Jump to content

it seemed all was well.....and then redirect?


rtbm78
 Share

Recommended Posts

Last weekend i recieved some amazing help dealing with some problems my laptop was having. It seems that the bug is not through with me yet.

Since my last thread i have been having the browser redirect issue. I ran malwarebytes, avira and adaware a number of times and it went undectected. So I thought I'd see if anyone here can help me again.

this HJT log is all i have for now. I dont have any other scanners installed at this time.

other than the redirecting the computer appears to be working fine. From what i can tell at least.

thanks in advance

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 6:50:57 AM, on 10/25/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe

C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Sony\VAIO Event Service\VESMgr.exe

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Apoint\Apoint.exe

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\Sony\VAIO Power Management\SPMgr.exe

C:\Program Files\Sony\ISB Utility\ISBMgr.exe

C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe

C:\WINDOWS\system32\ICO.EXE

C:\Program Files\Napster\napster.exe

C:\Program Files\Apoint\Apntex.exe

C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe

C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\OpenOffice.org 3\program\soffice.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\OpenOffice.org 3\program\soffice.bin

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: DownloadGuardBHO - {20C1A7F0-528E-444F-BAC5-5804A61CCA7F} - C:\Program Files\Lavasoft\Download Guard for Internet Explorer\DownloadGuardBHO.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (file missing)

O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (file missing)

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: NetAssistantBHO - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files\Freeze.com\My.Freeze.com NetAssistant\NetAssistant.dll (file missing)

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe

O4 - HKLM\..\Run: [sonyPowerCfg] "C:\Program Files\Sony\VAIO Power Management\SPMgr.exe"

O4 - HKLM\..\Run: [iSBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe

O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary

O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE

O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe

O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe"

O4 - HKLM\..\Run: [PartSeal] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [TunePat] C:\Program Files\TunePat\TunePat.exe /silence

O4 - HKLM\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - S-1-5-18 Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'SYSTEM')

O4 - .DEFAULT Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'Default user')

O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1240257285046

O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Filter hijack: text/html - {e5760fbf-0de7-41c7-bac2-6298ca3fc1d6} - C:\WINDOWS\mark_32.dll

O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: LeapFrog Connect Device Service - LeapFrog Enterprises, Inc. - C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: SonicStageMonitoring - Sony Corporation - C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe

O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe

O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe

O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe

O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe

O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe

O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

--

End of file - 15624 bytes

Link to post
Share on other sites

  • Replies 90
  • Created
  • Last Reply

Top Posters In This Topic

Hello.

just the cabel modem.

I am sad to say that since my first post my pc has gone downhill fast. I am actually at my local library on ther computers because mine took a turn for the worst.

At first IE would not open. or it would pop open for a sec then close. I ran all my anti" " stuff and found nothing.

Durring one of the scans the computer reported a generic32 host process error or something like that and the computer seemed to revert to some sort of safe mode. It reminds me of windows 98. It just looks like something quite bad is going on. thats as much as i can say

I will come back to this library as often as i need to to get help, i may just not be super quick with my responses.

thanks again.

Link to post
Share on other sites

Do you have your Windows CD?

You can also try this:

Restart your computer in Safe Mode.

Press F8 after the Power-On Self Test (POST) is done. If the Windows Advanced Options Menu does not appear, try restarting and then pressing F8 several times after the POST screen.

Choose the Safe Mode option from the Windows Advanced Options Menu then press Enter.

This can take several miniutes to load.

Once you get in, you will notice that Windows is now running in safe mode, because "safe mode" is displayed in the four corners of your screen. You will also notice it by the reduced functionality and display settings.

Now that you are in Windows, you can use System Restore to flash your computer back to when it was still working.

1.

Click Start.

2.

Point to All Programs.

3.

Point to Accessories.

4.

Point to System Tools.

5.

Click System Restore.

6.

Follow the instructions on the wizard.

See if you can find a date the the PC worked.

Link to post
Share on other sites

hello,

I am finally back.

The pc came from bestbuy and i dont think there ever was a copy of windows with it.

I did do a system restore before i posted this thread and it didnt seem to be any help.

I did not do it in safe mode though. perhaps i will try that?

I will be back to check this later today or tomorrow at the latest.

Thanks again,

Adam

Link to post
Share on other sites

Ok back again.

actually being offline at my hase has been a little cathartic. I have been getting some overdue tasks done. But I still would very much like to get to the bottom of this.

Anyway

I did try to run restore in safe mode and it said basicly

system restore cannot fix your problem please restart computer and try again.

So i did that and it said the same thing.

Also it seems that something has gone awry with the firewall. I have been getting messages saying thins about the firewall not being on or something like that. When i go to the firewall settings in the control panel it wont allow me to do anything to correct it.

thats about all i can give you now.

thanks again for your time.

Link to post
Share on other sites

post-32477-1261866970.gif

DO NOT use any TOOLS such as Combofix, or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

I suggest you do this:

XP Users

Double-click My Computer.

Click the Tools menu, and then click Folder Options.

Click the View tab.

Uncheck "Hide file extensions for known file types."

Under the "Hidden files" folder, select "Show hidden files and folders."

Uncheck "Hide protected operating system files."

Click Apply, and then click OK.

Vista Users

To enable the viewing of hidden and protected system files in Windows Vista please follow these steps:

Close all programs so that you are at your desktop.

Click on the Start button. This is the small round button with the Windows flag in the lower left corner.

Click on the Control Panel menu option.

When the control panel opens you can either be in Classic View or Control Panel Home view:

If you are in the Classic View do the following:

Double-click on the Folder Options icon.

Click on the View tab.

If you are in the Control Panel Home view do the following:

Click on the Appearance and Personalization link.

Click on Show Hidden Files or Folders.

Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.

Remove the checkmark from the checkbox labeled Hide extensions for known file types.

Remove the checkmark from the checkbox labeled Hide protected operating system files.

Please do not delete anything unless instructed to.

Next:

Please download ATF Cleaner by Atribune.

Download - ATF Cleaner

Link to post
Share on other sites

ok well there were a few glitches but it seems that my internet is working again. I could not get online before the scan so it could not update and do the recovery consel install. The firewall also seems to be back in order.

upon startup after the scan the generic host error popped up again. then after i had to restart again it has yet to pop up.

as soon as i hit this site i had this pop up. It just started going crazy on it's own and i ended up ending it with the task manager.

untitled.jpg

this is the log from the combofix scan

ComboFix 10-10-26.02 - Administrator 11/02/2010 16:49:39.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.545 [GMT -5:00]

Running from: F:\ComboFix.exe

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

- REDUCED FUNCTIONALITY MODE -

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Administrator\Application Data\inst.exe

c:\windows\system32\Thumbs.db

.

((((((((((((((((((((((((( Files Created from 2010-10-02 to 2010-11-02 )))))))))))))))))))))))))))))))

.

2010-10-26 03:57 . 2010-10-26 03:57 -------- d-----w- c:\windows\system32\wbem\Repository

2010-10-17 03:52 . 2010-10-17 03:52 -------- d-----w- c:\documents and settings\Administrator\Application Data\Avira

2010-10-17 03:42 . 2010-03-01 15:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys

2010-10-17 03:42 . 2010-02-16 19:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2010-10-17 03:42 . 2009-05-11 17:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys

2010-10-17 03:42 . 2009-05-11 17:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys

2010-10-17 03:41 . 2010-10-17 03:41 -------- d-----w- c:\program files\Avira

2010-10-17 03:41 . 2010-10-17 03:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira

2010-10-14 23:13 . 2010-10-14 23:13 -------- d-----w- c:\program files\Litsoft

2010-10-14 21:14 . 2010-09-18 06:53 954368 -c----w- c:\windows\system32\dllcache\mfc40.dll

2010-10-14 21:14 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll

2010-10-14 21:14 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll

2010-10-14 21:14 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-09-18 17:23 . 2006-07-24 17:27 974848 ----a-w- c:\windows\system32\mfc42u.dll

2010-09-18 06:53 . 2006-07-24 17:27 974848 ----a-w- c:\windows\system32\mfc42.dll

2010-09-18 06:53 . 2006-07-24 17:27 954368 ----a-w- c:\windows\system32\mfc40.dll

2010-09-18 06:53 . 2006-07-24 17:27 953856 ----a-w- c:\windows\system32\mfc40u.dll

2010-09-10 05:58 . 2006-07-24 17:27 916480 ----a-w- c:\windows\system32\wininet.dll

2010-09-10 05:58 . 2006-07-24 17:27 43520 ----a-w- c:\windows\system32\licmgr10.dll

2010-09-10 05:58 . 2006-07-24 17:27 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2010-09-09 22:39 . 2010-09-09 22:39 2826240 ----a-w- c:\windows\system32\GPhotos.scr

2010-09-01 11:51 . 2006-07-24 17:27 285824 ----a-w- c:\windows\system32\atmfd.dll

2010-08-31 13:42 . 2006-07-24 17:27 1852800 ----a-w- c:\windows\system32\win32k.sys

2010-08-27 08:02 . 2006-07-24 17:27 119808 ----a-w- c:\windows\system32\t2embed.dll

2010-08-27 05:57 . 2006-07-24 17:27 99840 ----a-w- c:\windows\system32\srvsvc.dll

2010-08-26 22:23 . 2010-08-26 22:23 644400 ----a-w- c:\windows\system32\mscomct2.ocx

2010-08-26 13:39 . 2006-07-24 17:27 357248 ----a-w- c:\windows\system32\drivers\srv.sys

2010-08-26 12:52 . 2009-04-20 22:30 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2010-08-23 16:12 . 2006-07-24 17:27 617472 ----a-w- c:\windows\system32\comctl32.dll

2010-08-17 13:17 . 2006-07-24 17:27 58880 ----a-w- c:\windows\system32\spoolsv.exe

2010-08-16 08:45 . 2006-07-24 17:27 590848 ----a-w- c:\windows\system32\rpcrt4.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt]

@="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}"

[HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]

2008-07-10 13:23 97064 ----a-w- c:\program files\Nero\Nero8\InCD\NBHShx.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-03-09 26100520]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-04 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-11-18 118784]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-04-05 94208]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-04-05 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-04-05 118784]

"VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672]

"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2006-06-28 217088]

"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]

"VAIO Update 2"="c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-10-12 151552]

"Mouse Suite 98 Daemon"="ICO.EXE" [2002-03-14 45056]

"NapsterShell"="c:\program files\Napster\napster.exe" [2006-06-29 319488]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-08 7561216]

"Switcher.exe"="c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2006-02-14 176128]

"VAIOSurvey"="c:\program files\sony\vaio survey\surveysa.exe" [2005-06-13 258048]

"VAIOCameraUtility"="c:\program files\Sony\VAIO Camera Utility\VCUServe.exe" [2005-12-27 69632]

"PartSeal"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]

"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\

OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]

2006-03-09 21:51 73728 ----a-w- c:\windows\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=

"c:\\Program Files\\Vuze\\Azureus.exe"=

"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\wowd.exe"=

"c:\\WINDOWS\\system32\\spoolsv.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [11/11/2009 4:33 PM 64288]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/12/2010 3:55 AM 1357464]

R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB [?]

R2 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\Nero\Nero8\InCD\NBHRegInCDSrv.exe [7/10/2008 8:23 AM 53032]

R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [8/11/2010 7:28 AM 15008]

R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [7/24/2006 12:28 PM 30080]

R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [7/24/2006 12:28 PM 226304]

S0 tpcdrdrv;tpcdrdrv;c:\windows\system32\DRIVERS\tpcdrdrv.sys --> c:\windows\system32\DRIVERS\tpcdrdrv.sys [?]

S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys --> c:\windows\system32\Drivers\avgldx86.sys [?]

S1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\Drivers\avgtdix.sys --> c:\windows\system32\Drivers\avgtdix.sys [?]

S2 avg9emc;AVG Free E-mail Scanner;"c:\program files\AVG\AVG9\avgemc.exe" --> c:\program files\AVG\AVG9\avgemc.exe [?]

S2 avg9wd;AVG Free WatchDog;"c:\program files\AVG\AVG9\avgwdsvc.exe" --> c:\program files\AVG\AVG9\avgwdsvc.exe [?]

S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB [?]

S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [5/6/2008 4:06 PM 11520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fe6acbe3-1707-11df-a4e8-0018de630f3b}]

\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2008-12-07 04:18 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

2010-11-02 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-07-12 11:45]

2010-10-19 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

.

.

------- Supplementary Scan -------

.

uStart Page = www.yahoo.com/

uInternet Connection Wizard,ShellNext = hxxp://www.sony.com/vaiopeople

uInternet Settings,ProxyOverride = *.local

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

Trusted Zone: trymedia.com

.

- - - - ORPHANS REMOVED - - - -

URLSearchHooks-54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - (no file)

URLSearchHooks-{E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - c:\program files\Freeze.com\My.Freeze.com NetAssistant\NetAssistant.dll

BHO-{E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - c:\program files\Freeze.com\My.Freeze.com NetAssistant\NetAssistant.dll

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

HKLM-Run-DISCover - c:\program files\DISC\DISCover.exe

HKLM-Run-AVG8_TRAY - c:\progra~1\AVG\AVG8\avgtray.exe

HKLM-Run-TunePat - c:\program files\TunePat\TunePat.exe

HKLM-Run-AWMON - c:\progra~1\Lavasoft\AD-AWA~1\Ad-Watch.exe

Notify-avgrsstarter - avgrsstx.dll

AddRemove-Ad-Aware SE Professional - c:\progra~1\Lavasoft\AD-AWA~1\UNWISE.EXE

AddRemove-Adobe Flash Player ActiveX - c:\windows\system32\Macromed\Flash\FlashUtil10i_ActiveX.exe

AddRemove-Adobe Flash Player Plugin - c:\windows\system32\Macromed\Flash\uninstall_plugin.exe

AddRemove-DISCover - c:\program files\DISC\uninstall.exe

AddRemove-Smilebox - c:\documents and settings\Administrator\Application Data\Smilebox\uninstall.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-11-02 17:28

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.0 by Gmer, http://www.gmer.net

Windows 5.1.2600

device: opened successfully

user: MBR read successfully

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86C1DEC5]<<

1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x86F61AB8]

2 ntkrnlpa[0x804EF1A6] -> CLASSPNP.SYS[0xF75DEFD7] -> \Device\Harddisk0\DR0[0x86F61AB8]

3 CLASSPNP[0xF75DEFD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\00000085[0x86F639E8]

4 ntkrnlpa[0x804EF1A6] -> ACPI.sys[0xF7455620] -> \Device\00000085[0x86F639E8]

5 ACPI[0xF7455620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x86F4DD98]

[0x86F6ECA0] -> IRP_MJ_CREATE -> 0x86C1DEC5

6 ntkrnlpa[0x804EF1A6] -> UNKNOWN[0x86C1DEC8] -> [0x86F4DD98]

error: Read \Device\0000008d The device is not ready.

kernel: MBR read successfully

detected hooks:

\Driver\Disk -> CLASSPNP.SYS @ 0xf75e2f28

\Driver\ACPI -> ACPI.sys @ 0xf7455cb8

\Driver\atapi DriverStartIo -> 0x86C1DAEA

\Driver\atapi -> atapi.sys @ 0xf73ef852

IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8

SecurityProcedure -> ntkrnlpa.exe @ 0x80583d4a

\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8

SecurityProcedure -> ntkrnlpa.exe @ 0x80583d4a

NDIS: Intel® PRO/Wireless 3945ABG Network Connection -> SendCompleteHandler -> NDIS.sys @ 0xf72bfbb0

PacketIndicateHandler -> NDIS.sys @ 0xf72aea0d

SendHandler -> NDIS.sys @ 0xf72c2b40

user & kernel MBR OK

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1292321489-3038965794-573620678-500\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,26,46,b9,da,70,58,c6,4d,81,e4,13,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,26,46,b9,da,70,58,c6,4d,81,e4,13,\

"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,26,46,b9,da,70,58,c6,4d,81,e4,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(912)

c:\windows\system32\wininet.dll

c:\windows\system32\VESWinlogon.dll

- - - - - - - > 'lsass.exe'(972)

c:\windows\system32\wininet.dll

- - - - - - - > 'explorer.exe'(3924)

c:\windows\system32\WININET.dll

c:\program files\Nero\Nero8\InCD\NBHShx.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll

c:\program files\Nero\Nero8\InCD\NBHStr.dll

c:\program files\Common Files\Nero\Shared\NL3\AdvrCntr3.dll

c:\windows\system32\msi.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Intel\Wireless\Bin\EvtEng.exe

c:\program files\Intel\Wireless\Bin\S24EvMon.exe

c:\windows\eHome\ehRecvr.exe

c:\windows\eHome\ehSched.exe

c:\program files\Nero\Nero8\InCD\InCDsrv.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\LeapFrog\LeapFrog Connect\CommandService.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe

c:\program files\Intel\Wireless\Bin\RegSrvc.exe

c:\program files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe

c:\program files\Sony\VAIO Event Service\VESMgr.exe

c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe

c:\windows\system32\igfxext.exe

c:\windows\system32\igfxsrvc.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

c:\windows\system32\wbem\unsecapp.exe

c:\windows\system32\dllhost.exe

c:\windows\system32\ICO.EXE

c:\windows\eHome\ehmsas.exe

c:\program files\OpenOffice.org 3\program\soffice.exe

c:\program files\Apoint\Apntex.exe

c:\program files\OpenOffice.org 3\program\soffice.bin

c:\program files\iPod\bin\iPodService.exe

c:\windows\system32\wscntfy.exe

c:\program files\Skype\Plugin Manager\skypePM.exe

c:\program files\Lavasoft\Ad-Aware\AAWTray.exe

.

**************************************************************************

.

Completion time: 2010-11-02 17:40:53 - machine was rebooted

ComboFix-quarantined-files.txt 2010-11-02 22:39

Pre-Run: 56,168,595,456 bytes free

Post-Run: 56,181,477,376 bytes free

- - End Of File - - ACF44BCAE2AE9952013107D6232C7EE8

thats all i have for now. but I will be able to check this now that the computer is online again. Thanks a ton

Link to post
Share on other sites

hello,

i did run that cleaner before i did the combofix. I just ran it again and it freed up like 11 mbytes.

However i do already have malwarebytes and just tried to run it and it would not open.

Also the setem error with the generic host did finally pop up.

Thanks

Link to post
Share on other sites

Well this also happened the first time i ran combo fix

A box pops up and says

combo fix has detected that avg antivirus is running. the problem is i removed avg using add remove programs after my first problem that you helped me with. I am not sure why it is detecting it. And i have no idea how to turn it off. Should i go ahead continue?

Link to post
Share on other sites

Copy/paste the text in the Codebox below into notepad:

Here's how to do that:

Click Start > Run type Notepad click OK.

This will open an empty notepad file:

Take your mouse, and place your cursor at the beginning of the text in the box below, then click and hold the left mouse button, while pulling your mouse over the text. This should highlight the text. Now release the left mouse button. Now, with the cursor over the highlighted text, right click the mouse for options, and select 'copy'. Now over the empty Notepad box, right click your mouse again, and select 'paste' and you will have copied and pasted the text.

KillAll::

File::
c:\windows\system32\DRIVERS\tpcdrdrv.sys
c:\windows\system32\Drivers\avgldx86.sys
c:\windows\system32\Drivers\avgtdix.sys
c:\program files\AVG\AVG9\avgemc.exe
c:\program files\AVG\AVG9\avgwdsvc.exe

Folder::
c:\program files\AVG\AVG9
c:\program files\AVG

Driver::
tpcdrdrv
AvgLdx86
AvgTdiX
avg9emc
avg9wd

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;

2.Click Save As... Change the directory to your desktop;

3.Change the Save as type to "All Files";

4.Type in the file name: CFScript

5.Click Save ...

CFScriptB-4.gif

Drag CFScript.txt into ComboFix.exe

Then post the results log using Copy / Paste

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

hello,

ok so i was able to disable adaware but it did the same thing where it said that combofix was expired and asked to run in reduced mode.

Also It was not able to install updates because it said there was no internet connection. I hit ok and the small blue scvreen came up and it seemed to run normally. Durring the restart the computer got stuck on saving your setting. I shut it doun manually and when it started back up it had this log ready.

I have also noticed that none my antivirus and malware bytes cant update either. malwarebytes says the i need to fix something with the firewall or something like that and make sure i am connected to the internet.

i think thats all i can give you now.

ComboFix 10-10-26.02 - Administrator 11/03/2010 16:00:19.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.391 [GMT -5:00]

Running from: F:\iexplorer.exe

Command switches used :: c:\documents and settings\Administrator\Desktop\cfscript.txt

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning enabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

- REDUCED FUNCTIONALITY MODE -

FILE ::

"c:\program files\AVG\AVG9\avgemc.exe"

"c:\program files\AVG\AVG9\avgwdsvc.exe"

"c:\windows\system32\Drivers\avgldx86.sys"

"c:\windows\system32\Drivers\avgtdix.sys"

"c:\windows\system32\DRIVERS\tpcdrdrv.sys"

.

((((((((((((((((((((((((( Files Created from 2010-10-03 to 2010-11-03 )))))))))))))))))))))))))))))))

.

2010-10-26 03:57 . 2010-10-26 03:57 -------- d-----w- c:\windows\system32\wbem\Repository

2010-10-17 03:52 . 2010-10-17 03:52 -------- d-----w- c:\documents and settings\Administrator\Application Data\Avira

2010-10-17 03:42 . 2010-03-01 15:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys

2010-10-17 03:42 . 2010-02-16 19:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2010-10-17 03:42 . 2009-05-11 17:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys

2010-10-17 03:42 . 2009-05-11 17:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys

2010-10-17 03:41 . 2010-10-17 03:41 -------- d-----w- c:\program files\Avira

2010-10-17 03:41 . 2010-10-17 03:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira

2010-10-14 23:13 . 2010-10-14 23:13 -------- d-----w- c:\program files\Litsoft

2010-10-14 21:14 . 2010-09-18 06:53 954368 -c----w- c:\windows\system32\dllcache\mfc40.dll

2010-10-14 21:14 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll

2010-10-14 21:14 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll

2010-10-14 21:14 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-09-18 17:23 . 2006-07-24 17:27 974848 ----a-w- c:\windows\system32\mfc42u.dll

2010-09-18 06:53 . 2006-07-24 17:27 974848 ----a-w- c:\windows\system32\mfc42.dll

2010-09-18 06:53 . 2006-07-24 17:27 954368 ----a-w- c:\windows\system32\mfc40.dll

2010-09-18 06:53 . 2006-07-24 17:27 953856 ----a-w- c:\windows\system32\mfc40u.dll

2010-09-10 05:58 . 2006-07-24 17:27 916480 ----a-w- c:\windows\system32\wininet.dll

2010-09-10 05:58 . 2006-07-24 17:27 43520 ----a-w- c:\windows\system32\licmgr10.dll

2010-09-10 05:58 . 2006-07-24 17:27 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2010-09-09 22:39 . 2010-09-09 22:39 2826240 ----a-w- c:\windows\system32\GPhotos.scr

2010-09-01 11:51 . 2006-07-24 17:27 285824 ----a-w- c:\windows\system32\atmfd.dll

2010-08-31 13:42 . 2006-07-24 17:27 1852800 ----a-w- c:\windows\system32\win32k.sys

2010-08-27 08:02 . 2006-07-24 17:27 119808 ----a-w- c:\windows\system32\t2embed.dll

2010-08-27 05:57 . 2006-07-24 17:27 99840 ----a-w- c:\windows\system32\srvsvc.dll

2010-08-26 22:23 . 2010-08-26 22:23 644400 ----a-w- c:\windows\system32\mscomct2.ocx

2010-08-26 13:39 . 2006-07-24 17:27 357248 ----a-w- c:\windows\system32\drivers\srv.sys

2010-08-26 12:52 . 2009-04-20 22:30 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2010-08-23 16:12 . 2006-07-24 17:27 617472 ----a-w- c:\windows\system32\comctl32.dll

2010-08-17 13:17 . 2006-07-24 17:27 58880 ----a-w- c:\windows\system32\spoolsv.exe

2010-08-16 08:45 . 2006-07-24 17:27 590848 ----a-w- c:\windows\system32\rpcrt4.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt]

@="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}"

[HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]

2008-07-10 13:23 97064 ----a-w- c:\program files\Nero\Nero8\InCD\NBHShx.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-03-09 26100520]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-04 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-11-18 118784]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-04-05 94208]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-04-05 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-04-05 118784]

"VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672]

"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2006-06-28 217088]

"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]

"VAIO Update 2"="c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-10-12 151552]

"Mouse Suite 98 Daemon"="ICO.EXE" [2002-03-14 45056]

"NapsterShell"="c:\program files\Napster\napster.exe" [2006-06-29 319488]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-08 7561216]

"Switcher.exe"="c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2006-02-14 176128]

"VAIOSurvey"="c:\program files\sony\vaio survey\surveysa.exe" [2005-06-13 258048]

"VAIOCameraUtility"="c:\program files\Sony\VAIO Camera Utility\VCUServe.exe" [2005-12-27 69632]

"PartSeal"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]

"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\

OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]

2006-03-09 21:51 73728 ----a-w- c:\windows\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=

"c:\\Program Files\\Vuze\\Azureus.exe"=

"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\wowd.exe"=

"c:\\WINDOWS\\system32\\spoolsv.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [11/11/2009 4:33 PM 64288]

R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB [?]

R2 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\Nero\Nero8\InCD\NBHRegInCDSrv.exe [7/10/2008 8:23 AM 53032]

R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [7/24/2006 12:28 PM 30080]

R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [7/24/2006 12:28 PM 226304]

S0 tpcdrdrv;tpcdrdrv;c:\windows\system32\DRIVERS\tpcdrdrv.sys --> c:\windows\system32\DRIVERS\tpcdrdrv.sys [?]

S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys --> c:\windows\system32\Drivers\avgldx86.sys [?]

S1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\Drivers\avgtdix.sys --> c:\windows\system32\Drivers\avgtdix.sys [?]

S2 avg9emc;AVG Free E-mail Scanner;"c:\program files\AVG\AVG9\avgemc.exe" --> c:\program files\AVG\AVG9\avgemc.exe [?]

S2 avg9wd;AVG Free WatchDog;"c:\program files\AVG\AVG9\avgwdsvc.exe" --> c:\program files\AVG\AVG9\avgwdsvc.exe [?]

S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/12/2010 3:55 AM 1357464]

S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB [?]

S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [5/6/2008 4:06 PM 11520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fe6acbe3-1707-11df-a4e8-0018de630f3b}]

\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2008-12-07 04:18 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

2010-11-03 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-07-12 11:45]

2010-10-19 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

.

.

------- Supplementary Scan -------

.

uStart Page = www.yahoo.com/

uInternet Connection Wizard,ShellNext = hxxp://www.sony.com/vaiopeople

uInternet Settings,ProxyOverride = *.local

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

Trusted Zone: trymedia.com

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-11-03 16:14

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.0 by Gmer, http://www.gmer.net

Windows 5.1.2600

device: opened successfully

user: MBR read successfully

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86D81EC5]<<

1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x86F49AB8]

2 ntkrnlpa[0x804EF1A6] -> CLASSPNP.SYS[0xF75DEFD7] -> \Device\Harddisk0\DR0[0x86F49AB8]

3 CLASSPNP[0xF75DEFD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\00000084[0x86F649E8]

4 ntkrnlpa[0x804EF1A6] -> ACPI.sys[0xF7455620] -> \Device\00000084[0x86F649E8]

5 ACPI[0xF7455620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x86F73940]

[0x86F29F38] -> IRP_MJ_CREATE -> 0x86D81EC5

6 ntkrnlpa[0x804EF1A6] -> UNKNOWN[0x86D81EC8] -> [0x86F73940]

error: Read \Device\0000008c The device is not ready.

kernel: MBR read successfully

detected hooks:

\Driver\Disk -> CLASSPNP.SYS @ 0xf75e2f28

\Driver\ACPI -> ACPI.sys @ 0xf7455cb8

\Driver\atapi DriverStartIo -> 0x86D81AEA

\Driver\atapi -> atapi.sys @ 0xf73ef852

IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8

SecurityProcedure -> ntkrnlpa.exe @ 0x80583d4a

\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8

SecurityProcedure -> ntkrnlpa.exe @ 0x80583d4a

NDIS: Intel® PRO/Wireless 3945ABG Network Connection -> SendCompleteHandler -> NDIS.sys @ 0xf72bfbb0

PacketIndicateHandler -> NDIS.sys @ 0xf72aea0d

SendHandler -> NDIS.sys @ 0xf72c2b40

user & kernel MBR OK

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1292321489-3038965794-573620678-500\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,26,46,b9,da,70,58,c6,4d,81,e4,13,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,26,46,b9,da,70,58,c6,4d,81,e4,13,\

"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,26,46,b9,da,70,58,c6,4d,81,e4,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(908)

c:\windows\system32\wininet.dll

c:\windows\system32\VESWinlogon.dll

- - - - - - - > 'lsass.exe'(968)

c:\windows\system32\wininet.dll

- - - - - - - > 'explorer.exe'(504)

c:\windows\system32\WININET.dll

c:\program files\Nero\Nero8\InCD\NBHShx.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll

c:\program files\Nero\Nero8\InCD\NBHStr.dll

c:\program files\Common Files\Nero\Shared\NL3\AdvrCntr3.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\msi.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Intel\Wireless\Bin\EvtEng.exe

c:\program files\Intel\Wireless\Bin\S24EvMon.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\windows\eHome\ehRecvr.exe

c:\windows\eHome\ehSched.exe

c:\program files\Nero\Nero8\InCD\InCDsrv.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\LeapFrog\LeapFrog Connect\CommandService.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe

c:\windows\system32\ICO.EXE

c:\program files\Intel\Wireless\Bin\RegSrvc.exe

c:\program files\OpenOffice.org 3\program\soffice.exe

c:\program files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe

c:\program files\Apoint\Apntex.exe

c:\program files\OpenOffice.org 3\program\soffice.bin

c:\program files\Sony\VAIO Event Service\VESMgr.exe

c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe

c:\windows\system32\igfxext.exe

c:\program files\Skype\Plugin Manager\skypePM.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\windows\system32\igfxsrvc.exe

c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\windows\system32\dllhost.exe

c:\windows\eHome\ehmsas.exe

c:\program files\iPod\bin\iPodService.exe

.

**************************************************************************

.

Completion time: 2010-11-03 16:23:09 - machine was rebooted

ComboFix-quarantined-files.txt 2010-11-03 21:22

ComboFix2.txt 2010-11-02 22:41

Pre-Run: 56,203,132,928 bytes free

Post-Run: 56,204,722,176 bytes free

- - End Of File - - 0A6038B0338DE7D60F7B0624C4C9EC87

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.