Sony VAIO WinXP Media Center laptop's svehost.exe file attacked by Trojan

Nope. Not even an error message, just a white browser page in FF.

Nope again. Not even an error message, still just a white browser page in FF.

You genius! This worked.

And no worries, I had saved the install exes for Avast and ZA.

Huzzah!

Searched for "test" in Google and got a Google search page, disconnected, came back, am ready for more wisdom.

Do you think the bug messed up Avast and/or ZA?

Thanks.

 

Hi
OK reinstall Avast anti-Virus and zone Alarm.
Make sure you update Avast.

Then test again.

It could be that Avast or Zone Alarm was corrupted,

Now if you have internet after the reinstall post a new dss log.

Thanks
Geri

 

Deckard's System Scanner v20071014.68
Run by Britpoptarts on 2008-06-08 17:34:34
Computer is in Normal Mode.
--------------------------------------------------------------------------------

System Drive C: has 17.46 GiB (less than 15%) free.


-- HijackThis (run as Britpoptarts.exe) ----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:34:53 PM, on 6/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CachemanXP\CachemanXP.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Skyhook Wireless\Wi-Fi Service\WPSScannerSvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Sony\AppMonUtil\AppMonUtility.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\WinCleaner Memory Optimizer\WinMemOpt.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Documents and Settings\Britpoptarts\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\BRITPO~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealOne Player\rpbrowserrecordplugin.dll
O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [AppMon Utility] C:\Program Files\Sony\AppMonUtil\AppMonUtility.exe @@@Start
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe "
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe "
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe "
O4 - HKCU\..\Run: [WinMem] C:\Program Files\WinCleaner Memory Optimizer\WinMemOpt.exe
O4 - HKCU\..\Run: [Gadwin PrintScreen 3.5] "C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe" /nosplash
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Macromed\SHOCKW~1\SWHELP~1.EXE -Update -1020022 -IEXPLORE.EXE7.0
O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
O4 - .DEFAULT User Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O8 - Extra context menu item: SWF Capture tool - C:\Program Files\Eltima Software\Flash Decompiler\iebt.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\Program Files\Eltima Software\Flash Decompiler Trillix\iebt.dll
O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\Program Files\Eltima Software\Flash Decompiler Trillix\iebt.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\Program Files\Eltima Software\Flash Decompiler Trillix\iebt.dll (HKCU)
O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\Program Files\Eltima Software\Flash Decompiler Trillix\iebt.dll (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O15 - Trusted Zone: *.moreawesomethanyou.com
O15 - Trusted Zone: phorum.mustnotbenamed.com
O15 - Trusted Zone: myscad.scad.edu
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O17 - HKLM\System\CCS\Services\Tcpip\..\{F38D3425-2B23-4C5E-8366-51C31C9D34EE}: NameServer = 64.136.173.5 64.136.164.77
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\JiWire\BOT Mapping\Skype4COM.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CachemanXP (CachemanXPService) - OuterTechnologies - C:\Program Files\CachemanXP\CachemanXP.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SonicStageMonitoring - Sony Corporation - C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VideoAcceleratorEngine - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: WPS Scanner Service (WPSScannerSvc) - Skyhook Wireless - C:\Program Files\Skyhook Wireless\Wi-Fi Service\WPSScannerSvc.exe

--
End of file - 15817 bytes

-- Files created between 2008-05-08 and 2008-06-08 -----------------------------

2008-06-06 21:36:27 0 d-------- C:\Documents and Settings\Britpoptarts\Application Data\Malwarebytes
2008-06-06 21:36:25 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-06 21:36:24 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-06 17:54:37 0 d-------- C:\NoLopBackups
2008-05-30 04:52:04 0 d-------- C:\Program Files\Ubi Soft
2008-05-29 23:26:00 10747904 --a------ C:\Documents and Settings\Britpoptarts\ntuser.dat
2008-05-10 07:11:47 0 d-------- C:\Program Files\directx
2008-05-10 07:02:35 0 d-------- C:\DeusEx


-- Find3M Report ---------------------------------------------------------------

2008-06-08 16:45:51 320 --a------ C:\WINDOWS\system32\wacom.dat
2008-06-08 08:24:31 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-06-07 15:59:14 0 d-------- C:\Program Files\AskPBar
2008-06-06 22:05:32 0 d-------- C:\Program Files\speed-bit
2008-06-06 21:28:46 0 d-------- C:\Program Files\Java
2008-06-06 21:20:13 0 d-------- C:\Program Files\BitLord
2008-06-06 21:19:59 0 d-------- C:\Program Files\BitTorrent
2008-06-06 02:21:23 0 d-------- C:\Program Files\Trend Micro
2008-05-30 04:52:06 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-26 01:20:42 0 d-------- C:\Documents and Settings\Britpoptarts\Application Data\U3
2008-05-07 04:05:38 0 d-------- C:\Program Files\Trillian
2008-04-25 02:51:13 0 d-------- C:\Documents and Settings\Britpoptarts\Application Data\Azureus
2008-04-24 13:31:53 0 d-------- C:\Documents and Settings\Britpoptarts\Application Data\Doblon
2008-04-24 13:00:24 0 d-------- C:\Program Files\Doblon
2008-04-22 13:03:37 0 d-------- C:\Documents and Settings\Britpoptarts\Application Data\ZoomBrowser EX
2008-04-15 03:00:00 0 d-------- C:\Program Files\Windows Media Connect 2
2008-04-04 08:03:40 6388 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-04-04 02:37:04 50 --a------ C:\AUTOEXEC.BAT


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22}]
10/14/2005 01:21 PM 102400 --a------ C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AppMon Utility "= "C:\Program Files\Sony\AppMonUtil\AppMonUtility.exe" [03/15/2006 01:55 PM]
"SonyPowerCfg "= "C:\Program Files\Sony\VAIO Power Management\SPMgr.exe" [01/26/2006 05:28 AM]
"NvCplDaemon "= "C:\WINDOWS\system32\NvCpl.dll" [04/18/2006 11:51 AM]
"VAIO Update 2 "= "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" [10/12/2005 12:36 AM]
"VAIO Recovery "= "C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe" [04/20/2003 12:08 AM]
"GrooveMonitor "= "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [10/27/2006 01:47 AM]
"TkBellExe "= "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [03/30/2008 03:27 PM]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 02:11 AM]
"avast! "= "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [05/15/2008 07:19 PM]
"ZoneAlarm Client "= "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [03/09/2007 01:02 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinMem "= "C:\Program Files\WinCleaner Memory Optimizer\WinMemOpt.exe" [06/19/2006 03:54 PM]
"Gadwin PrintScreen 3.5 "= "C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe" [07/08/2006 04:57 AM]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [08/10/2004 08:00 AM]
"updateMgr "= "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [03/30/2006 04:45 PM]
"swg "= "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [02/28/2008 11:36 PM]
"WMPNSCFG "= "C:\Program Files\Windows Media Player\WMPNSCFG.exe" [10/18/2006 08:05 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"Shockwave Updater "=C:\WINDOWS\system32\Macromed\SHOCKW~1\SWHELP~1.EXE -Update -1020022 -IEXPLORE.EXE7.0

C:\Documents and Settings\Britpoptarts\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [9/9/2005 5:12:44 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle "=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme "=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
VESWinlogon.dll 03/09/2006 05:51 PM 73728 C:\WINDOWS\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk
backup=C:\WINDOWS\pss\Bluetooth Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Register.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Register.lnk
backup=C:\WINDOWS\pss\Register.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TabUserW.exe.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TabUserW.exe.lnk
backup=C:\WINDOWS\pss\TabUserW.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Britpoptarts^Start Menu^Programs^Startup^Creative Element Power Tools Startup.lnk]
path=C:\Documents and Settings\Britpoptarts\Start Menu\Programs\Startup\Creative Element Power Tools Startup.lnk
backup=C:\WINDOWS\pss\Creative Element Power Tools Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Britpoptarts^Start Menu^Programs^Startup^Indigo Prophecy Registration.lnk]
path=C:\Documents and Settings\Britpoptarts\Start Menu\Programs\Startup\Indigo Prophecy Registration.lnk
backup=C:\WINDOWS\pss\Indigo Prophecy Registration.lnkStartup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4drvsiteclose]
C:\Documents and Settings\All Users\Application Data\TICKWAIT4DRV\rect less.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Version Cue CS2]
"C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
C:\Program Files\Apoint\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
"C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Debug copy]
C:\DOCUME~1\BRITPO~1\APPLIC~1\SURFCO~1\baitjump.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
C:\WINDOWS\System32\DLA\DLACTRLW.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
"C:\Program Files\DAP\DAP.EXE" /STARTUP

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DRam prosessor]
prog.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
C:\WINDOWS\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Epg Service]
"C:\Program Files\InterVideo\DVDEX\TvtvEpgAcq.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadwin PrintScreen 3.5]
"C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe" /nosplash

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1174538442\ee\AOLHostManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iesetup.exe]
iesetup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISBMgr.exe]
C:\Program Files\Sony\ISB Utility\ISBMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JiWireBOTMapper]
"C:\Program Files\JiWire\BOT Mapping\JiWireBOT.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LimeShop]
javaw -cp "C:\Program Files\LimeShop\System\Code" Main lp: "C:\Program Files\LimeShop "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando]
"C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PartSeal]
C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray]
C:\Program Files\Spyware Doctor\SDTrayApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedOptimizer]
"C:\Program Files\SpeedOptimizer\SPO.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Switcher.exe]
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster2]
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIOCameraUtility]
"C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIOSurvey]
c:\program files\sony\vaio survey\surveysa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"mnmsrvc "=3 (0x3)
"MHN "=3 (0x3)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
AutoRun\command- G:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2162dc17-81b1-11dc-b34f-00130240a758}]
AutoRun\command- G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2ec4c117-01f1-11dd-904c-0002c7e542a7}]
AutoRun\command- G:\system\viewer\FlipVideoforPC.exe
Flip Video for PC\command- G:\system\viewer\FlipVideoforPC.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6f750abe-d95e-11db-b2f6-00130240a758}]
AutoRun\command- G:\wd_windows_tools\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9b33659b-79fe-11dc-b34e-0002c7e542a7}]
AutoRun\command- G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f0f4e223-ee63-11dc-b241-0002c7e542a7}]
AutoRun\command- G:\LaunchU3.exe




-- End of Deckard's System Scanner: finished at 2008-06-08 17:35:58 ------------

 

Reinstalled Avast and ZA. Both wanted me to reboot; installed Avast and chose 'later' to install ZA, then installed ZA and immediately rebooted. Avast did a scan.

Internet is working, though I only tested IE.

Windows wanted to update, but then put me through hoops and kept popping up an error screen and telling me to disable my virus alert programs.

Avast's trial period runs out in 7 days and I tried to purchase a 2-year sub, and again ran into errors when it went to the shopping cart screen (or tried to).

Even so, looks like your work has helped greatly. What are my next steps?

ETA: I uninstalled BitTorrent, BitLord, etc., so why are these programs still showing up in my DDS report? They no longer show up in the Add/Remove screen. What's up with this? Why didn't they go away?

 

Hi
OK couple questions.
Which if any of these have you removed from add remove.
µTorrent
Ask Toolbar
Azureus Vuze
BitLord 1.1
BitTorrent 5.0.9
LimeWire
LimeWire PRO 4.12.11
speed-bit Toolbar

Did you add these to your trusted sites list?
O15 - Trusted Zone: *.moreawesomethanyou.com
O15 - Trusted Zone: phorum.mustnotbenamed.com
O15 - Trusted Zone: myscad.scad.edu

Thanks
Geri

FYI
You said you are careful with the P2P. This is just for information for you so you understand what happens using P2P.
This was in your MBAM log.
HKEY_CURRENT_USER\Software\WakeNet

Please go to this link, scroll down to S. NO 6
http://spyware.processlibrary.com/details/SpyName/Riskware-P2P.Torrent101/

I can not stress enough to stay away from P2P. I see it here over and over again.
Some Malware removal sites will not even begin to clean a machine if P2P programs are installed and will help only if they are removed first. That would also be my choice here if I had that option.

 

All of them. Plus other P2Ps that weren't on your list. Are they not gone? They aren't on my Add/Remove screen any more.

Yes. The last is my grad school's site. The prior two are forums ( "simple machines ", I think, is the format/type.)

Hmm. That does not look familiar. I suppose it snuck itself in via a P2P?

I hear you. So, there seems to be a problem, here, if I did an Add/Remove and there are still P2Ps lurking. They were supposed to be removed/uninstalled. Why didn't Add/Remove work?

Grr.

 

Hi Britpoptarts

It did work but there are left overs, we'll get rid of them now.

Please download the OTMoveIt2 by OldTimer.

• Save it to your desktop.
• Please double-click OTMoveIt2.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
• Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  
  Code:

  C:\NoLopBackups
  C:\Program Files\AskPBar
  C:\Program Files\speed-bit
  C:\Program Files\BitLord
  C:\Program Files\BitTorrent
  C:\Documents and Settings\Britpoptarts\Application Data\Azureus
  

• Return to OTMoveIt2, right click in the "Paste Standard List of Files/Folders to Move " window (under the light blue bar) and choose Paste.
  
• Click the red Moveit! button.
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
• Close OTMoveIt2

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


Please backup your registry before proceeding to any of the steps.

Download ERUNT from Derfisch or Aumha and save it to your desktop.

· For version with the Installer:
Use the setup program to install ERUNT on your computer
· For the zipped version:
Unzip all the files into a folder of your choice.

After it is installed
Click "Start" > "All Programs "
Find and go to ERUNT in the menu.
In the window that opens click on ERUNT.
By Defult the backup location is c:\windows\erdnt\ (current date)
Click OK to continue with the registry backup.
If the folder does not exist then let ERUNT create the folder for you by clicking Yes
You should see a progress bar when ERUNT is backing up the Windows Registry.
After ERUNT has completed the Windows Registry backup. Click OK to exit ERUNT


Open "NotePad†Copy the contents of the code box below to the blank NotePad.
Click "File" > "Save as "
In the "Save In" box at the top click the down arrow and select DeskTop

In the "File name" type in: fix.reg
In the "Save As Type" select: All Files
Once saved, Go to your desktop double click "fix.reg file" and let it merge with the registry.

Code:

REGEDIT4

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4drvsiteclose]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LimeShop] 

Please post a new dss log.

Thanks
Geri

 

Please backup your registry before proceeding to any of the steps.

How do I do this?

 

Hi
It was the next step below that.
Thanks, I'll fix my speech for that.

Download ERUNT from Derfisch or Aumha and save it to your desktop.

• For version with the Installer:
Use the setup program to install ERUNT on your computer
• For the zipped version:
Unzip all the files into a folder of your choice.

After it is installed
Click "Start" > "All Programs "
Find and go to ERUNT in the menu.
In the window that opens click on ERUNT.
By Defult the backup location is c:\windows\erdnt\ (current date)
Click OK to continue with the registry backup.
If the folder does not exist then let ERUNT create the folder for you by clicking Yes
You should see a progress bar when ERUNT is backing up the Windows Registry.
After ERUNT has completed the Windows Registry backup. Click OK to exit ERUNT

Geri

 

My apologies, I see now that ERUNT *is* a Registry back-up program. I better get some rest before tackling the next steps if I am missing the obvious before I even start.

 

OTMoveIt Log + new DSS Log

OT Move It log

C:\NoLopBackups moved successfully.
C:\Program Files\AskPBar\bar\Settings moved successfully.
C:\Program Files\AskPBar\bar\History moved successfully.
C:\Program Files\AskPBar\bar moved successfully.
C:\Program Files\AskPBar moved successfully.
C:\Program Files\speed-bit moved successfully.
C:\Program Files\BitLord\Torrents moved successfully.
C:\Program Files\BitLord\rules moved successfully.
C:\Program Files\BitLord\lang moved successfully.
C:\Program Files\BitLord\Downloads\Adobe Acrobat Professional 8.10 + Keygen moved successfully.
C:\Program Files\BitLord\Downloads moved successfully.
C:\Program Files\BitLord moved successfully.
C:\Program Files\BitTorrent moved successfully.
C:\Documents and Settings\Britpoptarts\Application Data\Azureus\torrents moved successfully.
C:\Documents and Settings\Britpoptarts\Application Data\Azureus\tmp moved successfully.
C:\Documents and Settings\Britpoptarts\Application Data\Azureus\shares moved successfully.
C:\Documents and Settings\Britpoptarts\Application Data\Azureus\plugins moved successfully.
C:\Documents and Settings\Britpoptarts\Application Data\Azureus\net moved successfully.
C:\Documents and Settings\Britpoptarts\Application Data\Azureus\logs\save moved successfully.
C:\Documents and Settings\Britpoptarts\Application Data\Azureus\logs moved successfully.
C:\Documents and Settings\Britpoptarts\Application Data\Azureus\dht moved successfully.
C:\Documents and Settings\Britpoptarts\Application Data\Azureus\active moved successfully.
C:\Documents and Settings\Britpoptarts\Application Data\Azureus moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 06122008_185423


DSS Log

Deckard's System Scanner v20071014.68
Run by Britpoptarts on 2008-06-12 19:00:55
Computer is in Normal Mode.
--------------------------------------------------------------------------------

System Drive C: has 17.44 GiB (less than 15%) free.


-- HijackThis (run as Britpoptarts.exe) ----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:01:09 PM, on 6/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CachemanXP\CachemanXP.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Skyhook Wireless\Wi-Fi Service\WPSScannerSvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Sony\AppMonUtil\AppMonUtility.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\WinCleaner Memory Optimizer\WinMemOpt.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\ehome\EHTray.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Britpoptarts\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\BRITPO~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealOne Player\rpbrowserrecordplugin.dll
O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [AppMon Utility] C:\Program Files\Sony\AppMonUtil\AppMonUtility.exe @@@Start
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe "
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe "
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe "
O4 - HKCU\..\Run: [WinMem] C:\Program Files\WinCleaner Memory Optimizer\WinMemOpt.exe
O4 - HKCU\..\Run: [Gadwin PrintScreen 3.5] "C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe" /nosplash
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Macromed\SHOCKW~1\SWHELP~1.EXE -Update -1020022 -IEXPLORE.EXE7.0
O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
O4 - .DEFAULT User Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O8 - Extra context menu item: SWF Capture tool - C:\Program Files\Eltima Software\Flash Decompiler\iebt.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\Program Files\Eltima Software\Flash Decompiler Trillix\iebt.dll
O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\Program Files\Eltima Software\Flash Decompiler Trillix\iebt.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\Program Files\Eltima Software\Flash Decompiler Trillix\iebt.dll (HKCU)
O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\Program Files\Eltima Software\Flash Decompiler Trillix\iebt.dll (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O15 - Trusted Zone: *.moreawesomethanyou.com
O15 - Trusted Zone: phorum.mustnotbenamed.com
O15 - Trusted Zone: myscad.scad.edu
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\JiWire\BOT Mapping\Skype4COM.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CachemanXP (CachemanXPService) - OuterTechnologies - C:\Program Files\CachemanXP\CachemanXP.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SonicStageMonitoring - Sony Corporation - C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VideoAcceleratorEngine - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: WPS Scanner Service (WPSScannerSvc) - Skyhook Wireless - C:\Program Files\Skyhook Wireless\Wi-Fi Service\WPSScannerSvc.exe

--
End of file - 15961 bytes

-- Files created between 2008-05-12 and 2008-06-12 -----------------------------

2008-06-06 21:36:27 0 d-------- C:\Documents and Settings\Britpoptarts\Application Data\Malwarebytes
2008-06-06 21:36:25 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-06 21:36:24 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-30 04:52:04 0 d-------- C:\Program Files\Ubi Soft
2008-05-29 23:26:00 10747904 --a------ C:\Documents and Settings\Britpoptarts\ntuser.dat


-- Find3M Report ---------------------------------------------------------------

2008-06-08 16:45:51 320 --a------ C:\WINDOWS\system32\wacom.dat
2008-06-08 08:24:31 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-06-06 21:28:46 0 d-------- C:\Program Files\Java
2008-06-06 02:21:23 0 d-------- C:\Program Files\Trend Micro
2008-05-30 04:52:06 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-26 01:20:42 0 d-------- C:\Documents and Settings\Britpoptarts\Application Data\U3
2008-05-10 07:11:47 0 d-------- C:\Program Files\directx
2008-05-07 04:05:38 0 d-------- C:\Program Files\Trillian
2008-04-24 13:31:53 0 d-------- C:\Documents and Settings\Britpoptarts\Application Data\Doblon
2008-04-24 13:00:24 0 d-------- C:\Program Files\Doblon
2008-04-22 13:03:37 0 d-------- C:\Documents and Settings\Britpoptarts\Application Data\ZoomBrowser EX
2008-04-15 03:00:00 0 d-------- C:\Program Files\Windows Media Connect 2
2008-04-04 08:03:40 6388 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-04-04 02:37:04 50 --a------ C:\AUTOEXEC.BAT


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22}]
10/14/2005 01:21 PM 102400 --a------ C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AppMon Utility "= "C:\Program Files\Sony\AppMonUtil\AppMonUtility.exe" [03/15/2006 01:55 PM]
"SonyPowerCfg "= "C:\Program Files\Sony\VAIO Power Management\SPMgr.exe" [01/26/2006 05:28 AM]
"NvCplDaemon "= "C:\WINDOWS\system32\NvCpl.dll" [04/18/2006 11:51 AM]
"VAIO Update 2 "= "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" [10/12/2005 12:36 AM]
"VAIO Recovery "= "C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe" [04/20/2003 12:08 AM]
"GrooveMonitor "= "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [10/27/2006 01:47 AM]
"TkBellExe "= "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [03/30/2008 03:27 PM]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 02:11 AM]
"avast! "= "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [05/15/2008 07:19 PM]
"ZoneAlarm Client "= "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [03/09/2007 01:02 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinMem "= "C:\Program Files\WinCleaner Memory Optimizer\WinMemOpt.exe" [06/19/2006 03:54 PM]
"Gadwin PrintScreen 3.5 "= "C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe" [07/08/2006 04:57 AM]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [08/10/2004 08:00 AM]
"updateMgr "= "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [03/30/2006 04:45 PM]
"swg "= "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [02/28/2008 11:36 PM]
"WMPNSCFG "= "C:\Program Files\Windows Media Player\WMPNSCFG.exe" [10/18/2006 08:05 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"Shockwave Updater "=C:\WINDOWS\system32\Macromed\SHOCKW~1\SWHELP~1.EXE -Update -1020022 -IEXPLORE.EXE7.0

C:\Documents and Settings\Britpoptarts\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [9/9/2005 5:12:44 AM]
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE [10/20/2005 12:04:08 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle "=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme "=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
VESWinlogon.dll 03/09/2006 05:51 PM 73728 C:\WINDOWS\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk
backup=C:\WINDOWS\pss\Bluetooth Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Register.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Register.lnk
backup=C:\WINDOWS\pss\Register.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TabUserW.exe.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TabUserW.exe.lnk
backup=C:\WINDOWS\pss\TabUserW.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Britpoptarts^Start Menu^Programs^Startup^Creative Element Power Tools Startup.lnk]
path=C:\Documents and Settings\Britpoptarts\Start Menu\Programs\Startup\Creative Element Power Tools Startup.lnk
backup=C:\WINDOWS\pss\Creative Element Power Tools Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Britpoptarts^Start Menu^Programs^Startup^Indigo Prophecy Registration.lnk]
path=C:\Documents and Settings\Britpoptarts\Start Menu\Programs\Startup\Indigo Prophecy Registration.lnk
backup=C:\WINDOWS\pss\Indigo Prophecy Registration.lnkStartup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Version Cue CS2]
"C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
C:\Program Files\Apoint\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Debug copy]
C:\DOCUME~1\BRITPO~1\APPLIC~1\SURFCO~1\baitjump.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
C:\WINDOWS\System32\DLA\DLACTRLW.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
"C:\Program Files\DAP\DAP.EXE" /STARTUP

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DRam prosessor]
prog.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
C:\WINDOWS\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Epg Service]
"C:\Program Files\InterVideo\DVDEX\TvtvEpgAcq.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadwin PrintScreen 3.5]
"C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe" /nosplash

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1174538442\ee\AOLHostManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iesetup.exe]
iesetup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISBMgr.exe]
C:\Program Files\Sony\ISB Utility\ISBMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JiWireBOTMapper]
"C:\Program Files\JiWire\BOT Mapping\JiWireBOT.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando]
"C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PartSeal]
C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray]
C:\Program Files\Spyware Doctor\SDTrayApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedOptimizer]
"C:\Program Files\SpeedOptimizer\SPO.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Switcher.exe]
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster2]
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIOCameraUtility]
"C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIOSurvey]
c:\program files\sony\vaio survey\surveysa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"mnmsrvc "=3 (0x3)
"MHN "=3 (0x3)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
AutoRun\command- G:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2162dc17-81b1-11dc-b34f-00130240a758}]
AutoRun\command- G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2ec4c117-01f1-11dd-904c-0002c7e542a7}]
AutoRun\command- G:\system\viewer\FlipVideoforPC.exe
Flip Video for PC\command- G:\system\viewer\FlipVideoforPC.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6f750abe-d95e-11db-b2f6-00130240a758}]
AutoRun\command- G:\wd_windows_tools\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9b33659b-79fe-11dc-b34e-0002c7e542a7}]
AutoRun\command- G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f0f4e223-ee63-11dc-b241-0002c7e542a7}]
AutoRun\command- G:\LaunchU3.exe




-- End of Deckard's System Scanner: finished at 2008-06-12 19:01:33 ------------

 

Hi Britpoptarts

Ok now please do this.

Download ATF Cleaner by Atribune and save it to your Desktop.
This is a good tool to get rid of the temporary garbage you pick up while surfing the net.
Double click ATF-Cleaner.exe to run the program.
Check the boxes to the left of:

Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
Prefetch
Java Cache
Recycle bin

The rest are optional - if you want it to remove everything check "Select All ".
Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK.

Now lets get a on-line scan.

Please do an online scan with Kaspersky WebScanner

Click on "Accept" If your pop "“up blocker blocks any windows from opening.

Click Run on the window that opens.
Windows Vista users you must open the web browser using the Run as Administrator command.

• The program will launch and then begin downloading the latest definition files:
• Under Scan on the left side.Click on My Computer
• This will start the program and scan your system.
• Click the "Scan Report" On the left side.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
  • Click the Save Report As button, and in the Browse dialog box, type a name for the scan report file that you want to create and select its type Text file. Click OK to save the file.:
• Save the text file to your desktop.
• Copy and paste that information in your next post.

Please post the Kaspersky results.

Thanks
Geri

 

Kaspersky

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Wednesday, June 18, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, June 18, 2008 12:07:16
Records in database: 878597
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\

Scan statistics:
Files scanned: 638892
Threat name: 5
Infected objects: 6
Suspicious objects: 0
Duration of the scan: 07:24:56


File name / Threat name / Threats count
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\67D51AA6.exe Infected: not-a-virus:AdWare.Win32.TopMoxie.c 1
C:\Documents and Settings\Britpoptarts\Desktop\**** From Restore\External Backup\Program Files\Common Files\Totem Shared\Update\dial.dll.015 Infected: not-a-virusialer.Win32.DialerOffline 1
C:\Documents and Settings\Britpoptarts\Desktop\P2P Downloaders\Nero.8.Ultra.Edition.v8.0.3.0 + Keygen (Works 100%)\Nero PhotoShow Express\nero_photoshow_express_5_setup.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm 1
C:\Documents and Settings\Britpoptarts\Desktop\P2P Downloaders\Nero.8.Ultra.Edition.v8.0.3.0 + Keygen (Works 100%)\Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm 1
C:\Documents and Settings\Britpoptarts\My Documents\BitTorrent Downloads\ESoft.Audio.Converter.CD.Audio.Grabber.v5.4.3.Cracked.StarDust.rar Infected: Backdoor.Win32.Rbot.euv 1
G:\System Volume Information\_restore{D3D7C1EC-8769-4959-B0AB-2DD3AB50F977}\RP4\A0006298.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.603 1

The selected area was scanned.

Java Plug-in 1.6.0_03
Using JRE version 1.6.0_03 Java HotSpot(TM) Client VM
User home directory = C:\Documents and Settings\Britpoptarts


----------------------------------------------------
c: clear console window
f: finalize objects on finalization queue
g: garbage collect
h: display this help message
l: dump classloader list
m: print memory usage
o: trigger logging
p: reload proxy configuration
q: hide console
r: reload policy configuration
s: dump system and deployment properties
t: dump thread list
v: dump thread stack
x: clear classloader cache
0-5: set trace level to <n>
----------------------------------------------------

=> MainApplet.MainApplet <=
=> MainApplet.init <=
=> MainApplet.start <=
Config.getInstallPath: Install path is C:\DOCUME~1\BRITPO~1\LOCALS~1\Temp\jkos-Britpoptarts
Sun Microsystems Inc., version 1.6.0_03
Windows XP 5.1 [x86]
Browser: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.9) Gecko/20071025 Firefox/2.0.0.9
Using LookAndFeel: [The Microsoft Windows Look and Feel - com.sun.java.swing.plaf.windows.WindowsLookAndFeel]
invoke appletStarted() function.
=> ReportApplet.ReportApplet <=
=> ReportApplet.start <=
=> ReportApplet.init <=
language: en
language: en
=> MainApplet.kosInstall <=
Install.run: Prepare install
Install.run: Created directory structure.
Install.run: Extracted product configuration file.
PackageManager.PackageManager: Failed to getParameter[updateServer].
PackageManager.PackageManager: Using update server http://www.kaspersky.com/kos/eng/partner/default/.
PackageConfig.loadUpdateConfig: packages/kos-extras.jar,./,0,0
PackageConfig.loadUpdateConfig: packages/kos-bin-winnt.jar,binaries,308610,1210170622000
PackageConfig.loadUpdateConfig: packages/kos-bin-winnt-redist.jar,binaries,591083,1210170624000
PackageConfig.loadUpdateConfig: packages/kos-bin-winnt-engine.jar,binaries,2110098,1210170622000
PackageManager.loadConfig: Update configuration loaded.
PackageDownloader.isModified: [1210170624000:1210170624000] 304: Not Modified
PackageDownloader.isModified: [1210170622000:1210170622000] 304: Not Modified
PackageDownloader.isModified: [1210170622000:1210170622000] 304: Not Modified
PackageManager.checkLocalPackage: [1210170620000:0]
PackageManager.checkPackages: Local package [package.extras] is modified.
PackageManager.isUpToDate: Some packages needs update.
Starting to download: http://www.kaspersky.com/kos/eng/partner/default//packages/kos-extras.jar
PackageManager.downloadPackages: Package [packages/kos-extras.jar] was downloaded.
PackageManager.update: Update finished successfully.
Unpacking file: C:\DOCUME~1\BRITPO~1\LOCALS~1\Temp\jkos-Britpoptarts\packages\kos-bin-winnt-redist.jar
Extracting: Microsoft.VC80.CRT.manifest
Extracting: msvcm80.dll
Extracting: msvcp80.dll
Extracting: msvcr80.dll
Unpacking file: C:\DOCUME~1\BRITPO~1\LOCALS~1\Temp\jkos-Britpoptarts\packages\kos-bin-winnt-engine.jar
Extracting: AVP3Info.ppl
Extracting: Arj.ppl
Extracting: ArjPack.ppl
Extracting: Avp1.ppl
Extracting: AvpMgr.ppl
Extracting: Base64.ppl
Extracting: Base64P.ppl
Extracting: CAB.ppl
Extracting: Explode.ppl
Extracting: FSSync.dll
Extracting: FsDrvPlg.ppl
Extracting: HCCMP.ppl
Extracting: HashCont.ppl
Extracting: HashMD5.PPL
Extracting: IWGen.ppl
Extracting: Inflate.ppl
Extracting: IniFile.ppl
Extracting: L_llio.ppl
Extracting: LicMgr.ppl
Extracting: MDMAP.ppl
Extracting: MKavIO.ppl
Extracting: MailMsg.ppl
Extracting: MemModSc.ppl
Extracting: MemScan.ppl
Extracting: Microsoft.VC80.CRT.manifest
Extracting: NTFSstrm.ppl
Extracting: PrUpdate.ppl
Extracting: PrUtil.ppl
Extracting: Quantum.ppl
Extracting: ScanningProcess.exe
Extracting: StEnum2.ppl
Extracting: StdComp.ppl
Extracting: TempFile.ppl
Extracting: Timer.ppl
Extracting: UNSHRINK.ppl
Extracting: UnArj.ppl
Extracting: UnLZX.ppl
Extracting: UnStored.ppl
Extracting: UniArc.ppl
Extracting: Unreduce.ppl
Extracting: WDiskIO.ppl
Extracting: WinReg.ppl
Extracting: _kave.ini
Extracting: appinfo.kli
Extracting: avlib.ppl
Extracting: avs.ppl
Extracting: avspm.ppl
Extracting: btdisk.ppl
Extracting: btimages.ppl
Extracting: buffer.ppl
Extracting: crpthlpr.ppl
Extracting: deflate.ppl
Extracting: dmap.ppl
Extracting: dtreg.ppl
Extracting: farbuffer.ppl
Extracting: faristream.ppl
Extracting: iChkSA.ppl
Extracting: ichk2.ppl
Extracting: ikave.dll
Extracting: kave.dll
Extracting: klavsrch.ppl
Extracting: lha.ppl
Extracting: lic60.ppl
Extracting: mc.ppl
Extracting: mdb.ppl
Extracting: minizip.ppl
Extracting: msoe.ppl
Extracting: msvcp80.dll
Extracting: msvcr80.dll
Extracting: ndetect.ppl
Extracting: nfio.ppl
Extracting: ods.ppl
Extracting: params.ppl
Extracting: passdmap.ppl
Extracting: prKernel.ppl
Extracting: prLoader.dll
Extracting: procmon.ppl
Extracting: prremote.dll
Extracting: prseqio.ppl
Extracting: rar.ppl
Extracting: schedule.ppl
Extracting: sfdb.PPL
Extracting: stored.ppl
Extracting: superio.ppl
Extracting: thpimpl.ppl
Extracting: tm.ppl
Extracting: xorio.ppl
Unpacking file: C:\DOCUME~1\BRITPO~1\LOCALS~1\Temp\jkos-Britpoptarts\packages\kos-bin-winnt.jar
Extracting: kosglue-7.0.25.0.dll
Unpacking file: C:\DOCUME~1\BRITPO~1\LOCALS~1\Temp\jkos-Britpoptarts\packages\kos-extras.jar
Extracting: binaries/03988373.key
PackageManager.update: Packages were unpacked.
PackageManager.loadConfig: Update configuration saved.
MainApplet.loadNativeInterface: Load library
MainApplet.loadNativeInterface: Initialize library
=> MainApplet.kosUpdate <=
Update.run: Prepare update
PackageConfig.loadUpdateConfig: packages/kos-extras.jar,./,0,0
PackageConfig.loadUpdateConfig: packages/kos-bin-winnt.jar,binaries,308610,1210170622000
PackageConfig.loadUpdateConfig: packages/kos-bin-winnt-redist.jar,binaries,591083,1210170624000
PackageConfig.loadUpdateConfig: packages/kos-bin-winnt-engine.jar,binaries,2110098,1210170622000
Update.run: Getting update info
Update.run: Update finished
=> ReportApplet.stop <=
=> ReportApplet.destroy <=
=> MainApplet.stop <=
=> MainApplet.destroy <=
=> MainApplet.MainApplet <=
=> MainApplet.init <=
=> MainApplet.start <=
Sun Microsystems Inc., version 1.6.0_03
Windows XP 5.1 [x86]
Browser: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.9) Gecko/20071025 Firefox/2.0.0.9
Using LookAndFeel: [The Microsoft Windows Look and Feel - com.sun.java.swing.plaf.windows.WindowsLookAndFeel]
invoke appletStarted() function.
=> ReportApplet.ReportApplet <=
=> ReportApplet.start <=
=> ReportApplet.init <=
language: en
language: en
=> MainApplet.kosInstall <=
Install.run: Prepare install
Install.run: Created directory structure.
Install.run: Extracted product configuration file.
PackageManager.PackageManager: Failed to getParameter[updateServer].
PackageManager.PackageManager: Using update server http://www.kaspersky.com/kos/eng/partner/default/.
PackageConfig.loadUpdateConfig: packages/kos-extras.jar,./,0,0
PackageConfig.loadUpdateConfig: packages/kos-bin-winnt.jar,binaries,308610,1210170622000
PackageConfig.loadUpdateConfig: packages/kos-bin-winnt-redist.jar,binaries,591083,1210170624000
PackageConfig.loadUpdateConfig: packages/kos-bin-winnt-engine.jar,binaries,2110098,1210170622000
PackageManager.loadConfig: Update configuration loaded.
PackageDownloader.isModified: [1210170624000:1210170624000] 304: Not Modified
PackageDownloader.isModified: [1210170622000:1210170622000] 304: Not Modified
PackageDownloader.isModified: [1210170622000:1210170622000] 304: Not Modified
PackageManager.checkLocalPackage: [1210170620000:0]
PackageManager.checkPackages: Local package [package.extras] is modified.
PackageManager.isUpToDate: Some packages needs update.
Starting to download: http://www.kaspersky.com/kos/eng/partner/default//packages/kos-extras.jar
PackageManager.downloadPackages: Package [packages/kos-extras.jar] was downloaded.
PackageManager.update: Update finished successfully.
Unpacking file: C:\DOCUME~1\BRITPO~1\LOCALS~1\Temp\jkos-Britpoptarts\packages\kos-bin-winnt-redist.jar
Extracting: Microsoft.VC80.CRT.manifest
Extracting: msvcm80.dll
Extracting: msvcp80.dll
Extracting: msvcr80.dll
Unpacking file: C:\DOCUME~1\BRITPO~1\LOCALS~1\Temp\jkos-Britpoptarts\packages\kos-bin-winnt-engine.jar
Extracting: AVP3Info.ppl
Extracting: Arj.ppl
java.io.FileNotFoundException: C:\DOCUME~1\BRITPO~1\LOCALS~1\Temp\jkos-Britpoptarts\binaries\Arj.ppl (The process cannot access the file because it is being used by another process)
Extracting: ArjPack.ppl
Extracting: Avp1.ppl
java.io.FileNotFoundException: C:\DOCUME~1\BRITPO~1\LOCALS~1\Temp\jkos-Britpoptarts\binaries\Avp1.ppl (The process cannot access the file because it is being used by another process)
Extracting: AvpMgr.ppl
java.io.FileNotFoundException: C:\DOCUME~1\BRITPO~1\LOCALS~1\Temp\jkos-Britpoptarts\binaries\AvpMgr.ppl (The process cannot access the file because it is being used by another process)
Extracting: Base64.ppl
Extracting: Base64P.ppl
Extracting: CAB.ppl
java.io.FileNotFoundException: C:\DOCUME~1\BRITPO~1\LOCALS~1\Temp\jkos-Britpoptarts\binaries\CAB.ppl (The process cannot access the file because it is being used by another process)
Extracting: Explode.ppl
Extracting: FSSync.dll
java.io.FileNotFoundException: C:\DOCUME~1\BRITPO~1\LOCALS~1\Temp\jkos-Britpoptarts\binaries\FSSync.dll (The process cannot access the file because it is being used by another process)
Extracting: FsDrvPlg.ppl
java.io.FileNotFoundException: C:\DOCUME~1\BRITPO~1\LOCALS~1\Temp\jkos-Britpoptarts\binaries\FsDrvPlg.ppl (The process cannot access the file because it is being used by another process)
Extracting: HCCMP.ppl
java.io.FileNotFoundException: C:\DOCUME~1\BRITPO~1\LOCALS~1\Temp\jkos-Britpoptarts\binaries\HCCMP.ppl (The process cannot access the file because it is being used by another process)
Extracting: HashCont.ppl
java.io.FileNotFoundException: C:\DOCUME~1\BRITPO~1\LOCALS~1\Temp\jkos-Britpoptarts\binaries\HashCont.ppl (The process cannot access the file because it is being used by another process)
Extracting: HashMD5.PPL
java.io.FileNotFoundException: C:\DOCUME~1\BRITPO~1\LOCALS~1\Temp\jkos-Britpoptarts\binaries\HashMD5.PPL (The process cannot access the file because it is being used by another process)
Extracting: IWGen.ppl
java.io.FileNotFoundException: C:\DOCUME~1\BRITPO~1\LOCALS~1\Temp\jkos-Britpoptarts\binaries\IWGen.ppl (The process cannot access the file because it is being used by another process)
Extracting: Inflate.ppl
Extracting: IniFile.ppl
Extracting: L_llio.ppl
java.io.FileNotFoundException: C:\DOCUME~1\BRITPO~1\LOCALS~1\Temp\jkos-Britpoptarts\binaries\L_llio.ppl (The process cannot access the file because it is being used by another process)
Extracting: LicMgr.ppl
Extracting: MDMAP.ppl
Extracting: MKavIO.ppl
java.io.FileNotFoundException: C:\DOCUME~1\BRITPO~1\LOCALS~1\Temp\jkos-Britpoptarts\binaries\MKavIO.ppl (The process cannot access the file because it is being used by another process)
Extracting: MailMsg.ppl
Extracting: MemModSc.ppl
Extracting: MemScan.ppl
Extracting: Microsoft.VC80.CRT.manifest
Extracting: NTFSstrm.ppl
Extracting: PrUpdate.ppl
Extracting: PrUtil.ppl
java.io.FileNotFoundException: C:\DOCUME~1\BRITPO~1\LOCALS~1\Temp\jkos-Britpoptarts\binaries\PrUtil.ppl (The process cannot access the file because it is being used by another process)
Extracting: Quantum.ppl
Extracting: ScanningProcess.exe
java.io.FileNotFoundException: C:\DOCUME~1\BRITPO~1\LOCALS~1\Temp\jkos-Britpoptarts\binaries\ScanningProcess.exe (The process cannot access the file because it is being used by another process)
Extracting: StEnum2.ppl
Extracting: StdComp.ppl
Extracting: TempFile.ppl
java.io.FileNotFoundException: C:\DOCUME~1\BRITPO~1\LOCALS~1\Temp\jkos-Britpoptarts\binaries\TempFile.ppl (The process cannot access the file because it is being used by another process)
Extracting: Timer.ppl
Extracting: UNSHRINK.ppl
Extracting: UnArj.ppl
Extracting: UnLZX.ppl
Extracting: UnStored.ppl
Extracting: UniArc.ppl
java.io.FileNotFoundException: C:\DOCUME~1\BRITPO~1\LOCALS~1\Temp\jkos-Britpoptarts\binaries\UniArc.ppl (The process cannot access the file because it is being used by another process)
Extracting: Unreduce.ppl
Trace system ended at: 07:38:18 18-06-2008
Extracting: WDiskIO.ppl
java.io.FileNotFoundException: C:\DOCUME~1\BRITPO~1\LOCALS~1\Temp\jkos-Britpoptarts\binaries\WDiskIO.ppl (The process cannot access the file because it is being used by another process)
Extracting: WinReg.ppl
Extracting: _kave.ini
Extracting: appinfo.kli
Extracting: avlib.ppl
java.io.FileNotFoundException: C:\DOCUME~1\BRITPO~1\LOCALS~1\Temp\jkos-Britpoptarts\binaries\avlib.ppl (The process cannot access the file because it is being used by another process)
Extracting: avs.ppl
Extracting: avspm.ppl
Extracting: btdisk.ppl
Extracting: btimages.ppl
Extracting: buffer.ppl
Extracting: crpthlpr.ppl
Extracting: deflate.ppl
Extracting: dmap.ppl
java.io.FileNotFoundException: C:\DOCUME~1\BRITPO~1\LOCALS~1\Temp\jkos-Britpoptarts\binaries\dmap.ppl (The process cannot access the file because it is being used by another process)
Extracting: dtreg.ppl
java.io.FileNotFoundException: C:\DOCUME~1\BRITPO~1\LOCALS~1\Temp\jkos-Britpoptarts\binaries\dtreg.ppl (The process cannot access the file because it is being used by another process)
Extracting: farbuffer.ppl
Extracting: faristream.ppl
Extracting: iChkSA.ppl
java.io.FileNotFoundException: C:\DOCUME~1\BRITPO~1\LOCALS~1\Temp\jkos-Britpoptarts\binaries\iChkSA.ppl (The process cannot access the file because it is being used by another process)
Extracting: ichk2.ppl
java.io.FileNotFoundException: C:\DOCUME~1\BRITPO~1\LOCALS~1\Temp\jkos-Britpoptarts\binaries\ichk2.ppl (The process cannot access the file because it is being used by another process)
Extracting: ikave.dll
Extracting: kave.dll
java.io.FileNotFoundException: C:\DOCUME~1\BRITPO~1\LOCALS~1\Temp\jkos-Britpoptarts\binaries\kave.dll (The process cannot access the file because it is being used by another process)
Extracting: klavsrch.ppl
Extracting: lha.ppl
java.io.FileNotFoundException: C:\DOCUME~1\BRITPO~1\LOCALS~1\Temp\jkos-Britpoptarts\binaries\lha.ppl (The process cannot access the file because it is being used by another process)
Extracting: lic60.ppl
Extracting: mc.ppl
Extracting: mdb.ppl
java.io.FileNotFoundException: C:\DOCUME~1\BRITPO~1\LOCALS~1\Temp\jkos-Britpoptarts\binaries\mdb.ppl (The process cannot access the file because it is being used by another process)
Extracting: minizip.ppl
java.io.FileNotFoundException: C:\DOCUME~1\BRITPO~1\LOCALS~1\Temp\jkos-Britpoptarts\binaries\minizip.ppl (The process cannot access the file because it is being used by another process)
Extracting: msoe.ppl
java.io.FileNotFoundException: C:\DOCUME~1\BRITPO~1\LOCALS~1\Temp\jkos-Britpoptarts\binaries\msoe.ppl (The process cannot access the file because it is being used by another process)
Extracting: msvcp80.dll
Extracting: msvcr80.dll
Extracting: ndetect.ppl
Extracting: nfio.ppl
java.io.FileNotFoundException: C:\DOCUME~1\BRITPO~1\LOCALS~1\Temp\jkos-Britpoptarts\binaries\nfio.ppl (The process cannot access the file because it is being used by another process)
Extracting: ods.ppl
Extracting: params.ppl
Extracting: passdmap.ppl
Extracting: prKernel.ppl
java.io.FileNotFoundException: C:\DOCUME~1\BRITPO~1\LOCALS~1\Temp\jkos-Britpoptarts\binaries\prKernel.ppl (The process cannot access the file because it is being used by another process)
Extracting: prLoader.dll
java.io.FileNotFoundException: C:\DOCUME~1\BRITPO~1\LOCALS~1\Temp\jkos-Britpoptarts\binaries\prLoader.dll (The process cannot access the file because it is being used by another process)
Extracting: procmon.ppl
Extracting: prremote.dll
Extracting: prseqio.ppl
Extracting: rar.ppl
java.io.FileNotFoundException: C:\DOCUME~1\BRITPO~1\LOCALS~1\Temp\jkos-Britpoptarts\binaries\rar.ppl (The process cannot access the file because it is being used by another process)
Extracting: schedule.ppl
Extracting: sfdb.PPL
java.io.FileNotFoundException: C:\DOCUME~1\BRITPO~1\LOCALS~1\Temp\jkos-Britpoptarts\binaries\sfdb.PPL (The process cannot access the file because it is being used by another process)
Extracting: stored.ppl
Extracting: superio.ppl
Extracting: thpimpl.ppl
java.io.FileNotFoundException: C:\DOCUME~1\BRITPO~1\LOCALS~1\Temp\jkos-Britpoptarts\binaries\thpimpl.ppl (The process cannot access the file because it is being used by another process)
Extracting: tm.ppl
Extracting: xorio.ppl
Unpacking file: C:\DOCUME~1\BRITPO~1\LOCALS~1\Temp\jkos-Britpoptarts\packages\kos-bin-winnt.jar
Extracting: kosglue-7.0.25.0.dll
java.io.FileNotFoundException: C:\DOCUME~1\BRITPO~1\LOCALS~1\Temp\jkos-Britpoptarts\binaries\kosglue-7.0.25.0.dll (The process cannot access the file because it is being used by another process)
Unpacking file: C:\DOCUME~1\BRITPO~1\LOCALS~1\Temp\jkos-Britpoptarts\packages\kos-extras.jar
Extracting: binaries/03988373.key
PackageManager.update: Packages were unpacked.
PackageManager.loadConfig: Update configuration saved.
MainApplet.loadNativeInterface: Load library
MainApplet.loadNativeInterface: Initialize library
=> MainApplet.kosUpdate <=
Update.run: Prepare update
PackageConfig.loadUpdateConfig: packages/kos-extras.jar,./,0,0
PackageConfig.loadUpdateConfig: packages/kos-bin-winnt.jar,binaries,308610,1210170622000
PackageConfig.loadUpdateConfig: packages/kos-bin-winnt-redist.jar,binaries,591083,1210170624000
PackageConfig.loadUpdateConfig: packages/kos-bin-winnt-engine.jar,binaries,2110098,1210170622000
Update.run: Getting update info
Update.run: Update finished
=> MainApplet.kosSetTarget: [1] <=
[Ljava.lang.String;@16d64c5
=> MainApplet.kosScanStart : 0 <=
Scan.run: Prepare scanning
VIRUS: C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\67D51AA6.exe [51104 : not-a-virus:AdWare.Win32.TopMoxie.c]
=> MainApplet.finalize <=
VIRUS: C:\Documents and Settings\Britpoptarts\Desktop\**** From Restore\External Backup\Program Files\Common Files\Totem Shared\Update\dial.dll.015 [69632 : not-a-virusialer.Win32.DialerOffline]
VIRUS: C:\Documents and Settings\Britpoptarts\Desktop\P2P Downloaders\Nero.8.Ultra.Edition.v8.0.3.0 + Keygen (Works 100%)\Nero PhotoShow Express\nero_photoshow_express_5_setup.exe [5816208 : not-a-virus:AdTool.Win32.MyWebSearch.bm]
VIRUS: C:\Documents and Settings\Britpoptarts\Desktop\P2P Downloaders\Nero.8.Ultra.Edition.v8.0.3.0 + Keygen (Works 100%)\Toolbar.exe [483328 : not-a-virus:AdTool.Win32.MyWebSearch.bm]
VIRUS: C:\Documents and Settings\Britpoptarts\My Documents\BitTorrent Downloads\ESoft.Audio.Converter.CD.Audio.Grabber.v5.4.3.Cracked.StarDust.rar [8481535 : Backdoor.Win32.Rbot.euv]
VIRUS: G:\System Volume Information\_restore{D3D7C1EC-8769-4959-B0AB-2DD3AB50F977}\RP4\A0006298.exe [1790464 : not-a-virus:Client-IRC.Win32.mIRC.603]
Scan.run: Scan finished
=> ReportApplet.update <=
=> ReportApplet.update <=
Saving report to: G:\!!repair!!\kasp.txt
=> ReportApplet.update <=

 

dds, rootkit, current info

Deckard's System Scanner v20071014.68
Run by Britpoptarts on 2008-06-18 16:39:39
Computer is in Normal Mode.
--------------------------------------------------------------------------------

System Drive C: has 17.15 GiB (less than 15%) free.


-- HijackThis (run as Britpoptarts.exe) ----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:39:41 PM, on 6/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\CachemanXP\CachemanXP.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Skyhook Wireless\Wi-Fi Service\WPSScannerSvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Sony\AppMonUtil\AppMonUtility.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\WinCleaner Memory Optimizer\WinMemOpt.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Real\RealOne Player\RealPlay.exe
C:\Program Files\Real\RealOne Player\RealPlay.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\Documents and Settings\Britpoptarts\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\BRITPO~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealOne Player\rpbrowserrecordplugin.dll
O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [AppMon Utility] C:\Program Files\Sony\AppMonUtil\AppMonUtility.exe @@@Start
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe "
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe "
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe "
O4 - HKCU\..\Run: [WinMem] C:\Program Files\WinCleaner Memory Optimizer\WinMemOpt.exe
O4 - HKCU\..\Run: [Gadwin PrintScreen 3.5] "C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe" /nosplash
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
O4 - .DEFAULT User Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O8 - Extra context menu item: SWF Capture tool - C:\Program Files\Eltima Software\Flash Decompiler\iebt.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\Program Files\Eltima Software\Flash Decompiler Trillix\iebt.dll
O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\Program Files\Eltima Software\Flash Decompiler Trillix\iebt.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\Program Files\Eltima Software\Flash Decompiler Trillix\iebt.dll (HKCU)
O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\Program Files\Eltima Software\Flash Decompiler Trillix\iebt.dll (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O15 - Trusted Zone: *.moreawesomethanyou.com
O15 - Trusted Zone: phorum.mustnotbenamed.com
O15 - Trusted Zone: myscad.scad.edu
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O17 - HKLM\System\CCS\Services\Tcpip\..\{F38D3425-2B23-4C5E-8366-51C31C9D34EE}: NameServer = 64.136.173.5 64.136.164.77
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\JiWire\BOT Mapping\Skype4COM.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CachemanXP (CachemanXPService) - OuterTechnologies - C:\Program Files\CachemanXP\CachemanXP.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SonicStageMonitoring - Sony Corporation - C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VideoAcceleratorEngine - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: WPS Scanner Service (WPSScannerSvc) - Skyhook Wireless - C:\Program Files\Skyhook Wireless\Wi-Fi Service\WPSScannerSvc.exe

--
End of file - 15824 bytes

-- Files created between 2008-05-18 and 2008-06-18 -----------------------------

2008-06-06 21:36:27 0 d-------- C:\Documents and Settings\Britpoptarts\Application Data\Malwarebytes
2008-06-06 21:36:25 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-06 21:36:24 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-30 04:52:04 0 d-------- C:\Program Files\Ubi Soft
2008-05-29 23:26:00 10747904 --a------ C:\Documents and Settings\Britpoptarts\ntuser.dat


-- Find3M Report ---------------------------------------------------------------

2008-06-18 07:13:16 320 --a------ C:\WINDOWS\system32\wacom.dat
2008-06-08 08:24:31 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-06-06 21:28:46 0 d-------- C:\Program Files\Java
2008-06-06 02:21:23 0 d-------- C:\Program Files\Trend Micro
2008-05-30 04:52:06 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-26 01:20:42 0 d-------- C:\Documents and Settings\Britpoptarts\Application Data\U3
2008-05-10 07:11:47 0 d-------- C:\Program Files\directx
2008-05-07 04:05:38 0 d-------- C:\Program Files\Trillian
2008-04-24 13:31:53 0 d-------- C:\Documents and Settings\Britpoptarts\Application Data\Doblon
2008-04-24 13:00:24 0 d-------- C:\Program Files\Doblon
2008-04-22 13:03:37 0 d-------- C:\Documents and Settings\Britpoptarts\Application Data\ZoomBrowser EX
2008-04-04 08:03:40 6388 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-04-04 02:37:04 50 --a------ C:\AUTOEXEC.BAT


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22}]
10/14/2005 01:21 PM 102400 --a------ C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AppMon Utility "= "C:\Program Files\Sony\AppMonUtil\AppMonUtility.exe" [03/15/2006 01:55 PM]
"SonyPowerCfg "= "C:\Program Files\Sony\VAIO Power Management\SPMgr.exe" [01/26/2006 05:28 AM]
"NvCplDaemon "= "C:\WINDOWS\system32\NvCpl.dll" [04/18/2006 11:51 AM]
"VAIO Update 2 "= "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" [10/12/2005 12:36 AM]
"VAIO Recovery "= "C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe" [04/20/2003 12:08 AM]
"GrooveMonitor "= "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [10/27/2006 01:47 AM]
"TkBellExe "= "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [03/30/2008 03:27 PM]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 02:11 AM]
"avast! "= "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [05/15/2008 07:19 PM]
"ZoneAlarm Client "= "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [03/09/2007 01:02 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinMem "= "C:\Program Files\WinCleaner Memory Optimizer\WinMemOpt.exe" [06/19/2006 03:54 PM]
"Gadwin PrintScreen 3.5 "= "C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe" [07/08/2006 04:57 AM]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [08/10/2004 08:00 AM]
"updateMgr "= "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [03/30/2006 04:45 PM]
"swg "= "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [02/28/2008 11:36 PM]
"WMPNSCFG "= "C:\Program Files\Windows Media Player\WMPNSCFG.exe" [10/18/2006 08:05 PM]

C:\Documents and Settings\Britpoptarts\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [9/9/2005 5:12:44 AM]
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE [10/20/2005 12:04:08 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle "=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme "=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
VESWinlogon.dll 03/09/2006 05:51 PM 73728 C:\WINDOWS\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk
backup=C:\WINDOWS\pss\Bluetooth Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Register.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Register.lnk
backup=C:\WINDOWS\pss\Register.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TabUserW.exe.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TabUserW.exe.lnk
backup=C:\WINDOWS\pss\TabUserW.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Britpoptarts^Start Menu^Programs^Startup^Creative Element Power Tools Startup.lnk]
path=C:\Documents and Settings\Britpoptarts\Start Menu\Programs\Startup\Creative Element Power Tools Startup.lnk
backup=C:\WINDOWS\pss\Creative Element Power Tools Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Britpoptarts^Start Menu^Programs^Startup^Indigo Prophecy Registration.lnk]
path=C:\Documents and Settings\Britpoptarts\Start Menu\Programs\Startup\Indigo Prophecy Registration.lnk
backup=C:\WINDOWS\pss\Indigo Prophecy Registration.lnkStartup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Version Cue CS2]
"C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
C:\Program Files\Apoint\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Debug copy]
C:\DOCUME~1\BRITPO~1\APPLIC~1\SURFCO~1\baitjump.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
C:\WINDOWS\System32\DLA\DLACTRLW.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
"C:\Program Files\DAP\DAP.EXE" /STARTUP

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DRam prosessor]
prog.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
C:\WINDOWS\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Epg Service]
"C:\Program Files\InterVideo\DVDEX\TvtvEpgAcq.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadwin PrintScreen 3.5]
"C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe" /nosplash

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1174538442\ee\AOLHostManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iesetup.exe]
iesetup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISBMgr.exe]
C:\Program Files\Sony\ISB Utility\ISBMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JiWireBOTMapper]
"C:\Program Files\JiWire\BOT Mapping\JiWireBOT.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando]
"C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PartSeal]
C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray]
C:\Program Files\Spyware Doctor\SDTrayApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedOptimizer]
"C:\Program Files\SpeedOptimizer\SPO.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Switcher.exe]
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster2]
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIOCameraUtility]
"C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIOSurvey]
c:\program files\sony\vaio survey\surveysa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"mnmsrvc "=3 (0x3)
"MHN "=3 (0x3)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
AutoRun\command- G:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2162dc17-81b1-11dc-b34f-00130240a758}]
AutoRun\command- G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2ec4c117-01f1-11dd-904c-0002c7e542a7}]
AutoRun\command- G:\system\viewer\FlipVideoforPC.exe
Flip Video for PC\command- G:\system\viewer\FlipVideoforPC.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6f750abe-d95e-11db-b2f6-00130240a758}]
AutoRun\command- G:\wd_windows_tools\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9b33659b-79fe-11dc-b34e-0002c7e542a7}]
AutoRun\command- G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f0f4e223-ee63-11dc-b241-0002c7e542a7}]
AutoRun\command- G:\LaunchU3.exe




-- End of Deckard's System Scanner: finished at 2008-06-18 16:40:18 ------------


Also, I didn't intend to run this (one of the progs rec'd in another thread while I was lurking to reassure myself about the quality of the advice given), but having clicked on the wrong icon, it may provide useful info:

HKU\S-1-5-21-3601045031-1495887541-3784334669-1006\Software\Adobe\MediaBrowser\MRU\illustrator\ApplicationPath 6/27/2007 10:51 AM 91 bytes Data mismatch between Windows API and raw hive data.
HKU\S-1-5-21-3601045031-1495887541-3784334669-1006\Software\SecuROM\!CAUTION! NEVER DELETE OR CHANGE ANY KEY* 6/18/2007 6:33 PM 0 bytes Key name contains embedded nulls (*)
HKLM\SECURITY\Policy\Secrets\SAC* 4/18/2006 12:27 AM 0 bytes Key name contains embedded nulls (*)
HKLM\SECURITY\Policy\Secrets\SAI* 4/18/2006 12:27 AM 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed 6/18/2008 4:42 PM 80 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\Microsoft\Microsoft SQL Server\VAIO_VEDB\MSSQLServer\uptime_time_utc 6/18/2008 4:43 PM 8 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\Zone Labs\ZoneAlarm\BlockCount 6/18/2008 4:42 PM 4 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\Zone Labs\ZoneAlarm\IncomingCount 6/18/2008 4:42 PM 4 bytes Data mismatch between Windows API and raw hive data.
C:\Documents and Settings\Britpoptarts\Local Settings\Temp\Perflib_Perfdata_e78.dat 6/18/2008 4:58 PM 16.00 KB Hidden from Windows API.
C:\System Volume Information\_restore{D3D7C1EC-8769-4959-B0AB-2DD3AB50F977}\RP323\A0159447.RDB 6/18/2008 4:51 PM 1.24 MB Visible in directory index, but not Windows API or MFT.
C:\System Volume Information\_restore{D3D7C1EC-8769-4959-B0AB-2DD3AB50F977}\RP323\A0159448.RDB 6/18/2008 4:59 PM 1.24 MB Visible in directory index, but not Windows API or MFT.
C:\System Volume Information\_restore{D3D7C1EC-8769-4959-B0AB-2DD3AB50F977}\RP323\A0159449.RDB 6/18/2008 5:03 PM 1.24 MB Visible in directory index, but not Windows API or MFT.

SecuROM was inflicted by EA Games (Sims expansion pack) and I'll gladly remove it and never let an EA product touch my PC again. It was supposedly removed after it conflicted with my anti-virus prog, disabled my (MS-legal, OS-installed Media Center) CD/DVD functions and tried to phone home to EA with my personal info. I had a techie friend chase it off and uninstall the offending program, but apparently to no avail...I am livid that this is still lurking on my system.

Current symptoms: After returning from being out of town, followed instructions above. Currently, Firefox is balking again. Could only get Kaspersky site to load; viruslist.com (tied to Kaspersky) and google.com wouldn't. Avast couldn't update itself or virus profile info when reinstalled. Shut XP down, reported back.

 

Hi
Go into add/remove and remove Nero.8.Ultra.Edition.v8.0.3.0 It was a P2P download and is infected.

I would remove it, guessing it also was a P2P download?

OK now add these to OTmoveIt3 and click Moveit.

C:\Documents and Settings\Britpoptarts\Desktop\**** From Restore\External Backup\Program Files\Common Files\Totem Shared\Update\dial.dll.015 <<Note: You need to find what this word is **** I believe the board is blocking it out and type the word in it's place to try and remove it with OTMoveit2.
C:\Documents and Settings\Britpoptarts\Desktop\P2P Downloaders\Nero.8.Ultra.Edition.v8.0.3.0
C:\Documents and Settings\Britpoptarts\My Documents\BitTorrent Downloads\ESoft.Audio.Converter.CD.Audio.Grabber
G:\System Volume Information\_restore{D3D7C1EC-8769-4959-B0AB-2DD3AB50F977}\RP4\A0006298.exe

What program did you run?

Please post a new Kaspersky scan.

Thanks
Geri

 

Yes. I had paid for the original version, and couldn't reinstall the paid-for copy after a reformatting.

No. All my games / Sims programs are 100% paid for. EA started bundling a rootkit-type version of SecuROM into recent legally purchased games. It is known to cause the types of problems I described, which is why I have two legally purchased Sims expansion packs sitting on a shelf, and have not installed them. Alas, I opened them, so I can't return them. Live and learn.

"RootkitRevealer." It doesn't seem to do anything but find stuff that acts like a rootkit. Doesn't move or remove or disable.

Off to apply directions you gave.

 

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Wednesday, June 25, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, June 23, 2008 08:24:31
Records in database: 880398
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\

Scan statistics:
Files scanned: 637389
Threat name: 2
Infected objects: 2
Suspicious objects: 0
Duration of the scan: 06:08:00


File name / Threat name / Threats count
C:\_OTMoveIt\MovedFiles\06222008_133337\Documents and Settings\Britpoptarts\Desktop\**** From Restore\External Backup\Program Files\Common Files\Totem Shared\Update\dial.dll.015 Infected: not-a-virusialer.Win32.DialerOffline 1
C:\_OTMoveIt\MovedFiles\06222008_133337\System Volume Information\_restore{D3D7C1EC-8769-4959-B0AB-2DD3AB50F977}\RP4\A0006298.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.603 1

The selected area was scanned.

I manually moved both indicated files manually to the Recycle Bin, fwiw.

 

Hi Britpoptarts
OK great

Now lets clean up OTMoveIt2

• Please double-click OTMoveIt.exe to run it.
• Click on the CleanUp! button. When you do this a text file named cleanup.txt will be downloaded from the internet. If you get a warning from your firewall or other security programs regarding OTMoveIt attempting to contact the internet you should allow it to do so. After the list has been download you'll be asked if you want to Begin cleanup process? Select Yes.
• This step removes the files, folders, and shortcuts created by the tools I had you download and run.

Please look at this link for some preventive recommendations, It could keep you from ending up back here to the Spyware and Virus Removal Forums.
http://www.windowsbbs.com/showthread.php?t=67958


How's everything running?

Geri

 

Other than Firefox being balky about loading more than one tab at once (session manager preserves all tabs if FF crashes or if it is asked to save sessions), which is a new issue, I'm not noticing anything too funky going on. Then again, I've been using the 98 primarily while the XP has been sick, so maybe I'll notice things after I finish running OTMoveIt2 as directed and use the Internet browser a bit more on the XP. Will report back if something "not right" seems to be continuing to plague the poor XP.

Off to run OTMoveIt2.

Already looked at that prevention page, will read it again and bookmark it on the XP, and will take the advice to heart. Thank you for your help.

 

Hi Britpoptarts
As far as Firefox You might try to uninstall it and reinstall it, see if that helps. The infections you had could have corrupted it.

If That don't help, we have a couple good people here that may be able to help.
http://www.windowsbbs.com/forumdisplay.php?f=5

If any other problems let me know.

Surf Safely
Geri