1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Trojan driving me crazy

Discussion in 'Virus & Other Malware Removal' started by big donut708, Nov 6, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. big donut708

    big donut708 Thread Starter

    Joined:
    Jun 14, 2006
    Messages:
    34
    The other day I downloaded a trojan (not on purpose...) and heres what its done:

    -Installed security toolbar 7.1 in IE7
    -Given me messages that look like windows firewall messages such as
    -I have [email protected]
    -I have [email protected]
    -I have PSw.x-virtrojan
    -I have [email protected]
    -It gives me messages saying that my performance is down and my internet connection is down by 39%
    -Won't let me open windows firewall
    -Keeps opening IE with pages offering protection from the fake viruses it claims I have
    -My performance is down a lot but not as much as the messages claim

    I'm pretty sure all of these things mean it is definitly downloader.mislead app

    Norton has told me it has blocked downloader.mislead app multiple times but i still get all those messages and such

    I ran scans with both norton antivirus and adaware (both recently updated) and they came up with nothing.

    I ran regedit and none of the files that symantec said would be in there were there if it really was downloader.mislead app

    I need some serious help getting rid of this. I'm lost. Below is my hijackthis log. Thanks for your time

    >>>Big donut

    Logfile of HijackThis v1.99.1
    Scan saved at 7:39:00 PM, on 11/6/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\CFusionMX7\runtime\bin\jrunsvc.exe
    C:\CFusionMX7\runtime\bin\jrun.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\system32\LxrSII1s.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
    C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\M-Audio Uno\UnoInst.exe
    C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
    C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
    C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE
    C:\Program Files\pspvideo9\pspvideo9.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\CE\nmSvc.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\PreSonus\1394AudioDriver_FIREPOD\FIREPOD.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\USBSW\usbsw_eng.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe
    C:\WINDOWS\system32\DllHost.exe
    C:\PROGRA~1\NORTON~2\NORTON~1\navw32.exe
    C:\PROGRA~1\MOZILL~2\FIREFOX.EXE
    C:\Program Files\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - J:\ceedo\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
    O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - J:\ceedo\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
    O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
    O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\rlpjaomz.dll
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
    O4 - HKLM\..\Run: [CreateCD_Reminder] C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe
    O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
    O4 - HKLM\..\Run: [EPSON Stylus CX4600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE /P26 "EPSON Stylus CX4600 Series" /O6 "USB001" /M "Stylus CX4600"
    O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
    O4 - HKLM\..\Run: [Auto EPSON Stylus CX4600 Series DIRECT PLUG IN on DIANES] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE /P56 "Auto EPSON Stylus CX4600 Series DIRECT PLUG IN on DIANES" /O17 "\\DIANES\EPSONSty" /M "Stylus CX4600"
    O4 - HKLM\..\Run: [PSPVideo9] C:\Program Files\pspvideo9\pspvideo9.exe -t
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
    O4 - HKLM\..\Run: [NMSVC] C:\Program Files\CE\nmSvc.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [FIREPOD] C:\Program Files\PreSonus\1394AudioDriver_FIREPOD\FIREPOD.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [7c0014f3] rundll32.exe "C:\WINDOWS\system32\nbqxwdcu.dll",b
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: USB Switch Control.lnk = ?
    O8 - Extra context menu item: &AOL Toolbar Search - res://j:\ceedo\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Transfer by Image Converter 2 - C:\Program Files\Sony\Image Converter 2\menu.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - J:\ceedo\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nmnsp.dll
    O10 - Broken Internet access because of LSP provider 'cespy.dll' missing
    O11 - Options group: [INTERNATIONAL] International*
    O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
    O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
    O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: ColdFusion MX 7 Application Server - Macromedia Inc. - C:\CFusionMX7\runtime\bin\jrunsvc.exe
    O23 - Service: ColdFusion MX 7 Search Server - Unknown owner - C:\CFusionMX7\verity\k2\_nti40\bin\k2admin.exe" -cfg "C:\CFusionMX7\verity\k2\common\verity.cfg" -ntstart 1 (file missing)
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
    O23 - Service: Lexar Secure II (LxrSII1s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrSII1s.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\halsv.exe
    O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
    O23 - Service: Sony TVTA Manager - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    O23 - Service: Uno Installer (UnoInstallerService) - Unknown owner - C:\Program Files\M-Audio Uno\UnoInst.exe
    O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
    O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
    O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP (file missing)
    O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
    O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server (file missing)
    O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
    O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
    O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
     
  2. big donut708

    big donut708 Thread Starter

    Joined:
    Jun 14, 2006
    Messages:
    34
    I ran both of these programs along with spybot and found a lot of stuff. I can now open security center and all of the messages claiming I have fake viruses are gone but my computer is running really slow so I am guessing I am still infected. Also norton just gave me an unexpected error and turned off and will not turn on again.

    Here is the combofix log.

    ComboFix 07-11-07.3 - Drake Petesen 2007-11-06 22:21:47.1 - NTFSx86
    Running from: C:\Documents and Settings\Drake Petesen\Desktop\ComboFix.exe
    * Created a new restore point
    .

    Unable to gain System Privileges

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk
    C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk
    C:\Documents and Settings\Drake Petesen\Desktop\Live Safety Center.lnk
    C:\Documents and Settings\Drake Petesen\Desktop\Online Security Guide.lnk
    C:\Documents and Settings\Drake Petesen\Favorites\Online Security Guide.lnk
    C:\WINDOWS\setup.exe
    C:\WINDOWS\system32\ddabx.dll
    C:\WINDOWS\system32\rlpjaomz.dllbox
    C:\WINDOWS\system32\xbadd.bak1
    C:\WINDOWS\system32\xbadd.bak2
    C:\WINDOWS\system32\xbadd.ini
    C:\WINDOWS\system32\xbadd.ini2
    C:\WINDOWS\system32\xbadd.tmp

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .
    -------\LEGACY_DOMAINSERVICE


    ((((((((((((((((((((((((( Files Created from 2007-10-07 to 2007-11-07 )))))))))))))))))))))))))))))))
    .

    2007-11-06 22:11 <DIR> d-------- C:\WINDOWS\LastGood.Tmp
    2007-11-06 22:06 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2007-11-06 21:31 87,104 --a------ C:\WINDOWS\system32\deivfeew.dll
    2007-11-06 21:30 71,232 --a------ C:\WINDOWS\system32\rfhqvfii.exe
    2007-11-06 21:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    2007-11-06 21:12 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
    2007-11-06 21:12 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2007-11-06 21:12 <DIR> d-------- C:\Documents and Settings\Drake Petesen\Application Data\SUPERAntiSpyware.com
    2007-11-06 21:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2007-11-06 20:18 81,472 --a------ C:\WINDOWS\system32\chqsftju.dll
    2007-11-06 17:43 81,472 --a------ C:\WINDOWS\system32\vwkoowaq.dll
    2007-11-06 17:34 145,984 --a------ C:\WINDOWS\system32\fmyqmqpb.dll
    2007-11-05 21:54 <DIR> d-------- C:\Documents and Settings\Drake Petesen\Application Data\Waves Audio
    2007-11-05 21:51 <DIR> d-------- C:\Program Files\Common Files\Digidesign
    2007-11-05 15:06 22,112 -ra------ C:\WINDOWS\system32\drivers\COH_Mon.sys
    2007-11-05 13:41 233,472 --a------ C:\WINDOWS\system32\REX Shared Library.dll
    2007-11-05 11:40 2,463,976 --a------ C:\WINDOWS\system32\NPSWF32.dll
    2007-11-05 11:40 190,696 --a------ C:\WINDOWS\system32\NPSWF32_FlashUtil.exe
    2007-11-05 11:39 <DIR> d-------- C:\Program Files\Bonjour
    2007-11-05 11:29 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
    2007-11-05 10:40 <DIR> d-------- C:\Program Files\Instant CD & DVD Burner
    2007-10-25 18:07 49,536 --a------ C:\WINDOWS\system32\drivers\tiehdusb.sys
    2007-10-25 18:07 21,456 --a------ C:\WINDOWS\system32\drivers\SilvrLnk.sys
    2007-10-09 11:06 582,656 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-11-07 04:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
    2007-11-07 03:30 --------- d-----w C:\Documents and Settings\Drake Petesen\Application Data\CE
    2007-11-07 03:06 --------- d-----w C:\Program Files\Common Files\Symantec Shared
    2007-11-07 00:31 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-11-07 00:28 --------- d-----w C:\Program Files\MSECACHE
    2007-11-06 03:52 --------- d-----w C:\Documents and Settings\Drake Petesen\Application Data\uTorrent
    2007-11-06 03:50 --------- d-----w C:\Program Files\VstPlugins
    2007-11-05 22:54 --------- d-----w C:\Program Files\Microsoft Games
    2007-11-05 22:54 --------- d-----w C:\Program Files\BitTorrent
    2007-11-05 21:01 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
    2007-11-05 21:01 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
    2007-11-05 21:01 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
    2007-11-05 21:01 --------- d-----w C:\Program Files\Symantec
    2007-11-05 18:39 --------- d-----w C:\Program Files\Common Files\Adobe
    2007-11-05 18:27 --------- d-----w C:\Program Files\Mozilla Thunderbird
    2007-11-05 18:26 --------- d-----w C:\Program Files\Macromedia
    2007-11-05 18:21 --------- d-----w C:\Program Files\uTorrent
    2007-11-05 17:40 --------- d-----w C:\Program Files\QuickTime
    2007-11-05 17:14 --------- d-----w C:\Program Files\MagicISO
    2007-11-04 18:26 --------- d-----w C:\Documents and Settings\Drake Petesen\Application Data\BitTorrent
    2007-10-30 00:57 --------- d-----w C:\Program Files\MP3 sMs
    2007-10-05 19:06 --------- d-----w C:\Program Files\LimeWire
    2007-10-05 19:00 --------- d-----w C:\Program Files\Pro Tracks Plus
    2007-09-24 20:32 --------- d-----w C:\Program Files\iTunes
    2007-09-24 20:32 --------- d-----w C:\Program Files\iPod
    2007-09-24 20:31 --------- d-----w C:\Program Files\Apple Software Update
    2007-09-24 19:27 --------- d-----w C:\Documents and Settings\Drake Petesen\Application Data\Apple Computer
    2007-09-20 21:20 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
    2007-09-20 21:20 278,528 ------w C:\WINDOWS\Setup1.exe
    2007-09-18 20:44 10,662 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat
    2007-09-18 20:44 10,662 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat
    2007-09-18 20:44 10,658 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat
    2007-09-18 20:44 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf
    2007-09-18 20:44 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf
    2007-09-18 20:44 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf
    2007-09-18 20:43 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys
    2007-09-18 20:43 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys
    2007-09-18 20:43 278,576 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys
    2007-01-21 20:53 604 ---ha-w C:\Program Files\STLL Notifier
    2006-08-04 16:11 0 ----a-w C:\Documents and Settings\Drake Petesen\Application Data\wklnhst.dat
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 08:06 C:\WINDOWS\AGRSMMSG.exe]
    "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2004-08-10 06:04]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-09-29 09:15]
    "High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-08-12 19:45 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
    "CreateCD_Reminder"="C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe" [2004-07-16 13:17]
    "VAIO Update 2"="C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-01-14 15:43]
    "SoundMan"="SOUNDMAN.EXE" [2004-11-02 16:53 C:\WINDOWS\SOUNDMAN.EXE]
    "AlcWzrd"="ALCWZRD.EXE" [2004-11-29 16:00 C:\WINDOWS\ALCWZRD.EXE]
    "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-02-08 12:36]
    "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-02-08 12:32]
    "VAIO Recovery"="C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-19 23:08]
    "EPSON Stylus CX4600 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.exe" [2004-03-04 03:00]
    "UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" []
    "Auto EPSON Stylus CX4600 Series DIRECT PLUG IN on DIANES"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.exe" [2004-03-04 03:00]
    "PSPVideo9"="C:\Program Files\pspvideo9\pspvideo9.exe" [2005-10-29 18:56]
    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 21:59]
    "osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2006-09-05 20:22]
    "NMSVC"="C:\Program Files\CE\nmSvc.exe" [2007-02-22 11:53]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 02:43]
    "FIREPOD"="C:\Program Files\PreSonus\1394AudioDriver_FIREPOD\FIREPOD.EXE" [2004-07-21 16:10]
    "QuickTime Task"="C:\Program Files\QuickTime Alternative\QTTask.exe" [2007-06-29 05:24]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-14 09:00]
    "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 10:24]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 06:00]
    "AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-02-28 23:06]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]
    "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
    "SpybotDeletingB3311"=command /c del "C:\WINDOWS\system32\rlpjaomz.dllbox"
    "SpybotDeletingD6802"=cmd /c del "C:\WINDOWS\system32\rlpjaomz.dllbox"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
    "SpybotDeletingA8114"=command /c del "C:\WINDOWS\system32\rlpjaomz.dllbox"
    "SpybotDeletingC4962"=cmd /c del "C:\WINDOWS\system32\rlpjaomz.dllbox"

    C:\Documents and Settings\Drake Petesen\Start Menu\Programs\Startup\
    Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-07-14 18:23:49]
    USB Switch Control.lnk - C:\Documents and Settings\Drake Petesen\Application Data\Microsoft\Installer\{0051A2E7-C384-42E9-97D0-F0BF8579ED94}\_4595F6D7726F_4956_9B2C_996CBE5A31B5.exe [2006-06-19 09:59:50]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "AllowLegacyWebView"=1 (0x1)
    "AllowUnhashedWebView"=1 (0x1)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rlpjaomz]
    rlpjaomz.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Authentication Packages"= msv1_0 C:\WINDOWS\system32\ddabx.dll

    R2 ColdFusion MX 7 Application Server;ColdFusion MX 7 Application Server;"C:\CFusionMX7\runtime\bin\jrunsvc.exe"
    R2 ColdFusion MX 7 Search Server;ColdFusion MX 7 Search Server;"C:\CFusionMX7\verity\k2\_nti40\bin\k2admin.exe" -cfg "C:\CFusionMX7\verity\k2\common\verity.cfg" -ntstart 1
    R2 LxrSII1d;Secure II Driver;\??\C:\WINDOWS\system32\Drivers\LxrSII1d.sys
    R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB
    R2 UnoInstallerService;Uno Installer;C:\Program Files\M-Audio Uno\UnoInst.exe
    S3 CEUSBAUD;DigiTech USB MIDI Driver (MIDI);C:\WINDOWS\system32\Drivers\CEUSBAUD.sys
    S3 dump_wmimmc;dump_wmimmc;\??\C:\WINDOWS\system32\drivers\dump_wmimmc.sys
    S3 EVOLUSB;%EVOL_USB_SvcDesc%;C:\WINDOWS\system32\drivers\evolusb.sys
    S3 ps_1394;ps_1394;C:\WINDOWS\system32\Drivers\ps_1394.sys
    S3 ps_avs;ps_avs;C:\WINDOWS\system32\Drivers\ps_avs.sys
    S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB
    S3 TIEHDUSB;TIEHDUSB;C:\WINDOWS\system32\drivers\tiehdusb.sys

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6f12a9f4-6220-11db-b98e-0013201a3fee}]
    \shell\open\command - %SystemRoot%\Explorer.exe /idlist,%I,%L

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c274ad9c-8346-11db-b9c1-0013201a3fee}]
    \Shell\AutoRun\command - J:\Autorun.exe /run
    \Shell\Shell00\Command - J:\Autorun.exe /run
    \Shell\Shell01\Command - J:\Autorun.exe /action
    \Shell\Shell02\Command - J:\Autorun.exe /uninstall

    *Newly Created Service* - COMHOST
    .
    Contents of the 'Scheduled Tasks' folder
    "2007-10-04 17:57:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    "2007-11-03 19:01:08 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Drake Petesen.job"
    - C:\PROGRA~1\NORTON~2\NORTON~1\Navw32.exe
    .
    **************************************************************************

    catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-11-07 07:30:16
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-11-07 7:33:19 - machine was rebooted
    .
    --- E O F ---
     
  3. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Download and install AVG Anti-Spyware v7.5
    • After download, double click on the file to launch the install process.
    • Choose a language, click "OK" and then click "Next".
    • Read the "License Agreement" and click "I Agree".
    • Accept default installation path: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5, click "Next", then click "Install".
    • After setup completes, click "Finish" to start the program automatically or launch AVG Anti-Spyware by double-clicking its icon on your desktop or in the system tray.
    • The main "Status" menu will appear. Select "Change state" to inactivate 'Resident Shield' and 'Automatic Updates'. As AVG Anti-Spyware may interfere with some of our other fixes, we are temporarily disabling its active protection features until your system is clean, then you can re-enable them.
    • Then right click on AVG Anti-Spyware in the system tray and uncheck "Start with Windows".
    • Connect to the Internet, go back to AVG Anti-Spyware, select the "Update" button and click "Start update".
      Wait until you see the "Update successful" message. If you are having problems with the updater, manually download and update with the AVG Anti-Spyware Full database installer.
    • Exit AVG Anti-Spyware when done - DO NOT perform a scan yet.
    Reboot your computer in SAFE MODE using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode". (Note: When run in safe mode, sometimes the GUI is larger than the screen and the buttons at the bottom are partly or completely hidden, making them inaccessible for doing a scan. If this happens press Alt + Spacebar. A menu will come open, make sure you select maximize then run the scan. If that does not help, then you may have to run your scan in normal mode and advise your helper afterwards.)

    Scan with AVG Anti-Spyware as follows:
    • Click on the "Scanner" button and choose the "Settings" tab.
    • Under "How to act?", click on "Recommended actions" and choose "Quarantine" to set default action for detected malware.
    • Under "How to Scan? ", "Possibly unwanted software", and What to Scan?" leave all the default settings.
    • Under "Reports" select "Do not automatically generate reports".
    • Click the "Scan" tab to return to scanning options.
    • Click "Complete System Scan" to start.
    • When the scan has finished, it should automatically be set to Quarantine--if not click on Recommended Action and set it there.
    • You will also be presented with a list of infected objects found. Click "Apply all actions" to place the files in Quarantine.
    IMPORTANT! Do not save the report before you have clicked the :Apply all actions button. If you do, the log that is created will indicate "No action taken", making it more difficult to interpret the report. So be sure you save it only AFTER clicking the "Apply all actions" button.
    • Click on "Save Report" to view all completed scans. Click on the most recent scan you just performed and select "Save report as" - the default file name will be in date/time format as follows: Report-Scan-20060620-142816.txt. Save to your desktop. A copy of each report will also be saved in C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Reports\
    • Exit AVG Anti-Spyware when done, reboot normally and post the log report in your next response.
    Note: Close all open windows, programs, and DO NOT USE the computer while AVG Anti-Spyware is scanning. Doing so can hamper AVG Anti-Spyware's ability to clean properly and may result in reinfection.

    AVG Anti-Spyware is free for 30 days and all the extensions of the full version will be activated. After the 30 day trial, active protection extensions will be deactivated and the program will turn into a feature-limited freeware version that you can continue to use as an on-demand scanner or you may purchase a license to use the full version. We are installing AVG Anti-Spyware with its real-time protection disabled. Once your system is clean you may re-enable it so you can continue using this feature for the remainder of the trial period.


    Please go HERE to run Panda's ActiveScan
    • You need to use IE to run this scan
    • Once you are on the Panda site click the Scan your PC button
    • A new window will open...click the Check Now button
    • Enter your Country
    • Enter your State/Province
    • Enter your e-mail address and click send
    • Select either Home User or Company
    • Click the big Scan Now button
    • If it wants to install an ActiveX component allow it
    • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
    • When download is complete, click on My Computer to start the scan
    • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report


    Come back here and post a new HijackThis log along with the logs from the AVG and Panda scans.
     
  4. big donut708

    big donut708 Thread Starter

    Joined:
    Jun 14, 2006
    Messages:
    34
    Here is the problem. I have seen you suggest to others to reboot in safe mode and then scan but I tried and cannot do this. I'll hit F8, select safemode, and then it will give me the login screen as usual but after it says loading personal settings when the desktop should come up I get nothing. I get a black screen that says windows xp on top and safemode in the corner.

    I have a couple ideas for why this could be. One is i bought windows media center (huge mistake) and I have had many other quirky issues like this. Second is I have a sony computer and they changed some things around like windows restore and stuff like that. third is a virus could be stopping it.

    I have eliminated the warning signs and popups with combo fix but my computer is running so slow still.

    So what do you think I should do? try activescan?
     
  5. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    You can do them in Normal Mode instead.
     
  6. big donut708

    big donut708 Thread Starter

    Joined:
    Jun 14, 2006
    Messages:
    34
    I ran the activescan and nothing major came up. Norton works now so i think I'm clean. Is there anything more I should do?
     

    Attached Files:

  7. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Let's see one more Hijack This log
     
  8. big donut708

    big donut708 Thread Starter

    Joined:
    Jun 14, 2006
    Messages:
    34
    Here you go

    Logfile of HijackThis v1.99.1
    Scan saved at 22:26, on 2007-11-10
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\CFusionMX7\runtime\bin\jrunsvc.exe
    C:\CFusionMX7\verity\k2\_nti40\bin\k2admin.exe
    C:\CFusionMX7\runtime\bin\jrun.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\CFusionMX7\verity\k2\_nti40\bin\k2server.exe
    C:\CFusionMX7\verity\k2\_nti40\bin\k2index.exe
    C:\WINDOWS\system32\LxrSII1s.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
    C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\M-Audio Uno\UnoInst.exe
    C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
    C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
    C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
    C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE
    C:\Program Files\pspvideo9\pspvideo9.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\CE\nmSvc.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\PreSonus\1394AudioDriver_FIREPOD\FIREPOD.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\USBSW\usbsw_eng.exe
    C:\WINDOWS\system32\DllHost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\uTorrent\uTorrent.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - J:\ceedo\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {0826CEAB-7891-4815-A722-7CF481D8CBF0} - (no file)
    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - J:\ceedo\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
    O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - (no file)
    O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - J:\ceedo\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
    O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
    O4 - HKLM\..\Run: [CreateCD_Reminder] C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe
    O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
    O4 - HKLM\..\Run: [EPSON Stylus CX4600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE /P26 "EPSON Stylus CX4600 Series" /O6 "USB001" /M "Stylus CX4600"
    O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
    O4 - HKLM\..\Run: [Auto EPSON Stylus CX4600 Series DIRECT PLUG IN on DIANES] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE /P56 "Auto EPSON Stylus CX4600 Series DIRECT PLUG IN on DIANES" /O17 "\\DIANES\EPSONSty" /M "Stylus CX4600"
    O4 - HKLM\..\Run: [PSPVideo9] C:\Program Files\pspvideo9\pspvideo9.exe -t
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
    O4 - HKLM\..\Run: [NMSVC] C:\Program Files\CE\nmSvc.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [FIREPOD] C:\Program Files\PreSonus\1394AudioDriver_FIREPOD\FIREPOD.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: USB Switch Control.lnk = ?
    O8 - Extra context menu item: &AOL Toolbar Search - res://j:\ceedo\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Transfer by Image Converter 2 - C:\Program Files\Sony\Image Converter 2\menu.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - J:\ceedo\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nmnsp.dll
    O10 - Broken Internet access because of LSP provider 'cespy.dll' missing
    O11 - Options group: [INTERNATIONAL] International*
    O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
    O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
    O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{7534691B-E00C-47F3-AF3D-14B89C4B49B1}: NameServer = 64.233.207.2,64.233.207.16
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: rlpjaomz - rlpjaomz.dll (file missing)
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: ColdFusion MX 7 Application Server - Macromedia Inc. - C:\CFusionMX7\runtime\bin\jrunsvc.exe
    O23 - Service: ColdFusion MX 7 Search Server - Unknown owner - C:\CFusionMX7\verity\k2\_nti40\bin\k2admin.exe" -cfg "C:\CFusionMX7\verity\k2\common\verity.cfg" -ntstart 1 (file missing)
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
    O23 - Service: Lexar Secure II (LxrSII1s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrSII1s.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\halsv.exe
    O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
    O23 - Service: Sony TVTA Manager - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    O23 - Service: Uno Installer (UnoInstallerService) - Unknown owner - C:\Program Files\M-Audio Uno\UnoInst.exe
    O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
    O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
    O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP (file missing)
    O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
    O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server (file missing)
    O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
    O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
    O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
     
  9. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Rescan with Hijack This.
    Close all browser windows except Hijack This.
    Put a check mark beside these entries and click "Fix Checked".

    O2 - BHO: (no name) - {0826CEAB-7891-4815-A722-7CF481D8CBF0} - (no file)

    O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - (no file)

    O20 - Winlogon Notify: rlpjaomz - rlpjaomz.dll (file missing)


    Reboot, post a new log.
     
  10. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/648759

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice