Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

irritating and annoying popups

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

irritating and annoying popups

Unread postby amit » July 9th, 2008, 3:09 pm

HI , ihave started getting numerous popups ( 1 in 2 min) and the machine has slowed down . iam posting the hijackthis o for your expert advice.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:36:05, on 09/07/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.exe
C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\BAE.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Nitro PDF Printer Monitor] "C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [googletalk] C:\Users\Sashi\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Sashi\AppData\Local\Temp\wvUlIxuR.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Sashi\AppData\Local\Temp\pmnkJaXN.dll,c
O4 - HKCU\..\Run: [0c5ddfb4] rundll32.exe "C:\Users\Sashi\AppData\Local\Temp\aqeamgjf.dll",b
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Autorun CDROM Monitor - Unknown owner - C:\Windows\system32\TDSupportApp\cdrom_mon.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Program Files\IBM\Lotus\Notes\ntmulti.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SonicWall VPN Client Service (RampartSvc) - SonicWALL, Inc. - C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
O23 - Service: ACE SMS Cast (ZMcastService) - Tanla Solutions Ltd - C:\Program Files\Tanla Solutions Ltd\ACE SMS Cast 1.0.9\TestMcaseService.exe

--
End of file - 11939 bytes

thx in advance - Amit
amit
Active Member
 
Posts: 11
Joined: July 9th, 2008, 2:42 pm
Advertisement
Register to Remove

Re: irritating and annoying popups

Unread postby ndmmxiaomayi » July 13th, 2008, 8:29 am

Hello,

Welcome to Malware Removal.

Disable Trend Micro Antivirus temporary

Please disable Trend Micro Antivirus temporary as it may interfere with the fixes. Remember to re-enable it back before posting back the logs.

  1. Right click on Trend Micro Antivirus icon near the clock ( Image )
  2. Select Unload OfficeScan.

Disable Windows Defender temporary

  1. Go to Start > All Programs > Windows Defender.
  2. Click on Tools at the top.
  3. Under Settings, click on Options.
  4. Under Automatic scanning, uncheck (untick) Automatically scan my computer (recommended) box.
  5. Under Real-time protection options, uncheck (untick) Use real-time protection (recommended) box.
  6. Click on the Save button at the bottom right hand corner.
____________________

If you already have Combofix, please delete this copy and download it again as it's being updated regularly.

Please download Combofix from Bleeping Computer and save it to your desktop.

Right click ComboFix.exe and select Run As Administrator to run it.

You'll receive UAC prompt. Please allow it.

Follow the prompts.

When done, a log will be produced. Please post that log and a new HijackThis log in your next reply.

Do not mouse click on Combofix while it is running. That may cause it to stall.
____________________

  1. Please open HijackThis.
  2. Click on the Open the Misc Tools section button.
  3. Look under System tools.
  4. Click on the Open Uninstall Manager... button.
  5. Click on the Save list... button.
  6. It will prompt you to save. Save this log in a convenient location. By default it's named uninstall_list.txt.
  7. Notepad will open. Please post this log in your next reply.

In your next reply, please post:

  1. Combofix log (C:\Combofix.txt)
  2. A new HijackThis log
  3. The Uninstall list
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Re: irritating and annoying popups

Unread postby amit » July 13th, 2008, 1:05 pm

Thanks .. Pls find the logs as instructed.

1. Hijack logs:

Logfile of HijackThis v1.99.1
Scan saved at 17:58:31, on 13/07/2008
Platform: Unknown Windows (WinNT 6.00.1905 SP1)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
C:\Windows\System32\mobsync.exe
C:\Windows\Explorer.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Users\Sashi\AppData\Local\Temp\Rar$EX00.850\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\BAE.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Nitro PDF Printer Monitor] "C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [googletalk] C:\Users\Sashi\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: igfxcui - C:\Windows\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: psfus - C:\Windows\system32\psqlpwd.dll
O20 - Winlogon Notify: VESWinlogon - C:\Windows\SYSTEM32\VESWinlogon.dll
O23 - Service: Autorun CDROM Monitor - Unknown owner - C:\Windows\system32\TDSupportApp\cdrom_mon.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Program Files\IBM\Lotus\Notes\ntmulti.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: SonicWall VPN Client Service (RampartSvc) - SonicWALL, Inc. - C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP (file missing)
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server (file missing)
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-UCLS-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\UCLS\HTTP (file missing)
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
O23 - Service: ACE SMS Cast (ZMcastService) - Tanla Solutions Ltd - C:\Program Files\Tanla Solutions Ltd\ACE SMS Cast 1.0.9\TestMcaseService.exe

2. uninstall_list

2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
ABC Amber vCard Converter
ACE SMS Cast 1.0.9
Active@ DVD Eraser v 1.1
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player ActiveX
Adobe Reader 8.1.2
ArcSoft Magic-i Visual Effects Installer
Bluetooth Stack for Windows by Toshiba
Browser Address Error Redirector
CCleaner (remove only)
Click to DVD 2.0.05 Menu Data
Click to DVD 2.6.00
ConvertXtoDVD 3.1.2.34
Cute CD DVD Burner V5.0
CutePDF Writer 2.7
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
ffdshow [rev 1928] [2008-04-10]
Foxit PDF Editor
GearDrvs
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Updater
HDAUDIO SoftV92 Data Fax Modem with SmartCP
Highlight Viewer (Windows Live Toolbar)
Instant Mode
Intel(R) Graphics Media Accelerator Driver
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) SE Runtime Environment 6 Update 1
K-Lite Codec Pack 3.7.5 Full
Lotus Notes 8.0
Macromedia Dreamweaver 8
Macromedia Extension Manager
Macromedia Fireworks 8
Map Button (Windows Live Toolbar)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Project 2007 Service Pack 1 (SP1)
Microsoft Office Project 2007 Service Pack 1 (SP1)
Microsoft Office Project MUI (English) 2007
Microsoft Office Project Standard 2007
Microsoft Office Project Standard 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
mpegable DS decoder
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
Nitro PDF Professional
Norton 360
OpenMG Limited Patch 4.7-07-15-19-01
OpenMG Secure Module 4.7.00
Protector Suite QL 5.6
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
Realtek High Definition Audio Driver
Redistributable_MM
Registry Mechanic 7.0
Roxio Easy Media Creator Home
Salesforce Outlook Edition 3.2
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Excel 2007 (KB946974)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB951808)
Security Update for Microsoft Office Word 2007 (KB950113)
Security Update for Office 2007 (KB947801)
Security Update for Visio 2007 (KB947590)
Setting Utility Series
Skype 3.2
Skype Plugin Manager
Smart Menus (Windows Live Toolbar)
SonicStage Mastering Studio
SonicStage Mastering Studio Audio Filter
SonicStage Mastering Studio Audio Filter Custom Preset
SonicStage Mastering Studio Plugins
SonicWALL Global VPN Client 4.0.0.830
Sony Video Shared Library
Synaptics Pointing Device Driver
Trend Micro OfficeScan Client
Trojan Remover 6.7.0
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Office 2007 (KB946691)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb953463)
VAIO Aqua Breeze Wallpaper
VAIO Camera Capture Utility
VAIO Content Folder Setting
VAIO Content Importer / VAIO Content Exporter
VAIO Content Metadata Intelligent Analyzing Manager
VAIO Content Metadata Manager Setting
VAIO Content Metadata XML Interface Library
VAIO Control Center
VAIO Cozy Orange Wallpaper
VAIO Data Restore Tool
VAIO Entertainment Platform
VAIO Event Service
VAIO Launcher
VAIO Long Battery Life Wallpaper
VAIO Media 6.0
VAIO Media AC3 Decoder 1.0
VAIO Media Content Collection 6.0
VAIO Media Integrated Server 6.1
VAIO Media Redistribution 6.0
VAIO Media Registration Tool 6.0
VAIO Movie Story
VAIO Movie Story Template Data
VAIO MusicBox
VAIO MusicBox Sample Music
VAIO Original Function Setting
VAIO Original Screen Saver
VAIO Power Management
VAIO Tender Green Wallpaper
VAIO Update 3
Windows Live Favorites for Windows Live Toolbar
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
WinDVD for VAIO
WinRAR archiver
WinSCP 4.0.7
Wireless Switch Setting Utility
Yahoo! Messenger
ZTE Mobile Connection

3. Combofix :

ComboFix 08-07-07.3 - Sashi 2008-07-13 17:40:48.1 - NTFSx86
Microsoft® Windows Vista™ Business 6.0.6001.1.1252.1.1033.18.1075 [GMT 1:00]
Running from: C:\Users\Sashi\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Users\Sashi\AppData\Roaming\inst.exe
C:\Windows\system32\x64

.
((((((((((((((((((((((((( Files Created from 2008-06-13 to 2008-07-13 )))))))))))))))))))))))))))))))
.

2008-07-13 16:32 . 2008-07-13 16:32 <DIR> d-------- C:\Users\Sashi\AppData\Roaming\Simply Super Software
2008-07-13 16:32 . 2008-07-13 16:32 <DIR> d-------- C:\ProgramData\TEMP
2008-07-13 16:32 . 2008-07-13 16:32 <DIR> d-------- C:\ProgramData\Simply Super Software
2008-07-13 16:32 . 2008-07-13 16:32 <DIR> d-------- C:\Program Files\Trojan Remover
2008-07-13 16:32 . 2006-05-25 15:52 162,304 --a------ C:\Windows\System32\ztvunrar36.dll
2008-07-13 16:32 . 2003-02-02 20:06 153,088 --a------ C:\Windows\System32\UNRAR3.dll
2008-07-13 16:32 . 2005-08-26 01:50 77,312 --a------ C:\Windows\System32\ztvunace26.dll
2008-07-13 16:32 . 2002-03-06 01:00 75,264 --a------ C:\Windows\System32\unacev2.dll
2008-07-13 16:32 . 2006-06-19 13:01 69,632 --a------ C:\Windows\System32\ztvcabinet.dll
2008-07-12 20:34 . 2004-08-04 07:00 506,368 --a------ C:\Windows\System32\msxml.dll
2008-07-11 23:09 . 2008-07-11 23:09 <DIR> d-------- C:\ProgramData\Apple Computer
2008-07-11 22:29 . 2008-07-11 22:29 <DIR> d-------- C:\Program Files\VSO
2008-07-11 22:29 . 2004-05-04 12:53 1,645,320 --a------ C:\Windows\gdiplus.dll
2008-07-11 22:29 . 2006-05-20 17:16 1,184,984 --a------ C:\Windows\System32\wvc1dmod.dll
2008-07-11 22:29 . 2006-05-11 20:21 626,688 --a------ C:\Windows\System32\vp7vfw.dll
2008-07-11 22:29 . 2006-09-29 13:24 217,127 --a------ C:\Windows\System32\drv43260.dll
2008-07-11 22:29 . 2006-09-29 13:25 208,935 --a------ C:\Windows\System32\drv33260.dll
2008-07-11 22:29 . 2006-09-29 13:26 176,165 --a------ C:\Windows\System32\drv23260.dll
2008-07-11 22:29 . 2007-03-18 21:37 65,602 --a------ C:\Windows\System32\cook3260.dll
2008-07-11 16:18 . 2008-07-11 16:45 <DIR> d-------- C:\Program Files\WinAVIVideoConverter
2008-07-11 12:52 . 2008-06-26 02:45 12,240,896 --a------ C:\Windows\System32\NlsLexicons0007.dll
2008-07-11 12:51 . 2008-06-26 02:45 2,644,480 --a------ C:\Windows\System32\NlsLexicons0009.dll
2008-07-11 12:51 . 2008-06-26 04:29 801,280 --a------ C:\Windows\System32\NaturalLanguage6.dll
2008-07-10 23:23 . 2008-07-10 23:23 <DIR> d-------- C:\Program Files\CCleaner
2008-07-09 22:41 . 2008-07-09 22:41 3,586 --a------ C:\Windows\System32\tmp.reg
2008-07-09 22:41 . 2008-07-09 22:41 691 --a------ C:\Users\Sashi\AppData\Roaming\GetValue.vbs
2008-07-09 22:41 . 2008-07-09 22:41 35 --a------ C:\Users\Sashi\AppData\Roaming\SetValue.bat
2008-07-09 22:32 . 2008-07-09 22:32 <DIR> d-------- C:\Windows\System32\SmitfraudFix
2008-07-09 19:18 . 2008-07-09 19:20 <DIR> d-------- C:\ProgramData\Lavasoft
2008-07-09 09:05 . 2005-08-27 02:38 1,435,272 --a------ C:\Windows\System32\Flash.ocx
2008-07-09 09:05 . 2003-11-19 13:59 512,688 --a------ C:\Windows\System32\XceedCry.dll
2008-07-09 09:05 . 2004-05-11 09:56 423,784 --a------ C:\Windows\System32\XceedBkp.dll
2008-07-09 09:05 . 2004-03-08 23:00 131,856 --a------ C:\Windows\System32\MSADODC.ocx
2008-07-09 09:04 . 2004-02-05 20:53 389,120 --a------ C:\Windows\System32\ACTSKN43.OCX
2008-07-09 09:04 . 2004-01-09 10:54 188,416 --a------ C:\Windows\System32\actsplash.ocx
2008-07-09 09:04 . 2001-03-28 22:02 89,088 --a------ C:\Windows\System32\ProgressBar4.ocx
2008-07-09 09:04 . 1999-01-26 19:36 11,012 --a------ C:\Windows\System32\threadapi.tlb
2008-07-08 22:44 . 2008-07-08 22:44 <DIR> d-------- C:\Users\Sashi\AppData\Roaming\Nitro PDF
2008-07-08 22:42 . 2008-07-08 22:42 <DIR> d-------- C:\ProgramData\Nitro PDF
2008-07-08 22:42 . 2008-07-08 22:42 <DIR> d-------- C:\Program Files\Nitro PDF
2008-07-08 22:42 . 2008-07-08 22:42 <DIR> d-------- C:\Program Files\Common Files\Nitro PDF
2008-07-08 22:42 . 2008-07-08 22:42 <DIR> d-------- C:\Program Files\Common Files\BCL Technologies
2008-07-08 22:15 . 2008-07-08 22:15 <DIR> d-------- C:\Windows\PrimoPDF4
2008-07-08 22:15 . 2008-07-08 22:38 <DIR> d-------- C:\Program Files\activePDF
2008-07-08 22:15 . 2006-12-11 21:12 176,235 --a------ C:\Windows\System32\Primomonnt.dll
2008-07-08 21:56 . 2008-07-08 21:56 <DIR> d-------- C:\Program Files\GPLGS
2008-07-08 21:56 . 2008-07-08 21:56 <DIR> d-------- C:\Program Files\Acro Software
2008-07-08 21:56 . 2007-07-12 22:33 87,552 --a------ C:\Windows\System32\cpwmon2k.dll
2008-07-08 21:22 . 2008-07-08 21:22 <DIR> d-------- C:\Users\Sashi\AppData\Roaming\Software602
2008-07-08 20:33 . 2008-07-08 20:33 0 --a------ C:\Windows\System32\602port
2008-07-08 20:32 . 2007-07-30 14:36 3,518,464 --a------ C:\Windows\System32\cdintf300.dll
2008-07-08 20:32 . 2007-07-30 14:36 1,843,200 --a------ C:\Windows\System32\acXMLParser.dll
2008-07-08 18:43 . 2008-07-08 18:43 0 --a------ C:\Windows\tosOBEX.INI
2008-07-08 18:39 . 2007-07-31 19:36 <DIR> dr------- C:\Users\Administrator\Videos
2008-07-08 18:39 . 2008-07-08 18:39 <DIR> dr------- C:\Users\Administrator\Searches
2008-07-08 18:39 . 2007-07-30 21:27 <DIR> dr------- C:\Users\Administrator\Saved Games
2008-07-08 18:39 . 2007-07-31 19:39 <DIR> dr------- C:\Users\Administrator\Pictures
2008-07-08 18:39 . 2007-07-30 21:27 <DIR> dr------- C:\Users\Administrator\Music
2008-07-08 18:39 . 2008-07-08 18:39 <DIR> dr------- C:\Users\Administrator\Links
2008-07-08 18:39 . 2007-07-30 21:27 <DIR> dr------- C:\Users\Administrator\Downloads
2008-07-08 18:39 . 2008-07-08 18:42 <DIR> dr------- C:\Users\Administrator\Documents
2008-07-08 18:39 . 2007-07-30 21:26 <DIR> dr------- C:\Users\Administrator\Contacts
2008-07-08 18:39 . 2007-08-23 07:16 <DIR> d-------- C:\Users\Administrator\AppData\Roaming\Sony Corporation
2008-07-08 18:39 . 2007-07-30 22:47 <DIR> d-------- C:\Users\Administrator\AppData\Roaming\InstallShield
2008-07-08 18:39 . 2007-07-30 21:27 <DIR> d--h----- C:\Users\Administrator\AppData
2008-07-08 18:39 . 2008-07-08 18:39 <DIR> d-------- C:\Users\Administrator
2008-07-08 18:17 . 2001-05-22 07:00 22,016 --a------ C:\Windows\System32\borlndmm.dll
2008-07-08 18:16 . 2008-07-08 18:16 <DIR> d-------- C:\Program Files\Software602
2008-07-08 18:16 . 2008-07-08 21:32 <DIR> d-------- C:\Program Files\Common Files\soft602
2008-07-08 17:53 . 2008-07-08 17:53 <DIR> d-------- C:\Program Files\Foxit Software
2008-06-27 23:11 . 2008-06-27 23:11 <DIR> d-------- C:\Users\Sashi\AppData\Roaming\Alien Skin
2008-06-27 13:25 . 2008-06-27 13:25 <DIR> d-------- C:\Program Files\Rok Mobile
2008-06-27 13:20 . 2008-06-27 13:20 <DIR> d-------- C:\Program Files\WinSCP
2008-06-25 12:13 . 2008-06-25 12:13 509,208 --a------ C:\Windows\System32\ICCProfiles.dll
2008-06-22 15:55 . 2008-06-22 15:55 <DIR> d-------- C:\ProgramData\Macrovision
2008-06-22 12:49 . 2008-06-22 12:49 <DIR> d-------- C:\Users\Sashi\AppData\Roaming\U3
2008-06-19 14:26 . 2008-06-19 14:26 <DIR> d-------- C:\Program Files\Tanla Solutions Ltd
2008-06-17 20:56 . 2008-06-17 20:56 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-06-15 00:03 . 2008-06-22 20:17 <DIR> d-------- C:\Program Files\Macromedia
2008-06-15 00:03 . 2008-06-22 20:17 <DIR> d-------- C:\Program Files\Common Files\Macromedia

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-13 16:12 --------- d-----w C:\ProgramData\Google Updater
2008-07-12 19:31 --------- d-----w C:\Users\Sashi\AppData\Roaming\Vso
2008-07-11 21:30 47,360 ----a-w C:\Users\Sashi\AppData\Roaming\pcouffin.sys
2008-07-11 11:58 --------- d-----w C:\ProgramData\Microsoft Help
2008-07-10 18:48 --------- d-----w C:\Users\Sashi\AppData\Roaming\uTorrent
2008-07-09 18:34 --------- d-----w C:\Program Files\Trend Micro
2008-07-09 16:45 --------- d-----w C:\Program Files\Windows Mail
2008-07-08 20:32 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-25 14:35 --------- d-----w C:\Program Files\ZTE Mobile Connection
2008-06-03 15:27 --------- d-----w C:\Program Files\Java
2008-05-29 14:19 174 --sha-w C:\Program Files\desktop.ini
2008-05-29 14:08 --------- d-----w C:\Program Files\Windows Sidebar
2008-05-29 14:08 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-05-29 14:08 --------- d-----w C:\Program Files\Windows Journal
2008-05-29 14:08 --------- d-----w C:\Program Files\Windows Defender
2008-05-29 14:08 --------- d-----w C:\Program Files\Windows Collaboration
2008-05-29 14:08 --------- d-----w C:\Program Files\Windows Calendar
2008-05-19 07:50 --------- d-----w C:\Program Files\Microsoft.NET
2008-04-19 21:18 47,104 ------w C:\Windows\AKDeInstall.exe
2008-03-10 15:12 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-03-10 15:12 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-03-10 15:12 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2002-04-16 11:27 5 --sha-w C:\Windows\System32\CdI5T.drv
1998-03-20 01:00 1,048 --sha-w C:\Windows\System32\flfnlf.sys
1998-03-20 01:00 1,048 --sha-w C:\Windows\System32\rlfnlf.sys
1998-03-20 01:00 1,048 --sha-w C:\Windows\System32\TMailRL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-06-06 07:16 2955264 --a------ C:\Program Files\Protector Suite QL\farchns.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-06-06 07:16 2955264 --a------ C:\Program Files\Protector Suite QL\farchns.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 08:33 1233920]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-07 21:49 68856]
"googletalk"="C:\Users\Sashi\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 22:22 3739648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-06-30 02:08 137752]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-06-30 02:07 154136]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2007-06-30 02:07 133656]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-10 02:58 835584]
"ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [2007-06-12 02:27 317560]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"PSQLLauncher"="C:\Program Files\Protector Suite QL\launcher.exe" [2007-06-06 06:40 49168]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 08:00 33648]
"OfficeScanNT Monitor"="C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" [2007-12-11 14:01 710000]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"Nitro PDF Printer Monitor"="C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe" [2008-06-25 12:13 210224]
"TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [2008-06-03 20:33 878672]
"RtHDVCpl"="RtHDVCpl.exe" [2007-04-08 03:33 4423680 C:\Windows\RtHDVCpl.exe]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-05-23 00:57:26 2756608]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-02-07 21:49:01 125624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-06-06 07:03 90112 C:\Windows\System32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-07-25 03:26 98304 C:\Windows\System32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= C:\Program Files\Common Files\Sony Shared\VideoLib\sonydv.dll
"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{B79A4AAD-FBEE-4C24-AC5B-D249BCFB22C9}"= UDP:C:\Program Files\Google\Google Talk\googletalk.exe:Google Talk
"{C76F22E1-5BE2-464C-BA2B-741C2E5E62D5}"= TCP:C:\Program Files\Google\Google Talk\googletalk.exe:Google Talk
"{2208CA90-1CB5-44BA-8816-71FB8EEA355D}"= Disabled:UDP:C:\Program Files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{3BAB29ED-E438-4C71-8245-4F76820C4C0E}"= Disabled:TCP:C:\Program Files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{10BDEF4C-C824-4CC6-8494-DFAE1B0968C4}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{0473365E-B1BC-4443-B069-0C75ED21243F}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{AE2D8443-A9E1-4B16-AC98-B57B2D5C529B}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{BE07AE5B-DA08-4239-A107-126BE80AD526}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{525FE0B4-6146-4A7B-97E8-880D5B9CE690}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{E2E9263A-861B-4706-8B2E-CDB8140800F6}C:\\program files\\sonicwall\\sonicwall global vpn client\\swgvpnclient.exe"= UDP:C:\program files\sonicwall\sonicwall global vpn client\swgvpnclient.exe:SonicWALL Global VPN Client
"UDP Query User{52724BB3-7FAC-471C-8E2D-8CF73B114E6E}C:\\program files\\sonicwall\\sonicwall global vpn client\\swgvpnclient.exe"= TCP:C:\program files\sonicwall\sonicwall global vpn client\swgvpnclient.exe:SonicWALL Global VPN Client
"{D54FECC8-59E0-4BC0-ACB2-5DE630258CD3}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{46767004-A0E5-4498-A257-FA9E16129D4D}C:\\program files\\lotus\\notes\\framework\\rcp\\eclipse\\plugins\\com.ibm.rcp.j2se.win32.x86_1.5.0.sr4-200707311521\\jre\\bin\\notes2w.exe"= UDP:C:\program files\lotus\notes\framework\rcp\eclipse\plugins\com.ibm.rcp.j2se.win32.x86_1.5.0.sr4-200707311521\jre\bin\notes2w.exe:Lotus Notes
"UDP Query User{9D2F0B19-51F0-4BA1-A1F6-3AD6FDDBEC3F}C:\\program files\\lotus\\notes\\framework\\rcp\\eclipse\\plugins\\com.ibm.rcp.j2se.win32.x86_1.5.0.sr4-200707311521\\jre\\bin\\notes2w.exe"= TCP:C:\program files\lotus\notes\framework\rcp\eclipse\plugins\com.ibm.rcp.j2se.win32.x86_1.5.0.sr4-200707311521\jre\bin\notes2w.exe:Lotus Notes
"TCP Query User{9FCEAA69-085B-47E1-9E4A-81E208B15567}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{1836FCDF-15D9-4B40-A292-91F11909C737}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"{7AD65289-D877-41E2-A05D-0188BC4965ED}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{C6D7C07A-C65E-4BAC-818A-B31E3AD4668E}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{8C882ADF-5E70-44AF-8082-E78C5D85CCB2}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{267488A7-9380-4740-91BE-7A4B1037F4FE}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"TCP Query User{2EFB8811-E37C-4792-A167-2577C916BC7D}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{DBE121A7-B90D-4825-A09B-D31F943D697E}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"TCP Query User{1AB506DF-EDF7-4C3C-B097-669AF2F83185}C:\\program files\\ibm\\lotus\\notes\\framework\\rcp\\eclipse\\plugins\\com.ibm.rcp.j2se.win32.x86_1.5.0.sr4-200707311521\\jre\\bin\\notes2w.exe"= UDP:C:\program files\ibm\lotus\notes\framework\rcp\eclipse\plugins\com.ibm.rcp.j2se.win32.x86_1.5.0.sr4-200707311521\jre\bin\notes2w.exe:Lotus Notes
"UDP Query User{75170601-D717-4D42-8CE3-90F9692CCF4F}C:\\program files\\ibm\\lotus\\notes\\framework\\rcp\\eclipse\\plugins\\com.ibm.rcp.j2se.win32.x86_1.5.0.sr4-200707311521\\jre\\bin\\notes2w.exe"= TCP:C:\program files\ibm\lotus\notes\framework\rcp\eclipse\plugins\com.ibm.rcp.j2se.win32.x86_1.5.0.sr4-200707311521\jre\bin\notes2w.exe:Lotus Notes
"TCP Query User{97223D37-6F9A-400F-9D87-BE14F497B7EB}C:\\viaobup_d\\sashi_india on sashi\\s a s h i\\personal\\software\\pdfedit.exe"= UDP:C:\viaobup_d\sashi_india on sashi\s a s h i\personal\software\pdfedit.exe:Foxit PDF Editor, the first REAL editor for PDF files!
"UDP Query User{5CAC7446-E494-4E6E-9B82-73FC2B4B5715}C:\\viaobup_d\\sashi_india on sashi\\s a s h i\\personal\\software\\pdfedit.exe"= TCP:C:\viaobup_d\sashi_india on sashi\s a s h i\personal\software\pdfedit.exe:Foxit PDF Editor, the first REAL editor for PDF files!
"{BD5CAE1A-C503-4319-A302-F3C241FDAAA8}"= UDP:35629:Trend Micro OfficeScan Listener

R1 RCFOX;SonicWALL IPsec Driver;C:\Windows\system32\Drivers\RCFOX.sys [2007-09-27 16:49]
R2 Autorun CDROM Monitor;Autorun CDROM Monitor;C:\Windows\system32\TDSupportApp\cdrom_mon.exe [2007-10-06 15:56]
R2 regi;regi;C:\Windows\system32\drivers\regi.sys [2007-04-18 04:09]
R2 ZMcastService;ACE SMS Cast;C:\Program Files\Tanla Solutions Ltd\ACE SMS Cast 1.0.9\TestMcaseService.exe [2008-05-07 17:54]
R3 R5U870FLx86;R5U870 UVC Lower Filter ;C:\Windows\system32\Drivers\R5U870FLx86.sys [2007-04-20 01:01]
R3 R5U870FUx86;R5U870 UVC Upper Filter ;C:\Windows\system32\Drivers\R5U870FUx86.sys [2007-04-20 01:01]
R3 rcvpn;SonicWALL VPN Adapter;C:\Windows\system32\DRIVERS\rcvpn.sys [2005-11-08 10:58]
R3 ti21sony;ti21sony;C:\Windows\system32\drivers\ti21sony.sys [2007-06-06 01:00]
S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe [2007-01-11 00:51]
S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2007-06-20 23:34]
S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-06-20 23:34]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2007-07-06 03:12]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2007-09-20 19:52]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\shell\AutoRun\command - H:\GMTsetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6e8c6a0f-d753-11dc-b821-c7a2f49de6f2}]
\shell\AutoRun\command - G:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8a93b6bf-1e92-11dd-ada9-f84313514fc4}]
\shell\AutoRun\command - H:\GMTsetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{96918a22-195b-11dd-bf07-f3d284cb187a}]
\shell\AutoRun\command - G:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c9b1718f-d7d2-11dc-b4c0-fb929f9c69c5}]
\shell\AutoRun\command - G:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ef58db07-339b-11dd-ad03-98d0b9a14b34}]
\shell\AutoRun\command - G:\AutoRun.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-01-22 10:33:43 C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-13 17:48:00
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\Protector Suite QL\upeksvr.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
C:\Program Files\IBM\Lotus\Notes\ntmulti.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Windows\System32\drivers\XAudio.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Windows\System32\igfxext.exe
C:\Windows\System32\igfxsrvc.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Windows\System32\igfxsrvc.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
C:\Windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2008-07-13 17:54:09 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-13 16:53:42

Pre-Run: 62,553,038,848 bytes free
Post-Run: 62,164,430,848 bytes free

280 --- E O F --- 2008-07-11 12:00:01

Thnks. Look forward to your reply - amit
amit
Active Member
 
Posts: 11
Joined: July 9th, 2008, 2:42 pm

Re: irritating and annoying popups

Unread postby ndmmxiaomayi » July 14th, 2008, 12:22 am

Hello,

I see that you've Norton 360. Does it come with an antivirus?
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Re: irritating and annoying popups

Unread postby amit » July 14th, 2008, 2:23 am

HI,
No i dont have Norton 360. But i have trojan remover. Since i had this problem and didnot get any response from you guys , i had downloaded some malware remover etc to solve my problems. let me know if you need any other information.
amit
amit
Active Member
 
Posts: 11
Joined: July 9th, 2008, 2:42 pm

Re: irritating and annoying popups

Unread postby ndmmxiaomayi » July 14th, 2008, 2:34 am

Hmm... it showed up in your logs. We'll remove that in a while.

Step 1

Please disable Trend Micro Antivirus temporarily as per my previous post. It may interfere with Combofix. Before posting back the logs, please re-enable it back.

Step 2

Please open Notepad and copy and paste the following in the Code box into Notepad:

Code: Select all
File::
C:\Users\Sashi\AppData\Roaming\GetValue.vbs
C:\Users\Sashi\AppData\Roaming\SetValue.bat
C:\Windows\System32\XceedCry.dll
C:\Windows\System32\XceedBkp.dll
C:\Windows\System32\ACTSKN43.OCX
C:\Windows\System32\actsplash.ocx
C:\Windows\System32\ProgressBar4.ocx
C:\Windows\System32\threadapi.tlb

Folder::
C:\Windows\System32\SmitfraudFix

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c9b1718f-d7d2-11dc-b4c0-fb929f9c69c5}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6e8c6a0f-d753-11dc-b821-c7a2f49de6f2}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ef58db07-339b-11dd-ad03-98d0b9a14b34}]


Warning: The above script is just for amit. If you are not amit, please do not use this script as it may damage the workings of your system.

Click on File > Save As....

In the File Name field, copy and paste in CFScript.txt. Do not change the file name.

Click Save.

Referring to the picture below, drag CFScript into Combofix.

Image

Combofix will start running. When done, a log will be produced. Please post this log in your next reply.

Do not mouse click on Combofix while it is running. That may cause it to stall.

You're running HijackThis directly from a zip file. This is not recommended as it makes backups. They will be cleared when some cleaner clears your temporary file folders.

C:\Users\Sashi\AppData\Local\Temp\Rar$EX00.850\HijackThis.exe

You've previously installed HijackThis. It can be found here - C:\Program Files\Trend Micro\HijackThis

In your next reply, please post:

  1. Combofix log (C:\Combofix.txt)
  2. A new HijackThis log
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Re: irritating and annoying popups

Unread postby amit » July 14th, 2008, 5:13 am

HI ,
thanks for getting back. My name is sashi and my nick ame is amit hence the confussion.

I did follow the steps as instructed. the combofix did not generate any log. it was a blank one. should i redo again.

Posting the hijackthis log..

Logfile of HijackThis v1.99.1
Scan saved at 10:07:00, on 14/07/2008
Platform: Unknown Windows (WinNT 6.00.1905 SP1)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
C:\Program Files\Trend Micro\OfficeScan Client\Misc\xpupg.exe
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\Users\Sashi\Desktop\malw_stuff\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\BAE.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Nitro PDF Printer Monitor] "C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [googletalk] C:\Users\Sashi\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: igfxcui - C:\Windows\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: psfus - C:\Windows\system32\psqlpwd.dll
O20 - Winlogon Notify: VESWinlogon - C:\Windows\SYSTEM32\VESWinlogon.dll
O23 - Service: Autorun CDROM Monitor - Unknown owner - C:\Windows\system32\TDSupportApp\cdrom_mon.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Program Files\IBM\Lotus\Notes\ntmulti.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: SonicWall VPN Client Service (RampartSvc) - SonicWALL, Inc. - C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: OfficeScan NT Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP (file missing)
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server (file missing)
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-UCLS-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\UCLS\HTTP (file missing)
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
O23 - Service: ACE SMS Cast (ZMcastService) - Tanla Solutions Ltd - C:\Program Files\Tanla Solutions Ltd\ACE SMS Cast 1.0.9\TestMcaseService.exe

thnx. let me know if you want me to do any other reports for you.
amit
Active Member
 
Posts: 11
Joined: July 9th, 2008, 2:42 pm

Re: irritating and annoying popups

Unread postby ndmmxiaomayi » July 14th, 2008, 5:19 am

Hi Sashi :)

Did Combofix create a log?

Combofix log can be found here - C:\Combofix.txt
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Re: irritating and annoying popups

Unread postby amit » July 14th, 2008, 5:33 am

HI ,
Thx.
No it was a blank notepad that was generated. Shld i do it again. in the C:\Combofix.txt i can only see the old log. i did get the UAC and it did do a lot of things but dinot generate a report. Let me know what i shld do.
i had even disabled my trend av.
reg
sashi
amit
Active Member
 
Posts: 11
Joined: July 9th, 2008, 2:42 pm

Re: irritating and annoying popups

Unread postby amit » July 14th, 2008, 5:39 am

Hi ,
Sorry i searched forcombofix and found this one ...i think this is the log generated this morning..
reg. Let me know if i shld run this again or this is good enough for you to analyse.
sashi

ComboFix 08-07-07.3 - Sashi 2008-07-14 9:43:22.2 - NTFSx86
Microsoft® Windows Vista™ Business 6.0.6001.1.1252.1.1033.18.1047 [GMT 1:00]
Running from: C:\Users\Sashi\Desktop\malw_stuff\ComboFix.exe
Command switches used :: C:\Users\Sashi\Desktop\malw_stuff\CFScript.txt
* Created a new restore point

FILE ::
C:\Users\Sashi\AppData\Roaming\GetValue.vbs
C:\Users\Sashi\AppData\Roaming\SetValue.bat
C:\Windows\System32\ACTSKN43.OCX
C:\Windows\System32\actsplash.ocx
C:\Windows\System32\ProgressBar4.ocx
C:\Windows\System32\threadapi.tlb
C:\Windows\System32\XceedBkp.dll
C:\Windows\System32\XceedCry.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Users\Sashi\AppData\Roaming\GetValue.vbs
C:\Users\Sashi\AppData\Roaming\SetValue.bat
C:\Windows\System32\ACTSKN43.OCX
C:\Windows\System32\actsplash.ocx
C:\Windows\System32\ProgressBar4.ocx
C:\Windows\System32\SmitfraudFix
C:\Windows\System32\SmitfraudFix\404Fix.exe
C:\Windows\System32\SmitfraudFix\dumphive.exe
C:\Windows\System32\SmitfraudFix\exit.exe
C:\Windows\System32\SmitfraudFix\GenericRenosFix.exe
C:\Windows\System32\SmitfraudFix\HostsChk.exe
C:\Windows\System32\SmitfraudFix\IEDFix.C.exe
C:\Windows\System32\SmitfraudFix\IEDFix.exe
C:\Windows\System32\SmitfraudFix\Policies.exe
C:\Windows\System32\SmitfraudFix\Process.exe
C:\Windows\System32\SmitfraudFix\Reboot.exe
C:\Windows\System32\SmitfraudFix\restart.exe
C:\Windows\System32\SmitfraudFix\SmitfraudFix.cmd
C:\Windows\System32\SmitfraudFix\SmiUpdate.exe
C:\Windows\System32\SmitfraudFix\SrchSTS.exe
C:\Windows\System32\SmitfraudFix\swreg.exe
C:\Windows\System32\SmitfraudFix\swsc.exe
C:\Windows\System32\SmitfraudFix\swxcacls.exe
C:\Windows\System32\SmitfraudFix\UIFix.exe
C:\Windows\System32\SmitfraudFix\unzip.exe
C:\Windows\System32\SmitfraudFix\VACFix.exe
C:\Windows\System32\SmitfraudFix\VCCLSID.exe
C:\Windows\System32\SmitfraudFix\WS2Fix.exe
C:\Windows\System32\threadapi.tlb
C:\Windows\System32\XceedBkp.dll
C:\Windows\System32\XceedCry.dll

.
((((((((((((((((((((((((( Files Created from 2008-06-14 to 2008-07-14 )))))))))))))))))))))))))))))))
.

2008-07-13 16:32 . 2008-07-13 16:32 <DIR> d-------- C:\ProgramData\TEMP
2008-07-13 16:32 . 2008-07-14 09:42 <DIR> d-------- C:\Program Files\Trojan Remover
2008-07-12 20:34 . 2004-08-04 07:00 506,368 --a------ C:\Windows\System32\msxml.dll
2008-07-11 23:09 . 2008-07-11 23:09 <DIR> d-------- C:\ProgramData\Apple Computer
2008-07-11 22:29 . 2008-07-11 22:29 <DIR> d-------- C:\Program Files\VSO
2008-07-11 22:29 . 2004-05-04 12:53 1,645,320 --a------ C:\Windows\gdiplus.dll
2008-07-11 22:29 . 2006-05-20 17:16 1,184,984 --a------ C:\Windows\System32\wvc1dmod.dll
2008-07-11 22:29 . 2006-05-11 20:21 626,688 --a------ C:\Windows\System32\vp7vfw.dll
2008-07-11 22:29 . 2006-09-29 13:24 217,127 --a------ C:\Windows\System32\drv43260.dll
2008-07-11 22:29 . 2006-09-29 13:25 208,935 --a------ C:\Windows\System32\drv33260.dll
2008-07-11 22:29 . 2006-09-29 13:26 176,165 --a------ C:\Windows\System32\drv23260.dll
2008-07-11 22:29 . 2007-03-18 21:37 65,602 --a------ C:\Windows\System32\cook3260.dll
2008-07-11 16:18 . 2008-07-11 16:45 <DIR> d-------- C:\Program Files\WinAVIVideoConverter
2008-07-11 12:52 . 2008-06-26 02:45 12,240,896 --a------ C:\Windows\System32\NlsLexicons0007.dll
2008-07-11 12:51 . 2008-06-26 02:45 2,644,480 --a------ C:\Windows\System32\NlsLexicons0009.dll
2008-07-11 12:51 . 2008-06-26 04:29 801,280 --a------ C:\Windows\System32\NaturalLanguage6.dll
2008-07-10 23:23 . 2008-07-10 23:23 <DIR> d-------- C:\Program Files\CCleaner
2008-07-09 22:41 . 2008-07-09 22:41 3,586 --a------ C:\Windows\System32\tmp.reg
2008-07-09 19:18 . 2008-07-09 19:20 <DIR> d-------- C:\ProgramData\Lavasoft
2008-07-09 09:05 . 2005-08-27 02:38 1,435,272 --a------ C:\Windows\System32\Flash.ocx
2008-07-09 09:05 . 2004-03-08 23:00 131,856 --a------ C:\Windows\System32\MSADODC.ocx
2008-07-08 22:44 . 2008-07-08 22:44 <DIR> d-------- C:\Users\Sashi\AppData\Roaming\Nitro PDF
2008-07-08 22:42 . 2008-07-08 22:42 <DIR> d-------- C:\ProgramData\Nitro PDF
2008-07-08 22:42 . 2008-07-08 22:42 <DIR> d-------- C:\Program Files\Nitro PDF
2008-07-08 22:42 . 2008-07-08 22:42 <DIR> d-------- C:\Program Files\Common Files\Nitro PDF
2008-07-08 22:42 . 2008-07-08 22:42 <DIR> d-------- C:\Program Files\Common Files\BCL Technologies
2008-07-08 22:15 . 2008-07-08 22:15 <DIR> d-------- C:\Windows\PrimoPDF4
2008-07-08 22:15 . 2008-07-08 22:38 <DIR> d-------- C:\Program Files\activePDF
2008-07-08 22:15 . 2006-12-11 21:12 176,235 --a------ C:\Windows\System32\Primomonnt.dll
2008-07-08 21:56 . 2008-07-08 21:56 <DIR> d-------- C:\Program Files\GPLGS
2008-07-08 21:56 . 2008-07-08 21:56 <DIR> d-------- C:\Program Files\Acro Software
2008-07-08 21:56 . 2007-07-12 22:33 87,552 --a------ C:\Windows\System32\cpwmon2k.dll
2008-07-08 21:22 . 2008-07-08 21:22 <DIR> d-------- C:\Users\Sashi\AppData\Roaming\Software602
2008-07-08 20:33 . 2008-07-08 20:33 0 --a------ C:\Windows\System32\602port
2008-07-08 20:32 . 2007-07-30 14:36 3,518,464 --a------ C:\Windows\System32\cdintf300.dll
2008-07-08 20:32 . 2007-07-30 14:36 1,843,200 --a------ C:\Windows\System32\acXMLParser.dll
2008-07-08 18:43 . 2008-07-08 18:43 0 --a------ C:\Windows\tosOBEX.INI
2008-07-08 18:39 . 2007-07-31 19:36 <DIR> dr------- C:\Users\Administrator\Videos
2008-07-08 18:39 . 2008-07-08 18:39 <DIR> dr------- C:\Users\Administrator\Searches
2008-07-08 18:39 . 2007-07-30 21:27 <DIR> dr------- C:\Users\Administrator\Saved Games
2008-07-08 18:39 . 2007-07-31 19:39 <DIR> dr------- C:\Users\Administrator\Pictures
2008-07-08 18:39 . 2007-07-30 21:27 <DIR> dr------- C:\Users\Administrator\Music
2008-07-08 18:39 . 2008-07-08 18:39 <DIR> dr------- C:\Users\Administrator\Links
2008-07-08 18:39 . 2007-07-30 21:27 <DIR> dr------- C:\Users\Administrator\Downloads
2008-07-08 18:39 . 2008-07-08 18:42 <DIR> dr------- C:\Users\Administrator\Documents
2008-07-08 18:39 . 2007-07-30 21:26 <DIR> dr------- C:\Users\Administrator\Contacts
2008-07-08 18:39 . 2007-08-23 07:16 <DIR> d-------- C:\Users\Administrator\AppData\Roaming\Sony Corporation
2008-07-08 18:39 . 2007-07-30 22:47 <DIR> d-------- C:\Users\Administrator\AppData\Roaming\InstallShield
2008-07-08 18:39 . 2007-07-30 21:27 <DIR> d--h----- C:\Users\Administrator\AppData
2008-07-08 18:39 . 2008-07-08 18:39 <DIR> d-------- C:\Users\Administrator
2008-07-08 18:17 . 2001-05-22 07:00 22,016 --a------ C:\Windows\System32\borlndmm.dll
2008-07-08 18:16 . 2008-07-08 18:16 <DIR> d-------- C:\Program Files\Software602
2008-07-08 18:16 . 2008-07-08 21:32 <DIR> d-------- C:\Program Files\Common Files\soft602
2008-07-08 17:53 . 2008-07-08 17:53 <DIR> d-------- C:\Program Files\Foxit Software
2008-06-27 23:11 . 2008-06-27 23:11 <DIR> d-------- C:\Users\Sashi\AppData\Roaming\Alien Skin
2008-06-27 13:25 . 2008-06-27 13:25 <DIR> d-------- C:\Program Files\Rok Mobile
2008-06-27 13:20 . 2008-06-27 13:20 <DIR> d-------- C:\Program Files\WinSCP
2008-06-25 12:13 . 2008-06-25 12:13 509,208 --a------ C:\Windows\System32\ICCProfiles.dll
2008-06-22 15:55 . 2008-06-22 15:55 <DIR> d-------- C:\ProgramData\Macrovision
2008-06-22 12:49 . 2008-06-22 12:49 <DIR> d-------- C:\Users\Sashi\AppData\Roaming\U3
2008-06-19 14:26 . 2008-06-19 14:26 <DIR> d-------- C:\Program Files\Tanla Solutions Ltd
2008-06-17 20:56 . 2008-06-17 20:56 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-06-15 00:03 . 2008-06-22 20:17 <DIR> d-------- C:\Program Files\Macromedia
2008-06-15 00:03 . 2008-06-22 20:17 <DIR> d-------- C:\Program Files\Common Files\Macromedia

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-13 19:45 --------- d-----w C:\Users\Sashi\AppData\Roaming\uTorrent
2008-07-13 16:12 --------- d-----w C:\ProgramData\Google Updater
2008-07-12 19:31 --------- d-----w C:\Users\Sashi\AppData\Roaming\Vso
2008-07-11 21:30 47,360 ----a-w C:\Users\Sashi\AppData\Roaming\pcouffin.sys
2008-07-11 11:58 --------- d-----w C:\ProgramData\Microsoft Help
2008-07-09 18:34 --------- d-----w C:\Program Files\Trend Micro
2008-07-09 16:45 --------- d-----w C:\Program Files\Windows Mail
2008-07-08 20:32 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-25 14:35 --------- d-----w C:\Program Files\ZTE Mobile Connection
2008-06-03 15:27 --------- d-----w C:\Program Files\Java
2008-05-29 14:19 174 --sha-w C:\Program Files\desktop.ini
2008-05-29 14:08 --------- d-----w C:\Program Files\Windows Sidebar
2008-05-29 14:08 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-05-29 14:08 --------- d-----w C:\Program Files\Windows Journal
2008-05-29 14:08 --------- d-----w C:\Program Files\Windows Defender
2008-05-29 14:08 --------- d-----w C:\Program Files\Windows Collaboration
2008-05-29 14:08 --------- d-----w C:\Program Files\Windows Calendar
2008-05-29 13:30 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-05-29 13:30 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-05-19 07:50 --------- d-----w C:\Program Files\Microsoft.NET
2008-05-10 03:35 564,736 ----a-w C:\Windows\System32\emdmgmt.dll
2008-05-08 21:59 90,112 ----a-w C:\Windows\System32\wshext.dll
2008-05-08 21:59 430,080 ----a-w C:\Windows\System32\vbscript.dll
2008-05-08 21:59 180,224 ----a-w C:\Windows\System32\scrobj.dll
2008-05-08 21:59 172,032 ----a-w C:\Windows\System32\scrrun.dll
2008-05-08 21:59 155,648 ----a-w C:\Windows\System32\wscript.exe
2008-05-08 21:58 135,168 ----a-w C:\Windows\System32\cscript.exe
2008-04-26 08:25 3,600,952 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-04-26 08:25 3,549,240 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-04-26 08:08 1,314,816 ----a-w C:\Windows\System32\quartz.dll
2008-04-25 04:35 826,880 ----a-w C:\Windows\System32\wininet.dll
2008-04-19 21:18 47,104 ------w C:\Windows\AKDeInstall.exe
2008-03-10 15:12 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-03-10 15:12 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-03-10 15:12 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2002-04-16 11:27 5 --sha-w C:\Windows\System32\CdI5T.drv
1998-03-20 01:00 1,048 --sha-w C:\Windows\System32\flfnlf.sys
1998-03-20 01:00 1,048 --sha-w C:\Windows\System32\rlfnlf.sys
1998-03-20 01:00 1,048 --sha-w C:\Windows\System32\TMailRL.sys
.

((((((((((((((((((((((((((((( snapshot@2008-07-13_17.53.06.14 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-13 16:47:05 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-07-14 07:53:56 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-07-13 16:47:06 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-07-13 16:47:07 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-07-13 16:12:54 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-07-13 16:47:07 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-07-13 16:12:54 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-07-13 16:47:07 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-07-13 16:12:54 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-07-13 16:47:07 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-07-13 07:45:04 300,964 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2008-07-14 07:54:00 301,342 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S4.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-06-06 07:16 2955264 --a------ C:\Program Files\Protector Suite QL\farchns.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-06-06 07:16 2955264 --a------ C:\Program Files\Protector Suite QL\farchns.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 08:33 1233920]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-07 21:49 68856]
"googletalk"="C:\Users\Sashi\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 22:22 3739648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-06-30 02:08 137752]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-06-30 02:07 154136]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2007-06-30 02:07 133656]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-10 02:58 835584]
"ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [2007-06-12 02:27 317560]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"PSQLLauncher"="C:\Program Files\Protector Suite QL\launcher.exe" [2007-06-06 06:40 49168]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 08:00 33648]
"OfficeScanNT Monitor"="C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" [2007-12-11 14:01 710000]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"Nitro PDF Printer Monitor"="C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe" [2008-06-25 12:13 210224]
"RtHDVCpl"="RtHDVCpl.exe" [2007-04-08 03:33 4423680 C:\Windows\RtHDVCpl.exe]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-05-23 00:57:26 2756608]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-02-07 21:49:01 125624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-06-06 07:03 90112 C:\Windows\System32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-07-25 03:26 98304 C:\Windows\System32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= C:\Program Files\Common Files\Sony Shared\VideoLib\sonydv.dll
"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{B79A4AAD-FBEE-4C24-AC5B-D249BCFB22C9}"= UDP:C:\Program Files\Google\Google Talk\googletalk.exe:Google Talk
"{C76F22E1-5BE2-464C-BA2B-741C2E5E62D5}"= TCP:C:\Program Files\Google\Google Talk\googletalk.exe:Google Talk
"{2208CA90-1CB5-44BA-8816-71FB8EEA355D}"= Disabled:UDP:C:\Program Files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{3BAB29ED-E438-4C71-8245-4F76820C4C0E}"= Disabled:TCP:C:\Program Files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{10BDEF4C-C824-4CC6-8494-DFAE1B0968C4}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{0473365E-B1BC-4443-B069-0C75ED21243F}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{AE2D8443-A9E1-4B16-AC98-B57B2D5C529B}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{BE07AE5B-DA08-4239-A107-126BE80AD526}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{525FE0B4-6146-4A7B-97E8-880D5B9CE690}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{E2E9263A-861B-4706-8B2E-CDB8140800F6}C:\\program files\\sonicwall\\sonicwall global vpn client\\swgvpnclient.exe"= UDP:C:\program files\sonicwall\sonicwall global vpn client\swgvpnclient.exe:SonicWALL Global VPN Client
"UDP Query User{52724BB3-7FAC-471C-8E2D-8CF73B114E6E}C:\\program files\\sonicwall\\sonicwall global vpn client\\swgvpnclient.exe"= TCP:C:\program files\sonicwall\sonicwall global vpn client\swgvpnclient.exe:SonicWALL Global VPN Client
"{D54FECC8-59E0-4BC0-ACB2-5DE630258CD3}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{46767004-A0E5-4498-A257-FA9E16129D4D}C:\\program files\\lotus\\notes\\framework\\rcp\\eclipse\\plugins\\com.ibm.rcp.j2se.win32.x86_1.5.0.sr4-200707311521\\jre\\bin\\notes2w.exe"= UDP:C:\program files\lotus\notes\framework\rcp\eclipse\plugins\com.ibm.rcp.j2se.win32.x86_1.5.0.sr4-200707311521\jre\bin\notes2w.exe:Lotus Notes
"UDP Query User{9D2F0B19-51F0-4BA1-A1F6-3AD6FDDBEC3F}C:\\program files\\lotus\\notes\\framework\\rcp\\eclipse\\plugins\\com.ibm.rcp.j2se.win32.x86_1.5.0.sr4-200707311521\\jre\\bin\\notes2w.exe"= TCP:C:\program files\lotus\notes\framework\rcp\eclipse\plugins\com.ibm.rcp.j2se.win32.x86_1.5.0.sr4-200707311521\jre\bin\notes2w.exe:Lotus Notes
"TCP Query User{9FCEAA69-085B-47E1-9E4A-81E208B15567}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{1836FCDF-15D9-4B40-A292-91F11909C737}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"{7AD65289-D877-41E2-A05D-0188BC4965ED}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{C6D7C07A-C65E-4BAC-818A-B31E3AD4668E}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{8C882ADF-5E70-44AF-8082-E78C5D85CCB2}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{267488A7-9380-4740-91BE-7A4B1037F4FE}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"TCP Query User{2EFB8811-E37C-4792-A167-2577C916BC7D}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{DBE121A7-B90D-4825-A09B-D31F943D697E}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"TCP Query User{1AB506DF-EDF7-4C3C-B097-669AF2F83185}C:\\program files\\ibm\\lotus\\notes\\framework\\rcp\\eclipse\\plugins\\com.ibm.rcp.j2se.win32.x86_1.5.0.sr4-200707311521\\jre\\bin\\notes2w.exe"= UDP:C:\program files\ibm\lotus\notes\framework\rcp\eclipse\plugins\com.ibm.rcp.j2se.win32.x86_1.5.0.sr4-200707311521\jre\bin\notes2w.exe:Lotus Notes
"UDP Query User{75170601-D717-4D42-8CE3-90F9692CCF4F}C:\\program files\\ibm\\lotus\\notes\\framework\\rcp\\eclipse\\plugins\\com.ibm.rcp.j2se.win32.x86_1.5.0.sr4-200707311521\\jre\\bin\\notes2w.exe"= TCP:C:\program files\ibm\lotus\notes\framework\rcp\eclipse\plugins\com.ibm.rcp.j2se.win32.x86_1.5.0.sr4-200707311521\jre\bin\notes2w.exe:Lotus Notes
"TCP Query User{97223D37-6F9A-400F-9D87-BE14F497B7EB}C:\\viaobup_d\\sashi_india on sashi\\s a s h i\\personal\\software\\pdfedit.exe"= UDP:C:\viaobup_d\sashi_india on sashi\s a s h i\personal\software\pdfedit.exe:Foxit PDF Editor, the first REAL editor for PDF files!
"UDP Query User{5CAC7446-E494-4E6E-9B82-73FC2B4B5715}C:\\viaobup_d\\sashi_india on sashi\\s a s h i\\personal\\software\\pdfedit.exe"= TCP:C:\viaobup_d\sashi_india on sashi\s a s h i\personal\software\pdfedit.exe:Foxit PDF Editor, the first REAL editor for PDF files!
"{CC44AB2C-28BE-4F8B-9ED5-DE4D1B1DCBFC}"= UDP:35629:Trend Micro OfficeScan Listener

R1 RCFOX;SonicWALL IPsec Driver;C:\Windows\system32\Drivers\RCFOX.sys [2007-09-27 16:49]
R2 Autorun CDROM Monitor;Autorun CDROM Monitor;C:\Windows\system32\TDSupportApp\cdrom_mon.exe [2007-10-06 15:56]
R2 regi;regi;C:\Windows\system32\drivers\regi.sys [2007-04-18 04:09]
R2 ZMcastService;ACE SMS Cast;C:\Program Files\Tanla Solutions Ltd\ACE SMS Cast 1.0.9\TestMcaseService.exe [2008-05-07 17:54]
R3 R5U870FLx86;R5U870 UVC Lower Filter ;C:\Windows\system32\Drivers\R5U870FLx86.sys [2007-04-20 01:01]
R3 R5U870FUx86;R5U870 UVC Upper Filter ;C:\Windows\system32\Drivers\R5U870FUx86.sys [2007-04-20 01:01]
R3 rcvpn;SonicWALL VPN Adapter;C:\Windows\system32\DRIVERS\rcvpn.sys [2005-11-08 10:58]
R3 ti21sony;ti21sony;C:\Windows\system32\drivers\ti21sony.sys [2007-06-06 01:00]
S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe [2007-01-11 00:51]
S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2007-06-20 23:34]
S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-06-20 23:34]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2007-07-06 03:12]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2007-09-20 19:52]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\shell\AutoRun\command - H:\GMTsetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8a93b6bf-1e92-11dd-ada9-f84313514fc4}]
\shell\AutoRun\command - H:\GMTsetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{96918a22-195b-11dd-bf07-f3d284cb187a}]
\shell\AutoRun\command - G:\LaunchU3.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-01-22 10:33:43 C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-14 09:47:16
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-14 9:48:37
ComboFix-quarantined-files.txt 2008-07-14 08:48:22
ComboFix2.txt 2008-07-13 16:54:10

Pre-Run: 61,701,386,240 bytes free
Post-Run: 61,659,774,976 bytes free

292 --- E O F --- 2008-07-11 12:00:01
amit
Active Member
 
Posts: 11
Joined: July 9th, 2008, 2:42 pm

Re: irritating and annoying popups

Unread postby ndmmxiaomayi » July 15th, 2008, 5:02 am

Hello,

Step 1

Download and save Norton Removal Tool to your desktop.

Run it to remove Norton. After this, please restart your computer.

Step 2

  1. Please go to Kaspersky website to perform an online scan. Please use Internet Explorer as it uses ActiveX.
  2. Click on Accept.
  3. It will prompt you to download an ActiveX. Allow it.
  4. After that, you will be prompted to install it.

    Note: For Vista users, if UAC is enabled, you will receive an UAC prompt. Click on Continue to install it.

  5. Once installed, it will start downloading the definitions. This will take some time. At the same time, you may also receive another prompt to install another ActiveX. Allow it again and repeat Step 2.
  6. When the definitions have finished downloading, click Next.
  7. Click on Scan Settings.
  8. Under Scan using the following antivirus database:, choose extended - protect your computer from Spyware, adware, dialers and potentially dangerous software such as remote access utilities, prank programs and jokes. We do not recommend this option to beginners or inexperienced users.
  9. Under Scan options:, check (tick) both boxes.
  10. Click Ok.
  11. Under Please select a target to scan:, click on My Computer. It will start scanning. Please be patient.
  12. Click on Save Report As....
  13. Give this report a name and change the Save as type: to Text file (*.txt) before clicking on Save.
  14. Please post this log in your next reply.

In your next reply, please post:

  1. Kaspersky Antivirus scan report
  2. A new HijackThis log
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Re: irritating and annoying popups

Unread postby amit » July 15th, 2008, 2:02 pm

Hi ,
As requested pls find the logs.

Kaspersky Log

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, July 15, 2008 6:53:20 PM
Operating System: Microsoft Windows Vista Professional, Service Pack 1 (Build 6001)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 15/07/2008
Kaspersky Anti-Virus database records: 956074
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 134330
Number of viruses found: 3
Number of infected objects: 6
Number of suspicious objects: 0
Duration of the scan process: 01:37:13

Infected Object Name / Virus Name / Last Action
C:\Boot\BCD Object is locked skipped
C:\Boot\BCD.LOG Object is locked skipped
C:\Program Files\InstallShield Installation Information\{1BEF9285-5530-426B-A5F1-5836B95C7EB1}\setup.ilg Object is locked skipped
C:\Program Files\InstallShield Installation Information\{2063C2E8-3812-4BBD-9998-6610F80C1DD4}\setup.ilg Object is locked skipped
C:\Program Files\InstallShield Installation Information\{9AB83A3C-604D-4B4F-AA25-A23A3FC39844}\setup.ilg Object is locked skipped
C:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\3341qarqqkzx[1].exe Infected: Rootkit.Win32.Podnuha.tk skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f686aace6942fb7f7ceb231212eef4a4_a25f4afd-d764-42a5-9ef6-ce20f3f1284b Object is locked skipped
C:\ProgramData\Microsoft\User Account Pictures\Admin.dat Object is locked skipped
C:\ProgramData\Microsoft\User Account Pictures\Administrator.dat Object is locked skipped
C:\ProgramData\Microsoft\User Account Pictures\Des Michael.dat Object is locked skipped
C:\QooBox\Quarantine\C\Windows\System32\SmitfraudFix\Reboot.exe.vir Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Users\Sashi\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked skipped
C:\Users\Sashi\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat Object is locked skipped
C:\Users\Sashi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Users\Sashi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Users\Sashi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat Object is locked skipped
C:\Users\Sashi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT Object is locked skipped
C:\Users\Sashi\AppData\Local\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Users\Sashi\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Object is locked skipped
C:\Users\Sashi\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Object is locked skipped
C:\Users\Sashi\AppData\Local\Microsoft\Windows\UsrClass.dat{bd0ac393-3eda-11dc-8943-0013a9f0ad97}.TM.blf Object is locked skipped
C:\Users\Sashi\AppData\Local\Microsoft\Windows\UsrClass.dat{bd0ac393-3eda-11dc-8943-0013a9f0ad97}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\Sashi\AppData\Local\Microsoft\Windows\UsrClass.dat{bd0ac393-3eda-11dc-8943-0013a9f0ad97}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Users\Sashi\AppData\Local\Microsoft\Business Contact Manager\MSSmallBusiness2.ldf Object is locked skipped
C:\Users\Sashi\AppData\Local\Microsoft\Business Contact Manager\MSSmallBusiness2.mdf Object is locked skipped
C:\Users\Sashi\AppData\Local\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Users\Sashi\AppData\Local\Temp\FXSAPIDebugLogFile.txt Object is locked skipped
C:\Users\Sashi\AppData\Roaming\Microsoft\Windows\Cookies\index.dat Object is locked skipped
C:\Users\Sashi\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat Object is locked skipped
C:\Users\Sashi\ntuser.dat Object is locked skipped
C:\Users\Sashi\ntuser.dat.LOG1 Object is locked skipped
C:\Users\Sashi\ntuser.dat.LOG2 Object is locked skipped
C:\Users\Sashi\NTUSER.DAT{3d4e88f1-6a70-11db-b1ba-d64300c9c793}.TM.blf Object is locked skipped
C:\Users\Sashi\NTUSER.DAT{3d4e88f1-6a70-11db-b1ba-d64300c9c793}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\Sashi\NTUSER.DAT{3d4e88f1-6a70-11db-b1ba-d64300c9c793}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\ViaoBUP_D\sashi_india on Sashi\S A S H I\Personal\software\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\ViaoBUP_D\sashi_india on Sashi\S A S H I\Personal\software\SmitfraudFix.exe/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\ViaoBUP_D\sashi_india on Sashi\S A S H I\Personal\software\SmitfraudFix.exe RAR: infected - 1 skipped
C:\ViaoBUP_D\tanla_days\SniffPass.exe Infected: Sniffer.Win32.Agent.f skipped
C:\Windows\Debug\PASSWD.LOG Object is locked skipped
C:\Windows\Debug\WIA\wiatrace.log Object is locked skipped
C:\Windows\Logs\CBS\CBS.log Object is locked skipped
C:\Windows\Logs\CBS\CBS.persist.log Object is locked skipped
C:\Windows\Logs\DPX\setupact.log Object is locked skipped
C:\Windows\Logs\DPX\setuperr.log Object is locked skipped
C:\Windows\MEMORY.DMP Object is locked skipped
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe.config Object is locked skipped
C:\Windows\Panther\UnattendGC\diagerr.xml Object is locked skipped
C:\Windows\Panther\UnattendGC\diagwrn.xml Object is locked skipped
C:\Windows\Panther\UnattendGC\setupact.log Object is locked skipped
C:\Windows\Panther\UnattendGC\setuperr.log Object is locked skipped
C:\Windows\security\database\secedit.sdb Object is locked skipped
C:\Windows\SoftwareDistribution\EventCache\{1B804DCF-ABD6-404E-859A-6AF7DAD4D274}.bin Object is locked skipped
C:\Windows\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\catroot2\edb.log Object is locked skipped
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\ivireg.ivr Object is locked skipped
C:\Windows\System32\LogFiles\Scm\SCM.EVM Object is locked skipped
C:\Windows\System32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\Windows\System32\restore\MachineGuid.txt Object is locked skipped
C:\Windows\System32\spool\SpoolerETW.etl Object is locked skipped
C:\Windows\System32\sysprep\Panther\diagerr.xml Object is locked skipped
C:\Windows\System32\sysprep\Panther\diagwrn.xml Object is locked skipped
C:\Windows\System32\sysprep\Panther\setupact.log Object is locked skipped
C:\Windows\System32\sysprep\Panther\setuperr.log Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\0296C47314AB746EC35476488248FCD9.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\040270F850D5C3C91057DDDA2DA294D8.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\0A9DBC92D554324656F61F9862679F27.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\0DF617D6737A7561E732F853792261C3.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\10A9EB2C94277C0A1A6143B54809F210.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\1E2E58C73053C7775EB226DB5E739137.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\21D7529435092A1DD242FD6ACF494493.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\26C097A9392F8C541AD42E89B7909073.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\2A811E5CCC22CC9D7AE2B04EF0402688.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\2AA23BB86A5EBD8BC2D820944E55B233.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\2CE523184A801AA7361A7039E2D6B41D.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\2D57A7682ACD19214C258D31A06D008F.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\3460B7617E0429A960E481B197F238A3.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\376786241A5443E41378D25CF812FCC1.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\3DC0BABDCA20E5E319117C21BD4BD795.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\494C62FAA08CD5217399BAA555FF491B.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\4A01E0F376B5833EBA98F0D1D5F60CD1.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\4B471F64BAF831EC7945C820FD5A16E5.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\4CB32C0A77CD4D9B0C9618F73F786C32.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\5774C77265BE4C55B5C6C9718979E015.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\5966D45C7B25EACA46E87DD8E5703964.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\5B5D21CF62E70BACF9D085E6AA6CE143.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\6317F4B515BD547512FF3AE3ACD81242.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\69554D930FCA40B0304B9A43A8036F2D.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\72F867EF62976CE9F70993FF3E68A4EB.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\73798C03E4DE5FDCF5194ADA9EBFB859.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\75054C3771DF289038069A9BB1C1FB6E.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\7851AF96EA828F912853F32DB0D96138.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\7F417E1A6D819A9B2FEB55DA6858EA0A.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\87AA2A001CE3E89926688B93E4DC2992.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\8A20D7181B570E2E2142FB6261D170A2.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\8C718B5AFD373885B68D2836088CAF9A.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\903E49C444C46FEF5F2C3A189C9CEF71.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\96ABB1671705F680578FE240427CBD4F.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\9A72EE7775E8021F75961342B8AFD1B4.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\9AD3182A2F39A3E091E15109132EC6CC.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\9CD33F0956942860B50AA1B9330DEFAF.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\9E06E4FE97F0CBB8D659894823F805D7.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\A80FF2DC09487ECD60AFB147B262BDD7.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\AA6E0E396C238977CA909EFD82299737.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\AA742824DCADA846BA4B665D686DD5D6.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\B8F066315788F9A2DF744CF3A9F7F3D6.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\BBF206490BAA431B592F9A13534F43F6.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\BE81B2C0741907C1FC1C42B6223E59AD.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\C6300BFE37ADE6B52EC023F66124985F.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\D1A1B12A7DA3F9675C01397A26DBF4B3.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\D4C4BA54B6A8FA6211E60E2ADFF7426A.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\DE391013DA56ABA39FFF40A9ABDF052F.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\DF80FD3849FFF74B4BF43E2EA8ADEC8A.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\DFB9AD54AC2D3B8122567AAD3BF3EB7F.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\E04DE4CDFEC284A342159BB920976701.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\E478A5DB75C9721E744C05D78DBACFD3.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\E737DE61441445E1FDFCA45EF5E7D987.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\E9D8A460B2C986DD5FF19F299F4A27EC.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\EC45C70F2A3D9DED718E71631C38E2FE.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\F01326692CC5736EBAC31B9FC2381CF2.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\F81E6BEBC3067C406E6C491608474198.mof Object is locked skipped
C:\Windows\System32\wbem\Logs\WMITracing.log Object is locked skipped
C:\Windows\System32\wbem\repository\INDEX.BTR Object is locked skipped
C:\Windows\System32\wbem\repository\MAPPING1.MAP Object is locked skipped
C:\Windows\System32\wbem\repository\MAPPING2.MAP Object is locked skipped
C:\Windows\System32\wbem\repository\OBJECTS.DATA Object is locked skipped
C:\Windows\System32\winevt\Logs\Application.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\DFS Replication.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\HardwareEvents.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Internet Explorer.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Key Management Service.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Backup.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CorruptedFileRecovery-Client%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CorruptedFileRecovery-Server%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DateTimeControlPanel%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-PLA%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Networking%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnostic%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnosticDataCollector%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnosticResolver%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Forwarding%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Help%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WDI%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-MUI%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Program-Compatibility-Assistant%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Metrics.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Resolver%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Leak-Diagnostic%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-RestartManager%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TerminalServices-PnPDevices%4Admin.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TerminalServices-PnPDevices%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TerminalServices-RDPClient%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC-FileVirtualization%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Winlogon%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Wired-AutoConfig%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WLAN-AutoConfig%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\ODiag.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\OSession.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Security.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Setup.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\System.evtx Object is locked skipped
C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job Object is locked skipped
C:\Windows\Tasks\SCHEDLGU.TXT Object is locked skipped
C:\Windows\WindowsUpdate.log Object is locked skipped
C:\Windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6000.16386_none_cef7ceb03914a67f\dnary.xsd Object is locked skipped
C:\Windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6001.18000_none_d12e90ac35ffb753\dnary.xsd Object is locked skipped

Scan process completed.

hikackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 18:58:32, on 15/07/2008
Platform: Unknown Windows (WinNT 6.00.1905 SP1)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\OfficeScan Client\Misc\xpupg.exe
C:\Windows\system32\spider.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Users\Sashi\Desktop\malw_stuff\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\BAE.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Nitro PDF Printer Monitor] "C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [googletalk] C:\Users\Sashi\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.nl/scanforvirus-en ... nicode.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: igfxcui - C:\Windows\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: psfus - C:\Windows\system32\psqlpwd.dll
O20 - Winlogon Notify: VESWinlogon - C:\Windows\SYSTEM32\VESWinlogon.dll
O23 - Service: Autorun CDROM Monitor - Unknown owner - C:\Windows\system32\TDSupportApp\cdrom_mon.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Program Files\IBM\Lotus\Notes\ntmulti.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: SonicWall VPN Client Service (RampartSvc) - SonicWALL, Inc. - C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: OfficeScan NT Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP (file missing)
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server (file missing)
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-UCLS-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\UCLS\HTTP (file missing)
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
O23 - Service: ACE SMS Cast (ZMcastService) - Tanla Solutions Ltd - C:\Program Files\Tanla Solutions Ltd\ACE SMS Cast 1.0.9\TestMcaseService.exe
amit
Active Member
 
Posts: 11
Joined: July 9th, 2008, 2:42 pm

Re: irritating and annoying popups

Unread postby ndmmxiaomayi » July 16th, 2008, 12:44 am

Hello,

Do you know anything about this file?

C:\ViaoBUP_D\tanla_days\SniffPass.exe
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Re: irritating and annoying popups

Unread postby amit » July 16th, 2008, 2:28 am

yes...i had lost my outlook password and had used this tool to recover my password. I dont need it now anymore and can delete immediately.
let me know if you need any other info.
regards
sashi
amit
Active Member
 
Posts: 11
Joined: July 9th, 2008, 2:42 pm

Re: irritating and annoying popups

Unread postby ndmmxiaomayi » July 16th, 2008, 6:35 am

Oh... OK. It's a tool that can be used as well as being abused.

Please empty the contents of this folder. Do not delete the whole folder.

C:\Program Files\Trend Micro\OfficeScan Client\SUSPECT

Update Java Runtime Environment (JRE)

Your JRE is out of date. The current version is Java Runtime Environment (JRE) 6 Update 7.

  1. Click on Start > Control Panel and double click on Add/Remove Programs. Locate Java(TM) 6 Update 3 and click on Change/Remove to uninstall it.
  2. Repeat for these old versions of JRE:
    • Java(TM) 6 Update 5
    • Java(TM) SE Runtime Environment 6 Update 1
  3. Click here to visit Java's website.
  4. Scroll down and locate Java Runtime Environment (JRE) 6 Update 7. Click on Download.
  5. Select Windows from the drop-down list for Platform.
  6. Select Multi-language from the drop-down list for Language.
  7. Check (tick) I agree to the Java SE Runtime Environment 6 License Agreement box and click on Continue.
  8. Click on jre-6u7-windows-i586-p.exe link to download it and save this to a convenient location.
  9. Run this installation to update your Java.

Please post back a new HijackThis log after you've updated Java and emptied the Suspect folder.

Any other issues?
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 62 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware