Solved backdoor.win32.emogen.a Virus - Can't Remove

mikeschumann · 2008/01/20

[Resolved] backdoor.win32.emogen.a Virus - Can't Remove

I have a virus(s) on my laptop that I can't remove. I tried using Norton 2008 Anti Virus and Kaspersky Anti Virus. Any help would be appreciated. Here are my log files:

Deckard's System Scanner v20071014.68
Run by mikeschumann on 2008-01-20 19:53:08
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.

-- Last 1 Restore Point(s) --
1: 2008-01-21 01:53:51 UTC - RP1 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 503 MiB (512 MiB recommended).

-- HijackThis (run as mikeschumann.exe) ----------------------------------------

logfile has no content; running clone.
-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-01-20 20:04:16
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.5730.13)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Axis Communications\AXIS Camera Station\AcsService.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Sony\SmartWi Connection Utility\WCULauncher.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Sony\HotKey Utility\HKServ.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\AcroTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\1&1\1&1 EasyLogin\EasyLogin.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint\ApntEx.exe
C:\Program Files\Southwest Airlines\Ding\Ding.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\Program Files\iPod\bin\iPodService.exe
E:\Deckards System Scanner\dss.exe
C:\WINDOWS\system32\taskmgr.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_04\bin\ssv.dll (file missing)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [WCULauncher] C:\Program Files\Sony\SmartWi Connection Utility\WCULauncher.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [SmartWiConnectionUtility] C:\Program Files\Sony\SmartWi Connection Utility\SmartWi.exe /WindowsStartup
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe "
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe "
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe "
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe "
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [1&1 EasyLogin] "C:\Program Files\1&1\1&1 EasyLogin\EasyLogin.exe" HIDE
O4 - HKCU\..\Run: [C:\Program Files\1&1\1&1 EasyLogin\EasyLogin.exe] "1&1 EasyLogin" HIDE
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Transfer by Image Converter 2 - C:\Program Files\Sony\Image Converter 2\menu.htm
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.dotres (HKCU)
O15 - Trusted Zone: *.dotres.com (HKCU)
O15 - Trusted Zone: http://www.hobbittravel.com (HKCU)
O15 - Trusted Zone: https://turbotax.com (HKCU)
O15 - Trusted Zone: http://turbotax.com (HKCU)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1188503929505
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1188503896347
O16 - DPF: {76A2A0AB-38B7-46DB-8E47-F10CDE4D7920} () - http://aerial.leepa.org/ecwplugins/ncs.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {BA7A56EB-D1B9-443B-96E9-086532A378F1} (CAxAacDecEmb Class) - http://192.168.1.9/activex/decoder/aac_dec.cab
O16 - DPF: {C32FE9F1-A857-48B0-B7BF-065B5792F28D} (CAxMP4Dec Class) - http://192.168.1.9/activex/decoder/mpeg4_dec.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://192.168.1.100/activex/AMC.cab
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll
O20 - AppInit_DLLs: ,OSAPI32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AMS SDK - Unknown owner - C:\WINDOWS\java\java.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: AXIS Camera Station Service (AxisCameraStation) - Axis Communications AB - C:\Program Files\Axis Communications\AXIS Camera Station\AcsService.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GrayPigeon_Hacker.com.cn - Unknown owner - C:\WINDOWS\Hacker.com.cn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment Task Scheduler - Sony Corporation - C:\Program Files\Sony\vaio entertainment\VzTaskScheduler.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Unknown owner - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Unknown owner - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment

--
End of file - 14821 bytes

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.2.0.3) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.2.0.3>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>
R3 HSFHWICH - c:\windows\system32\drivers\hsfhwich.sys <Not Verified; Conexant Systems, Inc.; SoftK56 Modem Driver>

S3 FILEMON - c:\windows\system32\drivers\filem.sys (file missing)
S3 NTIDrvr (Upper Class Filter Driver) - c:\windows\system32\drivers\ntidrvr.sys <Not Verified; NewTech Infosystems, Inc.; >
S3 PCANDIS5 (PCANDIS5 Protocol Driver) - c:\progra~1\ugutil\program\pcandis5.sys (file missing)
S3 PCTINDIS5 (PCTINDIS5 NDIS Protocol Driver) - c:\windows\system32\pctindis5.sys <Not Verified; PCTEL Inc.; PCTEL Rawether for Windows>
S3 SymIM (Symantec Network Security Intermediate Filter Service) - c:\windows\system32\drivers\symim.sys (file missing)
S3 SymIMMP - c:\windows\system32\drivers\symim.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 AxisCameraStation (AXIS Camera Station Service) - c:\program files\axis communications\axis camera station\acsservice.exe <Not Verified; Axis Communications AB; AXIS Camera Station>
R2 CCALib8 (Canon Camera Access Library 8) - c:\program files\canon\cal\calmain.exe <Not Verified; Canon Inc.; >
R2 RegSrvc - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; RegSrvc Module>
R2 VzFw (VAIO Entertainment File Import Service) - c:\program files\common files\sony shared\vaio entertainment platform\vzcdb\vzfw.exe
R3 Vcsw (VAIO Entertainment UPnP Client Adapter) - c:\program files\common files\sony shared\vaio entertainment platform\vcsw\vcsw.exe -runbyscm

S2 AMS SDK - c:\windows\java\java.exe (file missing)
S4 GrayPigeon_Hacker.com.cn - c:\windows\hacker.com.cn.exe

-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Intel(R) PRO/Wireless 2200BG Network Connection
Device ID: PCI\VEN_8086&DEV_4220&SUBSYS_27518086&REV_05\4&16793A72&0&58F0
Manufacturer: Intel(R) Corporation
Name: Intel(R) PRO/Wireless 2200BG Network Connection
PNP Device ID: PCI\VEN_8086&DEV_4220&SUBSYS_27518086&REV_05\4&16793A72&0&58F0
Service: w29n51

-- Scheduled Tasks -------------------------------------------------------------

2008-01-09 23:38:07 284 --a----c- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

-- Files created between 2007-12-20 and 2008-01-20 -----------------------------

2008-01-20 19:51:35 0 d------c- C:\AntiVirus Logs
2008-01-20 19:48:39 0 d------c- C:\Program Files\Trend Micro
2008-01-19 17:08:27 91492 --a----c- C:\WINDOWS\system32\drivers\klin.dat
2008-01-19 17:08:27 85860 --a----c- C:\WINDOWS\system32\drivers\klick.dat
2008-01-19 17:05:18 4384 --ahs--c- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-01-19 17:05:18 281376 --ahs--c- C:\WINDOWS\system32\drivers\fidbox.dat
2008-01-19 17:05:17 0 d------c- C:\Program Files\Kaspersky Lab
2008-01-19 17:05:17 0 d------c- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-01-19 17:03:11 0 d------c- C:\kav
2008-01-17 23:01:26 0 d------c- C:\Program Files\Norton AntiVirus
2008-01-17 22:19:37 0 d------c- C:\Program Files\Common Files\Symantec Shared
2008-01-14 07:29:20 473088 --a----c- C:\tmp.exe <Not Verified; Microsoft Corporation; Microsoft(R) Windows(R) Operating System>
2008-01-11 15:33:59 0 d------c- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-01-11 04:34:28 10752 --a----c- C:\WINDOWS\system32\OSJAVA.DLL
2008-01-07 20:30:19 6144 --a----c- C:\WINDOWS\system32\OSAPI32.dll
2008-01-07 19:40:19 90112 --a----c- C:\WINDOWS\unvise32.exe <Not Verified; MindVision Software; Installer VISE>
2008-01-07 19:40:01 0 d------c- C:\Program Files\Quicken WillMaker Plus 2008

-- Find3M Report ---------------------------------------------------------------

2008-01-20 20:04:03 0 d------c- C:\Documents and Settings\mikeschumann\Application Data\Skype
2008-01-19 16:52:03 0 d------c- C:\Program Files\Common Files
2008-01-18 23:27:16 0 d------c- C:\Documents and Settings\mikeschumann\Application Data\Canon
2008-01-18 19:49:24 0 d------c- C:\Documents and Settings\mikeschumann\Application Data\ZoomBrowser EX
2008-01-17 12:33:15 0 d------c- C:\Program Files\Java
2008-01-17 11:52:37 0 d------c- C:\Program Files\Google
2008-01-11 08:56:28 0 d------c- C:\Documents and Settings\mikeschumann\Application Data\Adobe
2008-01-11 08:26:28 0 d------c- C:\Program Files\GlobalMapper8
2007-12-31 22:51:17 0 d------c- C:\Documents and Settings\mikeschumann\Application Data\Intuit
2007-12-31 22:47:45 0 d------c- C:\Program Files\Common Files\AnswerWorks 4.0
2007-12-31 22:47:40 0 d--h---c- C:\Program Files\InstallShield Installation Information
2007-12-31 22:47:05 0 d------c- C:\Program Files\Quicken
2007-12-31 22:44:14 0 d------c- C:\Program Files\TurboTax
2007-12-19 23:54:16 0 d------c- C:\Program Files\iTunes
2007-12-19 23:54:02 0 d------c- C:\Program Files\iPod
2007-12-19 23:51:39 0 d------c- C:\Program Files\QuickTime
2007-11-20 22:17:52 0 d------c- C:\Documents and Settings\mikeschumann\Application Data\Southwest Airlines
2007-11-20 22:17:32 0 d------c- C:\Program Files\Southwest Airlines
2007-11-20 22:16:58 0 d------c- C:\Program Files\Common Files\Wise Installation Wizard

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WCULauncher "= "C:\Program Files\Sony\SmartWi Connection Utility\WCULauncher.exe" [03/15/2005 11:57 PM]
"VAIO Update 2 "= "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" [01/14/2005 03:43 PM]
"VAIO Recovery "= "C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe" [04/19/2003 11:08 PM]
"SonyPowerCfg "= "C:\Program Files\Sony\VAIO Power Management\SPMgr.exe" [01/14/2005 06:18 PM]
"SmartWiConnectionUtility "= "C:\Program Files\Sony\SmartWi Connection Utility\SmartWi.exe" [03/15/2005 11:57 PM]
"RoxioEngineUtility "= "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" [05/01/2003 05:44 PM]
"RoxioDragToDisc "= "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [10/21/2003 10:43 AM]
"Mouse Suite 98 Daemon "= "ICO.EXE" []
"ISBMgr.exe "= "C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [02/20/2004 04:12 PM]
"IgfxTray "= "C:\WINDOWS\system32\igfxtray.exe" [10/08/2004 09:31 AM]
"HotKeysCmds "= "C:\WINDOWS\system32\hkcmd.exe" [10/08/2004 09:27 AM]
"HKSERV.EXE "= "C:\Program Files\Sony\HotKey Utility\HKserv.exe" [10/16/2004 11:48 PM]
"BluetoothAuthenticationAgent "= "bthprops.cpl" [08/04/2004 06:00 AM C:\WINDOWS\system32\bthprops.cpl]
"Apoint "= "C:\Program Files\Apoint\Apoint.exe" [11/07/2003 06:21 PM]
"Acrobat Assistant 7.0 "= "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [01/12/2006 08:52 PM]
"Adobe Reader Speed Launcher "= "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [05/11/2007 02:06 AM]
"QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [12/11/2007 10:56 AM]
"iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [12/11/2007 12:10 PM]
"AVP "= "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [12/18/2007 12:43 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype "= "C:\Program Files\Skype\Phone\Skype.exe" [12/18/2006 05:32 PM]
"MSMSGS "= "C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 10:24 AM]
"1&1 EasyLogin "= "C:\Program Files\1&1\1&1 EasyLogin\EasyLogin.exe" [01/02/2008 12:00 PM]
"C:\Program Files\1&1\1&1 EasyLogin\EasyLogin.exe "= "1&1 EasyLogin HIDE" []
"WMPNSCFG "= "C:\Program Files\Windows Media Player\WMPNSCFG.exe" [10/18/2006 07:05 PM]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 06:00 AM]

C:\Documents and Settings\mikeschumann\Start Menu\Programs\Startup\
DING!.lnk - C:\Program Files\Southwest Airlines\Ding\Ding.exe [6/22/2006 2:15:48 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls "=,OSAPI32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Program Files]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Program Files\1&1]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Program Files\1&1\1&1 EasyLogin]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Program Files\1&1\1&1 EasyLogin\EasyLogin.exe]
"1&1 EasyLogin" HIDE

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fb222c37-b70c-11db-b39e-0013ce0b68bb}]
AutoRun\command- F:\setupSNK.exe

-- End of Deckard's System Scanner: finished at 2008-01-20 20:08:32 ------------

noahdfear · 2008/01/21

Welcome to WindowsBBS mikeschumann

Looks like you have at least the remnants of a backdoor trojan.

S4 GrayPigeon_Hacker.com.cn - c:\windows\hacker.com.cn.exe
Click to expand...

Lets get rid of it. Highlight an copy the bolded command below.

sc stop GrayPigeon_Hacker.com.cn

Click Start>Run and paste the command on the Run line then hit enter. Then repeat with the next command.

sc delete GrayPigeon_Hacker.com.cn

Now make sure hidden files are set to show and delete the following file if present.

c:\windows\hacker.com.cn.exe

Do another scan with the application that reported the infection and see if it's still found.

mikeschumann · 2008/01/21

I made your suggested changes. I am currently running a full computer scan with Kaspersky Anti-Virus. Very early into the process it found a virus Heur.Backdoor.Generic in file C:\tmp.exe/data0000.cab/1.exe.

I will let this run to completion and post the final results.

Thanks for your help!

white7782 · 2008/01/21

Thank you very much!

mikeschumann · 2008/01/21

My scan finaly finished. Here's the log:

deleted: Trojan program Trojan-Downloader.Win32.Delf.dst File: C:\WINDOWS\SYSTEM32\SYSTEN.DLL
detected: riskware Invader (loader) Running process: C:\Program Files\Sony\HotKey Utility\HKServ.exe
detected: riskware Hidden install Running process: C:\tmp.exe
deleted: Trojan program Backdoor.Win32.Emogen.a File: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\C489V5IS\diyige[1].exe
not found: virus Heur.Backdoor.Generic File: C:\WINDOWS\Hacker.com.cn.exe
deleted: Trojan program Backdoor.Win32.Emogen.a File: C:\WINDOWS\system32\faxmsg.dll
not found: virus Heur.Backdoor.Generic File: C:\tmp.exe//data0000.cab/1.exe
not found: virus Heur.Backdoor.Generic File: C:\Deckard\System Scanner\backup\WINDOWS\temp\IXP000.TMP\1.exe
not found: virus Heur.Backdoor.Generic File: C:\Deckard\System Scanner\backup\WINDOWS\temp\IXP001.TMP\1.exe
not found: virus Heur.Backdoor.Generic File: C:\Deckard\System Scanner\backup\WINDOWS\temp\IXP002.TMP\1.exe
not found: virus Heur.Backdoor.Generic File: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OKE3ATTK\1[1].exe//data0000.cab/1.exe

Note that after the scan completed, a number of files still existed on my system that I found suspect. I deleted the following files manually:

c:\tmp.exe
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5 (I deleted this entire directory, which had a number of suspecious subfolders; I had to go into Safe mode to do this, as there was at least one file that was in use).

So far, my gut feeling is that my computer is running a lot better. Any other suggestions?

Thanks for all of the help!

noahdfear · 2008/01/21

Looks like you did good! The Content.IE5 folder is where Temporary Internet files are stored, and it's normal to have a number of subfolders that might appear suspicious (Windows names them randomly). What I find odd is the loaction .......... in the LocalService account.

This bothers me a bit too.

not found: virus Heur.Backdoor.Generic File: C:\WINDOWS\Hacker.com.cn.exe
Click to expand...

I'd like to see if the service entry was removed using the sc command. Please run dss again and post the new log.

mikeschumann · 2008/01/22

Here's my latest DSS log:

Deckard's System Scanner v20071014.68
Run by mikeschumann on 2008-01-22 00:00:14
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 503 MiB (512 MiB recommended).

-- HijackThis (run as mikeschumann.exe) ----------------------------------------

logfile has no content; running clone.
-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-01-22 00:00:37
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.5730.13)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Axis Communications\AXIS Camera Station\AcsService.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Sony\SmartWi Connection Utility\WCULauncher.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Sony\HotKey Utility\HKServ.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\AcroTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\1&1\1&1 EasyLogin\EasyLogin.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Southwest Airlines\Ding\Ding.exe
C:\Program Files\Apoint\ApntEx.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
E:\Deckards System Scanner\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_04\bin\ssv.dll (file missing)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [WCULauncher] C:\Program Files\Sony\SmartWi Connection Utility\WCULauncher.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [SmartWiConnectionUtility] C:\Program Files\Sony\SmartWi Connection Utility\SmartWi.exe /WindowsStartup
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe "
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe "
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe "
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe "
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [1&1 EasyLogin] "C:\Program Files\1&1\1&1 EasyLogin\EasyLogin.exe" HIDE
O4 - HKCU\..\Run: [C:\Program Files\1&1\1&1 EasyLogin\EasyLogin.exe] "1&1 EasyLogin" HIDE
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Transfer by Image Converter 2 - C:\Program Files\Sony\Image Converter 2\menu.htm
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.dotres (HKCU)
O15 - Trusted Zone: *.dotres.com (HKCU)
O15 - Trusted Zone: http://www.hobbittravel.com (HKCU)
O15 - Trusted Zone: https://turbotax.com (HKCU)
O15 - Trusted Zone: http://turbotax.com (HKCU)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1188503929505
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1188503896347
O16 - DPF: {76A2A0AB-38B7-46DB-8E47-F10CDE4D7920} () - http://aerial.leepa.org/ecwplugins/ncs.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {BA7A56EB-D1B9-443B-96E9-086532A378F1} (CAxAacDecEmb Class) - http://192.168.1.9/activex/decoder/aac_dec.cab
O16 - DPF: {C32FE9F1-A857-48B0-B7BF-065B5792F28D} (CAxMP4Dec Class) - http://192.168.1.9/activex/decoder/mpeg4_dec.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://192.168.1.100/activex/AMC.cab
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll
O20 - AppInit_DLLs: ,OSAPI32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AMS SDK - Unknown owner - C:\WINDOWS\java\java.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: AXIS Camera Station Service (AxisCameraStation) - Axis Communications AB - C:\Program Files\Axis Communications\AXIS Camera Station\AcsService.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment Task Scheduler - Sony Corporation - C:\Program Files\Sony\vaio entertainment\VzTaskScheduler.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Unknown owner - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Unknown owner - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment

--
End of file - 14690 bytes

-- Files created between 2007-12-22 and 2008-01-22 -----------------------------

2008-01-21 22:29:12 0 d------c- C:\WINDOWS\LastGood
2008-01-20 19:51:35 0 d------c- C:\AntiVirus Logs
2008-01-20 19:48:39 0 d------c- C:\Program Files\Trend Micro
2008-01-19 17:08:27 91492 --a----c- C:\WINDOWS\system32\drivers\klin.dat
2008-01-19 17:08:27 85860 --a----c- C:\WINDOWS\system32\drivers\klick.dat
2008-01-19 17:05:18 10272 --ahs--c- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-01-19 17:05:18 4343840 --ahs--c- C:\WINDOWS\system32\drivers\fidbox.dat
2008-01-19 17:05:17 0 d------c- C:\Program Files\Kaspersky Lab
2008-01-19 17:05:17 0 d------c- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-01-19 17:03:11 0 d------c- C:\kav
2008-01-17 23:01:26 0 d------c- C:\Program Files\Norton AntiVirus
2008-01-17 22:19:37 0 d------c- C:\Program Files\Common Files\Symantec Shared
2008-01-11 15:33:59 0 d------c- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-01-11 04:34:28 10752 --a----c- C:\WINDOWS\system32\OSJAVA.DLL
2008-01-07 20:30:19 6144 --a----c- C:\WINDOWS\system32\OSAPI32.dll
2008-01-07 19:40:19 90112 --a----c- C:\WINDOWS\unvise32.exe <Not Verified; MindVision Software; Installer VISE>
2008-01-07 19:40:01 0 d------c- C:\Program Files\Quicken WillMaker Plus 2008

-- Find3M Report ---------------------------------------------------------------

2008-01-21 23:59:27 0 d------c- C:\Documents and Settings\mikeschumann\Application Data\Skype
2008-01-21 22:09:41 0 d------c- C:\Documents and Settings\mikeschumann\Application Data\ZoomBrowser EX
2008-01-19 16:52:03 0 d------c- C:\Program Files\Common Files
2008-01-18 23:27:16 0 d------c- C:\Documents and Settings\mikeschumann\Application Data\Canon
2008-01-17 12:33:15 0 d------c- C:\Program Files\Java
2008-01-17 11:52:37 0 d------c- C:\Program Files\Google
2008-01-11 08:56:28 0 d------c- C:\Documents and Settings\mikeschumann\Application Data\Adobe
2008-01-11 08:26:28 0 d------c- C:\Program Files\GlobalMapper8
2007-12-31 22:51:17 0 d------c- C:\Documents and Settings\mikeschumann\Application Data\Intuit
2007-12-31 22:47:45 0 d------c- C:\Program Files\Common Files\AnswerWorks 4.0
2007-12-31 22:47:40 0 d--h---c- C:\Program Files\InstallShield Installation Information
2007-12-31 22:47:05 0 d------c- C:\Program Files\Quicken
2007-12-31 22:44:14 0 d------c- C:\Program Files\TurboTax
2007-12-19 23:54:16 0 d------c- C:\Program Files\iTunes
2007-12-19 23:54:02 0 d------c- C:\Program Files\iPod
2007-12-19 23:51:39 0 d------c- C:\Program Files\QuickTime

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WCULauncher "= "C:\Program Files\Sony\SmartWi Connection Utility\WCULauncher.exe" [03/15/2005 11:57 PM]
"VAIO Update 2 "= "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" [01/14/2005 03:43 PM]
"VAIO Recovery "= "C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe" [04/19/2003 11:08 PM]
"SonyPowerCfg "= "C:\Program Files\Sony\VAIO Power Management\SPMgr.exe" [01/14/2005 06:18 PM]
"SmartWiConnectionUtility "= "C:\Program Files\Sony\SmartWi Connection Utility\SmartWi.exe" [03/15/2005 11:57 PM]
"RoxioEngineUtility "= "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" [05/01/2003 05:44 PM]
"RoxioDragToDisc "= "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [10/21/2003 10:43 AM]
"Mouse Suite 98 Daemon "= "ICO.EXE" []
"ISBMgr.exe "= "C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [02/20/2004 04:12 PM]
"IgfxTray "= "C:\WINDOWS\system32\igfxtray.exe" [10/08/2004 09:31 AM]
"HotKeysCmds "= "C:\WINDOWS\system32\hkcmd.exe" [10/08/2004 09:27 AM]
"HKSERV.EXE "= "C:\Program Files\Sony\HotKey Utility\HKserv.exe" [10/16/2004 11:48 PM]
"BluetoothAuthenticationAgent "= "bthprops.cpl" [08/04/2004 06:00 AM C:\WINDOWS\system32\bthprops.cpl]
"Apoint "= "C:\Program Files\Apoint\Apoint.exe" [11/07/2003 06:21 PM]
"Acrobat Assistant 7.0 "= "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [01/12/2006 08:52 PM]
"Adobe Reader Speed Launcher "= "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [05/11/2007 02:06 AM]
"QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [12/11/2007 10:56 AM]
"iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [12/11/2007 12:10 PM]
"AVP "= "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [12/18/2007 12:43 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype "= "C:\Program Files\Skype\Phone\Skype.exe" [12/18/2006 05:32 PM]
"MSMSGS "= "C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 10:24 AM]
"1&1 EasyLogin "= "C:\Program Files\1&1\1&1 EasyLogin\EasyLogin.exe" [01/02/2008 12:00 PM]
"C:\Program Files\1&1\1&1 EasyLogin\EasyLogin.exe "= "1&1 EasyLogin HIDE" []
"WMPNSCFG "= "C:\Program Files\Windows Media Player\WMPNSCFG.exe" [10/18/2006 07:05 PM]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 06:00 AM]

C:\Documents and Settings\mikeschumann\Start Menu\Programs\Startup\
DING!.lnk - C:\Program Files\Southwest Airlines\Ding\Ding.exe [6/22/2006 2:15:48 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls "=,OSAPI32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Program Files]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Program Files\1&1]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Program Files\1&1\1&1 EasyLogin]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Program Files\1&1\1&1 EasyLogin\EasyLogin.exe]
"1&1 EasyLogin" HIDE

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fb222c37-b70c-11db-b39e-0013ce0b68bb}]
AutoRun\command- F:\setupSNK.exe

-- End of Deckard's System Scanner: finished at 2008-01-22 00:03:36 ------------

noahdfear · 2008/01/22

Highlight and copy the bolded command below.

"E:\Deckards System Scanner\dss.exe" /config

Click Start>Run and paste it in then hit Enter.
The Deckard's interface should open.
Click Unselect all.
Place a check next to the following, then click Scan.

Drivers
Services

Post the contents of the main.txt files that opens when the scan is complete.

mikeschumann · 2008/01/23

Deckard's System Scanner v20071014.68
Run by mikeschumann on 2008-01-23 07:48:37
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 503 MiB (512 MiB recommended).

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 ACPI (Microsoft ACPI Driver) - c:\windows\system32\drivers\acpi.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R0 ACPIEC (Microsoft Embedded Controller Driver) - c:\windows\system32\drivers\acpiec.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R0 atapi (Standard IDE/ESDI Hard Disk Controller) - c:\windows\system32\drivers\atapi.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R0 Compbatt (Microsoft Composite Battery Driver) - c:\windows\system32\drivers\compbatt.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R0 Disk (Disk Driver) - c:\windows\system32\drivers\disk.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R0 dmio (Logical Disk Manager Driver) - c:\windows\system32\drivers\dmio.sys <Not Verified; Microsoft Corp., Veritas Software; VERITAS® NT Disk Manager>
R0 dmload - c:\windows\system32\drivers\dmload.sys <Not Verified; Microsoft Corp., Veritas Software.; Logical Disk Manager for Windows NT>
R0 FltMgr - c:\windows\system32\drivers\fltmgr.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R0 Ftdisk (Volume Manager Driver) - c:\windows\system32\drivers\ftdisk.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R0 isapnp (PnP ISA/EISA Bus Driver) - c:\windows\system32\drivers\isapnp.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R0 kl1 - c:\windows\system32\drivers\kl1.sys <Not Verified; Kaspersky Lab; Kaspersky Anti-Virus>
R0 KSecDD - c:\windows\system32\drivers\ksecdd.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R0 MountMgr - c:\windows\system32\drivers\mountmgr.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R0 Mup - c:\windows\system32\drivers\mup.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R0 NDIS (NDIS System Driver) - c:\windows\system32\drivers\ndis.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R0 ohci1394 (Texas Instruments OHCI Compliant IEEE 1394 Host Controller) - c:\windows\system32\drivers\ohci1394.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R0 PartMgr - c:\windows\system32\drivers\partmgr.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R0 PCI (PCI Bus Driver) - c:\windows\system32\drivers\pci.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R0 PCIIde - c:\windows\system32\drivers\pciide.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R0 Pcmcia - c:\windows\system32\drivers\pcmcia.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R0 PxHelp20 - c:\windows\system32\drivers\pxhelp20.sys <Not Verified; Sonic Solutions; PxHelp20>
R0 Sparrow - c:\windows\system32\drivers\sparrow.sys <Not Verified; Adaptec, Inc.; Microsoft(R) Windows (R) 2000 Operating System>
R0 sr (System Restore Filter Driver) - c:\windows\system32\drivers\sr.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R0 VolSnap - c:\windows\system32\drivers\volsnap.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R1 AFD - c:\windows\system32\drivers\afd.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R1 Beep - c:\windows\system32\drivers\beep.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R1 Cdr4_xp - c:\windows\system32\drivers\cdr4_xp.sys <Not Verified; Roxio; Drag-to-Disc>
R1 Cdralw2k - c:\windows\system32\drivers\cdralw2k.sys <Not Verified; Roxio; Drag-to-Disc>
R1 Cdrom (CD-ROM Driver) - c:\windows\system32\drivers\cdrom.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R1 cdudf_xp - c:\windows\system32\drivers\cdudf_xp.sys <Not Verified; Roxio; Drag-to-Disc>
R1 DMICall (Sony DMI Call service) - c:\windows\system32\drivers\dmicall.sys <Not Verified; Sony Corporation; Windows 2000 DMI Call Kernel Driver>
R1 Fips - c:\windows\system32\drivers\fips.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R1 i8042prt (i8042 Keyboard and PS/2 Mouse Port Driver) - c:\windows\system32\drivers\i8042prt.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R1 Imapi (CD-Burning Filter Driver) - c:\windows\system32\drivers\imapi.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R1 intelppm (Intel Processor Driver) - c:\windows\system32\drivers\intelppm.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R1 IPSec (IPSEC driver) - c:\windows\system32\drivers\ipsec.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R1 Kbdclass (Keyboard Class Driver) - c:\windows\system32\drivers\kbdclass.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R1 klif - c:\windows\system32\drivers\klif.sys <Not Verified; Kaspersky Lab; Kaspersky Anti-Virus>
R1 mnmdd - c:\windows\system32\drivers\mnmdd.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R1 Mouclass (Mouse Class Driver) - c:\windows\system32\drivers\mouclass.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R1 MRxSmb - c:\windows\system32\drivers\mrxsmb.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R1 Msfs - c:\windows\system32\drivers\msfs.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R1 NetBIOS (NetBIOS Interface) - c:\windows\system32\drivers\netbios.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R1 NetBT (NetBios over Tcpip) - c:\windows\system32\drivers\netbt.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R1 Npfs - c:\windows\system32\drivers\npfs.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R1 Null - c:\windows\system32\drivers\null.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R1 pwd_2k - c:\windows\system32\drivers\pwd_2k.sys <Not Verified; Roxio; Drag-to-Disc>
R1 RasAcd (Remote Access Auto Connection Driver) - c:\windows\system32\drivers\rasacd.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R1 Rdbss - c:\windows\system32\drivers\rdbss.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R1 RDPCDD - c:\windows\system32\drivers\rdpcdd.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R1 redbook (Digital CD Audio Playback Filter Driver) - c:\windows\system32\drivers\redbook.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R1 Tcpip (TCP/IP Protocol Driver) - c:\windows\system32\drivers\tcpip.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R1 TermDD (Terminal Device Driver) - c:\windows\system32\drivers\termdd.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R1 UdfReadr_xp - c:\windows\system32\drivers\udfreadr_xp.sys <Not Verified; Roxio; Drag-to-Disc>
R1 VgaSave - c:\windows\system32\drivers\vga.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.2.0.3) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.2.0.3>
R2 mdmxsdk - c:\windows\system32\drivers\mdmxsdk.sys <Not Verified; Conexant; Diagnostic Interface>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>
R3 aeaudio - c:\windows\system32\drivers\aeaudio.sys <Not Verified; Andrea Electronics Corporation; Andrea Audio Driver>
R3 ApfiltrService (Alps Pointing-device Filter Driver) - c:\windows\system32\drivers\apfiltr.sys <Not Verified; Alps Electric Co., Ltd.; Alps Touch Pad Driver for Windows 2000/XP>
R3 Arp1394 (1394 ARP Client Protocol) - c:\windows\system32\drivers\arp1394.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R3 AsyncMac (RAS Asynchronous Media Driver) - c:\windows\system32\drivers\asyncmac.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R3 audstub (Audio Stub Driver) - c:\windows\system32\drivers\audstub.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R3 BthEnum (Bluetooth Request Block Driver) - c:\windows\system32\drivers\bthenum.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R3 BTHMODEM (Bluetooth Serial Communications Driver) - c:\windows\system32\drivers\bthmodem.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R3 BthPan (Bluetooth Device (Personal Area Network)) - c:\windows\system32\drivers\bthpan.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R3 BTHUSB (Bluetooth Radio USB Driver) - c:\windows\system32\drivers\bthusb.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R3 CmBatt (Microsoft AC Adapter Driver) - c:\windows\system32\drivers\cmbatt.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R3 dvd_2K - c:\windows\system32\drivers\dvd_2k.sys <Not Verified; Roxio; Drag-to-Disc>
R3 E100B (Intel(R) PRO Adapter Driver) - c:\windows\system32\drivers\e100b325.sys <Not Verified; Intel Corporation; Intel(R) PRO/100 Adapter>
R3 GEARAspiWDM (GEAR CDRom Filter) - c:\windows\system32\drivers\gearaspiwdm.sys <Not Verified; GEAR Software Inc.; GEAR.wrks>
R3 Gpc (Generic Packet Classifier) - c:\windows\system32\drivers\msgpc.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R3 HSF_DP - c:\windows\system32\drivers\hsf_dp.sys <Not Verified; Conexant Systems, Inc.; SoftK56 Modem Driver>
R3 HSFHWICH - c:\windows\system32\drivers\hsfhwich.sys <Not Verified; Conexant Systems, Inc.; SoftK56 Modem Driver>
R3 HTTP - c:\windows\system32\drivers\http.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R3 ialm - c:\windows\system32\drivers\ialmnt5.sys <Not Verified; Intel Corporation; Intel Graphics Accelerator Drivers for Windows NT(R)>
R3 IpNat (IP Network Address Translator) - c:\windows\system32\drivers\ipnat.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R3 klim5 (Kaspersky Anti-Virus NDIS Filter) - c:\windows\system32\drivers\klim5.sys <Not Verified; Kaspersky Lab; Kaspersky Anti-Virus>
R3 kmixer (Microsoft Kernel Wave Audio Mixer) - c:\windows\system32\drivers\kmixer.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R3 Modem - c:\windows\system32\drivers\modem.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R3 MRxDAV (WebDav Client Redirector) - c:\windows\system32\drivers\mrxdav.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R3 mssmbios (Microsoft System Management BIOS Driver) - c:\windows\system32\drivers\mssmbios.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R3 NdisTapi (Remote Access NDIS TAPI Driver) - c:\windows\system32\drivers\ndistapi.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R3 Ndisuio (NDIS Usermode I/O Protocol) - c:\windows\system32\drivers\ndisuio.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R3 NdisWan (Remote Access NDIS WAN Driver) - c:\windows\system32\drivers\ndiswan.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R3 NDProxy (NDIS Proxy) - c:\windows\system32\drivers\ndproxy.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R3 NIC1394 (1394 Net Driver) - c:\windows\system32\drivers\nic1394.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R3 PptpMiniport (WAN Miniport (PPTP)) - c:\windows\system32\drivers\raspptp.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R3 PSched (QoS Packet Scheduler) - c:\windows\system32\drivers\psched.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R3 Ptilink (Direct Parallel Link Driver) - c:\windows\system32\drivers\ptilink.sys <Not Verified; Parallel Technologies, Inc.; Microsoft® Windows® Operating System>
R3 Rasl2tp (WAN Miniport (L2TP)) - c:\windows\system32\drivers\rasl2tp.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R3 RasPppoe (Remote Access PPPOE Driver) - c:\windows\system32\drivers\raspppoe.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R3 Raspti (Direct Parallel) - c:\windows\system32\drivers\raspti.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R3 rdpdr (Terminal Server Device Redirector Driver) - c:\windows\system32\drivers\rdpdr.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R3 RFCOMM (Bluetooth Device (RFCOMM Protocol TDI)) - c:\windows\system32\drivers\rfcomm.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R3 smwdm - c:\windows\system32\drivers\smwdm.sys <Not Verified; Analog Devices, Inc.; SoundMAX Digital Audio Driver>
R3 SNC (Sony Notebook Control Device) - c:\windows\system32\drivers\sonync.sys <Not Verified; Sony Corporation; Sony Notebook Control driver for PCG Series>
R3 SPI (Sony Programmable I/O Control Device) - c:\windows\system32\drivers\sonypi.sys <Not Verified; Sony Corporation; SonyPI.sys>
R3 Srv - c:\windows\system32\drivers\srv.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R3 swenum (Software Bus Driver) - c:\windows\system32\drivers\swenum.sys <Not Verified; Microsoft Corporation; Microsoft(R) Windows(R) Operating System>
R3 sysaudio (Microsoft Kernel System Audio Device) - c:\windows\system32\drivers\sysaudio.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R3 tifmsony - c:\windows\system32\drivers\tifmsony.sys <Not Verified; Texas Instruments; Texas Instruments PCIxx20 UltraMedia>
R3 Update (Microcode Update Driver) - c:\windows\system32\drivers\update.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R3 usbehci (Microsoft USB 2.0 Enhanced Host Controller Miniport Driver) - c:\windows\system32\drivers\usbehci.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R3 usbhub (USB2 Enabled Hub) - c:\windows\system32\drivers\usbhub.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R3 usbuhci (Microsoft USB Universal Host Controller Miniport Driver) - c:\windows\system32\drivers\usbuhci.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R3 w29n51 (Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows XP) - c:\windows\system32\drivers\w29n51.sys <Not Verified; Intel® Corporation; Intel® Wireless LAN Adapter>
R3 Wanarp (Remote Access IP ARP Driver) - c:\windows\system32\drivers\wanarp.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R3 wdmaud (Microsoft WINMM WDM Audio Compatibility Driver) - c:\windows\system32\drivers\wdmaud.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R3 winachsf - c:\windows\system32\drivers\hsf_cnxt.sys <Not Verified; Conexant Systems, Inc.; SoftK56 Modem Driver>
R4 Cdfs - c:\windows\system32\drivers\cdfs.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R4 Ntfs - c:\windows\system32\drivers\ntfs.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R4 Udfs - c:\windows\system32\drivers\udfs.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>

To Be Continued.......

mikeschumann · 2008/01/23

Continued.......

S1 Cdaudio - c:\windows\system32\drivers\cdaudio.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S1 Fdc - c:\windows\system32\drivers\fdc.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S1 Flpydisk - c:\windows\system32\drivers\flpydisk.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 4mmdat - c:\windows\system32\drivers\4mmdat.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 aec (Microsoft Kernel Acoustic Echo Canceller) - c:\windows\system32\drivers\aec.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 Atmarpc (ATM ARP Client Protocol) - c:\windows\system32\drivers\atmarpc.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 BTHPORT (Bluetooth Port Driver) - c:\windows\system32\drivers\bthport.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 DMusic (Microsoft Kernel DLS Syntheiszer) - c:\windows\system32\drivers\dmusic.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 drmkaud (Microsoft Kernel DRM Audio Descrambler) - c:\windows\system32\drivers\drmkaud.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 FILEMON - c:\windows\system32\drivers\filem.sys (file missing)
S3 genmcmnUSB (USB Scroll Mouse Driver) - c:\windows\system32\drivers\gflmouhid.sys <Not Verified; ; Low Filter Driver>
S3 HidUsb (Microsoft HID Class Driver) - c:\windows\system32\drivers\hidusb.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 Ip6Fw (IPv6 Windows Firewall Driver) - c:\windows\system32\drivers\ip6fw.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 IpFilterDriver (IP Traffic Filter Driver) - c:\windows\system32\drivers\ipfltdrv.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 IpInIp (IP in IP Tunnel Driver) - c:\windows\system32\drivers\ipinip.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 IRENUM (IR Enumerator Service) - c:\windows\system32\drivers\irenum.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 mmc_2K - c:\windows\system32\drivers\mmc_2k.sys <Not Verified; Roxio; Drag-to-Disc>
S3 mouhid (Mouse HID Driver) - c:\windows\system32\drivers\mouhid.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 MSKSSRV (Microsoft Streaming Service Proxy) - c:\windows\system32\drivers\mskssrv.sys <Not Verified; Microsoft Corporation; Microsoft(R) Windows(R) Operating System>
S3 MSPCLOCK (Microsoft Streaming Clock Proxy) - c:\windows\system32\drivers\mspclock.sys <Not Verified; Microsoft Corporation; Microsoft(R) Windows(R) Operating System>
S3 MSPQM (Microsoft Streaming Quality Manager Proxy) - c:\windows\system32\drivers\mspqm.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 NTIDrvr (Upper Class Filter Driver) - c:\windows\system32\drivers\ntidrvr.sys <Not Verified; NewTech Infosystems, Inc.; >
S3 NwlnkFlt (IPX Traffic Filter Driver) - c:\windows\system32\drivers\nwlnkflt.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 NwlnkFwd (IPX Traffic Forwarder Driver) - c:\windows\system32\drivers\nwlnkfwd.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 Parport - c:\windows\system32\drivers\parport.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 PCANDIS5 (PCANDIS5 Protocol Driver) - c:\progra~1\ugutil\program\pcandis5.sys (file missing)
S3 PCTINDIS5 (PCTINDIS5 NDIS Protocol Driver) - c:\windows\system32\pctindis5.sys <Not Verified; PCTEL Inc.; PCTEL Rawether for Windows>
S3 RDPWD - c:\windows\system32\drivers\rdpwd.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 Secdrv - c:\windows\system32\drivers\secdrv.sys <Not Verified; Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.; Macrovision SECURITY Driver>
S3 SEMWModem (Sony Ericsson SEMWModem) - c:\windows\system32\drivers\gcxx.sys <Not Verified; Broadcom Corporation; Broadcom Wireless Modem Device Driver>
S3 SEMWWNIC (Sony Ericsson SEMWWNIC) - c:\windows\system32\drivers\gcxxnet.sys <Not Verified; Broadcom Corporation; Broadcom Wireless Modem NDIS Driver>
S3 Ser2pl (ATEN USB to Serial port driver) - c:\windows\system32\drivers\ser2pl.sys <Not Verified; Prolific Technology Inc.; Prolific USB-to-Serial Bridge Cable>
S3 Serenum (Serenum Filter Driver) - c:\windows\system32\drivers\serenum.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 Serial - c:\windows\system32\drivers\serial.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 Sfloppy (High-Capacity Floppy Disk Drive) - c:\windows\system32\drivers\sfloppy.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 splitter (Microsoft Kernel Audio Splitter) - c:\windows\system32\drivers\splitter.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 swmidi (Microsoft Kernel GS Wavetable Synthesizer) - c:\windows\system32\drivers\swmidi.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 SymIM (Symantec Network Security Intermediate Filter Service) - c:\windows\system32\drivers\symim.sys (file missing)
S3 SymIMMP - c:\windows\system32\drivers\symim.sys (file missing)
S3 TDPIPE - c:\windows\system32\drivers\tdpipe.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 TDTCP - c:\windows\system32\drivers\tdtcp.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 usbprint (Microsoft USB PRINTER Class) - c:\windows\system32\drivers\usbprint.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 usbscan (USB Scanner Driver) - c:\windows\system32\drivers\usbscan.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 usbstor (USB Mass Storage Driver) - c:\windows\system32\drivers\usbstor.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 WudfPf (Windows Driver Foundation - User-mode Driver Framework Platform Driver) - c:\windows\system32\drivers\wudfpf.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 WudfRd (Windows Driver Foundation - User-mode Driver Framework Reflector) - c:\windows\system32\drivers\wudfrd.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S4 cbidf2k - c:\windows\system32\drivers\cbidf2k.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S4 dmboot - c:\windows\system32\drivers\dmboot.sys <Not Verified; Microsoft Corp., Veritas Software; VERITAS® NT Disk Manager>
S4 Fastfat - c:\windows\system32\drivers\fastfat.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S4 ParVdm - c:\windows\system32\drivers\parvdm.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S4 WS2IFSL (Windows Socket 2.0 Non-IFS Service Provider Support Environment) - c:\windows\system32\drivers\ws2ifsl.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Alerter - c:\windows\system32\svchost.exe -k localservice <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 AudioSrv (Windows Audio) - c:\windows\system32\svchost.exe -k netsvcs <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R2 AVP (Kaspersky Anti-Virus 7.0) - "c:\program files\kaspersky lab\kaspersky anti-virus 7.0\avp.exe" -r <Not Verified; Kaspersky Lab; Kaspersky Anti-Virus>
R2 AxisCameraStation (AXIS Camera Station Service) - c:\program files\axis communications\axis camera station\acsservice.exe <Not Verified; Axis Communications AB; AXIS Camera Station>
R2 BthServ (Bluetooth Support Service) - c:\windows\system32\svchost.exe -k bthsvcs <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R2 CCALib8 (Canon Camera Access Library 8) - c:\program files\canon\cal\calmain.exe <Not Verified; Canon Inc.; >
R2 CryptSvc (Cryptographic Services) - c:\windows\system32\svchost.exe -k netsvcs <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R2 DcomLaunch (DCOM Server Process Launcher) - c:\windows\system32\svchost -k dcomlaunch <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R2 Dhcp (DHCP Client) - c:\windows\system32\svchost.exe -k netsvcs <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R2 dmserver (Logical Disk Manager) - c:\windows\system32\svchost.exe -k netsvcs <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R2 Dnscache (DNS Client) - c:\windows\system32\svchost.exe -k networkservice <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R2 ERSvc (Error Reporting Service) - c:\windows\system32\svchost.exe -k netsvcs <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R2 Eventlog (Event Log) - c:\windows\system32\services.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R2 EvtEng - c:\program files\intel\wireless\bin\evteng.exe <Not Verified; Intel Corporation; EvtEng Module>
R2 Fax - c:\windows\system32\fxssvc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R2 helpsvc (Help and Support) - c:\windows\system32\svchost.exe -k netsvcs <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R2 lanmanserver (Server) - c:\windows\system32\svchost.exe -k netsvcs <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R2 lanmanworkstation (Workstation) - c:\windows\system32\svchost.exe -k netsvcs <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R2 LmHosts (TCP/IP NetBIOS Helper) - c:\windows\system32\svchost.exe -k localservice <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R2 PlugPlay (Plug and Play) - c:\windows\system32\services.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R2 PolicyAgent (IPSEC Services) - c:\windows\system32\lsass.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R2 ProtectedStorage (Protected Storage) - c:\windows\system32\lsass.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R2 RegSrvc - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; RegSrvc Module>
R2 RemoteRegistry (Remote Registry) - c:\windows\system32\svchost.exe -k localservice <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R2 RpcSs (Remote Procedure Call (RPC)) - c:\windows\system32\svchost -k rpcss <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R2 S24EventMonitor (Spectrum24 Event Monitor) - c:\program files\intel\wireless\bin\s24evmon.exe <Not Verified; Intel Corporation; Mobile Unit Support Service>
R2 SamSs (Security Accounts Manager) - c:\windows\system32\lsass.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R2 Schedule (Task Scheduler) - c:\windows\system32\svchost.exe -k netsvcs <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R2 seclogon (Secondary Logon) - c:\windows\system32\svchost.exe -k netsvcs <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R2 SENS (System Event Notification) - c:\windows\system32\svchost.exe -k netsvcs <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R2 SharedAccess (Windows Firewall/Internet Connection Sharing (ICS)) - c:\windows\system32\svchost.exe -k netsvcs <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R2 ShellHWDetection (Shell Hardware Detection) - c:\windows\system32\svchost.exe -k netsvcs <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R2 SoundMAX Agent Service (default) (SoundMAX Agent Service) - c:\program files\analog devices\soundmax\smagent.exe <Not Verified; Analog Devices, Inc.; SoundMAX service agent>
R2 Spooler (Print Spooler) - c:\windows\system32\spoolsv.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R2 SQLWriter (SQL Server VSS Writer) - "c:\program files\microsoft sql server\90\shared\sqlwriter.exe" <Not Verified; Microsoft Corporation; Microsoft SQL Server>
R2 srservice (System Restore Service) - c:\windows\system32\svchost.exe -k netsvcs <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R2 stisvc (Windows Image Acquisition (WIA)) - c:\windows\system32\svchost.exe -k imgsvc <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R2 Themes - c:\windows\system32\svchost.exe -k netsvcs <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R2 VzCdbSvc (VAIO Entertainment Database Service) - "c:\program files\common files\sony shared\vaio entertainment platform\vzcdb\vzcdbsvc.exe" <Not Verified; Sony Corporation; VAIO Entertainment>
R2 VzFw (VAIO Entertainment File Import Service) - c:\program files\common files\sony shared\vaio entertainment platform\vzcdb\vzfw.exe
R2 W32Time (Windows Time) - c:\windows\system32\svchost.exe -k netsvcs <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R2 WebClient - c:\windows\system32\svchost.exe -k localservice <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R2 winmgmt (Windows Management Instrumentation) - c:\windows\system32\svchost.exe -k netsvcs <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R2 WMDM PMSP Service - c:\windows\system32\mspmspsv.exe <Not Verified; Microsoft Corporation; Microsoft (R) DRM>
R2 wscsvc (Security Center) - c:\windows\system32\svchost.exe -k netsvcs <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R2 wuauserv (Automatic Updates) - c:\windows\system32\svchost.exe -k netsvcs <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R2 WZCSVC (Wireless Zero Configuration) - c:\windows\system32\svchost.exe -k netsvcs <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R3 ALG (Application Layer Gateway Service) - c:\windows\system32\alg.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R3 EventSystem (COM+ Event System) - c:\windows\system32\svchost.exe -k netsvcs <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R3 FastUserSwitchingCompatibility (Fast User Switching Compatibility) - c:\windows\system32\svchost.exe -k netsvcs <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R3 HTTPFilter (HTTP SSL) - c:\windows\system32\svchost.exe -k httpfilter <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R3 iPod Service - "c:\program files\ipod\bin\ipodservice.exe" <Not Verified; Apple Inc.; iTunes>
R3 Netman (Network Connections) - c:\windows\system32\svchost.exe -k netsvcs <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R3 Nla (Network Location Awareness (NLA)) - c:\windows\system32\svchost.exe -k netsvcs <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R3 RasMan (Remote Access Connection Manager) - c:\windows\system32\svchost.exe -k netsvcs <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R3 SSDPSRV (SSDP Discovery Service) - c:\windows\system32\svchost.exe -k localservice <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R3 TapiSrv (Telephony) - c:\windows\system32\svchost.exe -k netsvcs <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R3 TermService (Terminal Services) - c:\windows\system32\svchost -k dcomlaunch <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R3 upnphost (Universal Plug and Play Device Host) - c:\windows\system32\svchost.exe -k localservice <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R3 VAIO Entertainment Aggregation and Control Service - "c:\program files\common files\sony shared\vaio entertainment\vzrs\vzrs.exe" <Not Verified; Sony Corporation; VAIO Entertainment>
R3 Vcsw (VAIO Entertainment UPnP Client Adapter) - c:\program files\common files\sony shared\vaio entertainment platform\vcsw\vcsw.exe -runbyscm
R3 WMPNetworkSvc (Windows Media Player Network Sharing Service) - "c:\program files\windows media player\wmpnetwk.exe" <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>

S2 AMS SDK - c:\windows\java\java.exe (file missing)
S2 Browser (Computer Browser) - c:\windows\system32\svchost.exe -k netsvcs <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S2 TrkWks (Distributed Link Tracking Client) - c:\windows\system32\svchost.exe -k netsvcs <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 Adobe LM Service - "c:\program files\common files\adobe systems shared\service\adobelmsvc.exe" <Not Verified; Adobe Systems; Adobe LM Service>
S3 AppMgmt (Application Management) - c:\windows\system32\svchost.exe -k netsvcs <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 aspnet_state (ASP.NET State Service) - c:\windows\microsoft.net\framework\v2.0.50727\aspnet_state.exe <Not Verified; Microsoft Corporation; Microsoft® .NET Framework>
S3 BITS (Background Intelligent Transfer Service) - c:\windows\system32\svchost.exe -k netsvcs <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 CiSvc (Indexing Service) - c:\windows\system32\cisvc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 clr_optimization_v2.0.50727_32 (.NET Runtime Optimization Service v2.0.50727_X86) - c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe <Not Verified; Microsoft Corporation; Microsoft® .NET Framework>
S3 COMSysApp (COM+ System Application) - c:\windows\system32\dllhost.exe /processid:{02d4b3f1-fd88-11d1-960d-00805fc79235} <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 dmadmin (Logical Disk Manager Administrative Service) - c:\windows\system32\dmadmin.exe /com <Not Verified; Microsoft Corp., Veritas Software; Logical Disk Manager for Windows NT>
S3 IDriverT (InstallDriver Table Manager) - "c:\program files\common files\installshield\driver\11\intel 32\idrivert.exe" <Not Verified; Macrovision Corporation; InstallShield (R)>
S3 Image Converter video recording monitor for VAIO Entertainment - c:\program files\sony\image converter 2\icvzmon.exe <Not Verified; Sony Corporation; Image Converter 2>
S3 ImapiService (IMAPI CD-Burning COM Service) - c:\windows\system32\imapi.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 mnmsrvc (NetMeeting Remote Desktop Sharing) - c:\windows\system32\mnmsrvc.exe <Not Verified; Microsoft Corporation; Windows® NetMeeting®>
S3 MSCSPTISRV - "c:\program files\common files\sony shared\avlib\mscsptisrv.exe" <Not Verified; Sony Corporation; MSCSPTISRV Module>
S3 MSDTC (Distributed Transaction Coordinator) - c:\windows\system32\msdtc.exe <Not Verified; Microsoft Corporation; Microsoft Distributed Transaction Coordinator>
S3 MSIServer (Windows Installer) - c:\windows\system32\msiexec.exe /v <Not Verified; Microsoft Corporation; Windows Installer - Unicode>
S3 MSSQL$SQLEXPRESS (SQL Server (SQLEXPRESS)) - "c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe" -ssqlexpress <Not Verified; Microsoft Corporation; Microsoft SQL Server>
S3 Netlogon (Net Logon) - c:\windows\system32\lsass.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 NtLmSsp (NT LM Security Support Provider) - c:\windows\system32\lsass.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 NtmsSvc (Removable Storage) - c:\windows\system32\svchost.exe -k netsvcs <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 PACSPTISVR - "c:\program files\common files\sony shared\avlib\pacsptisvr.exe" <Not Verified; Sony Corporation; PACSPTISVR Module>
S3 RasAuto (Remote Access Auto Connection Manager) - c:\windows\system32\svchost.exe -k netsvcs <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 RDSessMgr (Remote Desktop Help Session Manager) - c:\windows\system32\sessmgr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 RpcLocator (Remote Procedure Call (RPC) Locator) - c:\windows\system32\locator.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 RSVP (QoS RSVP) - c:\windows\system32\rsvp.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 SCardSvr (Smart Card) - c:\windows\system32\scardsvr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 SPTISRV (Sony SPTI Service) - "c:\program files\common files\sony shared\avlib\sptisrv.exe" <Not Verified; Sony Corporation; SPTISRV Module>
S3 SQLBrowser (SQL Server Browser) - "c:\program files\microsoft sql server\90\shared\sqlbrowser.exe" <Not Verified; Microsoft Corporation; Microsoft SQL Server>
S3 SSScsiSV (SonicStage SCSI Service) - c:\program files\common files\sony shared\avlib\ssscsisv.exe <Not Verified; Sony Corporation; SonicStage>
S3 SwPrv (MS Software Shadow Copy Provider) - c:\windows\system32\dllhost.exe /processid:{b98e13b5-c74f-47b7-b119-68b74ddbb5da} <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 SysmonLog (Performance Logs and Alerts) - c:\windows\system32\smlogsvc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 UPS (Uninterruptible Power Supply) - c:\windows\system32\ups.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 VAIO Entertainment Task Scheduler - "c:\program files\sony\vaio entertainment\vztaskscheduler.exe" <Not Verified; Sony Corporation; VAIO Entertainment>
S3 VAIO Entertainment TV Device Arbitration Service - "c:\program files\common files\sony shared\vaio entertainment platform\vzcs\vzhardwareresourcemanager\vzhardwareresourcemanager.exe" <Not Verified; Sony Corporation; VAIO Entertainment>
S3 VAIOMediaPlatform-IntegratedServer-AppServer (VAIO Media Integrated Server) - c:\program files\sony\vaio media integrated server\vmisrv.exe <Not Verified; Sony Corporation; VAIO Media Integrated Server>
S3 VAIOMediaPlatform-IntegratedServer-HTTP (VAIO Media Integrated Server (HTTP)) - "c:\program files\sony\vaio media integrated server\platform\sv_httpd.exe" /service=vaiomediaplatform-integratedserver-http /regroot= "software\sony corporation\vaio media platform\2.0" /regext= "applications\integratedserver\http" <Not Verified; Sony Corporation; SV_Httpd.exe>
S3 VAIOMediaPlatform-IntegratedServer-UPnP (VAIO Media Integrated Server (UPnP)) - c:\program files\sony\vaio media integrated server\platform\upnpframework.exe <Not Verified; Sony Corporation; UPnPFramework.exe>
S3 VAIOMediaPlatform-Mobile-Gateway (VAIO Media Gateway Server) - "c:\program files\sony\vaio media integrated server\platform\vmgateway.exe" /service=vaiomediaplatform-mobile-gateway /regroot= "software\sony corporation\vaio media platform\2.0" /regext= "\addons\packages\mobile\gateway" /displayname= "vaio media gateway server" <Not Verified; Sony Corporation; VmGateway.exe>
S3 VSS (Volume Shadow Copy) - c:\windows\system32\vssvc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 WmdmPmSN (Portable Media Serial Number Service) - c:\windows\system32\svchost.exe -k netsvcs <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 Wmi (Windows Management Instrumentation Driver Extensions) - c:\windows\system32\svchost.exe -k netsvcs <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 WmiApSrv (WMI Performance Adapter) - c:\windows\system32\wbem\wmiapsrv.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 WudfSvc (Windows Driver Foundation - User-mode Driver Framework) - c:\windows\system32\svchost.exe -k wudfservicegroup <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 xmlprov (Network Provisioning Service) - c:\windows\system32\svchost.exe -k netsvcs <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S4 ClipSrv (ClipBook) - c:\windows\system32\clipsrv.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S4 HidServ (Human Interface Device Access) - c:\windows\system32\svchost.exe -k netsvcs <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S4 Messenger - c:\windows\system32\svchost.exe -k netsvcs <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S4 MSSQLServerADHelper (SQL Server Active Directory Helper) - "c:\program files\microsoft sql server\90\shared\sqladhlp90.exe" <Not Verified; Microsoft Corporation; Microsoft SQL Server>
S4 NetDDE (Network DDE) - c:\windows\system32\netdde.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S4 NetDDEdsdm (Network DDE DSDM) - c:\windows\system32\netdde.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S4 RemoteAccess (Routing and Remote Access) - c:\windows\system32\svchost.exe -k netsvcs <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S4 TlntSvr (Telnet) - c:\windows\system32\tlntsvr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>

-- End of Deckard's System Scanner: finished at 2008-01-23 07:48:58 ------------

noahdfear · 2008/01/24

Looks good. Everything still working properly?

mikeschumann · 2008/01/24

Everything seems to be working great. Thanks for all of your help.

noahdfear · 2008/01/25

Delete the folder C:\Deckard then empty the recycle bin. You should probably clear your system restore points as well, so there's no chance of using one that might put the infection back in place.

Clear past system restore points and create a new one.
Right click My Computer and select Properties. On the System Restore tab, check the box to turn System Restore off. Click Apply. Now, uncheck the box and click Apply. Click OK, then OK to close the System Properties dialog.

Verify a new restore point was created.
Click Start>All Programs>Accessories>System Tools>System Restore
Select 'Restore my computer to an earlier time', then click next.
You should have a newly created System Checkpoint available. If so, click Cancel. If not, click Back and select 'Create a restore point' then click Next. Give the restore point a name and click next.

I'm glad I could help, and you're very welcome.

mikeschumann · 2008/01/25

All done! Thanks for your help!

noahdfear · 2008/01/25

You betcha!

Log in or Sign up

Solved backdoor.win32.emogen.a Virus - Can't Remove

mikeschumann Inactive Thread Starter

noahdfear Inactive

mikeschumann Inactive Thread Starter

white7782 Inactive

mikeschumann Inactive Thread Starter

noahdfear Inactive

mikeschumann Inactive Thread Starter

noahdfear Inactive

mikeschumann Inactive Thread Starter

mikeschumann Inactive Thread Starter

noahdfear Inactive

mikeschumann Inactive Thread Starter

noahdfear Inactive

mikeschumann Inactive Thread Starter

noahdfear Inactive

Share This Page

Log in or Sign up

Solved backdoor.win32.emogen.a Virus - Can't Remove

mikeschumann Inactive Thread Starter

noahdfear Inactive

mikeschumann Inactive Thread Starter

white7782 Inactive

mikeschumann Inactive Thread Starter

noahdfear Inactive

mikeschumann Inactive Thread Starter

noahdfear Inactive

mikeschumann Inactive Thread Starter

mikeschumann Inactive Thread Starter

noahdfear Inactive

mikeschumann Inactive Thread Starter

noahdfear Inactive

mikeschumann Inactive Thread Starter

noahdfear Inactive

Share This Page

Useful Searches