Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Hijack this report

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Hijack this report

Unread postby leanne01 » June 12th, 2008, 1:43 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:27:58, on 12/06/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Sony\Marketing Tools\MarketingTools.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Yahoo!\YOP\yop.exe
C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
C:\Program Files\BT Broadband Desktop Help\btbb_wcm\McciTrayApp.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Sony\Network Utility\LANUtil.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe
C:\Users\Leanne\AppData\Local\Temp\symlcsv1.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\SecondLife\SecondLife.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bt.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bt.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [MarketingTools] C:\Program Files\Sony\Marketing Tools\MarketingTools.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [btbb_McciTrayApp] C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
O4 - HKLM\..\Run: [btbb_wcm_McciTrayApp] C:\Program Files\BT Broadband Desktop Help\btbb_wcm\McciTrayApp.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\BAR\1.BIN\m3SrchMn.exe" /m=0
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [NSUFloatingUI] "C:\Program Files\Sony\Network Utility\LANUtil.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... jhtml?p=ZJ
O8 - Extra context menu item: &Winamp Toolbar Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\PROGRA~1\Symantec\isPwdSvc.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: My Web Search Service (MyWebSearchService) - Unknown owner - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe (file missing)
O23 - Service: Norton Save and Restore - Symantec Corporation - C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe
O23 - Service: NSUService - Sony Corporation - C:\Program Files\Sony\Network Utility\NSUService.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 12832 bytes
Hello i hope you can help

i think i have a virus or trojans on my computer i keep finding grokster but my anti virus wont remove it
leanne01
Active Member
 
Posts: 12
Joined: June 12th, 2008, 1:34 pm
Advertisement
Register to Remove

Re: Hijack this report

Unread postby ktreffin » June 14th, 2008, 10:42 am

Hi leanne01, Welcome to the forums!Image

My name is Ken, on these forums I am known as ktreffin. I will be helping you with your current problem. Please note that I am still in training at Malware Removal University, however I will be working under the direct supervision of one of our Malware Experts. Any recommendations will first be approved before being given to you. Because of this, there may be a short delay in getting our responses to you, however be assured that we will be working diligently on your problem.

HiJackThis logs do take some time to review and research. I would appreciate it if while you are waiting, you could please do the following for me:

Please make an Uninstall List using HiJackThis.


To access the Uninstall Manager you would do the following:
    1. Start HijackThis
    2. Click on the Config button
    3. Click on the Misc Tools button
    4. Click on the Open Uninstall Manager button.
    5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here in a reply.

As we work together to resolve your problem, please read these instructions carefully. You may wish to print them off or copy them to Notepad.

Lastly, please keep these points in mind:
  • If you have questions, please DON'T hesitate to ask!
  • The instructions I give are specific to your current problem and should not be used on other systems.
  • Please post your replies only to this topic, and please DO NOT start a new thread.
  • Since there may be multiple issues with your system, please continue to follow this thread until I have given you an "All Clean!"

I am reviewing your log now, and will be back with you shortly. Thank you for your patience.

Ken
User avatar
ktreffin
Retired Graduate
 
Posts: 1864
Joined: February 28th, 2007, 11:12 pm
Location: USA, Florida

ok thank you this is from hijack this as you asked

Unread postby leanne01 » June 14th, 2008, 10:54 am

2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
Activation Assistant for the 2007 Microsoft Office suites
Ad-Aware 2007
Adobe Flash Player ActiveX
Adobe Reader 8.1.2
Advanced WindowsCare Personal
Alps Pointing-device for VAIO
AppCore
Apple Mobile Device Support
Apple Software Update
Atlantis - Sky Patrol (remove only)
AusLogics Disk Defrag
AV
Big Fish Games Center
Big Fish Games Sudoku (remove only)
Bonjour
Browser Address Error Redirector
BT Broadband Desktop Help
BT Wireless Connection Manager
BT Yahoo! Applications
Business Contact Manager for Outlook 2007 SP1
Business Contact Manager for Outlook 2007 SP1
CA Yahoo! Anti-Spy (remove only)
ccCommon
CleanUp!
Click to Disc
Click to Disc Editor
DivX Codec
DivX Converter
DivX Player
DriverMax 3.0
EnhanceMyVista Free
GearDrvs
Google Desktop
Google Earth
Google Talk (remove only)
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
HijackThis 2.0.2
Intel(R) Graphics Media Accelerator Driver
iTunes
Jasc Paint Shop Pro 9
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
LiveUpdate 3.2 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Mahjong Towers Eternity (remove only)
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 Redistributable
MSRedist
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
Norton 360
Norton AntiVirus
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Protection Center
Norton Save and Restore
OpenMG Limited Patch 4.7-07-15-19-01
OpenMG Secure Module 4.7.00
Palace Uninstall
Picasa 2
QuickTime
Realtek High Definition Audio Driver
Roxio Activation Module
Roxio Easy Media Creator Home
Safari
SecondLife (remove only)
Security Update for Excel 2007 (KB946974)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB951808)
Security Update for Microsoft Office Word 2007 (KB950113)
Security Update for Office 2007 (KB947801)
Security Update for Outlook 2007 (KB946983)
Security Update for Visio 2007 (KB947590)
Setting Utility Series
Skype™ 3.5
Sony Video Shared Library
SPBBC 32bit
SUPERAntiSpyware Free Edition
SymNet
There
UltraEdit v14.00a
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb950378)
VAIO Content Folder Setting
VAIO Content Metadata Intelligent Analyzing Manager
VAIO Content Metadata Manager Setting
VAIO Content Metadata XML Interface Library
VAIO Control Center
VAIO Data Restore Tool
VAIO DVD Menu Data Basic
VAIO Entertainment Platform
VAIO Event Service
VAIO Launcher
Vaio Marketing Tools
VAIO Media 6.0
VAIO Media AC3 Decoder 1.0
VAIO Media Content Collection 6.0
VAIO Media Integrated Server 6.1
VAIO Media Redistribution 6.0
VAIO Media Registration Tool 6.0
VAIO Movie Story
VAIO Movie Story Template Data
VAIO MusicBox
VAIO MusicBox Sample Music
VAIO Original Function Setting
VAIO Power Management
VAIO Smart Network
VAIO Update 3
VAIO Wallpaper Contents
Winamp
Winamp Toolbar for Internet Explorer
WinDVD for VAIO
XoftSpySE
leanne01
Active Member
 
Posts: 12
Joined: June 12th, 2008, 1:34 pm

Re: Hijack this report

Unread postby leanne01 » June 14th, 2008, 11:01 am

just so you know i have serious problems with closing down computer and opening up as screen freezes both ways. thank you for taking the time to try and help me it is much appreciated.

All my sony products on the computer seem to be infected and dont work properly
leanne01
Active Member
 
Posts: 12
Joined: June 12th, 2008, 1:34 pm

Re: Hijack this report

Unread postby ktreffin » June 16th, 2008, 9:04 pm

Hello leanne01,

It does appear that you are infected. Before we begin, I need to stress some important points to you.
  • Some of the instructions I will provide may get quite long. I highly recommend that you print a copy of them off or copy them into Notepad.
  • If at any time you have questions, please DON'T hesitate to ask!
  • Please keep in mind that the instructions I give are specific to your current problem and should not be used on other systems.
  • Also, please remember that there may be multiple issues with your system, please continue to follow this thread until I have given you an "All Clean!"

Ready? Lets go....

These instructions will remove My Web Search, this program is not actually malware, but it is considered unwanted as well as possibly a security/privacy risk. If you would like more information or for any reason you wish to keep this software please stop and let me know.

Step #1: Upload file for analysis

Please open this page in your browser:

http://www.bleepingcomputer.com/submit- ... channel=32

Fill in the link to topic field with a link to this topic
Copy/paste the following into the Browse to the file you want to submit field:
C:\Users\Leanne\AppData\Local\Temp\symlcsv1.exe

Then press Send File, this will upload the file for analysis

*==============================================*

Step #2: Disable Windows Defender

Please disable Windows Defender Real Time Protection as it may interfere with the fix. To disable Windows Defender:
  • Open Windows Defender
  • Click Tools
  • Click General Settings
  • Scroll down to Real Time Protection Options
  • Uncheck Turn on Real Time Protection (recommended)
  • Click Save
  • Close Windows Defender
  • Reboot your machine for the changes to take effect.
Once your log is clean you can re-enable Windows Defender Real Time Protection.

*==============================================*

Step #3: Remove malware lines using Hijack This

Right click on HijackThis and click Run as administrator
Click on do a system scan only
Place a checkmark next to these lines(if still present)

O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\BAR\1.BIN\m3SrchMn.exe" /m=0
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... jhtml?p=ZJ


CLOSE ALL OPEN WINDOWS AND BROWSERS - EXCEPT HIJACKTHIS and click on "Fix Checked".

Once complete, please exit HiJackThis.

*==============================================*

Step #4: Delete bad services
  • Open a new notepad window (Start>All Programs>Accessories>Notepad)
  • Copy & paste the contents of the following codebox into the notepad window
Code: Select all
@echo off
sc stop MyWebSearchService
sc config MyWebSearchService start= disabled
sc delete MyWebSearchService

  • Click File > Save as
  • In the box labelled File name copy and paste FixServices.bat
  • Change Save as type to All Files
  • Save it to your desktop
  • Close the notepad window
  • Right click on FixServices.bat and click Run as administrator
  • If windows tells you that it needs your permission to continue, click Continue
  • A DOS window will come up briefly and then disappear, this is normal

*===============================================*

Step #5: View hidden files and folders

Make hidden/system files and folders visible:
Click Start -> Computer, press Alt once, then from the top menu select Tools, Click Folder Options and select the View tab
Under the Hidden files and folders heading SELECT Show hidden files and folders
UNCHECK the Hide extensions for known file types option
UNCHECK the Hide protected operating system files (recommended) option
Click Yes to confirm and press OK

*===============================================*

Step #6: Delete all bad folders

Open Windows Explorer by right clicking the Start button and left clicking Explore. Navigate to and find the following FOLDERS: If found, delete the following (some may not be present after previous steps):

C:\PROGRAM FILES\MYWEBSEARCH

After deleting the above files and folders, please be sure to empty your recycle bin.

*===============================================*

Step #7: Malwarebytes' Anti-Malware Scan

Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply.
  • If you accidently close it, the log file is saved here and will be named like this: C:\Documents and Settings\<your username>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

*===============================================*

Step #8: Things to put in your next reply

Please post the following in your next reply:
  • A New Hijack This Log
  • Contents of the Malwarebytes' Anti-Malware Log

Thanks,
Ken
User avatar
ktreffin
Retired Graduate
 
Posts: 1864
Joined: February 28th, 2007, 11:12 pm
Location: USA, Florida

Re: Hijack this report

Unread postby leanne01 » June 17th, 2008, 1:10 am

have posted to bleeping computer as requested thank you
leanne01
Active Member
 
Posts: 12
Joined: June 12th, 2008, 1:34 pm

Re: Hijack this report

Unread postby ktreffin » June 17th, 2008, 9:55 am

Thanks Leanne,

Were you able to complete the other steps also? Just want to make sure you didn't have any questions or problems.

Thanks,
Ken
User avatar
ktreffin
Retired Graduate
 
Posts: 1864
Joined: February 28th, 2007, 11:12 pm
Location: USA, Florida

Re: Hijack this report

Unread postby leanne01 » June 17th, 2008, 1:21 pm

Malwarebytes' Anti-Malware 1.17
Database version: 864

18:07:12 17/06/2008
mbam-log-6-17-2008 (18-07-12).txt

Scan type: Full Scan (C:\|G:\|)
Objects scanned: 195851
Time elapsed: 42 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 32
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\Program Files\Internet Explorer\msimg32.dll (Adware.MyWebSearch) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1e0de227-5ce4-4ea3-ab0c-8b03e1aa76bc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{53ced2d0-5e9a-4761-9005-648404e6f7e5} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d292-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d296-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{adb01e81-3c79-4272-a0f1-7b2be7a782dc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\uninstall (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\typelib (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\Internet Explorer\msimg32.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Windows\System32\f3PSSavr.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
leanne01
Active Member
 
Posts: 12
Joined: June 12th, 2008, 1:34 pm

Re: Hijack this report

Unread postby leanne01 » June 17th, 2008, 1:21 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:27:58, on 12/06/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Sony\Marketing Tools\MarketingTools.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Yahoo!\YOP\yop.exe
C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
C:\Program Files\BT Broadband Desktop Help\btbb_wcm\McciTrayApp.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Sony\Network Utility\LANUtil.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe
C:\Users\Leanne\AppData\Local\Temp\symlcsv1.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\SecondLife\SecondLife.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bt.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bt.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [MarketingTools] C:\Program Files\Sony\Marketing Tools\MarketingTools.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [btbb_McciTrayApp] C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
O4 - HKLM\..\Run: [btbb_wcm_McciTrayApp] C:\Program Files\BT Broadband Desktop Help\btbb_wcm\McciTrayApp.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\BAR\1.BIN\m3SrchMn.exe" /m=0
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [NSUFloatingUI] "C:\Program Files\Sony\Network Utility\LANUtil.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... jhtml?p=ZJ
O8 - Extra context menu item: &Winamp Toolbar Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\PROGRA~1\Symantec\isPwdSvc.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: My Web Search Service (MyWebSearchService) - Unknown owner - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe (file missing)
O23 - Service: Norton Save and Restore - Symantec Corporation - C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe
O23 - Service: NSUService - Sony Corporation - C:\Program Files\Sony\Network Utility\NSUService.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 12832 bytes
leanne01
Active Member
 
Posts: 12
Joined: June 12th, 2008, 1:34 pm

Re: Hijack this report

Unread postby ktreffin » June 18th, 2008, 7:51 am

Hi Leanne01,

How are things running? Is there any improvement?

Looks like Malwarebytes' took out a whole bunch of nasties. It also appears that you have posted the same Hijack This log as the original one. I need to make sure that you post a NEW Hijack This log for me to review. However, before you run a new Hijack This log, I would like for you to do one thing....

Step #1: Run CCleaner

Download CCleaner from here to clean temp files from your computer.
  • Double click on the ccsetup.exe file to start the installation of the program.
  • Select your language and click OK, then next.
  • Read the license agreement and click I Agree.
  • Click next to use the default install location.
  • Under Install Options, choose all the default settings. You can also Uncheck the 'Automatically check for updates' box.
  • Click Install then finish to complete installation.
  • Double click the CCleaner shortcut on the desktop to start the program.
  • On the "Windows" tab, under "Internet Explorer," uncheck "Cookies" if you do not want them deleted. (If deleted, you will likely need to reenter your passwords at all sites where a cookie is used to recognize you when you visit).
  • If you use either the Firefox or Mozilla browsers, the box to uncheck for "Cookies" is on the Applications tab, under Firefox/Mozilla.
  • Click on the "Options" icon at the left side of the window, then click on "Advanced."
    deselect "Only delete files in Windows Temp folders older than 48 hours."
  • Caution: It is not recommended that you use the "Issues" feature unless you are very familiar with the registry as it has been known to find legitimate items. Click on Issues and make sure Registry Integrity is UNchecked!
  • Click on the "Cleaner" icon on the left side of the window, then click Run Cleaner to run the program.
  • After CCleaner has completed its process, click Exit.

*==============================================*

Step #2: Please post a new Hijack This Log

  • Please launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Copy/Paste the log to your next reply please.

Please Remember:
Don't use the Analyze This button, its findings are dangerous if misinterpreted.

*===============================================*

Step #3: Things to put in your next reply

Please post the following in your next reply:
  • The New Hijack This Log

Thanks,
Ken
User avatar
ktreffin
Retired Graduate
 
Posts: 1864
Joined: February 28th, 2007, 11:12 pm
Location: USA, Florida

Re: Hijack this report

Unread postby leanne01 » June 18th, 2008, 1:01 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:46:23, on 18/06/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Sony\Marketing Tools\MarketingTools.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Yahoo!\YOP\yop.exe
C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
C:\Program Files\BT Broadband Desktop Help\btbb_wcm\McciTrayApp.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Sony\Network Utility\LANUtil.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bt.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bt.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [MarketingTools] C:\Program Files\Sony\Marketing Tools\MarketingTools.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [btbb_McciTrayApp] C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
O4 - HKLM\..\Run: [btbb_wcm_McciTrayApp] C:\Program Files\BT Broadband Desktop Help\btbb_wcm\McciTrayApp.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [NSUFloatingUI] "C:\Program Files\Sony\Network Utility\LANUtil.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O8 - Extra context menu item: &Winamp Toolbar Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\PROGRA~1\Symantec\isPwdSvc.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton Save and Restore - Symantec Corporation - C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe
O23 - Service: NSUService - Sony Corporation - C:\Program Files\Sony\Network Utility\NSUService.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 12293 bytes

This is the log sorry the last time i forgot to run it as adminstrator. I still cant turn off my computer properly and it takes three or four attempts to reboot it. As it goes to a blank screen first few attempts.
leanne01
Active Member
 
Posts: 12
Joined: June 12th, 2008, 1:34 pm

Re: Hijack this report

Unread postby ktreffin » June 18th, 2008, 9:14 pm

Hi Leanne01,

Step #1: Download and Run DSS

Download Deckard's System Scanner (DSS) to your Desktop. You must be logged onto an account with administrator privileges.
  • Close all applications and windows.
  • Double-click on dss.exe to run it, and follow the prompts.
  • When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<- this one will be minimized.
  • Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt in your reply.

Thanks,
Ken
User avatar
ktreffin
Retired Graduate
 
Posts: 1864
Joined: February 28th, 2007, 11:12 pm
Location: USA, Florida

Re: Hijack this report

Unread postby leanne01 » June 19th, 2008, 12:27 pm

I cant run that new piece of software you sent me it just sits on my hardrive and does nothing i left it for over an hour earlier today and nothing happened.

I am having big problems with log off and on my puter wont shut down

All sony products still not working properly

When i was first infected i was told that i had a trojan called Trojan.dropper.bz which is particulary nasty for sony laptops.

thank you for you help i hope i can get this all fixed
leanne01
Active Member
 
Posts: 12
Joined: June 12th, 2008, 1:34 pm

Re: Hijack this report

Unread postby ktreffin » June 19th, 2008, 9:43 pm

Hi Leanne01,

I am sorry that you are having such problems. Lets try a different scan and see if we can get that to run. Please do the following:

Download and Run OTScanIt

  1. Please download OTScanIt.exe from Bleeping Computer by OldTimer and save it to your desktop.
  2. Double click on OTScanIt.exe to run it.
  3. Click on Extract. Once done, you will be prompted. Click OK and click Close.
  4. Double click on the OTScanIt folder. Right click on OTScanIt.exe and select Run As Administrator to run it. If you receive a prompt, please allow it.
  5. Under Drivers section, select Non-Microsoft.
  6. Click on the Run Scan button at the top left hand corner.
  7. OTScanIt will start running. Once done, Notepad will open. Please post the contents of this Notepad file in your next reply.

Hopefully this will run OK. Please let me know if you have any other problems.

Thanks,
Ken
User avatar
ktreffin
Retired Graduate
 
Posts: 1864
Joined: February 28th, 2007, 11:12 pm
Location: USA, Florida

Re: Hijack this report

Unread postby leanne01 » June 19th, 2008, 10:13 pm

Code: Select all
OTScanIt logfile created on: 20/06/2008 03:11:23
OTScanIt by OldTimer - Version 1.0.15.15     Folder = C:\Users\Leanne\Desktop\OTScanIt
Windows Vista  Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
1.99 Gb Total Physical Memory | 0.80 Gb Available Physical Memory | 40.43% Memory free
4.00 Gb Paging File | 2.48 Gb Available in Paging File | 62.12% Paging File free
Paging file location(s): ?:\pagefile.sys;
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 169.18 Gb Total Space | 114.13 Gb Free Space | 67.46% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 9.76 Gb Total Space | 8.25 Gb Free Space | 84.46% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LEANNE-PC
Current User Name: Leanne
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

[Processes - Non-Microsoft Only]
ccsvchst.exe -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 108648 bytes | Modified Date = 10/01/2007 06:59:32 | Attr =    ]
appsvc32.exe -> %CommonProgramFiles%\Symantec Shared\AppCore\AppSvc32.exe -> Symantec Corporation [Ver = 1.1.1.2 | Size = 47712 bytes | Modified Date = 05/01/2007 09:19:28 | Attr =    ]
aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,7 | Size = 607576 bytes | Modified Date = 09/06/2008 04:04:06 | Attr =    ]
applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 18/02/2008 12:16:30 | Attr =    ]
aluschedulersvc.exe -> %ProgramFiles%\Symantec\LiveUpdate\AluSchedulerSvc.exe -> Symantec Corporation [Ver = 3.2.0.68 | Size = 554352 bytes | Modified Date = 12/09/2007 19:27:24 | Attr =    ]
mdnsresponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Inc. [Ver = 1,0,4,12 | Size = 229376 bytes | Modified Date = 24/07/2007 15:17:08 | Attr =    ]
ccsvchst.exe -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 108648 bytes | Modified Date = 10/01/2007 06:59:32 | Attr =    ]
iviregmgr.exe -> %CommonProgramFiles%\InterVideo\RegMgr\iviRegMgr.exe -> InterVideo [Ver = 1, 0, 4, 0 | Size = 112152 bytes | Modified Date = 05/01/2007 04:48:52 | Attr = R  ]
mccicmservice.exe -> %CommonProgramFiles%\Motive\McciCMService.exe -> Motive Communications, Inc. [Ver = 6,1,0,218 | Size = 303104 bytes | Modified Date = 17/11/2007 02:34:26 | Attr =    ]
vprosvc.exe -> %ProgramFiles%\Norton Save and Restore\Agent\VProSvc.exe -> Symantec Corporation [Ver = 2.0.0.19488 | Size = 2655848 bytes | Modified Date = 14/02/2007 03:57:06 | Attr =    ]
nsuservice.exe -> %ProgramFiles%\Sony\Network Utility\NSUService.exe -> Sony Corporation [Ver = 1.2.01.13070 | Size = 204800 bytes | Modified Date = 16/01/2008 13:49:26 | Attr =    ]
vesmgr.exe -> %ProgramFiles%\Sony\VAIO Event Service\VESMgr.exe -> Sony Corporation [Ver = 3.1.00.13250 | Size = 182392 bytes | Modified Date = 15/08/2007 05:05:18 | Attr =    ]
vcsw.exe -> %CommonProgramFiles%\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -> Sony Corporation [Ver = 2.0.00.08230 | Size = 274432 bytes | Modified Date = 28/06/2007 17:52:48 | Attr =    ]
xaudio.exe -> %SystemRoot%\System32\drivers\XAudio.exe -> Conexant Systems, Inc. [Ver = 1.02 | Size = 386560 bytes | Modified Date = 20/09/2007 01:17:46 | Attr =    ]
vzcdbsvc.exe -> %CommonProgramFiles%\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -> Sony Corporation [Ver = 3.0.01.08160 | Size = 192512 bytes | Modified Date = 29/08/2007 01:27:10 | Attr =    ]
vzfw.exe -> %CommonProgramFiles%\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -> Sony Corporation [Ver = 3.0.01.08160 | Size = 131072 bytes | Modified Date = 29/08/2007 01:27:12 | Attr =    ]
symlcsvc.exe -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> Symantec Corporation [Ver = 1.9.1.1088 | Size = 1174664 bytes | Modified Date = 16/05/2008 17:59:02 | Attr =    ]
lucoms~1.exe -> %ProgramFiles%\Symantec\LiveUpdate\LuComServer_3_2.EXE -> Symantec Corporation [Ver = 3.2.0.68 | Size = 2999664 bytes | Modified Date = 12/09/2007 19:27:24 | Attr =    ]
vesmgrsub.exe -> %ProgramFiles%\Sony\VAIO Event Service\VESMgrSub.exe -> Sony Corporation [Ver = 2.3.00.03190 | Size = 100472 bytes | Modified Date = 15/08/2007 05:05:18 | Attr =    ]
igfxext.exe -> %SystemRoot%\System32\igfxext.exe -> Intel Corporation [Ver = 7.14.10.1295 | Size = 166424 bytes | Modified Date = 20/09/2007 01:04:50 | Attr =    ]
igfxtray.exe -> %SystemRoot%\System32\igfxtray.exe -> Intel Corporation [Ver = 7.14.10.1295 | Size = 141848 bytes | Modified Date = 20/09/2007 01:06:10 | Attr =    ]
hkcmd.exe -> %SystemRoot%\System32\hkcmd.exe -> Intel Corporation [Ver = 7.14.10.1295 | Size = 154136 bytes | Modified Date = 20/09/2007 01:03:01 | Attr =    ]
igfxpers.exe -> %SystemRoot%\System32\igfxpers.exe -> Intel Corporation [Ver = 7.14.10.1295 | Size = 137752 bytes | Modified Date = 20/09/2007 01:04:50 | Attr =    ]
apoint.exe -> %ProgramFiles%\Apoint\Apoint.exe -> Alps Electric Co., Ltd. [Ver = 7.0.7.152 | Size = 118784 bytes | Modified Date = 10/06/2007 01:12:18 | Attr =    ]
isbmgr.exe -> %ProgramFiles%\Sony\ISB Utility\ISBMgr.exe -> Sony Corporation [Ver = 2.3.00.09190 | Size = 311296 bytes | Modified Date = 19/09/2007 20:09:58 | Attr =    ]
googledesktop.exe -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktop.exe -> Google [Ver = 5.1.708.19688 | Size = 1838592 bytes | Modified Date = 07/11/2007 22:09:56 | Attr =    ]
marketingtools.exe -> %ProgramFiles%\Sony\Marketing Tools\MarketingTools.exe -> Sony NSCE [Ver = 1.5.0.0 | Size = 36864 bytes | Modified Date = 07/11/2007 22:11:42 | Attr =    ]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_05\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 144784 bytes | Modified Date = 22/02/2008 04:25:21 | Attr =    ]
yop.exe -> %ProgramFiles%\Yahoo!\YOP\yop.exe -> Yahoo! Inc. [Ver = 2007, 6, 26, 2 | Size = 509224 bytes | Modified Date = 26/06/2007 14:48:14 | Attr =    ]
spmgr.exe -> %ProgramFiles%\Sony\VAIO Power Management\SPMgr.exe -> Sony Corporation [Ver = 2.3.00.10100 | Size = 921600 bytes | Modified Date = 31/10/2007 22:13:44 | Attr =    ]
bthelpnotifier.exe -> %ProgramFiles%\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe -> Motive Communications, Inc. [Ver = 6,1,0,136 | Size = 1475072 bytes | Modified Date = 01/11/2007 04:39:29 | Attr =    ]
mccitrayapp.exe -> %ProgramFiles%\BT Broadband Desktop Help\btbb_wcm\McciTrayApp.exe -> Motive Communications, Inc. [Ver = 6,1,0,136 | Size = 1474048 bytes | Modified Date = 29/11/2007 13:30:37 | Attr =    ]
ccapp.exe -> %CommonProgramFiles%\Symantec Shared\ccApp.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 115816 bytes | Modified Date = 10/01/2007 06:59:52 | Attr =    ]
picasamediadetector.exe -> %ProgramFiles%\Picasa2\PicasaMediaDetector.exe -> Google Inc. [Ver = 2.7.37.49 | Size = 443968 bytes | Modified Date = 26/02/2008 02:23:34 | Attr =    ]
lanutil.exe -> %ProgramFiles%\Sony\Network Utility\LANUtil.exe -> Sony Corporation [Ver = 1.2.01.13070 | Size = 253952 bytes | Modified Date = 16/01/2008 15:44:44 | Attr =    ]
apmsgfwd.exe -> %ProgramFiles%\Apoint\ApMsgFwd.exe -> Alps Electric Co., Ltd. [Ver = 7, 0, 0, 18 | Size = 50736 bytes | Modified Date = 10/06/2007 01:12:16 | Attr =    ]
googledesktop.exe -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktop.exe -> Google [Ver = 5.1.708.19688 | Size = 1838592 bytes | Modified Date = 07/11/2007 22:09:56 | Attr =    ]
apntex.exe -> %ProgramFiles%\Apoint\ApntEx.exe -> Alps Electric Co., Ltd. [Ver = 7.0.1.26 | Size = 40960 bytes | Modified Date = 10/06/2007 01:12:18 | Attr =    ]
secondlife.exe -> %ProgramFiles%\SecondLife\SecondLife.exe -> Linden Lab [Ver = 1.19.1.4 | Size = 16207872 bytes | Modified Date = 02/04/2008 20:06:18 | Attr =    ]
googletoolbar1user.exe -> %ProgramFiles%\Google\googletoolbar1user.exe ->  [Ver =  | Size = 52272 bytes | Modified Date = 07/11/2007 22:11:23 | Attr =    ]
otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.15.15 | Size = 397312 bytes | Modified Date = 12/06/2008 00:29:06 | Attr =    ]

[Win32 Services - Non-Microsoft Only]
(aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,7 | Size = 607576 bytes | Modified Date = 09/06/2008 04:04:06 | Attr =    ]
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 18/02/2008 12:16:30 | Attr =    ]
(Automatic LiveUpdate Scheduler) Automatic LiveUpdate Scheduler [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec\LiveUpdate\AluSchedulerSvc.exe -> Symantec Corporation [Ver = 3.2.0.68 | Size = 554352 bytes | Modified Date = 12/09/2007 19:27:24 | Attr =    ]
(Bonjour Service) Bonjour Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Inc. [Ver = 1,0,4,12 | Size = 229376 bytes | Modified Date = 24/07/2007 15:17:08 | Attr =    ]
(ccEvtMgr) Symantec Event Manager [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 108648 bytes | Modified Date = 10/01/2007 06:59:32 | Attr =    ]
(ccSetMgr) Symantec Settings Manager [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 108648 bytes | Modified Date = 10/01/2007 06:59:32 | Attr =    ]
(CertPropSvc) Certificate Propagation [Win32_Shared | Unknown | Stopped] -> %SystemRoot%\system32\svchost.exe -> File not found
(CLTNetCnService) Symantec Lic NetConnect service [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 108648 bytes | Modified Date = 10/01/2007 06:59:32 | Attr =    ]
(comHost) COM Host [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\VAScanner\comHost.exe -> Symantec Corporation [Ver = 1.2.0.28 | Size = 49248 bytes | Modified Date = 13/01/2007 04:40:58 | Attr =    ]
(DcomLaunch) DCOM Server Process Launcher [Win32_Shared | Unknown | Running] -> %SystemRoot%\system32\svchost.exe -> File not found
(GoogleDesktopManager) GoogleDesktopManager [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktop.exe -> Google [Ver = 5.1.708.19688 | Size = 1838592 bytes | Modified Date = 07/11/2007 22:09:56 | Attr =    ]
(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.734.29932.beta | Size = 138168 bytes | Modified Date = 07/11/2007 22:11:22 | Attr =    ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\1150\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.50.42618 | Size = 69632 bytes | Modified Date = 14/11/2005 10:06:04 | Attr =    ]
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> %systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -> File not found
(iPod Service) iPod Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.6.2.9 | Size = 504104 bytes | Modified Date = 30/03/2008 10:36:30 | Attr =    ]
(ISPwdSvc) Symantec IS Password Validation [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Symantec\isPwdSvc.exe -> Symantec Corporation [Ver = 10.2.0.50 | Size = 80504 bytes | Modified Date = 14/01/2007 08:11:06 | Attr =    ]
(IviRegMgr) IviRegMgr [Win32_Own | Auto | Running] -> %CommonProgramFiles%\InterVideo\RegMgr\iviRegMgr.exe -> InterVideo [Ver = 1, 0, 4, 0 | Size = 112152 bytes | Modified Date = 05/01/2007 04:48:52 | Attr = R  ]
(LiveUpdate) LiveUpdate [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Symantec\LiveUpdate\LuComServer_3_2.EXE -> Symantec Corporation [Ver = 3.2.0.68 | Size = 2999664 bytes | Modified Date = 12/09/2007 19:27:24 | Attr =    ]
(LiveUpdate Notice Ex) LiveUpdate Notice Service Ex [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 108648 bytes | Modified Date = 10/01/2007 06:59:32 | Attr =    ]
(LiveUpdate Notice Service) LiveUpdate Notice Service [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -> Symantec Corporation [Ver = 1.4.5.83 | Size = 583048 bytes | Modified Date = 29/01/2008 18:38:31 | Attr =    ]
(McciCMService) McciCMService [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Motive\McciCMService.exe -> Motive Communications, Inc. [Ver = 6,1,0,218 | Size = 303104 bytes | Modified Date = 17/11/2007 02:34:26 | Attr =    ]
(MSCSPTISRV) MSCSPTISRV [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Sony Shared\AVLib\MSCSPTISRV.exe -> Sony Corporation [Ver = 4.7.00.12140 | Size = 45056 bytes | Modified Date = 14/12/2006 11:21:20 | Attr =    ]
(MSDTC) Distributed Transaction Coordinator [Win32_Own | Unknown | Stopped] -> %SystemRoot%\System32\msdtc.exe -> File not found
(Norton Save and Restore) Norton Save and Restore [Win32_Own | Auto | Running] -> %ProgramFiles%\Norton Save and Restore\Agent\VProSvc.exe -> Symantec Corporation [Ver = 2.0.0.19488 | Size = 2655848 bytes | Modified Date = 14/02/2007 03:57:06 | Attr =    ]
(NSUService) NSUService [Win32_Own | Auto | Running] -> %ProgramFiles%\Sony\Network Utility\NSUService.exe -> Sony Corporation [Ver = 1.2.01.13070 | Size = 204800 bytes | Modified Date = 16/01/2008 13:49:26 | Attr =    ]
(PACSPTISVR) PACSPTISVR [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Sony Shared\AVLib\PACSPTISVR.exe ->  [Ver = 4.7.00.12140 | Size = 57344 bytes | Modified Date = 14/12/2006 10:46:16 | Attr =    ]
(Schedule) Task Scheduler [Win32_Shared | Unknown | Running] -> %systemroot%\system32\svchost.exe -> File not found
(SCPolicySvc) Smart Card Removal Policy [Win32_Shared | Unknown | Stopped] -> %SystemRoot%\system32\svchost.exe -> File not found
(SPTISRV) Sony SPTI Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Sony Shared\AVLib\SPTISRV.exe -> Sony Corporation [Ver = 4.7.00.12140 | Size = 69632 bytes | Modified Date = 14/12/2006 11:02:08 | Attr =    ]
(Symantec Core LC) Symantec Core LC [Win32_Own | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> Symantec Corporation [Ver = 1.9.1.1088 | Size = 1174664 bytes | Modified Date = 16/05/2008 17:59:02 | Attr =    ]
(SymAppCore) Symantec AppCore Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\AppCore\AppSvc32.exe -> Symantec Corporation [Ver = 1.1.1.2 | Size = 47712 bytes | Modified Date = 05/01/2007 09:19:28 | Attr =    ]
(TrustedInstaller) Windows Modules Installer [Win32_Own | Unknown | Stopped] -> %SystemRoot%\servicing\TrustedInstaller.exe -> File not found
(VAIO Entertainment TV Device Arbitration Service) VAIO Entertainment TV Device Arbitration Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -> Sony Corporation [Ver = 2.1.00.04250 | Size = 73728 bytes | Modified Date = 28/06/2007 17:53:04 | Attr =    ]
(VAIO Event Service) VAIO Event Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Sony\VAIO Event Service\VESMgr.exe -> Sony Corporation [Ver = 3.1.00.13250 | Size = 182392 bytes | Modified Date = 15/08/2007 05:05:18 | Attr =    ]
(VAIOMediaPlatform-IntegratedServer-AppServer) VAIO Media Integrated Server [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Sony\VAIO Media Integrated Server\VMISrv.exe -> Sony Corporation [Ver = 6, 1, 0, 6080 | Size = 2523136 bytes | Modified Date = 21/06/2007 00:35:06 | Attr =    ]
(VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP) [Win32_Shared | On_Demand | Stopped] -> %ProgramFiles%\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -> Sony Corporation [Ver = 3, 0, 0, 11200 | Size = 397312 bytes | Modified Date = 21/06/2007 00:34:50 | Attr =    ]
(VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP) [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -> Sony Corporation [Ver = 6, 0, 4, 13150 | Size = 1089536 bytes | Modified Date = 21/06/2007 00:34:50 | Attr =    ]
(VAIOMediaPlatform-Mobile-Gateway) VAIO Media Gateway Server [Win32_Shared | On_Demand | Stopped] -> %ProgramFiles%\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -> Sony Corporation [Ver = 6, 0, 0, 4230 | Size = 499712 bytes | Modified Date = 21/06/2007 00:34:52 | Attr =    ]
(VAIOMediaPlatform-UCLS-AppServer) VAIO Media Content Collection [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Sony\VAIO Media Integrated Server\UCLS.exe -> Sony Corporation [Ver = 6.0.01.13110 | Size = 745472 bytes | Modified Date = 11/01/2007 01:51:06 | Attr =    ]
(VAIOMediaPlatform-UCLS-HTTP) VAIO Media Content Collection (HTTP) [Win32_Shared | On_Demand | Stopped] -> %ProgramFiles%\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -> Sony Corporation [Ver = 3, 0, 0, 11200 | Size = 397312 bytes | Modified Date = 21/06/2007 00:34:50 | Attr =    ]
(VAIOMediaPlatform-UCLS-UPnP) VAIO Media Content Collection (UPnP) [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -> Sony Corporation [Ver = 6, 0, 4, 13150 | Size = 1089536 bytes | Modified Date = 21/06/2007 00:34:50 | Attr =    ]
(VcmIAlzMgr) VAIO Content Metadata Intelligent Analyzing Manager [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -> Sony Corporation [Ver = 2.1.00.09280 | Size = 292128 bytes | Modified Date = 29/09/2007 06:11:44 | Attr =    ]
(VcmXmlIfHelper) VAIO Content Metadata XML Interface [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Sony Shared\VcmXml\VcmXmlIfHelper.exe -> Sony Corporation [Ver = 3.1.00.03101 | Size = 87328 bytes | Modified Date = 17/03/2008 11:06:04 | Attr =    ]
(Vcsw) VAIO Entertainment UPnP Client Adapter [Win32_Own | On_Demand | Running] -> %CommonProgramFiles%\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -> Sony Corporation [Ver = 2.0.00.08230 | Size = 274432 bytes | Modified Date = 28/06/2007 17:52:48 | Attr =    ]
(VzCdbSvc) VAIO Entertainment Database Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -> Sony Corporation [Ver = 3.0.01.08160 | Size = 192512 bytes | Modified Date = 29/08/2007 01:27:10 | Attr =    ]
(VzFw) VAIO Entertainment File Import Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -> Sony Corporation [Ver = 3.0.01.08160 | Size = 131072 bytes | Modified Date = 29/08/2007 01:27:12 | Attr =    ]
(WdiServiceHost) Diagnostic Service Host [Win32_Shared | Unknown | Stopped] -> %SystemRoot%\System32\svchost.exe -> File not found
(WdiSystemHost) Diagnostic System Host [Win32_Shared | Unknown | Running] -> %SystemRoot%\System32\svchost.exe -> File not found
(XAudioService) XAudioService [Win32_Own | Auto | Running] -> %SystemRoot%\System32\drivers\XAudio.exe -> Conexant Systems, Inc. [Ver = 1.02 | Size = 386560 bytes | Modified Date = 20/09/2007 01:17:46 | Attr =    ]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
Apoint -> %ProgramFiles%\Apoint\Apoint.exe [C:\Program Files\Apoint\Apoint.exe] -> Alps Electric Co., Ltd. [Ver = 7.0.7.152 | Size = 118784 bytes | Modified Date = 10/06/2007 01:12:18 | Attr =    ]
btbb_McciTrayApp -> %ProgramFiles%\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe [C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe] -> Motive Communications, Inc. [Ver = 6,1,0,136 | Size = 1475072 bytes | Modified Date = 01/11/2007 04:39:29 | Attr =    ]
btbb_wcm_McciTrayApp -> %ProgramFiles%\BT Broadband Desktop Help\btbb_wcm\McciTrayApp.exe [C:\Program Files\BT Broadband Desktop Help\btbb_wcm\McciTrayApp.exe] -> Motive Communications, Inc. [Ver = 6,1,0,136 | Size = 1474048 bytes | Modified Date = 29/11/2007 13:30:37 | Attr =    ]
ccApp -> %CommonProgramFiles%\Symantec Shared\ccApp.exe ["C:\Program Files\Common Files\Symantec Shared\ccApp.exe"] -> Symantec Corporation [Ver = 106.2.0.21 | Size = 115816 bytes | Modified Date = 10/01/2007 06:59:52 | Attr =    ]
Google Desktop Search -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktop.exe ["C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup] -> Google [Ver = 5.1.708.19688 | Size = 1838592 bytes | Modified Date = 07/11/2007 22:09:56 | Attr =    ]
HotKeysCmds -> %SystemRoot%\System32\hkcmd.exe [C:\Windows\system32\hkcmd.exe] -> Intel Corporation [Ver = 7.14.10.1295 | Size = 154136 bytes | Modified Date = 20/09/2007 01:03:01 | Attr =    ]
IgfxTray -> %SystemRoot%\System32\igfxtray.exe [C:\Windows\system32\igfxtray.exe] -> Intel Corporation [Ver = 7.14.10.1295 | Size = 141848 bytes | Modified Date = 20/09/2007 01:06:10 | Attr =    ]
ISBMgr.exe -> %ProgramFiles%\Sony\ISB Utility\ISBMgr.exe ["C:\Program Files\Sony\ISB Utility\ISBMgr.exe"] -> Sony Corporation [Ver = 2.3.00.09190 | Size = 311296 bytes | Modified Date = 19/09/2007 20:09:58 | Attr =    ]
MarketingTools -> %ProgramFiles%\Sony\Marketing Tools\MarketingTools.exe [C:\Program Files\Sony\Marketing Tools\MarketingTools.exe] -> Sony NSCE [Ver = 1.5.0.0 | Size = 36864 bytes | Modified Date = 07/11/2007 22:11:42 | Attr =    ]
Persistence -> %SystemRoot%\System32\igfxpers.exe [C:\Windows\system32\igfxpers.exe] -> Intel Corporation [Ver = 7.14.10.1295 | Size = 137752 bytes | Modified Date = 20/09/2007 01:04:50 | Attr =    ]
QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe ["C:\Program Files\QuickTime\QTTask.exe" -atboottime] -> Apple Inc. [Ver = 7.4.5 | Size = 413696 bytes | Modified Date = 28/03/2008 23:37:20 | Attr =    ]
RtHDVCpl -> %SystemRoot%\RtHDVCpl.exe [RtHDVCpl.exe] -> Realtek Semiconductor [Ver = 1, 0, 0, 73 | Size = 4669440 bytes | Modified Date = 25/08/2007 01:06:24 | Attr =    ]
Skytel -> %SystemRoot%\SkyTel.exe [Skytel.exe] -> Realtek Semiconductor Corp. [Ver = 2.0.1.19 | Size = 1826816 bytes | Modified Date = 25/08/2007 01:06:33 | Attr =    ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_05\bin\jusched.exe ["C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 144784 bytes | Modified Date = 22/02/2008 04:25:21 | Attr =    ]
YOP -> %ProgramFiles%\Yahoo!\YOP\yop.exe [C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart] -> Yahoo! Inc. [Ver = 2007, 6, 26, 2 | Size = 509224 bytes | Modified Date = 26/06/2007 14:48:14 | Attr =    ]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> 
IMAIL-> Installed = 1 -> 
MAPI-> Installed = 1 -> 
MSFS-> Installed = 1 -> 
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
NSUFloatingUI -> %ProgramFiles%\Sony\Network Utility\LANUtil.exe ["C:\Program Files\Sony\Network Utility\LANUtil.exe"] -> Sony Corporation [Ver = 1.2.01.13070 | Size = 253952 bytes | Modified Date = 16/01/2008 15:44:44 | Attr =    ]
Picasa Media Detector -> %ProgramFiles%\Picasa2\PicasaMediaDetector.exe [C:\Program Files\Picasa2\PicasaMediaDetector.exe] -> Google Inc. [Ver = 2.7.37.49 | Size = 443968 bytes | Modified Date = 26/02/2008 02:23:34 | Attr =    ]
Yahoo! Pager -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe ["C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet] -> Yahoo! Inc. [Ver = 8,1,0,421 | Size = 4670704 bytes | Modified Date = 30/08/2007 18:43:18 | Attr =    ]
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> 
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> 
C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktopNetwork3.dll -> Google [Ver = 5.1.708.19688 | Size = 145408 bytes | Modified Date = 07/11/2007 22:09:56 | Attr =    ]
*MultiFile Done* -> -> 
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKEY_LOCAL_MACHINE] -> Reg Error: Value  does not exist or could not be read. [] -> File not found
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
!SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll -> File not found
igfxcui -> %SystemRoot%\System32\igfxdev.dll -> Intel Corporation [Ver = 7.14.10.1295 | Size = 200704 bytes | Modified Date = 20/09/2007 01:04:40 | Attr =    ]
VESWinlogon -> %SystemRoot%\System32\VESWinlogon.dll -> Sony Corporation [Ver = 3.1.00.12200 | Size = 98304 bytes | Modified Date = 15/08/2007 05:05:20 | Attr =    ]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\\ScanWithAntiVirus -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin -> 2 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableInstallerDetection -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableSecureUIAPaths -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableVirtualization -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ValidateAdminCodeSignatures -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\dontdisplaylastusername -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticecaption ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticetext ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\scforceoption -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\shutdownwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\undockwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\FilterAdministratorToken -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableUIADesktopToggle -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_TEXT -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_BITMAP -> 2 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_OEMTEXT -> 7 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_DIB -> 8 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_PALETTE -> 9 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_UNICODETEXT -> 13 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_DIBV5 -> 17 -> 
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\Shell\ -> -> 
< CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> 
*AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> 
TORiSAN CD-ROM CDR_C36 ->  -> File not found
NEC     MBR-7    ->  -> File not found
NEC     MBR-7.4  ->  -> File not found
PIONEER CHANGR DRM-1804X ->  -> File not found
PIONEER CD-ROM DRM-6324X ->  -> File not found
PIONEER CD-ROM DRM-624X  ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\System32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 6.0.6001.18000 (longhorn_rtm.080118-1840) | Size = 67072 bytes | Modified Date = 19/01/2008 06:49:51 | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 3 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRomMATSHITA_DVD-RAM_UJ870QJ________________1.01____\5&23cc82a5&0&0.0.0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 1 -> 
< Drives - Autoruns > ->  -> 
autoexec.bat [REM Dummy file for NTVDM | ] -> %SystemDrive%\autoexec.bat [ NTFS ] ->  [Ver =  | Size = 24 bytes | Modified Date = 18/09/2006 22:43:36 | Attr =    ]
< HOSTS File > (761 bytes) -> C:\Windows\System32\drivers\etc\Hosts -> 
::1             localhost -> -> 
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.club-vaio.com -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.google.com -> 
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://home.bt.yahoo.com -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\Local Page -> C:\Windows\system32\blank.htm -> 
HKEY_CURRENT_USER\: Main\\Search Bar -> http://www.google.com/ie -> 
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.google.com -> 
HKEY_CURRENT_USER\: Main\\Start Page -> http://home.bt.yahoo.com -> 
HKEY_CURRENT_USER\: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn1\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2007, 12, 18, 1 | Size = 817936 bytes | Modified Date = 18/12/2007 22:49:22 | Attr =    ]
HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 
HKEY_CURRENT_USER\: ProxyOverride -> *.local -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1563 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 1 range(s) found. -> 
GD [:Range = 127.0.0.1] -> http = Local intranet |  -> 
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn1\yt.dll [&Yahoo! Toolbar Helper] -> Yahoo! Inc. [Ver = 2007, 12, 18, 1 | Size = 817936 bytes | Modified Date = 18/12/2007 22:49:22 | Attr =    ]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 22/10/2006 23:08:42 | Attr =    ]
{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Winamp Toolbar\winamptb.dll [Winamp Toolbar BHO] -> AOL LLC [Ver = 5.1.14.2 | Size = 1185120 bytes | Modified Date = 13/12/2007 17:49:42 | Attr =    ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 509328 bytes | Modified Date = 22/02/2008 04:25:19 | Attr =    ]
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 5904 | Size = 2403392 bytes | Modified Date = 07/11/2007 22:11:22 | Attr = R  ]
{CA6319C0-31B7-401E-A518-A07C3DB8F777} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google BAE\BAE.dll [CBrowserHelperObject Object] -> Your Company Name [Ver = 1.2.0.2 | Size = 98304 bytes | Modified Date = 23/06/2006 22:38:00 | Attr =    ]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 5904 | Size = 2403392 bytes | Modified Date = 07/11/2007 22:11:22 | Attr = R  ]
{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Winamp Toolbar\winamptb.dll [Winamp Toolbar] -> AOL LLC [Ver = 5.1.14.2 | Size = 1185120 bytes | Modified Date = 13/12/2007 17:49:42 | Attr =    ]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn1\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2007, 12, 18, 1 | Size = 817936 bytes | Modified Date = 18/12/2007 22:49:22 | Attr =    ]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 5904 | Size = 2403392 bytes | Modified Date = 07/11/2007 22:11:22 | Attr = R  ]
WebBrowser\\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Winamp Toolbar\winamptb.dll [Winamp Toolbar] -> AOL LLC [Ver = 5.1.14.2 | Size = 1185120 bytes | Modified Date = 13/12/2007 17:49:42 | Attr =    ]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 509328 bytes | Modified Date = 22/02/2008 04:25:19 | Attr =    ]
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> 
&Winamp Toolbar Search -> %AllUsersProfile%\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ->  [Ver =  | Size = 747 bytes | Modified Date = 07/09/2006 21:59:50 | Attr =    ]
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{47990899-366B-408B-84E0-74A90E2E3416} ->    (Intel(R) PRO/Wireless 3945ABG Network Connection) -> 
{4E9F0D6E-5E79-48E8-BBAC-94509A04E378} ->    (Marvell Yukon 88E8039 PCI-E Fast Ethernet Controller) -> 
{7324F61A-A200-4D9F-AE1B-E8EDCF9A7CAC} ->    (Belkin 54g Wireless USB Network Adapter) -> 
{96AD83F1-0E20-49B2-9B0B-F8395814F24C} ->    (Belkin 54g Wireless USB Network Adapter) -> 
{B0978DDB-0F5A-43A9-9867-9E451BDE5C8F} ->    (Belkin 54g Wireless USB Network Adapter) -> 
< Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ -> 
NameSpace_Catalog5\Catalog_Entries\000000000007 [mdnsNSP] -> %ProgramFiles%\Bonjour\mdnsNSP.dll -> Apple Inc. [Ver = 1,0,4,12 | Size = 147456 bytes | Modified Date = 24/07/2007 15:17:08 | Attr =    ]
< Default Protocols [HKEY_LOCAL_MACHINE\] - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> 
ldap -> 4 = Restricted sites (Not a Default Protocol) -> 
news -> 4 = Restricted sites (Not a Default Protocol) -> 
nntp -> 4 = Restricted sites (Not a Default Protocol) -> 
oecmd -> 4 = Restricted sites (Not a Default Protocol) -> 
snews -> 4 = Restricted sites (Not a Default Protocol) -> 
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 
skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Skype\Skype4COM.dll[IEProtocolHandler Class] -> Skype Technologies [Ver = 1, 0, 27, 2 | Size = 1828176 bytes | Modified Date = 13/09/2007 17:50:30 | Attr = R  ]
< Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ not found. -> -> 



[Files/Folders - Created Within 30 days]
Deckard -> %SystemDrive%\Deckard ->  [Folder | Created Date = 19/06/2008 04:04:38 | Attr =    ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 2137448448 bytes | Created Date = 19/06/2008 04:51:18 | Attr =  HS]
stdtsa -> %SystemDrive%\stdtsa ->  [Folder | Created Date = 18/06/2008 22:01:33 | Attr =    ]
COH_Mon.cat -> %SystemRoot%\System32\drivers\COH_Mon.cat ->  [Ver =  | Size = 10537 bytes | Created Date = 30/05/2008 23:28:56 | Attr =    ]
COH_Mon.inf -> %SystemRoot%\System32\drivers\COH_Mon.inf ->  [Ver =  | Size = 706 bytes | Created Date = 30/05/2008 23:28:56 | Attr =    ]
COH_Mon.sys -> %SystemRoot%\System32\drivers\COH_Mon.sys -> Symantec Corporation [Ver = 6,1,4,10 | Size = 23904 bytes | Created Date = 30/05/2008 23:28:56 | Attr =    ]
mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys ->  [Ver =  | Size = 15864 bytes | Created Date = 17/06/2008 17:16:31 | Attr =    ]
mbamcatchme.sys -> %SystemRoot%\System32\drivers\mbamcatchme.sys ->  [Ver =  | Size = 34296 bytes | Created Date = 17/06/2008 17:16:31 | Attr =    ]
GameUXLegacyGDFs.dll -> %SystemRoot%\System32\GameUXLegacyGDFs.dll -> Microsoft [Ver = 1.0.0.1 | Size = 4240384 bytes | Created Date = 28/05/2008 18:28:37 | Attr =    ]
java.exe -> %SystemRoot%\System32\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 135168 bytes | Created Date = 23/05/2008 19:33:36 | Attr =    ]
javaw.exe -> %SystemRoot%\System32\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 135168 bytes | Created Date = 23/05/2008 19:33:36 | Attr =    ]
javaws.exe -> %SystemRoot%\System32\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 139264 bytes | Created Date = 23/05/2008 19:33:37 | Attr =    ]
ftpcache -> %SystemRoot%\ftpcache ->  [Folder | Created Date = 18/06/2008 22:36:10 | Attr =  HS]

[Files/Folders - Modified Within 30 days]
Big Fish Games -> %SystemDrive%\Big Fish Games ->  [Folder | Modified Date = 09/06/2008 04:28:59 | Attr =    ]
Config.Msi -> %SystemDrive%\Config.Msi ->  [Folder | Modified Date = 26/05/2008 17:27:01 | Attr =  HS]
Deckard -> %SystemDrive%\Deckard ->  [Folder | Modified Date = 19/06/2008 04:04:38 | Attr =    ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 2137448448 bytes | Modified Date = 19/06/2008 17:42:21 | Attr =  HS]
Program Files -> %ProgramFiles% ->  [Folder | Modified Date = 19/06/2008 18:00:12 | Attr = R  ]
ProgramData -> %AllUsersProfile% ->  [Folder | Modified Date = 17/06/2008 17:16:31 | Attr =  H ]
stdtsa -> %SystemDrive%\stdtsa ->  [Folder | Modified Date = 18/06/2008 22:01:45 | Attr =    ]
System Volume Information -> %SystemDrive%\System Volume Information ->  [Folder | Modified Date = 08/06/2008 00:27:18 | Attr =  HS]
temp -> %SystemDrive%\temp ->  [Folder | Modified Date = 09/06/2008 04:33:13 | Attr =    ]
Update -> %SystemDrive%\Update ->  [Folder | Modified Date = 23/05/2008 19:37:47 | Attr =    ]
Windows -> %SystemRoot% ->  [Folder | Modified Date = 19/06/2008 04:47:30 | Attr =    ]
mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys ->  [Ver =  | Size = 15864 bytes | Modified Date = 10/06/2008 19:02:40 | Attr =    ]
mbamcatchme.sys -> %SystemRoot%\System32\drivers\mbamcatchme.sys ->  [Ver =  | Size = 34296 bytes | Modified Date = 10/06/2008 19:02:44 | Attr =    ]
SYMEVENT.CAT -> %SystemRoot%\System32\drivers\SYMEVENT.CAT ->  [Ver =  | Size = 10671 bytes | Modified Date = 30/05/2008 23:28:53 | Attr =    ]
SYMEVENT.INF -> %SystemRoot%\System32\drivers\SYMEVENT.INF ->  [Ver =  | Size = 805 bytes | Modified Date = 30/05/2008 23:28:53 | Attr =    ]
SYMEVENT.SYS -> %SystemRoot%\System32\drivers\SYMEVENT.SYS -> Symantec Corporation [Ver = 12.5.4.1 | Size = 123952 bytes | Modified Date = 30/05/2008 23:28:53 | Attr =    ]
7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> %SystemRoot%\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 ->  [Ver =  | Size = 3568 bytes | Modified Date = 20/06/2008 01:42:39 | Attr =  H ]
7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> %SystemRoot%\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 ->  [Ver =  | Size = 3568 bytes | Modified Date = 20/06/2008 01:42:39 | Attr =  H ]
catroot -> %SystemRoot%\System32\catroot ->  [Folder | Modified Date = 30/05/2008 23:28:57 | Attr =    ]
catroot2 -> %SystemRoot%\System32\catroot2 ->  [Folder | Modified Date = 17/06/2008 06:18:48 | Attr =    ]
drivers -> %SystemRoot%\System32\drivers ->  [Folder | Modified Date = 17/06/2008 17:20:20 | Attr =    ]
perfc009.dat -> %SystemRoot%\System32\perfc009.dat ->  [Ver =  | Size = 114270 bytes | Modified Date = 08/06/2008 15:12:22 | Attr =    ]
perfh009.dat -> %SystemRoot%\System32\perfh009.dat ->  [Ver =  | Size = 0 bytes | Modified Date = 08/06/2008 15:12:22 | Attr =    ]
PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI ->  [Ver =  | Size = 756644 bytes | Modified Date = 07/06/2008 14:57:23 | Attr =    ]
Tasks -> %SystemRoot%\System32\Tasks ->  [Folder | Modified Date = 12/06/2008 05:11:48 | Attr =    ]
AppPatch -> %SystemRoot%\AppPatch ->  [Folder | Modified Date = 29/05/2008 19:31:41 | Attr =    ]
assembly -> %SystemRoot%\assembly ->  [Folder | Modified Date = 21/05/2008 21:15:14 | Attr = R S]
bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 67584 bytes | Modified Date = 19/06/2008 17:42:23 | Attr =   S]
Debug -> %SystemRoot%\Debug ->  [Folder | Modified Date = 18/06/2008 17:34:43 | Attr =    ]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files ->  [Folder | Modified Date = 26/05/2008 17:24:46 | Attr =   S]
ftpcache -> %SystemRoot%\ftpcache ->  [Folder | Modified Date = 18/06/2008 22:36:10 | Attr =  HS]
inf -> %SystemRoot%\inf ->  [Folder | Modified Date = 07/06/2008 14:57:23 | Attr =    ]
Installer -> %SystemRoot%\Installer ->  [Folder | Modified Date = 26/05/2008 17:27:28 | Attr =  HS]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified Date = 20/06/2008 03:11:13 | Attr =    ]
rescache -> %SystemRoot%\rescache ->  [Folder | Modified Date = 22/05/2008 17:28:57 | Attr =    ]
System32 -> %SystemRoot%\System32 ->  [Folder | Modified Date = 17/06/2008 18:07:12 | Attr =    ]
Tasks -> %SystemRoot%\Tasks ->  [Folder | Modified Date = 19/06/2008 18:00:12 | Attr =    ]
Temp -> %SystemRoot%\Temp ->  [Folder | Modified Date = 20/06/2008 03:11:15 | Attr =    ]
win.ini -> %SystemRoot%\win.ini ->  [Ver =  | Size = 219 bytes | Modified Date = 21/05/2008 21:16:24 | Attr =    ]
winsxs -> %SystemRoot%\winsxs ->  [Folder | Modified Date = 29/05/2008 18:48:04 | Attr =    ]
Norton Security Online - Run Full System Scan - Leanne.job -> %SystemRoot%\tasks\Norton Security Online - Run Full System Scan - Leanne.job ->  [Ver =  | Size = 502 bytes | Modified Date = 26/05/2008 20:52:45 | Attr =    ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 19/06/2008 17:42:34 | Attr =  H ]
C:\ProgramData\Microsoft\Network\Downloader\ -> C:\ProgramData\Microsoft\Network\Downloader ->  [Folder | Modified Date = 02/11/2006 14:04:06 | Attr =    ]
qmgr0.dat -> C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 4194304 bytes | Modified Date = 28/05/2008 18:28:36 | Attr =    ]
qmgr1.dat -> C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 4194304 bytes | Modified Date = 28/05/2008 18:28:36 | Attr =    ]
C:\ProgramData\Microsoft\OFFICE\DATA\ -> C:\ProgramData\Microsoft\OFFICE\DATA ->  [Folder | Modified Date = 18/03/2008 18:44:57 | Attr =    ]
opa12.dat -> C:\ProgramData\Microsoft\OFFICE\DATA\opa12.dat ->  [Ver =  | Size = 8302 bytes | Modified Date = 16/05/2008 18:17:03 | Attr =    ]
C:\ProgramData\Microsoft\RAC\PublishedData\ -> C:\ProgramData\Microsoft\RAC\PublishedData ->  [Folder | Modified Date = 17/03/2008 18:37:44 | Attr =    ]
PublishedRacMonAFLTable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonAFLTable.DAT ->  [Ver =  | Size = 2484 bytes | Modified Date = 08/06/2008 00:06:01 | Attr =    ]
PublishedRacMonCLKTable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonCLKTable.DAT ->  [Ver =  | Size = 48 bytes | Modified Date = 08/06/2008 00:06:01 | Attr =    ]
PublishedRacMonHFLTable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonHFLTable.DAT ->  [Ver =  | Size = 0 bytes | Modified Date = 08/06/2008 00:06:01 | Attr =    ]
PublishedRacMonIndex.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonIndex.DAT ->  [Ver =  | Size = 1992 bytes | Modified Date = 08/06/2008 00:05:54 | Attr =    ]
PublishedRacMonOSFTable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonOSFTable.DAT ->  [Ver =  | Size = 552 bytes | Modified Date = 08/06/2008 00:06:01 | Attr =    ]
PublishedRacMonSWITable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonSWITable.DAT ->  [Ver =  | Size = 102240 bytes | Modified Date = 08/06/2008 00:05:59 | Attr =    ]
C:\ProgramData\Microsoft\User Account Pictures\ -> C:\ProgramData\Microsoft\User Account Pictures ->  [Folder | Modified Date = 16/03/2008 17:46:27 | Attr =    ]
Leanne.dat -> C:\ProgramData\Microsoft\User Account Pictures\Leanne.dat ->  [Ver =  | Size = 0 bytes | Modified Date = 16/03/2008 17:46:27 | Attr =    ]
C:\Users\Leanne\AppData\Local\Temp\ -> C:\Users\Leanne\AppData\Local\Temp ->  [Folder | Modified Date = 19/06/2008 23:32:00 | Attr =    ]
symlcsv1.exe -> C:\Users\Leanne\AppData\Local\Temp\symlcsv1.exe -> Symantec Corporation [Ver = 1.9.1.1088 | Size = 31864 bytes | Modified Date = 19/06/2008 17:44:10 | Attr =    ]
19 C:\Users\Leanne\AppData\Local\Temp\*.tmp files -> C:\Users\Leanne\AppData\Local\Temp\*.tmp -> 
C:\Users\Leanne\AppData\Local\Temp\~affyjxx.tmp\ -> C:\Users\Leanne\AppData\Local\Temp\~affyjxx.tmp\ ->  [Folder | Modified Date = 19/06/2008 06:14:33 | Attr =  H ]
md5deep.exe -> C:\Users\Leanne\AppData\Local\Temp\~affyjxx.tmp\md5deep.exe ->  [Ver =  | Size = 21504 bytes | Modified Date = 30/07/2007 03:23:07 | Attr =    ]
sed.exe -> C:\Users\Leanne\AppData\Local\Temp\~affyjxx.tmp\sed.exe ->  [Ver =  | Size = 37376 bytes | Modified Date = 30/07/2007 03:23:07 | Attr =    ]
swreg.exe -> C:\Users\Leanne\AppData\Local\Temp\~affyjxx.tmp\swreg.exe -> SteelWerX [Ver = 2.0.2.0 | Size = 119296 bytes | Modified Date = 30/07/2007 03:23:07 | Attr =    ]
C:\Users\Leanne\AppData\Local\Temp\~cruvfjj.tmp\ -> C:\Users\Leanne\AppData\Local\Temp\~cruvfjj.tmp\ ->  [Folder | Modified Date = 19/06/2008 04:09:33 | Attr =  H ]
md5deep.exe -> C:\Users\Leanne\AppData\Local\Temp\~cruvfjj.tmp\md5deep.exe ->  [Ver =  | Size = 21504 bytes | Modified Date = 30/07/2007 03:23:07 | Attr =    ]
sed.exe -> C:\Users\Leanne\AppData\Local\Temp\~cruvfjj.tmp\sed.exe ->  [Ver =  | Size = 37376 bytes | Modified Date = 30/07/2007 03:23:07 | Attr =    ]
swreg.exe -> C:\Users\Leanne\AppData\Local\Temp\~cruvfjj.tmp\swreg.exe -> SteelWerX [Ver = 2.0.2.0 | Size = 119296 bytes | Modified Date = 30/07/2007 03:23:07 | Attr =    ]
C:\Users\Leanne\AppData\Local\Temp\~mnirdin.tmp\ -> C:\Users\Leanne\AppData\Local\Temp\~mnirdin.tmp\ ->  [Folder | Modified Date = 19/06/2008 04:56:11 | Attr =  H ]
md5deep.exe -> C:\Users\Leanne\AppData\Local\Temp\~mnirdin.tmp\md5deep.exe ->  [Ver =  | Size = 21504 bytes | Modified Date = 30/07/2007 03:23:07 | Attr =    ]
sed.exe -> C:\Users\Leanne\AppData\Local\Temp\~mnirdin.tmp\sed.exe ->  [Ver =  | Size = 37376 bytes | Modified Date = 30/07/2007 03:23:07 | Attr =    ]
swreg.exe -> C:\Users\Leanne\AppData\Local\Temp\~mnirdin.tmp\swreg.exe -> SteelWerX [Ver = 2.0.2.0 | Size = 119296 bytes | Modified Date = 30/07/2007 03:23:07 | Attr =    ]
C:\Users\Leanne\AppData\Local\Temp\~mxbthsy.tmp\ -> C:\Users\Leanne\AppData\Local\Temp\~mxbthsy.tmp\ ->  [Folder | Modified Date = 19/06/2008 17:51:19 | Attr =  H ]
md5deep.exe -> C:\Users\Leanne\AppData\Local\Temp\~mxbthsy.tmp\md5deep.exe ->  [Ver =  | Size = 21504 bytes | Modified Date = 30/07/2007 03:23:07 | Attr =    ]
sed.exe -> C:\Users\Leanne\AppData\Local\Temp\~mxbthsy.tmp\sed.exe ->  [Ver =  | Size = 37376 bytes | Modified Date = 30/07/2007 03:23:07 | Attr =    ]
swreg.exe -> C:\Users\Leanne\AppData\Local\Temp\~mxbthsy.tmp\swreg.exe -> SteelWerX [Ver = 2.0.2.0 | Size = 119296 bytes | Modified Date = 30/07/2007 03:23:07 | Attr =    ]
C:\Users\Leanne\AppData\Local\Temp\~nsu.tmp\ -> C:\Users\Leanne\AppData\Local\Temp\~nsu.tmp\ ->  [Folder | Modified Date = 19/06/2008 18:00:08 | Attr =    ]
Au_.exe -> C:\Users\Leanne\AppData\Local\Temp\~nsu.tmp\Au_.exe ->  [Ver =  | Size = 78057 bytes | Modified Date = 12/06/2008 05:11:47 | Attr =    ]
C:\Users\Leanne\AppData\Local\Temp\~shyikgu.tmp\ -> C:\Users\Leanne\AppData\Local\Temp\~shyikgu.tmp\ ->  [Folder | Modified Date = 19/06/2008 04:19:51 | Attr =  H ]
md5deep.exe -> C:\Users\Leanne\AppData\Local\Temp\~shyikgu.tmp\md5deep.exe ->  [Ver =  | Size = 21504 bytes | Modified Date = 30/07/2007 03:23:07 | Attr =    ]
sed.exe -> C:\Users\Leanne\AppData\Local\Temp\~shyikgu.tmp\sed.exe ->  [Ver =  | Size = 37376 bytes | Modified Date = 30/07/2007 03:23:07 | Attr =    ]
swreg.exe -> C:\Users\Leanne\AppData\Local\Temp\~shyikgu.tmp\swreg.exe -> SteelWerX [Ver = 2.0.2.0 | Size = 119296 bytes | Modified Date = 30/07/2007 03:23:07 | Attr =    ]
C:\Users\Leanne\AppData\Local\Temp\~uhsrzni.tmp\ -> C:\Users\Leanne\AppData\Local\Temp\~uhsrzni.tmp\ ->  [Folder | Modified Date = 19/06/2008 04:27:42 | Attr =  H ]
md5deep.exe -> C:\Users\Leanne\AppData\Local\Temp\~uhsrzni.tmp\md5deep.exe ->  [Ver =  | Size = 21504 bytes | Modified Date = 30/07/2007 03:23:07 | Attr =    ]
sed.exe -> C:\Users\Leanne\AppData\Local\Temp\~uhsrzni.tmp\sed.exe ->  [Ver =  | Size = 37376 bytes | Modified Date = 30/07/2007 03:23:07 | Attr =    ]
swreg.exe -> C:\Users\Leanne\AppData\Local\Temp\~uhsrzni.tmp\swreg.exe -> SteelWerX [Ver = 2.0.2.0 | Size = 119296 bytes | Modified Date = 30/07/2007 03:23:07 | Attr =    ]
C:\Users\Leanne\AppData\Local\Temp\~affyjxx.tmp\ -> C:\Users\Leanne\AppData\Local\Temp\~affyjxx.tmp\ ->  [Folder | Modified Date = 19/06/2008 06:14:33 | Attr =  H ]
dss.dll -> C:\Users\Leanne\AppData\Local\Temp\~affyjxx.tmp\dss.dll ->  [Ver =  | Size = 37888 bytes | Modified Date = 14/10/2007 07:42:28 | Attr =    ]
C:\Users\Leanne\AppData\Local\Temp\~cruvfjj.tmp\ -> C:\Users\Leanne\AppData\Local\Temp\~cruvfjj.tmp\ ->  [Folder | Modified Date = 19/06/2008 04:09:33 | Attr =  H ]
dss.dll -> C:\Users\Leanne\AppData\Local\Temp\~cruvfjj.tmp\dss.dll ->  [Ver =  | Size = 37888 bytes | Modified Date = 14/10/2007 07:42:28 | Attr =    ]
C:\Users\Leanne\AppData\Local\Temp\~mnirdin.tmp\ -> C:\Users\Leanne\AppData\Local\Temp\~mnirdin.tmp\ ->  [Folder | Modified Date = 19/06/2008 04:56:11 | Attr =  H ]
dss.dll -> C:\Users\Leanne\AppData\Local\Temp\~mnirdin.tmp\dss.dll ->  [Ver =  | Size = 37888 bytes | Modified Date = 14/10/2007 07:42:28 | Attr =    ]
C:\Users\Leanne\AppData\Local\Temp\~mxbthsy.tmp\ -> C:\Users\Leanne\AppData\Local\Temp\~mxbthsy.tmp\ ->  [Folder | Modified Date = 19/06/2008 17:51:19 | Attr =  H ]
dss.dll -> C:\Users\Leanne\AppData\Local\Temp\~mxbthsy.tmp\dss.dll ->  [Ver =  | Size = 37888 bytes | Modified Date = 14/10/2007 07:42:28 | Attr =    ]
C:\Users\Leanne\AppData\Local\Temp\~shyikgu.tmp\ -> C:\Users\Leanne\AppData\Local\Temp\~shyikgu.tmp\ ->  [Folder | Modified Date = 19/06/2008 04:19:51 | Attr =  H ]
dss.dll -> C:\Users\Leanne\AppData\Local\Temp\~shyikgu.tmp\dss.dll ->  [Ver =  | Size = 37888 bytes | Modified Date = 14/10/2007 07:42:28 | Attr =    ]
C:\Users\Leanne\AppData\Local\Temp\~uhsrzni.tmp\ -> C:\Users\Leanne\AppData\Local\Temp\~uhsrzni.tmp\ ->  [Folder | Modified Date = 19/06/2008 04:27:42 | Attr =  H ]
dss.dll -> C:\Users\Leanne\AppData\Local\Temp\~uhsrzni.tmp\dss.dll ->  [Ver =  | Size = 37888 bytes | Modified Date = 14/10/2007 07:42:28 | Attr =    ]

< End of report >
leanne01
Active Member
 
Posts: 12
Joined: June 12th, 2008, 1:34 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 31 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware