1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

help !!! pop ads out of control isearch infestation ? hi jack this log

Discussion in 'Virus & Other Malware Removal' started by stephens23, Oct 14, 2008.

Thread Status:
Not open for further replies.
  1. stephens23

    stephens23 Thread Starter

    Joined:
    Oct 14, 2008
    Messages:
    2
    I have never seen any thing like this . My pc wont even let me go to the norton web site and I had to rename hijack this in 3 different places just to get it to open. I think i have an "Isearch" bug. The pop ups are so constant that I am having to close one out about every third word that i type. My browser will also open by itself. Spyware removal programs will not even open up and try to run. When you click on them nothing happens.
    Also the computer will not start in safe mode. It just keeps bringing me back to the screen where you select safe mode over and over again. It took me like three hours of tinkering just to get to this point.
    I am using a Vaio laptop and running windows xp.
    here is the hijack this log.
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 1:41:58 AM, on 10/14/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\WINDOWS\system32\uesiuqcr.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\bmwebcfg.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\QnJhZGxleSBUYXlsb3I\command.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe
    C:\Program Files\UTStarcom\Sprint\Sprint PCS Connection Manager\PnCUtilityService.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
    C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
    C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
    C:\WINDOWS\System32\alg.exe
    C:\Documents and Settings\All Users\Application Data\vkvupqbg\fkjqjcbs.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
    C:\Program Files\Sony\ISB Utility\ISBMgr.exe
    C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
    C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\msauc.exe
    C:\WINDOWS\System32\Rundll32.exe
    C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\czwncdgr.exe
    C:\Documents and Settings\Bradley Taylor\Application Data\Gool\Gool.exe
    C:\Documents and Settings\Bradley Taylor\Application Data\SpeedRunner\SpeedRunner.exe
    C:\Documents and Settings\Bradley Taylor\Application Data\Microsoft\Windows\cgwsov.exe
    C:\DOCUME~1\BRADLE~1\MYDOCU~1\DOBE~1\scanregw.exe
    C:\WINDOWS\system32\?ystem32\t?skmgr.exe
    C:\Program Files\VnrBlock\VnrBlock21.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Apoint\Apntex.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Trend Micro\workonthat\h.exe
    C:\WINDOWS\system32\SearchFilterHost.exe
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\uesiuqcr.exe,
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
    O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
    O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
    O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
    O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [lsass driver] C:\WINDOWS\msauc.exe
    O4 - HKLM\..\Run: [{a930de73-045c-01f8-97c6-70a516f9045a}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\ugqboqqvtv.dll" DllStub
    O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
    O4 - HKLM\..\Run: [brastk] brastk.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [GetModule23] "C:\Program Files\GetModule\GetModule23.exe"
    O4 - HKCU\..\Run: [EnSrvWeb] C:\WINDOWS\system32\czwncdgr.exe
    O4 - HKCU\..\Run: [Gool] "C:\Documents and Settings\Bradley Taylor\Application Data\Gool\Gool.exe"
    O4 - HKCU\..\Run: [SpeedRunner] C:\Documents and Settings\Bradley Taylor\Application Data\SpeedRunner\SpeedRunner.exe
    O4 - HKCU\..\Run: [SfKg6wIP] C:\Documents and Settings\Bradley Taylor\Application Data\Microsoft\Windows\cgwsov.exe
    O4 - HKCU\..\Run: [GetPack22] "C:\Program Files\GetPack\GetPack22.exe"
    O4 - HKCU\..\Run: [Redo] "C:\DOCUME~1\BRADLE~1\MYDOCU~1\DOBE~1\scanregw.exe" -vt yazb
    O4 - HKCU\..\Run: [Iqmdnh] C:\WINDOWS\system32\?ystem32\t?skmgr.exe
    O4 - HKCU\..\Run: [VnrBlock21] "C:\Program Files\VnrBlock\VnrBlock21.exe"
    O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
    O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
    O4 - HKCU\..\Run: [WebActStr] C:\WINDOWS\system32\epedufix.exe
    O4 - HKCU\..\Run: [brastk] C:\WINDOWS\system32\brastk.exe
    O4 - HKCU\..\Run: [StrCfgCmd] C:\WINDOWS\system32\nujehyxi.exe
    O4 - HKLM\..\Policies\Explorer\Run: [PiAWuj18yq] C:\Documents and Settings\All Users\Application Data\vkvupqbg\fkjqjcbs.exe
    O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: bmnet.dll
    O10 - Unknown file in Winsock LSP: bmnet.dll
    O10 - Unknown file in Winsock LSP: bmnet.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.att.net/sdccommon/download/tgctlcm.cab
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
    O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
    O16 - DPF: {B2FCED61-570E-11D3-B160-00A0C9E70E84} (OmniForm Form Control) - https://www4.lsac.org/LSACD_XMLWebServices/Http/OIFActiveX/ofmctl.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll
    O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
    O20 - AppInit_DLLs: karna.dat
    O21 - SSODL: SetApl - {1EA10F56-2294-56FD-9D9F-007AAF1E05F6} - C:\Program Files\gspgxjb\SetApl.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Bytemobile Web Configurator (bmwebcfg) - Bytemobile, Inc. - C:\WINDOWS\system32\bmwebcfg.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\QnJhZGxleSBUYXlsb3I\command.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
    O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
    O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: OSCM Utility Service - Sprint Spectrum, L.L.C - C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: Pantech&Curitel Utility Service - Sprint Spectrum, L.L.C - C:\Program Files\UTStarcom\Sprint\Sprint PCS Connection Manager\PnCUtilityService.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
    O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
    O23 - Service: VAIO Entertainment Task Scheduler - Sony Corporation - C:\Program Files\Sony\vaio entertainment\VzTaskScheduler.exe
    O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
    O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
    O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
    O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
    O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
    O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
    O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
    O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
    O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
    --
    End of file - 16877 bytes
     
  2. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Hi Welcome to TSG!!


    Download SDFix and save it to your Desktop.

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix and remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Remember to re-enable the protection again afterwards before connecting to the Internet.

    Double click SDFix.exe and choose Install to extract it to its own folder on the Desktop. Please then reboot your computer in Safe Mode by doing the following :
    • Restart your computer
    • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
    • Instead of Windows loading as normal, a menu with options should appear;
    • Select the first option, to run Windows in Safe Mode, then press "Enter".
    • Choose your usual account.
    • Open the c:\SDFix folder and double click RunThis.cmd to start the script.
    • Type Y to begin the script.
    • It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
    • Press any Key and it will restart the PC.
    • Your system will take longer that normal to restart as the fixtool will be running and removing files.
    • When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
    • Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt back to the thread with a new HijackThis log.
     
  3. stephens23

    stephens23 Thread Starter

    Joined:
    Oct 14, 2008
    Messages:
    2
    thanks for the reply I ran the programs here are the new logs. Waiting to hear back from the you.
    On a seperate note that I forgot to mention last time..... I can not use control alt Del. it tells me it has been disabled by administrator. And I have some types of fake spy ware alert icons in the bottom right of my screen that keep popping up and wanting me to download crap. And i have that blue screen thing where it has spyware messages and such.
    here are the logs you requested....Thanks a bunch!

    scan disk log:


    SDFix: Version 1.236
    Run by Bradley Taylor on Sat 10/18/2008 at 11:48 AM
    Microsoft Windows XP [Version 5.1.2600]
    Running From: C:\SDFix
    Checking Services :
    Name :
    cmdService
    Network Monitor
    Path :
    C:\WINDOWS\QnJhZGxleSBUYXlsb3I\command.exe
    cmdService - Deleted
    Network Monitor - Deleted

    Restoring Default Security Values
    Restoring Default Hosts File
    Restoring Default Desktop Wallpaper
    Resetting SecurityProviders Value
    Resetting AppInit_DLLs value

    Rebooting

    Infected beep.sys Found!
    beep.sys File Locations:
    "C:\WINDOWS\Drivers\beep.sys" 28160 10/16/2008 07:06 PM
    "C:\WINDOWS\system32\dllcache\beep.sys" 28160 10/16/2008 07:06 PM
    "C:\WINDOWS\system32\drivers\beep.sys" 28160 10/16/2008 07:06 PM
    Infected File Listed Below:
    C:\WINDOWS\system32\dllcache\beep.sys
    C:\WINDOWS\system32\drivers\beep.sys
    File copied to Backups Folder
    Attempting to replace beep.sys with original version

    Original beep.sys Restored
    "C:\WINDOWS\Drivers\beep.sys" 28160 10/16/2008 07:06 PM
    "C:\WINDOWS\system32\dllcache\beep.sys" 4224 08/07/2008 04:27 PM
    "C:\WINDOWS\system32\drivers\beep.sys" 4224 08/07/2008 04:27 PM

    Checking Files :
    Trojan Files Found:
    C:\WINDOWS\QnJhZGxleSBUYXlsb3I\asappsrv.dll - Deleted
    C:\WINDOWS\QnJhZGxleSBUYXlsb3I\command.exe - Deleted
    C:\WINDOWS\QnJhZGxleSBUYXlsb3I\kBL1t3U5ym1osr5PvaK.vbs - Deleted
    C:\Documents and Settings\Bradley Taylor\Application Data\Gool\Gool.exe - Deleted
    C:\Documents and Settings\Bradley Taylor\Application Data\SpeedRunner\config.cfg - Deleted
    C:\Documents and Settings\Bradley Taylor\Application Data\SpeedRunner\SpeedRunner.exe - Deleted
    C:\Documents and Settings\Bradley Taylor\Application Data\SpeedRunner\SRUninstall.exe - Deleted
    C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt - Deleted
    C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt - Deleted
    C:\Program Files\GetPack\dictame.gz - Deleted
    C:\Program Files\GetPack\GetPack22.exe - Deleted
    C:\Program Files\GetPack\trgtame.gz - Deleted
    C:\Program Files\Mjcore\Mjcore.dll - Deleted
    C:\Program Files\VnrBlock\VnrBlock21.exe - Deleted
    C:\Program Files\VnrBlock\xtarga.gz - Deleted
    C:\Program Files\Webtools\webtools.dll - Deleted
    C:\Program Files\Common Files\Yazzle3090OinAdmin.exe - Deleted
    C:\Program Files\Common Files\Yazzle3090OinUninstaller.exe - Deleted
    C:\Documents and Settings\Bradley Taylor\Application Data\wklnhst.dat - Deleted
    C:\DOCUME~1\BRADLE~1\LOCALS~1\Temp\Binaries1.cab2 - Deleted
    C:\DOCUME~1\BRADLE~1\LOCALS~1\Temp\gettpa123.exe - Deleted
    C:\DOCUME~1\BRADLE~1\LOCALS~1\Temp\gettpa222.exe - Deleted
    C:\DOCUME~1\BRADLE~1\LOCALS~1\Temp\gettpa421.exe - Deleted
    C:\DOCUME~1\BRADLE~1\LOCALS~1\Temp\tmp16.tmp - Deleted
    C:\U.exe - Deleted
    C:\WINDOWS\b103.exe - Deleted
    C:\WINDOWS\b104.exe - Deleted
    C:\WINDOWS\b116.exe - Deleted
    C:\WINDOWS\b157.exe - Deleted
    C:\WINDOWS\b161.exe - Deleted
    C:\WINDOWS\system32\~.exe - Deleted
    C:\WINDOWS\system32\wini10251.exe - Deleted
    C:\WINDOWS\system32\wini10252.exe - Deleted
    C:\WINDOWS\system32\wini10731.exe - Deleted
    C:\WINDOWS\system32\wini10451631.exe - Deleted
    C:\WINDOWS\system32\wpv074.cpx - Deleted
    C:\WINDOWS\system32\wpv484.cpx - Deleted
    C:\WINDOWS\system32\wpv862.cpx - Deleted
    C:\WINDOWS\system32\wpv963.cpx - Deleted
    C:\WINDOWS\system32\wpv0716.cpx - Deleted
    C:\WINDOWS\system32\wpv074.cpx - Deleted
    C:\WINDOWS\system32\wpv484.cpx - Deleted
    C:\WINDOWS\system32\wpv862.cpx - Deleted
    C:\WINDOWS\system32\wpv963.cpx - Deleted
    C:\WINDOWS\bdn.com - Deleted
    C:\WINDOWS\brastk.exe - Deleted
    C:\WINDOWS\default.htm - Deleted
    C:\WINDOWS\faceback.exe - Deleted
    C:\WINDOWS\FVProtect.exe - Deleted
    C:\WINDOWS\karna.dat - Deleted
    C:\WINDOWS\msauc.exe - Deleted
    C:\WINDOWS\mssecu.exe - Deleted
    C:\WINDOWS\system32\atmtd.dll - Deleted
    C:\WINDOWS\system32\atmtd.dll._ - Deleted
    C:\WINDOWS\system32\bdn.com - Deleted
    C:\WINDOWS\system32\brastk.exe - Deleted
    C:\WINDOWS\system32\getsn32.dll - Deleted
    C:\WINDOWS\system32\karna.dat - Deleted
    C:\WINDOWS\system32\msansspc.dll - Deleted
    C:\WINDOWS\system32\shell31.dll - Deleted
    C:\WINDOWS\system32\smwin32.dll - Deleted
    C:\WINDOWS\system32\thun.dll - Deleted
    C:\WINDOWS\system32\thun32.dll - Deleted
    C:\WINDOWS\userconfig9x.dll - Deleted
    C:\WINDOWS\wiaservb.log - Deleted
    C:\WINDOWS\winsystem.exe - Deleted

    Folder C:\Documents and Settings\Bradley Taylor\Application Data\Gool - Removed
    Folder C:\Documents and Settings\Bradley Taylor\Application Data\SpeedRunner - Removed
    Folder C:\Program Files\GetPack - Removed
    Folder C:\Program Files\Mjcore - Removed
    Folder C:\Program Files\Network Monitor - Removed
    Folder C:\Program Files\VnrBlock - Removed
    Folder C:\Program Files\Webtools - Removed
    Folder C:\Documents and Settings\LocalService\Application Data\NetMon - Removed

    Removing Temp Files
    ADS Check :


    Final Check :
    catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-10-18 12:12:10
    Windows 5.1.2600 Service Pack 2 NTFS
    scanning hidden processes ...
    scanning hidden services & system hive ...
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00014a153d44]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00014a153d44]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\00014a153d44]
    scanning hidden registry entries ...
    scanning hidden files ...
    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0

    Remaining Services :


    Authorized Application Key Export:
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
    "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
    "C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
    "C:\\Program Files\\Common Files\\AOL\\1145631461\\ee\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1145631461\\ee\\aolsoftware.exe:*:Enabled:AOL Services"
    "C:\\Program Files\\Common Files\\AOL\\1145631461\\ee\\aim6.exe"="C:\\Program Files\\Common Files\\AOL\\1145631461\\ee\\aim6.exe:*:Enabled:AIM"
    "C:\\Program Files\\Red Chair Software\\Anapod Explorer\\anamgr.exe"="C:\\Program Files\\Red Chair Software\\Anapod Explorer\\anamgr.exe:*:Enabled:Anapod Xtreamer"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000"
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
    "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
    "C:\\Program Files\\Intuit\\QuickBooks 2008\\QBDBMgrN.exe"="C:\\Program Files\\Intuit\\QuickBooks 2008\\QBDBMgrN.exe:*:Enabled:QuickBooks 2008 Data Manager"
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
    "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000"
    Remaining Files :
    C:\WINDOWS\default.htm Found
    File Backups: - C:\SDFix\backups\backups.zip
    Files with Hidden Attributes :
    Tue 26 Sep 2006 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
    Mon 6 Feb 2006 28,160 ...H. --- "C:\Documents and Settings\Bradley Taylor\My Documents\~WRL0001.tmp"
    Tue 7 Mar 2006 27,136 ...H. --- "C:\Documents and Settings\Bradley Taylor\My Documents\~WRL1136.tmp"
    Mon 4 Oct 2004 417,792 A..H. --- "C:\Program Files\Canon\Canon iP90 Setup Utility\Maint.exe"
    Tue 11 May 2004 61,440 A..H. --- "C:\Program Files\Canon\Canon iP90 Setup Utility\uinstrsc.dll"
    Tue 30 Sep 2008 230,400 ..SHR --- "C:\WINDOWS\system32\?ystem32\t?skmgr.exe"
    Tue 7 Oct 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
    Thu 9 Oct 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
    Fri 4 Jan 2008 29,184 ...H. --- "C:\Documents and Settings\Bradley Taylor\My Documents\Taylor Enterprises of Louisiana, LLC\~WRL0001.tmp"
    Sat 11 Oct 2008 89,088 ..SHR --- "C:\Documents and Settings\Bradley Taylor\My Documents\?dobe\scanregw.exe"
    Tue 13 Nov 2007 818 A..H. --- "C:\Program Files\Common Files\AOL\IPHSend\IPH.BAK"
    Mon 13 Nov 2006 319,456 A..H. --- "C:\Program Files\Common Files\Motorola Shared\MotPCSDrivers\difxapi.dll"
    Sun 8 Jan 2006 23,040 ...H. --- "C:\Documents and Settings\Bradley Taylor\Application Data\Microsoft\Word\~WRL0003.tmp"
    Wed 6 Jun 2007 19,968 ...H. --- "C:\Documents and Settings\Bradley Taylor\Application Data\Microsoft\Word\~WRL0004.tmp"
    Wed 18 Jul 2007 19,968 ...H. --- "C:\Documents and Settings\Bradley Taylor\Application Data\Microsoft\Word\~WRL0005.tmp"
    Thu 9 Mar 2006 30,720 ...H. --- "C:\Documents and Settings\Bradley Taylor\Application Data\Microsoft\Word\~WRL0470.tmp"
    Thu 9 Mar 2006 29,696 ...H. --- "C:\Documents and Settings\Bradley Taylor\Application Data\Microsoft\Word\~WRL0522.tmp"
    Thu 9 Mar 2006 28,160 ...H. --- "C:\Documents and Settings\Bradley Taylor\Application Data\Microsoft\Word\~WRL0628.tmp"
    Sat 7 Jul 2007 20,992 ...H. --- "C:\Documents and Settings\Bradley Taylor\Application Data\Microsoft\Word\~WRL0751.tmp"
    Thu 9 Mar 2006 29,184 ...H. --- "C:\Documents and Settings\Bradley Taylor\Application Data\Microsoft\Word\~WRL1361.tmp"
    Wed 13 Dec 2006 33,792 ...H. --- "C:\Documents and Settings\Bradley Taylor\Application Data\Microsoft\Word\~WRL1463.tmp"
    Wed 18 Jul 2007 20,992 ...H. --- "C:\Documents and Settings\Bradley Taylor\Application Data\Microsoft\Word\~WRL1510.tmp"
    Fri 30 Mar 2007 31,232 ...H. --- "C:\Documents and Settings\Bradley Taylor\Application Data\Microsoft\Word\~WRL1649.tmp"
    Thu 9 Mar 2006 33,280 ...H. --- "C:\Documents and Settings\Bradley Taylor\Application Data\Microsoft\Word\~WRL1750.tmp"
    Thu 9 Mar 2006 34,304 ...H. --- "C:\Documents and Settings\Bradley Taylor\Application Data\Microsoft\Word\~WRL2597.tmp"
    Thu 19 Jul 2007 22,016 ...H. --- "C:\Documents and Settings\Bradley Taylor\Application Data\Microsoft\Word\~WRL3830.tmp"
    Mon 12 Feb 2007 3,096,576 A..H. --- "C:\Documents and Settings\Bradley Taylor\Application Data\U3\temp\Launchpad Removal.exe"
    Tue 26 Sep 2006 4,348 ...H. --- "C:\Documents and Settings\Bradley Taylor\Application Data\Real\Rhapsody\wmlicbackup\drmv1key.bak"
    Tue 26 Sep 2006 20 A..H. --- "C:\Documents and Settings\Bradley Taylor\Application Data\Real\Rhapsody\wmlicbackup\drmv1lic.bak"
    Tue 26 Sep 2006 312 A.SH. --- "C:\Documents and Settings\Bradley Taylor\Application Data\Real\Rhapsody\wmlicbackup\drmv2key.bak"
    Finished!



    And here is the new hijack this log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 4:26:33 PM, on 10/18/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16735)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\WINDOWS\system32\uesiuqcr.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINDOWS\system32\bmwebcfg.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe
    C:\Program Files\UTStarcom\Sprint\Sprint PCS Connection Manager\PnCUtilityService.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
    C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
    C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
    C:\Program Files\Sony\ISB Utility\ISBMgr.exe
    C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
    C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
    C:\WINDOWS\vinihonu.exe
    C:\WINDOWS\System32\regsvr32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\DOCUME~1\BRADLE~1\MYDOCU~1\DOBE~1\scanregw.exe
    C:\WINDOWS\system32\?ystem32\t?skmgr.exe
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Apoint\Apntex.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\vinihonu.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\Program Files\Trend Micro\workonthat\h.exe
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\uesiuqcr.exe,
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: getsn32.msiesn - {36142BDD-7850-42FC-9681-1534A35285B9} - C:\WINDOWS\system32\getsn32.dll
    O2 - BHO: bigadnetwork browser enhancer - {89177C13-0976-BFF3-5B03-3AB9F74F9228} - C:\WINDOWS\system32\ugqboqqvtv.dll
    O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
    O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
    O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
    O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
    O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
    O4 - HKLM\..\Run: [UiSetDsc] C:\WINDOWS\vinihonu.exe
    O4 - HKLM\..\Run: [ownoeobvqijwp] C:\WINDOWS\System32\regsvr32.exe /s "C:\WINDOWS\system32\ugqboqqvtv.dll"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Redo] "C:\DOCUME~1\BRADLE~1\MYDOCU~1\DOBE~1\scanregw.exe" -vt yazb
    O4 - HKCU\..\Run: [Iqmdnh] C:\WINDOWS\system32\?ystem32\t?skmgr.exe
    O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
    O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
    O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: bmnet.dll
    O10 - Unknown file in Winsock LSP: bmnet.dll
    O10 - Unknown file in Winsock LSP: bmnet.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.att.net/sdccommon/download/tgctlcm.cab
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
    O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
    O16 - DPF: {B2FCED61-570E-11D3-B160-00A0C9E70E84} (OmniForm Form Control) - https://www4.lsac.org/LSACD_XMLWebServices/Http/OIFActiveX/ofmctl.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll
    O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
    O21 - SSODL: SetApl - {1EA10F56-2294-56FD-9D9F-007AAF1E05F6} - C:\Program Files\gspgxjb\SetApl.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Bytemobile Web Configurator (bmwebcfg) - Bytemobile, Inc. - C:\WINDOWS\system32\bmwebcfg.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
    O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
    O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: OSCM Utility Service - Sprint Spectrum, L.L.C - C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: Pantech&Curitel Utility Service - Sprint Spectrum, L.L.C - C:\Program Files\UTStarcom\Sprint\Sprint PCS Connection Manager\PnCUtilityService.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
    O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
    O23 - Service: VAIO Entertainment Task Scheduler - Sony Corporation - C:\Program Files\Sony\vaio entertainment\VzTaskScheduler.exe
    O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
    O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
    O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
    O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
    O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
    O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
    O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
    O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
    O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
    --
    End of file - 15612 bytes
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/759000

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice