There's no such thing as a stupid question, but they're the easiest to answer.
JoinTour
Login
Search
 
Virus & Other Malware Removal
Go to first new post Win32/Mebroot Trojan detected via ESET, ...
Go to first new post Something keeps turning my BitDefender O ...
Go to first new post A couple of problems with my desktop PC
Go to first new post Unable to System Restore
Go to first new post Invisible pop-ups
Go to first new post Background Ads (Sound)
Go to first new post Win32 Mebroot Trojan/Virus Problem :(
Go to first new post GMER says I have a MBR rootkit, safe to ...
Go to first new post JS Generic Virus, HTML Framer & Brow ...
Go to first new post Computer automatically searches for viru ...
Go to first new post Alureon.H virus
Go to first new post WinPatrol Alerts, Mcafee trojan detected ...
Go to first new post Pakes.GDP, can't seem to remove, tries t ...
Go to first new post Cleaning Antivir Solution Pro
Go to first new post google redirecting to k-directory
Tag Cloud
alureon.h audio backup boot broken bsod computer connection cpu crash dell driver drivers dvd error excel firefox google graphics card hardware install internet internet explorer itunes keyboard lan laptop mac malware monitor network networking outlook printer problem router screen security sound spyware trojan video virus vista wifi windows windows 7 windows 7 32-bit windows xp wireless
Search
Search for:
Tech Support Guy Forums > Security & Malware Removal > Virus & Other Malware Removal >
Solved: geedc.exe and geedc.dll (New)

Closed Thread
Page 1 of 2 1 2
 
Thread Tools
InNeed201's Avatar
Junior Member with 13 posts.
  
Join Date: Jan 2008
05-Jan-2008, 11:57 PM #1
Solved: geedc.exe and geedc.dll
Well i have no idea what happened to my laptop.. i came home today and started AVG and it found 17 threats... so i wiped all the objects.. that didnt work though cus all i got was THREAT DETECTED!! geedc.exe! and that happened like every half hour or so.. so i looked in the system32 folder for the geed.exe and deleted it.. only now when i boot my laptop i get a System cannot run geedc.exe because file cant be found... blah blah blah and then it tells me if i removed it to remove the registry so it wouldnt bother booting the file again at start up.. but i dont know how to do that.. along with that im also concerned that my laptop is still infected and i need help to fix the problem please!

I've also noticed AVG hasn't been booting at startup like it normally does.. and it doesn't show up on system tray


heres my HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:45:28 PM, on 1/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemonsearch.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F3 - REG:win.ini: load=C:\WINDOWS\system32\geedc.exe
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

--
End of file - 7758 bytes







AND this is my AVG Virus Vault if it helps a little..

<a href="http://imageshack.us"><img src="http://img87.imageshack.us/img87/5972/savefb4.png" border="0" alt="Image Hosted by ImageShack.us"/></a><br/>







PLEASE HELP ME!!


EDIT: I am not able to run Windows Media Player or applications that require it... same with AIM instant messanger... im guessing cus there infected... please help!
EDIT2: Im starting to think this virus or whatever it is infected my programs cus some just dont respond.. along with that the programs i usually start up with are gone =( .. and my startup is reallly slooow...
Last edited by InNeed201 : 06-Jan-2008 12:40 AM. Reason: found more problems
Register for free to hide this ad!
dvk01's Avatar
Moderator with 30,678 posts.
  
Join Date: Dec 2002
Location: Loughton, Essex, UK
07-Jan-2008, 09:10 AM #2
Delete any existing version of ComboFix you have sitting on your desktop

Download this specially updated version of ComboFix Beta from Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
--------------------------------------------------------------------
1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results"
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Remember to re enable the protection again afterwards before connecting to the net
--------------------------------------------------------------------
2. Close any open browsers and make sure you are disconnected from the net. Unplug the cable if need be before running combofix.
  • WARNING: IF you have not already done so Combofix will disconnect your machine from the Internet when it starts
  • Please do not re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review


****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****
__________________
Derek Microsoft MVP/Windows - Security | Thespykiller | Security & Privacy
I am helping you, please help me by donating to help keep the Hedgehog Rescue Centre running
InNeed201's Avatar
Junior Member with 13 posts.
  
Join Date: Jan 2008
07-Jan-2008, 09:07 PM #3
ComboFix 08-01-08.2 - Owner 2008-01-07 17:57:52.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.620 [GMT -8:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\WINDOWS\setup.exe
C:\WINDOWS\system32\cdeeg.ini

.
((((((((((((((((((((((((( Files Created from 2007-12-08 to 2008-01-08 )))))))))))))))))))))))))))))))
.

2008-01-07 17:45 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-06 23:02 . 2008-01-06 23:02 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-06 23:02 . 2008-01-06 23:02 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-06 10:51 . 2008-01-06 11:10 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-01-06 01:32 . 2008-01-06 01:46 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-06 01:20 . 2008-01-06 01:20 <DIR> d-------- C:\Program Files\Apache Software Foundation
2008-01-05 21:48 . 2008-01-06 21:48 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-01-05 21:48 . 2008-01-05 21:48 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2008-01-05 21:48 . 2008-01-05 21:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-05 21:47 . 2008-01-05 21:47 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-05 21:31 . 2008-01-05 21:31 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb
2008-01-05 21:31 . 2008-01-05 21:31 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb
2008-01-05 20:44 . 2008-01-05 20:44 3,584 --a------ C:\WINDOWS\system32\geedc.exe
2008-01-05 20:28 . 2008-01-06 21:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-05 19:08 . 2008-01-05 19:08 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Arcsoft
2008-01-05 19:07 . 2008-01-05 19:07 0 --a------ C:\WINDOWS\QuickInstall.INI
2008-01-05 18:27 . 2008-01-05 18:27 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Moyea
2008-01-05 14:06 . 2003-05-07 10:01 8,464 --a------ C:\WINDOWS\system32\sporder.dll
2007-12-22 19:56 . 2007-12-24 15:19 <DIR> d-------- C:\Temp
2007-12-22 19:48 . 2007-12-22 19:48 <DIR> d-------- C:\Program Files\DVDVideoSoft
2007-12-22 19:48 . 2007-12-22 19:48 <DIR> d-------- C:\Program Files\Common Files\DVDVideoSoft
2007-12-22 19:39 . 2007-12-22 19:39 <DIR> d-------- C:\Program Files\Red Kawa
2007-12-22 19:39 . 2007-12-22 19:39 <DIR> d-------- C:\Program Files\AviSynth 2.5
2007-12-22 14:45 . 2007-12-22 14:45 <DIR> d-------- C:\Documents and Settings\Owner\PlayList
2007-12-21 19:08 . 2007-12-21 21:27 <DIR> d-------- C:\Downloads
2007-12-21 09:24 . 2007-12-21 09:24 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Softarium.com
2007-12-21 08:25 . 2007-12-21 08:50 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2007-12-20 11:53 . 2007-12-23 19:49 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\DivX
2007-12-18 21:30 . 2007-12-18 21:30 <DIR> d-------- C:\Program Files\Teamspeak2_RC2
2007-12-18 21:30 . 2007-12-18 21:30 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\teamspeak2
2007-12-18 21:30 . 2007-12-18 21:30 34,064 --a------ C:\WINDOWS\system32\lhacm.acm
2007-12-18 18:32 . 2007-12-18 18:32 <DIR> d-------- C:\Program Files\CONEXANT
2007-12-17 08:52 . 2007-12-18 16:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Autodesk
2007-12-17 08:49 . 2007-12-18 16:49 <DIR> d-------- C:\Program Files\Common Files\Autodesk Shared
2007-12-16 19:07 . 2007-12-16 19:07 <DIR> d-------- C:\Program Files\Microsoft Synchronization Services
2007-12-16 19:07 . 2007-12-16 19:07 <DIR> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2007-12-16 19:02 . 2007-12-16 19:02 <DIR> d-------- C:\Program Files\Microsoft SDKs
2007-12-16 19:02 . 2007-12-16 19:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-12-16 19:00 . 2007-12-16 19:00 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2007-12-16 19:00 . 2007-12-16 19:00 <DIR> d-------- C:\Program Files\Reference Assemblies
2007-12-16 19:00 . 2007-12-16 19:00 <DIR> d-------- C:\Program Files\MSBuild
2007-12-16 18:59 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2007-12-16 18:55 . 2007-12-16 18:55 <DIR> d-------- C:\Program Files\MSXML 6.0
2007-12-16 09:08 . 2007-12-16 09:08 <DIR> d-------- C:\Program Files\AC3Filter
2007-12-16 09:08 . 2007-08-17 23:54 380,928 --a------ C:\WINDOWS\system32\ac3filter.acm
2007-12-16 09:06 . 2007-12-11 14:34 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2007-12-16 09:05 . 2007-12-16 09:06 <DIR> d-------- C:\Program Files\DivX
2007-12-11 14:35 . 2007-12-11 14:35 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-12-11 14:35 . 2007-12-11 14:35 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
2007-12-11 14:34 . 2007-12-11 14:34 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-12-11 14:34 . 2007-12-11 14:34 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-12-11 14:34 . 2007-12-11 14:34 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-12-11 14:32 . 2007-12-11 14:32 352,401 --a------ C:\WINDOWS\system32\DivXMedia.ax
2007-12-11 14:32 . 2007-12-11 14:32 156,992 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-12-11 14:32 . 2007-12-11 14:32 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2007-12-09 12:28 . 2007-12-09 12:28 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Disney Interactive Studios
2007-12-09 12:24 . 2007-12-12 17:47 121 --a------ C:\WINDOWS\disney.ini
2007-12-09 12:23 . 2007-12-09 12:23 201 --a------ C:\WINDOWS\disneysy.ini
2007-12-08 21:59 . 2007-12-08 22:20 <DIR> d-------- C:\WINDOWS\system32\quicktime

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-08 01:41 --------- d-----w C:\Documents and Settings\Owner\Application Data\AVG7
2008-01-06 23:39 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-06 23:28 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-06 03:30 --------- d-----w C:\Program Files\QuickTime
2008-01-06 03:30 --------- d-----w C:\Program Files\Microsoft IntelliPoint
2008-01-05 23:55 --------- d-----w C:\Documents and Settings\Owner\Application Data\uTorrent
2007-12-23 22:42 --------- d-----w C:\Program Files\PeerGuardian2
2007-12-23 22:35 --------- d-----w C:\Program Files\Image-Line
2007-12-11 22:34 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-12-11 22:34 120,056 -c----w C:\WINDOWS\system32\pxcpyi64.exe
2007-12-11 22:34 118,520 -c----w C:\WINDOWS\system32\pxinsi64.exe
2007-12-11 22:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-12-11 22:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-12-11 22:33 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-12-11 22:33 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-12-11 22:33 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2007-12-11 22:33 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-12-11 22:33 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-12-11 22:33 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-12-11 22:33 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-12-11 22:33 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-12-11 22:33 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-12-11 22:33 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-12-07 21:13 --------- d-----w C:\Program Files\dvdSanta
2007-12-03 06:55 --------- d-----w C:\Program Files\Vstplugins
2007-12-03 06:55 --------- d-----w C:\Program Files\ASIO4ALL v2
2007-11-26 05:58 --------- d-----w C:\Documents and Settings\Owner\Application Data\Ahead
2007-11-25 21:21 --------- d-----w C:\Documents and Settings\Owner\Application Data\ImgBurn
2007-11-25 06:02 --------- d-----w C:\Program Files\7-Zip
2007-11-24 18:58 --------- d-----w C:\Program Files\YAMAHA
2007-11-24 18:48 57,344 ----a-w C:\WINDOWS\system32\COMMTB32.DLL
2007-11-24 18:48 169,984 ----a-w C:\WINDOWS\system32\P2D.DLL
2007-11-24 18:48 161,552 ----a-w C:\WINDOWS\system32\ASYCPICT.DLL
2007-11-24 18:48 --------- d-----w C:\Program Files\ActiveX Control Pad
2007-11-17 23:20 --------- d-----w C:\Documents and Settings\Owner\Application Data\yamaha
2007-11-17 23:19 1,409 ----a-w C:\WINDOWS\Fonts\OPUSTEXT.FOT
2007-11-17 23:19 1,409 ----a-w C:\WINDOWS\Fonts\OPUSS___.FOT
2007-11-17 23:19 1,409 ----a-w C:\WINDOWS\Fonts\OPUSPC__.FOT
2007-11-17 23:19 1,409 ----a-w C:\WINDOWS\Fonts\OPUSP___.FOT
2007-11-17 23:19 1,409 ----a-w C:\WINDOWS\Fonts\OPUSC___.FOT
2007-11-17 23:19 1,409 ----a-w C:\WINDOWS\Fonts\OPUS____.FOT
2007-11-17 23:19 1,409 ----a-w C:\WINDOWS\Fonts\INKPEN2_.FOT
2007-11-17 23:19 1,409 ----a-w C:\WINDOWS\Fonts\INK2TEXT.FOT
2007-11-17 23:19 1,409 ----a-w C:\WINDOWS\Fonts\INK2SPEC.FOT
2007-11-17 23:19 1,409 ----a-w C:\WINDOWS\Fonts\INK2SCRI.FOT
2007-11-17 23:19 1,409 ----a-w C:\WINDOWS\Fonts\INK2CHOR.FOT
2007-11-17 23:19 --------- d-----w C:\Program Files\Sibelius Software
2007-11-17 23:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\YAMAHA
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-13 00:56 --------- d-----w C:\Documents and Settings\Owner\Application Data\My Games
2007-11-13 00:55 --------- d-----w C:\Documents and Settings\Owner\Application Data\InstallShield
2007-10-29 22:43 1,287,680 ------w C:\WINDOWS\system32\quartz.dll
2007-10-28 00:40 222,720 ------w C:\WINDOWS\system32\wmasf.dll
2007-10-24 09:47 96,760 ----a-w C:\WINDOWS\system32\dfshim.dll
2007-10-24 09:47 84,480 ----a-w C:\WINDOWS\system32\mscories.dll
2007-10-24 09:47 282,112 ----a-w C:\WINDOWS\system32\mscoree.dll
2007-10-24 09:47 158,720 ----a-w C:\WINDOWS\system32\mscorier.dll
2007-10-11 17:55 88,576 ----a-w C:\WINDOWS\system32\infocardapi.dll
2007-10-11 17:55 579,584 ----a-w C:\WINDOWS\system32\icardagt.exe
2007-10-11 17:55 11,776 ----a-w C:\WINDOWS\system32\icardres.dll
2007-10-09 21:03 779,800 ----a-w C:\WINDOWS\system32\PresentationNative_v0300.dll
2007-10-09 21:03 73,752 ----a-w C:\WINDOWS\system32\dxva2.dll
2007-10-09 21:03 493,080 ----a-w C:\WINDOWS\system32\evr.dll
2007-10-09 21:03 350,744 ----a-w C:\WINDOWS\system32\PresentationHost.exe
2007-10-09 21:03 33,304 ----a-w C:\WINDOWS\system32\PresentationHostProxy.dll
2007-10-09 21:03 161,304 ----a-w C:\WINDOWS\system32\UIAutomationCore.dll
2007-10-09 21:03 106,520 ----a-w C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2007-10-09 21:03 1,986,072 ----a-w C:\WINDOWS\system32\milcore.dll
2007-10-09 20:58 16,896 ----a-w C:\WINDOWS\system32\tswpfwrp.exe
2006-06-12 00:20 774,144 -c--a-w C:\Program Files\RngInterstitial.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-25 15:56 219136]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shell executehooks]
"{03A80B1D-5C6A-42c2-9DFB-81B6005D8023}"= C:\Program Files\Trend Micro\Tmas\sshook.dll [2005-12-12 16:17 77824]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
VESWinlogon.dll 2005-05-20 17:42 73728 C:\WINDOWS\system32\VESWinlogon.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Trend Micro Anti-Spyware.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Trend Micro Anti-Spyware.lnk
backup=C:\WINDOWS\pss\Trend Micro Anti-Spyware.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2005-05-03 17:43 69632 C:\WINDOWS\ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
--a------ 2006-03-11 20:07 458752 C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CleanUp]
C:\DOCUME~1\Owner\LOCALS~1\Temp\2006311211518_mcappins.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 04:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2006-05-09 16:24 50760 C:\Program Files\Common Files\AOL\1142140458\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISBMgr.exe]
--a--c--- 2004-02-20 14:12 32768 C:\Program Files\Sony\ISB Utility\ISBMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2006-09-25 12:54 229952 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mouse Suite 98 Daemon]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-01-05 20:07 2228736 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
-----c--- 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2005-08-09 14:17 14743552 C:\WINDOWS\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SonyPowerCfg]
--a--c--- 2005-10-19 22:07 184320 C:\Program Files\Sony\VAIO Power Management\SPMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe]
--a--c--- 2005-09-27 06:59 81920 C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a--c--- 2007-03-14 01:43 83608 C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Recovery]
--a--c--- 2003-04-19 20:08 28672 C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Update 2]
--a--c--- 2005-10-11 21:36 151552 C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIOCameraUtility]
--a--c--- 2005-12-01 02:20 69632 C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIOSurvey]
--a--c--- 2005-06-13 15:42 258048 c:\program files\sony\vaio survey\surveysa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewpointPhotosDeviceConnect]
C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.7.0\FotomatDeviceConnect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe

R3 SonyImgF;Sony Image Conversion Filter Driver;C:\WINDOWS\system32\DRIVERS\SonyImgF.sys [2005-11-30 14:12]

.
Contents of the 'Scheduled Tasks' folder
"2007-11-24 13:06:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-07 17:59:36
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-07 18:00:24
ComboFix-quarantined-files.txt 2008-01-08 02:00:15
.
2008-01-06 23:22:12 --- E O F ---
InNeed201's Avatar
Junior Member with 13 posts.
  
Join Date: Jan 2008
07-Jan-2008, 09:10 PM #4
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:08:13 PM, on 1/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemonsearch.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase4009.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

--
End of file - 7364 bytes
InNeed201's Avatar
Junior Member with 13 posts.
  
Join Date: Jan 2008
09-Jan-2008, 03:42 AM #5
oh also when i start up system it tells me that it cannot open geedc.exe ..

it says if i deleted program to take it of the registry but i dont know how
dvk01's Avatar
Moderator with 30,678 posts.
  
Join Date: Dec 2002
Location: Loughton, Essex, UK
09-Jan-2008, 11:18 AM #6
first delete that version of combofix as there has been an even newer one released

Download ComboFix from Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**


Open Notepad and copy and paste the text in the code box below into it:



Code:
http://forums.techguy.org/malware-removal-hijackthis-logs/668665-geedc-exe-geedc-dll.html#post5489721

Collect::[38]
C:\WINDOWS\system32\geedc.exe

Registry::
save the notepad file to your desktop & call it CFScript.txt



Close any open browsers and make sure you are disconnected from the net. Unplug the cable if need be before going any further

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.







This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply together with a new HijackThis log.

Remember to reconnect to the net and enable any disabled antivirus etc BEFORE reconnecting

Note: these instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.


at the end it will pop up an alert & ask you to send the zip file it will create

please follow those instructions
__________________
Derek Microsoft MVP/Windows - Security | Thespykiller | Security & Privacy
I am helping you, please help me by donating to help keep the Hedgehog Rescue Centre running
InNeed201's Avatar
Junior Member with 13 posts.
  
Join Date: Jan 2008
10-Jan-2008, 08:12 PM #7
ComboFix 08-01-10.2 - Owner 2008-01-10 17:05:46.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.577 [GMT -8:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\_000005_.tmp.dll
C:\WINDOWS\system32\geedc.exe

.
((((((((((((((((((((((((( Files Created from 2007-12-11 to 2008-01-11 )))))))))))))))))))))))))))))))
.

2008-01-09 16:50 . 2008-01-09 16:50 1,355 --a------ C:\WINDOWS\imsins.BAK
2008-01-09 16:49 . 2008-01-09 16:49 <DIR> d-------- C:\WINDOWS\LastGood
2008-01-08 19:26 . 2008-01-08 19:27 <DIR> d-------- C:\Program Files\AIM6
2008-01-08 18:37 . 2008-01-08 19:26 <DIR> d-------- C:\Program Files\Magic M4A to MP3 Converter
2008-01-07 17:45 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-06 10:51 . 2008-01-06 11:10 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-01-06 01:32 . 2008-01-06 01:46 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-06 01:20 . 2008-01-06 01:20 <DIR> d-------- C:\Program Files\Apache Software Foundation
2008-01-05 21:48 . 2008-01-06 21:48 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-01-05 21:48 . 2008-01-05 21:48 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2008-01-05 21:48 . 2008-01-05 21:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-05 21:47 . 2008-01-05 21:47 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-05 21:31 . 2008-01-05 21:31 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb
2008-01-05 21:31 . 2008-01-05 21:31 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb
2008-01-05 20:28 . 2008-01-06 21:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-05 19:08 . 2008-01-05 19:08 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Arcsoft
2008-01-05 19:07 . 2008-01-05 19:07 0 --a------ C:\WINDOWS\QuickInstall.INI
2008-01-05 18:27 . 2008-01-05 18:27 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Moyea
2008-01-05 14:06 . 2003-05-07 10:01 8,464 --a------ C:\WINDOWS\system32\sporder.dll
2007-12-22 19:56 . 2007-12-24 15:19 <DIR> d-------- C:\Temp
2007-12-22 19:48 . 2007-12-22 19:48 <DIR> d-------- C:\Program Files\DVDVideoSoft
2007-12-22 19:48 . 2007-12-22 19:48 <DIR> d-------- C:\Program Files\Common Files\DVDVideoSoft
2007-12-22 19:39 . 2007-12-22 19:39 <DIR> d-------- C:\Program Files\Red Kawa
2007-12-22 19:39 . 2007-12-22 19:39 <DIR> d-------- C:\Program Files\AviSynth 2.5
2007-12-22 14:45 . 2007-12-22 14:45 <DIR> d-------- C:\Documents and Settings\Owner\PlayList
2007-12-21 19:08 . 2007-12-21 21:27 <DIR> d-------- C:\Downloads
2007-12-21 09:24 . 2007-12-21 09:24 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Softarium.com
2007-12-21 08:25 . 2007-12-21 08:50 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2007-12-20 11:53 . 2007-12-23 19:49 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\DivX
2007-12-18 21:30 . 2007-12-18 21:30 <DIR> d-------- C:\Program Files\Teamspeak2_RC2
2007-12-18 21:30 . 2007-12-18 21:30 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\teamspeak2
2007-12-18 21:30 . 2007-12-18 21:30 34,064 --a------ C:\WINDOWS\system32\lhacm.acm
2007-12-18 18:32 . 2007-12-18 18:32 <DIR> d-------- C:\Program Files\CONEXANT
2007-12-17 08:52 . 2007-12-18 16:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Autodesk
2007-12-17 08:49 . 2007-12-18 16:49 <DIR> d-------- C:\Program Files\Common Files\Autodesk Shared
2007-12-16 19:07 . 2007-12-16 19:07 <DIR> d-------- C:\Program Files\Microsoft Synchronization Services
2007-12-16 19:07 . 2007-12-16 19:07 <DIR> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2007-12-16 19:02 . 2007-12-16 19:02 <DIR> d-------- C:\Program Files\Microsoft SDKs
2007-12-16 19:02 . 2007-12-16 19:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-12-16 19:00 . 2007-12-16 19:00 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2007-12-16 19:00 . 2007-12-16 19:00 <DIR> d-------- C:\Program Files\Reference Assemblies
2007-12-16 19:00 . 2007-12-16 19:00 <DIR> d-------- C:\Program Files\MSBuild
2007-12-16 18:59 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2007-12-16 18:55 . 2007-12-16 18:55 <DIR> d-------- C:\Program Files\MSXML 6.0
2007-12-16 09:08 . 2007-12-16 09:08 <DIR> d-------- C:\Program Files\AC3Filter
2007-12-16 09:08 . 2007-08-17 23:54 380,928 --a------ C:\WINDOWS\system32\ac3filter.acm
2007-12-16 09:06 . 2007-12-11 14:34 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2007-12-16 09:05 . 2007-12-16 09:06 <DIR> d-------- C:\Program Files\DivX
2007-12-11 14:35 . 2007-12-11 14:35 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-12-11 14:35 . 2007-12-11 14:35 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
2007-12-11 14:34 . 2007-12-11 14:34 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-12-11 14:34 . 2007-12-11 14:34 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-12-11 14:34 . 2007-12-11 14:34 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-12-11 14:32 . 2007-12-11 14:32 352,401 --a------ C:\WINDOWS\system32\DivXMedia.ax
2007-12-11 14:32 . 2007-12-11 14:32 156,992 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-12-11 14:32 . 2007-12-11 14:32 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-09 03:27 --------- d-----w C:\Program Files\Viewpoint
2008-01-09 03:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-01-09 03:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-01-08 06:42 --------- d-----w C:\Documents and Settings\Owner\Application Data\AdobeUM
2008-01-08 01:41 --------- d-----w C:\Documents and Settings\Owner\Application Data\AVG7
2008-01-06 23:39 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-06 23:28 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-06 03:30 --------- d-----w C:\Program Files\QuickTime
2008-01-06 03:30 --------- d-----w C:\Program Files\Microsoft IntelliPoint
2008-01-05 23:55 --------- d-----w C:\Documents and Settings\Owner\Application Data\uTorrent
2007-12-23 22:42 --------- d-----w C:\Program Files\PeerGuardian2
2007-12-23 22:35 --------- d-----w C:\Program Files\Image-Line
2007-12-11 22:34 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-12-11 22:34 120,056 -c----w C:\WINDOWS\system32\pxcpyi64.exe
2007-12-11 22:34 118,520 -c----w C:\WINDOWS\system32\pxinsi64.exe
2007-12-11 22:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-12-11 22:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-12-11 22:33 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-12-11 22:33 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-12-11 22:33 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2007-12-11 22:33 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-12-11 22:33 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-12-11 22:33 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-12-11 22:33 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-12-11 22:33 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-12-11 22:33 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-12-11 22:33 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-12-09 20:28 --------- d-----w C:\Documents and Settings\Owner\Application Data\Disney Interactive Studios
2007-12-07 21:13 --------- d-----w C:\Program Files\dvdSanta
2007-12-03 06:55 --------- d-----w C:\Program Files\Vstplugins
2007-12-03 06:55 --------- d-----w C:\Program Files\ASIO4ALL v2
2007-11-26 05:58 --------- d-----w C:\Documents and Settings\Owner\Application Data\Ahead
2007-11-25 21:21 --------- d-----w C:\Documents and Settings\Owner\Application Data\ImgBurn
2007-11-25 06:02 --------- d-----w C:\Program Files\7-Zip
2007-11-24 18:58 --------- d-----w C:\Program Files\YAMAHA
2007-11-24 18:48 57,344 ----a-w C:\WINDOWS\system32\COMMTB32.DLL
2007-11-24 18:48 169,984 ----a-w C:\WINDOWS\system32\P2D.DLL
2007-11-24 18:48 161,552 ----a-w C:\WINDOWS\system32\ASYCPICT.DLL
2007-11-24 18:48 --------- d-----w C:\Program Files\ActiveX Control Pad
2007-11-17 23:20 --------- d-----w C:\Documents and Settings\Owner\Application Data\yamaha
2007-11-17 23:19 1,409 ----a-w C:\WINDOWS\Fonts\OPUSTEXT.FOT
2007-11-17 23:19 1,409 ----a-w C:\WINDOWS\Fonts\OPUSS___.FOT
2007-11-17 23:19 1,409 ----a-w C:\WINDOWS\Fonts\OPUSPC__.FOT
2007-11-17 23:19 1,409 ----a-w C:\WINDOWS\Fonts\OPUSP___.FOT
2007-11-17 23:19 1,409 ----a-w C:\WINDOWS\Fonts\OPUSC___.FOT
2007-11-17 23:19 1,409 ----a-w C:\WINDOWS\Fonts\OPUS____.FOT
2007-11-17 23:19 1,409 ----a-w C:\WINDOWS\Fonts\INKPEN2_.FOT
2007-11-17 23:19 1,409 ----a-w C:\WINDOWS\Fonts\INK2TEXT.FOT
2007-11-17 23:19 1,409 ----a-w C:\WINDOWS\Fonts\INK2SPEC.FOT
2007-11-17 23:19 1,409 ----a-w C:\WINDOWS\Fonts\INK2SCRI.FOT
2007-11-17 23:19 1,409 ----a-w C:\WINDOWS\Fonts\INK2CHOR.FOT
2007-11-17 23:19 --------- d-----w C:\Program Files\Sibelius Software
2007-11-17 23:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\YAMAHA
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-13 00:56 --------- d-----w C:\Documents and Settings\Owner\Application Data\My Games
2007-11-13 00:55 --------- d-----w C:\Documents and Settings\Owner\Application Data\InstallShield
2007-11-07 09:26 721,920 ------w C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:43 1,287,680 ------w C:\WINDOWS\system32\quartz.dll
2007-10-28 00:40 222,720 ------w C:\WINDOWS\system32\wmasf.dll
2007-10-24 09:47 96,760 ----a-w C:\WINDOWS\system32\dfshim.dll
2007-10-24 09:47 84,480 ----a-w C:\WINDOWS\system32\mscories.dll
2007-10-24 09:47 282,112 ----a-w C:\WINDOWS\system32\mscoree.dll
2007-10-24 09:47 158,720 ----a-w C:\WINDOWS\system32\mscorier.dll
2007-10-11 17:55 88,576 ----a-w C:\WINDOWS\system32\infocardapi.dll
2007-10-11 17:55 579,584 ----a-w C:\WINDOWS\system32\icardagt.exe
2007-10-11 17:55 11,776 ----a-w C:\WINDOWS\system32\icardres.dll
2006-06-12 00:20 774,144 -c--a-w C:\Program Files\RngInterstitial.dll
.

((((((((((((((((((((((((((((( snapshot@2008-01-07_17.56.52.54 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-10-30 16:53:32 360,832 ----a-w C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB941644\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB941644\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB941644\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB941644\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB941644\update\updspapi.dll
+ 2007-11-07 09:50:47 727,040 ----a-w C:\WINDOWS\$hf_mig$\KB943485\SP2QFE\lsasrv.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB943485\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB943485\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB943485\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB943485\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB943485\update\updspapi.dll
- 2007-09-01 04:23:05 38,428 ----a-w C:\WINDOWS\Downloaded Program Files\unagiuninst.exe
+ 2008-01-09 03:27:20 38,428 ----a-w C:\WINDOWS\Downloaded Program Files\unagiuninst.exe
+ 2000-08-31 16:00:00 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
+ 2008-01-11 01:05:26 1,421,312 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-11 01:05:27 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-11 01:05:27 5,488,640 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-11 01:05:27 421,888 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-11 01:05:27 1,421,312 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-11 01:05:27 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
- 2006-08-17 12:28:27 721,920 -c----w C:\WINDOWS\system32\dllcache\lsasrv.dll
+ 2007-11-07 09:26:56 721,920 -c----w C:\WINDOWS\system32\dllcache\lsasrv.dll
- 2007-11-04 02:28:33 359,808 -c--a-w C:\WINDOWS\system32\dllcache\TCPIP.SYS
+ 2007-10-30 17:20:55 360,064 -c--a-w C:\WINDOWS\system32\dllcache\tcpip.sys
- 2007-11-04 02:28:33 359,808 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS
+ 2007-10-30 17:20:55 360,064 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
- 2007-12-02 23:00:05 18,684,536 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-01-02 18:21:36 17,642,616 ----a-w C:\WINDOWS\system32\MRT.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00 15360]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-12-18 11:04 50528]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-25 15:56 219136]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shell executehooks]
"{03A80B1D-5C6A-42c2-9DFB-81B6005D8023}"= C:\Program Files\Trend Micro\Tmas\sshook.dll [2005-12-12 16:17 77824]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
VESWinlogon.dll 2005-05-20 17:42 73728 C:\WINDOWS\system32\VESWinlogon.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Trend Micro Anti-Spyware.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Trend Micro Anti-Spyware.lnk
backup=C:\WINDOWS\pss\Trend Micro Anti-Spyware.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2005-05-03 17:43 69632 C:\WINDOWS\ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
--a------ 2006-03-11 20:07 458752 C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CleanUp]
C:\DOCUME~1\Owner\LOCALS~1\Temp\2006311211518_mcappins.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 04:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2006-05-09 16:24 50760 C:\Program Files\Common Files\AOL\1142140458\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISBMgr.exe]
--a--c--- 2004-02-20 14:12 32768 C:\Program Files\Sony\ISB Utility\ISBMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2006-09-25 12:54 229952 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mouse Suite 98 Daemon]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-01-05 20:07 2228736 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
-----c--- 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2005-08-09 14:17 14743552 C:\WINDOWS\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SonyPowerCfg]
--a--c--- 2005-10-19 22:07 184320 C:\Program Files\Sony\VAIO Power Management\SPMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe]
--a--c--- 2005-09-27 06:59 81920 C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a--c--- 2007-03-14 01:43 83608 C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Recovery]
--a--c--- 2003-04-19 20:08 28672 C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Update 2]
--a--c--- 2005-10-11 21:36 151552 C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIOCameraUtility]
--a--c--- 2005-12-01 02:20 69632 C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIOSurvey]
--a--c--- 2005-06-13 15:42 258048 c:\program files\sony\vaio survey\surveysa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewpointPhotosDeviceConnect]
C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.7.0\FotomatDeviceConnect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe

R3 SonyImgF;Sony Image Conversion Filter Driver;C:\WINDOWS\system32\DRIVERS\SonyImgF.sys [2005-11-30 14:12]

*Newly Created Service* - CATCHME
*Newly Created Service* - VIEWPOINT_MANAGER_SERVICE
.
Contents of the 'Scheduled Tasks' folder
"2007-11-24 13:06:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-10 17:07:40
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-10 17:08:21
ComboFix-quarantined-files.txt 2008-01-11 01:08:04
ComboFix2.txt 2008-01-08 02:00:25
.
2008-01-10 00:53:25 --- E O F ---




When the pop up came up it gave me a error.. something about making sure its the correct file name.. and then it took me to a error page on firefox.. and yes i connected to the internet after the log was made. =)
InNeed201's Avatar
Junior Member with 13 posts.
  
Join Date: Jan 2008
10-Jan-2008, 08:14 PM #8
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:13:24 PM, on 1/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\MOZILL~2\FIREFOX.EXE
C:\Documents and Settings\Owner\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemonsearch.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase4009.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

--
End of file - 7924 bytes
InNeed201's Avatar
Junior Member with 13 posts.
  
Join Date: Jan 2008
10-Jan-2008, 08:15 PM #9
what do i do to the zip file on my desktop? do i delete it? or should i try combofix again?
dvk01's Avatar
Moderator with 30,678 posts.
  
Join Date: Dec 2002
Location: Loughton, Essex, UK
11-Jan-2008, 09:30 AM #10
I need to see the zip file from the desktop

please go to http://www.thespykiller.co.uk/index.php?board=1.0 and upload these files so I can examine them and distribute them to antivirus companies.
Just press new topic, fill in the needed details and just give a link to your post here & then press the browse button and then navigate to & select the files on your computer, If there is more than 1 file then press the more attachments button for each extra file and browse and select etc and then when all the files are listed in the windows press send to upload the files ( do not post HJT logs there as they will not get dealt with)

Files to submit:

the zip file combofix made on your desktop
__________________
Derek Microsoft MVP/Windows - Security | Thespykiller | Security & Privacy
I am helping you, please help me by donating to help keep the Hedgehog Rescue Centre running
InNeed201's Avatar
Junior Member with 13 posts.
  
Join Date: Jan 2008
11-Jan-2008, 04:47 PM #11
dvk01's Avatar
Moderator with 30,678 posts.
  
Join Date: Dec 2002
Location: Loughton, Essex, UK
12-Jan-2008, 03:00 PM #12
it looks clear now

are you still having any problems

if everything i s OK

Please download ATF Cleaner by Atribune

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser as well as Internet Explorer or instead of it then also do this step

Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser as well as Internet Explorer or instead of it then also do this step

Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

This will remove all files from the items that are checked so if you have some cookies you'd like to save. please move them to a different directory first.


then
Please download the OTMoveIt by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt.exe to run it.
press cleanup & it will search for and delete/uninstall all the tools we have used to fix your problems and all their backup folders and then delete itself when you next reboot

then
Turn off system restore by following instructions here
http://www.thespykiller.co.uk/index.php?page=8
That will purge the restore folder and clear any malware that has been put in there. Then reboot & then re-enable sytem restore & create a new restore point. Now Empty Recycle bin on desktop

go here http://www.thespykiller.co.uk/index.php?page=3 for info on how to tighten your security settings and how to help prevent future attacks.

and scan here http://secunia.com/software_inspector/ for out of date & vulnerable common applications on your computer

Then pay an urgent visit to windows update & make sure you are fully updated, that will help to plug the security holes that let these pests on in the first place
__________________
Derek Microsoft MVP/Windows - Security | Thespykiller | Security & Privacy
I am helping you, please help me by donating to help keep the Hedgehog Rescue Centre running
InNeed201's Avatar
Junior Member with 13 posts.
  
Join Date: Jan 2008
12-Jan-2008, 03:44 PM #13
everything seems to be running fine now, ive reinstalled the programs that weren't working and they seem to work fine =)

only a couple of problems

avg doesnt't boot at start up, but im guessing if i reinstall it will?

also im not sure if this was caused by the virus but when ever im using earphones and if i even move the jack a little bit , it stops working until i move it upward a little, idk its kinda weird, this sometimes happens with my ipod to so its probably hardware.. and there new earphones... just curious =)

thanks!
dvk01's Avatar
Moderator with 30,678 posts.
  
Join Date: Dec 2002
Location: Loughton, Essex, UK
13-Jan-2008, 12:07 PM #14
reinstall AVG that is the quickest way to make sure it is all ok

the earphones sound like a faulty plug and I've never heard of any virus able to affect earphones that work when moved
InNeed201's Avatar
Junior Member with 13 posts.
  
Join Date: Jan 2008
13-Jan-2008, 02:00 PM #15
thanks!

SOLVED. =)
Email  Print  Favorites  | More
Closed Thread
Page 1 of 2 1 2

THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!

« Previous Thread | Virus & Other Malware Removal | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
WELCOME TO TECH SUPPORT GUY! Are you looking for the solution to your computer problem? Join our site today to ask your question -- for free! Our site is run completely by volunteers who want to help you solve your computer problems. See our Welcome Guide to get started.

Thread Tools


Twitter Twitter! | TechGuy.TV | Mobile | Advertise
Contact Us - HelpOnThe.Net - Archive - Terms of Service - Top
You Are Using:
Server ID
Advertisements do not imply our endorsement of that product or service.
All times are GMT -4. The time now is 07:18 AM.
Copyright © 1996 - 2010 TechGuy, Inc. All rights reserved.

 Powered by Cermak Technologies, Inc.