR> --d----- c:\program files\iPod

2009-09-18 18:19 <DIR> --d----- c:\program files\iTunes

2009-09-18 18:19 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{755AC846-7372-4AC8-8550-C52491DAA8BD}

2009-09-15 10:05 <DIR> --d----- c:\program files\Skyhook Wireless

2009-09-15 10:05 <DIR> --d----- c:\program files\Boingo

2009-09-15 10:05 <DIR> --d----- c:\docume~1\alluse~1\applic~1\GoBoingo

2009-09-14 08:25 <DIR> --d----- c:\program files\DAP

==================== Find3M ====================

2009-09-15 10:05 13,696 a------- c:\windows\system32\drivers\wpsnuio.sys

2009-09-10 14:54 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys

2009-09-10 14:53 19,160 a------- c:\windows\system32\drivers\mbam.sys

2009-08-24 14:05 206,256 a------- c:\windows\system32\drivers\PCTCore.sys

2009-08-21 09:32 47,664 a---h--- c:\windows\system32\mlfcache.dat

2009-08-19 11:01 86,888 a------- c:\windows\system32\drivers\PCTAppEvent.sys

2009-08-14 06:58 7,396 a------- c:\windows\system32\drivers\pctcore.cat

2009-08-05 05:01 204,800 a------- c:\windows\system32\mswebdvd.dll

2009-07-25 05:23 411,368 a------- c:\windows\system32\deploytk.dll

2009-07-17 15:01 58,880 a------- c:\windows\system32\atl.dll

2008-05-12 14:55 400 a------- c:\docume~1\christ~1.chr\applic~1\wklnhst.dat

2006-09-07 23:40 604 a---h--- c:\program files\STLL Notifier

2009-06-02 23:07 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009060220090603\index.dat

============= FINISH: 23:27:30.29 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-10-13.01)

==== Disk Partitions =========================

==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

Across Lite 2.0

Adobe Acrobat 7.0 Standard

Adobe Acrobat 7.1.0 Standard

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Photoshop Album 2.0 Starter Edition

Adobe Reader 7.0.5

Amazon MP3 Downloader 1.0.3

Amazon Unbox Video

AOL Explorer

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ArcSoft PhotoStudio 5.5

AutoUpdate

Boingo Wi-Fi

Bonjour

Brother HL-2040

Canon CanoScan Toolbox 4.9

Canon ScanGear Starter

Click to DVD 2.0.03 Menu Data

Click to DVD 2.5.00

Compatibility Pack for the 2007 Office system

CONNECT

Critical Update for Windows Media Player 11 (KB959772)

DivX Codec

DivX Converter

DivX Player

DivX Web Player

DSD Direct

DSD Playback Plug-in 1.0

DSW Piano

DVgate Plus

eMusic Remote 1.0.0.2

EndNote 9 Volume License Edition

EPSON Printer Software

Fingerprint Tutorial

Google Toolbar for Internet Explorer

GPL Ghostscript 8.15

GPL Ghostscript Fonts

HDAUDIO SoftV92 Data Fax Modem with SmartCP

High Definition Audio Driver Package - KB835221

HijackThis 2.0.2

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Internet Explorer 7 (KB947864)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Image Converter 2 Plus

Intel® Graphics Media Accelerator Driver

Intel® PROSet/Wireless Software

InterVideo WinDVD for VAIO

ISI ResearchSoft - Export Helper

ISScript

iTunes

J2SE Runtime Environment 5.0 Update 5

Java 6 Update 15

Java 6 Update 2

Java 6 Update 3

Java 6 Update 5

Java 6 Update 7

Java SE Runtime Environment 6 Update 1

JEOPARDY! (remove only)

K-Lite Codec Pack 4.7.0 (Full)

Lala Music Mover

LAN Setting Utility

LilyPond

LiveUpdate 3.0 (Symantec Corporation)

MacGAMUT 6

MacGAMUT 6 Instructor

Malwarebytes' Anti-Malware

Manual CanoScan LiDE 60

mCore

mDriver

mDrWiFi

Memory Stick Formatter

MetaFrame Presentation Server Web Client for Win32

mHelp

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Hotfix (KB928366)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Data Access Components KB870669

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Office Standard Edition 2003

Microsoft Outlook Web Access S/MIME

Microsoft Silverlight

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Works

mIWA

mLogView

mMHouse

MobileMe Control Panel

Move Networks Media Player for Internet Explorer

Mozilla Firefox (3.0.12)

mPfMgr

mPfWiz

mProSafe

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

mWlsSafe

mXML

mZConfig

Native Instruments Sibelius Player

Netflix Movie Viewer

Neuratron PhotoScore

NVIDIA Drivers

Office 2003 Trial Assistant

OmniPage SE 2.0

OpenMG Secure Module 4.3.00

Protector Suite QL 5.2

Quicken 2006

QuickTime

Rhapsody

Rhapsody Player Engine

Roxio DigitalMedia Audio

Roxio DigitalMedia Copy

Roxio DigitalMedia Data

Safari

Scientific-Atlanta WebSTAR 2000 series Cable Modem

Search Enhancement by AOL Search

Security Update for CAPICOM (KB931906)

Security Update for Step By Step Interactive Training (KB898458)

Security Update for Step By Step Interactive Training (KB923723)

Security Update for Windows Internet Explorer 7 (KB928090)

Security Update for Windows Internet Explorer 7 (KB929969)

Security Update for Windows Internet Explorer 7 (KB931768)

Security Update for Windows Internet Explorer 7 (KB933566)

Security Update for Windows Internet Explorer 7 (KB937143)

Security Update for Windows Internet Explorer 7 (KB938127)

Security Update for Windows Internet Explorer 7 (KB939653)

Security Update for Windows Internet Explorer 7 (KB942615)

Security Update for Windows Internet Explorer 7 (KB944533)

Security Update for Windows Internet Explorer 7 (KB950759)

Security Update for Windows Internet Explorer 7 (KB953838)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB958215)

Security Update for Windows Internet Explorer 7 (KB960714)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Internet Explorer 7 (KB969897)

Security Update for Windows Internet Explorer 7 (KB972260)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB972260)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player 10 (KB917734)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB938464-v2)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951376)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953839)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973869)

Setting Utility Series

Sibelius 4

SigmaTel Audio

Skyhook Wireless Wi-Fi Service

SonicStage 3.3

SonicStage Mastering Studio 2.1

SonicStage Mastering Studio Audio Filter

SonicStage Mastering Studio Audio Filter Custom Preset

SonicStage Mastering Studio Plugins

Sony Certificate PCH

Sony MP4 Shared Library

Sony Utilities DLL

Sony Video Shared Library

Spyware Doctor 6.1

SUPERAntiSpyware Free Edition

Transcribe! 7.50

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows Internet Explorer 8 (KB972636)

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB951978)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

Update for Windows XP (KB973815)

VAIO Breeze Wallpaper

VAIO Camera Utility

VAIO Central

VAIO Entertainment Platform

VAIO Event Service

VAIO HDD Protection

VAIO Light Flo Wallpaper

VAIO Media 5.0

VAIO Media AC3 Decoder 1.0

VAIO Media Integrated Server 5.0

VAIO Media Redistribution 5.0

VAIO Media Registration Tool 5.0

VAIO Original Screen Saver

VAIO Original Screen Saver VAIO Cozy Screen SD Wide Contents

VAIO Power Management

VAIO Registration

VAIO Security Center

VAIO Support Central

VAIO Update 2

VAIO Wireless LAN Setup Utility

VAIOSurveySA

VC80CRTRedist - 8.0.50727.762

WebFldrs XP

Wheel of Fortune (remove only)

Windows Backup Utility

Windows Genuine Advantage Notifications (KB905474)

Windows Internet Explorer 7

Windows Internet Explorer 8

Windows Marketplace upgrade options tool

Windows Media Format 11 runtime

Windows Media Player 10 Hotfix [see KB886612 for more information]

Windows Media Player 11

Windows Vista Upgrade Advisor

Windows XP Service Pack 3

WinRAR archiver

Wireless Switch Setting Utility

XviD 1.1 final uninstall

==== End Of File ===========================

Link to post
Share on other sites

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.