Yesterday, I was browsing causually, I cant remember which site I was on. Anyway, A window Came up, a genuine firewall window, "Firewall is Blocking Certain Aspects of Svchost.exe. Keep Blocking?" As i thought scvhost must have been corrupted or something, i clicked on Keep Blocking.
Immediately, my computer just restarted, and when i turned my computer on, I got a dodgy message about "Your Computer is Infected! You Spyware!" or something along those lines. There was a red X Which was somewhat different than my Usually Icon As i have a vista iconpack mod ( im sure this is not the cause). The Red X would be shiny usual, but this time it wasnt. I read the message and there were many grammar and spelling mistakes such as "pervent" instead of "prevent" etc. Also, my Internet Explorer, not my Firefox hompage, had been changed to Google from something else.
I was offline and I was sure nothing could happen, so i clicked it and the download window came up, but the fake antispyware couldnt download. I traced the process using Task Manager and came up with the result "wini10801.exe" I then did a search for it, after ending its process tree, and found it in the system32 dir, where i scanned it and moved it to AVG Virus Vault. I have worked out some of the anatomy of the virus. "brastk.exe" is loaded at startup causing the message to appear and "wini10801.exe" is the downloader and installer. The rest of the corrupted files are for the internet browser corruption.
A side affect of this is that some websites like windowsupdate and avgupdate are denied, i've checkd my firewall and all its exceptions and i've checked Internet Explorer, and firefoxs blocked lists, but i cannot find a way to unblock these. Also, i get directed to random sites advertising fake antispware, and other dodgey sites, ( i am accessing this via safemode with networking).
Through safemode, i did an online scan, which found many threats such as "brastk.exe" "av.bat" "wini10801.exe". All of these threats i cleaned and moved them to the VIrus Vault, where i have managed to get rid of the messages and all process (i got rid of the X, by going into msconfig startup and removing "brastk" from the list. All the visuall aspects of my problem are removed by me, including the registry keys, but i am still experiencing problems with my internet connection, and redirected to sites, which work perfectly in safe mode.
Due to this, I believe that the Virus/ Fake antispyware trojan, is still lingering somewhere in my computer, or the affter affects of it. I have racked my brains, and i cannot thing of anything to do so i await your help, I have downloaded HiJackThis, but i am unsure how to post a log, as i am new to help forums (usually i fix the malware myself, but this remnant is very stubborn and resistant).
Awaiting your Help,
~SHADOWZ
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
||||||||||||||| || || || || ||| || | ||||||||||||||||||||||||
||||||||||||||| || ||| ||| ^ || ||||| |||||||||||||||||||||||||
||||||||||||||| || || || ||| || ||| || | ||||||||||||||||||||||||
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
--------------HIJACK-LOG-BELOW --------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 10:38:15, on 25/10/2008
Platform: Windows XP SP3 (WinNT
5.01.2600)
MSIE: Internet Explorer v7.00
(7.00.6000.16735)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla
Firefox\firefox.exe
C:\Documents and
Settings\Luizinha\Desktop\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=6915
7
R1 - HKCU\Software\Microsoft\Internet
Connection Wizard,ShellNext =
http://www.yahoo.co.uk/
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C -
{EF99BD32-C1FB-11D2-892F-0090271D4F88} -
C:\PROGRA~1\Yahoo!\Companion\Installs\c
pn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper -
{02478D38-C3F9-4efb-9B51-7695ECA05670} -
C:\PROGRA~1\Yahoo!\Companion\Installs\c
pn\yt.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C -
{EF99BD32-C1FB-11D2-892F-0090271D4F88} -
C:\PROGRA~1\Yahoo!\Companion\Installs\c
pn\yt.dll
O4 - HKLM\..\Run: [SpeedTouch USB
Diagnostics] "C:\Program
Files\Thomson\SpeedTouch
USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [WorksFUD]
C:\Program Files\Microsoft
Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works
Portfolio] C:\Program Files\Microsoft
Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works
Update Detection] C:\Program
Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [Adobe Reader Speed
Launcher] "C:\Program Files\Adobe\Reader
8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon]
RUNDLL32.EXE
C:\WINDOWS\system32\NvCpl.dll,NvStartu
p
O4 - HKLM\..\Run: [NvMediaCenter]
RUNDLL32.EXE
C:\WINDOWS\system32\NvMcTray.dll,NvT
askbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program
Files\Common
Files\Real\Update_OB\realsched.exe"
-osboot
O4 - HKLM\..\Run: [AVG8_TRAY]
C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched]
"C:\Program
Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe"
-atboottime
O4 - HKLM\..\Run: [LVCOMSX]
C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair]
C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray]
C:\Program
Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SiSUSBRG]
C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LTSMMSG]
LTSMMSG.exe
O4 - HKLM\..\Run: [ezShieldProtector for
Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [AGRSMMSG]
AGRSMMSG.exe
O4 - HKCU\..\Run: [ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager]
"C:\Program
Files\Yahoo!\Messenger\YahooMessenger.exe
" -quiet
O4 - HKCU\..\Run: [Google Update]
"C:\Documents and Settings\Luizinha\Local
Settings\Application
Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [AdobeUpdater]
C:\Program Files\Common
Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [LDM] C:\Program
Files\Logitech\Desktop
Messenger\8876480\Program\BackWeb-8876
480.exe
O4 - HKCU\..\Run:
[LogitechSoftwareUpdate] "C:\Program
Files\Logitech\Video\ManifestEngine.exe"
boot
O4 - HKCU\..\Run: [SVCHOST.EXE]
C:\WINDOWS\system32\drivers\svchost.exe
O4 - Global Startup: Adobe Gamma
Loader.exe.lnk = C:\Program Files\Common
Files\Adobe\Calibration\Adobe Gamma
Loader.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Logitech Desktop
Messenger.lnk = C:\Program
Files\Logitech\Desktop
Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Works
Calendar Reminders.lnk = ?
O4 - Global Startup: VAIO Action Setup
(Server).lnk = ?
O8 - Extra context menu item: &Download
All with FlashGet - C:\Program
Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download
with FlashGet - C:\Program
Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to
Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EX
CEL.EXE/3000
O8 - Extra context menu item: Sothink SWF
Catcher - C:\Program Files\Common
Files\SourceTec\SWF
Catcher\InternetExplorer.htm
O9 - Extra button: Run WinHTTrack -
{36ECAF82-3300-8F84-092E-AFF36D6C7040}
- C:\Program
Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch
WinHTTrack -
{36ECAF82-3300-8F84-092E-AFF36D6C7040}
- C:\Program
Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Yahoo! Services -
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A789
7} - C:\Program
Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research -
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~2\OFFICE11\REFIEB
AR.DLL
O9 - Extra button: FlashGet -
{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} -
C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet -
{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} -
C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Sothink SWF Catcher -
{E19ADC6E-3909-43E4-9A89-B7B676377EE3} -
C:\Program Files\Common
Files\SourceTec\SWF
Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF
Catcher -
{E19ADC6E-3909-43E4-9A89-B7B676377EE3} -
C:\Program Files\Common
Files\SourceTec\SWF
Catcher\InternetExplorer.htm
O9 - Extra button: (no name) -
{e2e2dd38-d088-4134-82b7-f2ba38496583} -
%windir%\Network
Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem:
@xpsp3res.dll,-20001 -
{e2e2dd38-d088-4134-82b7-f2ba38496583} -
%windir%\Network
Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows
Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL]
International*
O12 - Plugin for .spop: C:\Program
Files\Internet
Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF:
START_PAGE_URL=http://www.club-vaio.s
ony-europe.com
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O16 - DPF:
{1239CC52-59EF-4DFA-8C61-90FFA846DF7E}
(Musicnotes Viewer) -
http://www.musicnotes.com/download/mnv
iewer.cab
O16 - DPF:
{215B8138-A3CF-44C5-803F-8226143CFC0A}
(Trend Micro ActiveX Scan Agent 6.6) -
http://housecall65.trendmicro.com/housecall
/applet/html/native/x86/win32/activex/hcI
mpl.cab
O16 - DPF:
{238F6F83-B8B4-11CF-8771-00A024541EE3}
(Citrix ICA Client) -
http://a516.g.akamai.net/f/516/25175/7d/run
aware.download.akamai.com/25175/citrix/w
ficat-no-eula.cab
O16 - DPF:
{2D8ED06D-3C30-438B-96AE-4D110FDC1FB8
} (ActiveScan 2.0 Installer Class) -
http://acs.pandasoftware.com/activescan/ca
bs/as2stubie.cab
O16 - DPF:
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}
(Installation Support) - C:\Program
Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF:
{4EFA317A-8569-4788-B175-5BAF9731A549}
(Microsoft Virtual Server VMRC Advanced
Control) -
http://www.windowsvistatestdrive.com/Act
iveX/VMRCActiveXClient1.cab
O16 - DPF:
{6414512B-B978-451D-A0D8-FCFDF33E833C}
(WUWebControl Class) -
http://update.microsoft.com/windowsupdate
/v6/V5Controls/en/x86/client/wuweb_site.ca
b?1196111463330
O16 - DPF:
{67DABFBF-D0AB-41FA-9C46-CC0F21721616}
(DivXBrowserPlugin Object) -
http://download.divx.com/player/DivXBro
wserPlugin.cab
O16 - DPF:
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}
(MUWebControl Class) -
http://www.update.microsoft.com/microsoft
update/v6/V5Controls/en/x86/client/muweb
_site.cab?1202660852000
O16 - DPF:
{A8F2B9BD-A6A0-486A-9744-18920D898429
} (ScorchPlugin Class) -
http://www.sibelius.com/download/software
/win/ActiveXPlugin.cab
O16 - DPF:
{D4323BF2-006A-4440-A2F5-27E3E7AB25F8}
(Virtools WebPlayer Class) -
http://a532.g.akamai.net/f/532/6712/5m/virt
ools.download.akamai.com/6712/player/insta
ll/installer.exe
O18 - Protocol: linkscanner -
{F274614C-63F8-47D5-A4D1-FBDDE494F8D1
} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: ms-help -
{314111C7-A502-11D2-BBCA-00C04F8EC294} -
C:\Program Files\Common Files\Microsoft
Shared\Help\hxds.dll
O20 - AppInit_DLLs: karna.dat
O20 - Winlogon Notify: dimsntfy -
%SystemRoot%\System32\dimsntfy.dll (file
missing)
O21 - SSODL: WPDShServiceObj -
{AAA288BA-9A4C-45B0-95D7-94D524869DB
5} -
C:\WINDOWS\system32\WPDShServiceObj.d
ll
O23 - Service: AVG Free8 WatchDog
(avg8wd) - AVG Technologies CZ, s.r.o. -
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Belkin Wireless USB Network
Adapter (Belkin Wireless USB Network
Adapter Service) - Unknown owner -
C:\Program Files\Belkin\Belkin Wireless
Network Utility\WLService.exe
O23 - Service: Google Updater Service (gusvc)
- Google - C:\Program
Files\Google\Common\Google
Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter
(JavaQuickStarterService) - Unknown owner
- C:\Program Files\Java\jre6\bin\jqs.exe"
-service -config "C:\Program
Files\Java\jre6\lib\deploy\jqs\jqs.conf (file
missing)
O23 - Service: NVIDIA Display Driver
Service (NVSvc) - NVIDIA Corporation -
C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP -
C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner -
C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner -
C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Sony SPTI Service (SPTISRV) -
Sony Corporation -
C:\PROGRA~1\COMMON~1\SONYSH~1\AVL
ib\Sptisrv.exe
O23 - Service: Windows Defender
(WinDefend) - Unknown owner - C:\Program
Files\Windows Defender\MsMpEng.exe (file
missing)
Immediately, my computer just restarted, and when i turned my computer on, I got a dodgy message about "Your Computer is Infected! You Spyware!" or something along those lines. There was a red X Which was somewhat different than my Usually Icon As i have a vista iconpack mod ( im sure this is not the cause). The Red X would be shiny usual, but this time it wasnt. I read the message and there were many grammar and spelling mistakes such as "pervent" instead of "prevent" etc. Also, my Internet Explorer, not my Firefox hompage, had been changed to Google from something else.
I was offline and I was sure nothing could happen, so i clicked it and the download window came up, but the fake antispyware couldnt download. I traced the process using Task Manager and came up with the result "wini10801.exe" I then did a search for it, after ending its process tree, and found it in the system32 dir, where i scanned it and moved it to AVG Virus Vault. I have worked out some of the anatomy of the virus. "brastk.exe" is loaded at startup causing the message to appear and "wini10801.exe" is the downloader and installer. The rest of the corrupted files are for the internet browser corruption.
A side affect of this is that some websites like windowsupdate and avgupdate are denied, i've checkd my firewall and all its exceptions and i've checked Internet Explorer, and firefoxs blocked lists, but i cannot find a way to unblock these. Also, i get directed to random sites advertising fake antispware, and other dodgey sites, ( i am accessing this via safemode with networking).
Through safemode, i did an online scan, which found many threats such as "brastk.exe" "av.bat" "wini10801.exe". All of these threats i cleaned and moved them to the VIrus Vault, where i have managed to get rid of the messages and all process (i got rid of the X, by going into msconfig startup and removing "brastk" from the list. All the visuall aspects of my problem are removed by me, including the registry keys, but i am still experiencing problems with my internet connection, and redirected to sites, which work perfectly in safe mode.
Due to this, I believe that the Virus/ Fake antispyware trojan, is still lingering somewhere in my computer, or the affter affects of it. I have racked my brains, and i cannot thing of anything to do so i await your help, I have downloaded HiJackThis, but i am unsure how to post a log, as i am new to help forums (usually i fix the malware myself, but this remnant is very stubborn and resistant).
Awaiting your Help,
~SHADOWZ
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
||||||||||||||| || || || || ||| || | ||||||||||||||||||||||||
||||||||||||||| || ||| ||| ^ || ||||| |||||||||||||||||||||||||
||||||||||||||| || || || ||| || ||| || | ||||||||||||||||||||||||
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
--------------HIJACK-LOG-BELOW --------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 10:38:15, on 25/10/2008
Platform: Windows XP SP3 (WinNT
5.01.2600)
MSIE: Internet Explorer v7.00
(7.00.6000.16735)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla
Firefox\firefox.exe
C:\Documents and
Settings\Luizinha\Desktop\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=6915
7
R1 - HKCU\Software\Microsoft\Internet
Connection Wizard,ShellNext =
http://www.yahoo.co.uk/
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C -
{EF99BD32-C1FB-11D2-892F-0090271D4F88} -
C:\PROGRA~1\Yahoo!\Companion\Installs\c
pn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper -
{02478D38-C3F9-4efb-9B51-7695ECA05670} -
C:\PROGRA~1\Yahoo!\Companion\Installs\c
pn\yt.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C -
{EF99BD32-C1FB-11D2-892F-0090271D4F88} -
C:\PROGRA~1\Yahoo!\Companion\Installs\c
pn\yt.dll
O4 - HKLM\..\Run: [SpeedTouch USB
Diagnostics] "C:\Program
Files\Thomson\SpeedTouch
USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [WorksFUD]
C:\Program Files\Microsoft
Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works
Portfolio] C:\Program Files\Microsoft
Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works
Update Detection] C:\Program
Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [Adobe Reader Speed
Launcher] "C:\Program Files\Adobe\Reader
8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon]
RUNDLL32.EXE
C:\WINDOWS\system32\NvCpl.dll,NvStartu
p
O4 - HKLM\..\Run: [NvMediaCenter]
RUNDLL32.EXE
C:\WINDOWS\system32\NvMcTray.dll,NvT
askbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program
Files\Common
Files\Real\Update_OB\realsched.exe"
-osboot
O4 - HKLM\..\Run: [AVG8_TRAY]
C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched]
"C:\Program
Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe"
-atboottime
O4 - HKLM\..\Run: [LVCOMSX]
C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair]
C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray]
C:\Program
Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SiSUSBRG]
C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LTSMMSG]
LTSMMSG.exe
O4 - HKLM\..\Run: [ezShieldProtector for
Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [AGRSMMSG]
AGRSMMSG.exe
O4 - HKCU\..\Run: [ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager]
"C:\Program
Files\Yahoo!\Messenger\YahooMessenger.exe
" -quiet
O4 - HKCU\..\Run: [Google Update]
"C:\Documents and Settings\Luizinha\Local
Settings\Application
Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [AdobeUpdater]
C:\Program Files\Common
Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [LDM] C:\Program
Files\Logitech\Desktop
Messenger\8876480\Program\BackWeb-8876
480.exe
O4 - HKCU\..\Run:
[LogitechSoftwareUpdate] "C:\Program
Files\Logitech\Video\ManifestEngine.exe"
boot
O4 - HKCU\..\Run: [SVCHOST.EXE]
C:\WINDOWS\system32\drivers\svchost.exe
O4 - Global Startup: Adobe Gamma
Loader.exe.lnk = C:\Program Files\Common
Files\Adobe\Calibration\Adobe Gamma
Loader.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Logitech Desktop
Messenger.lnk = C:\Program
Files\Logitech\Desktop
Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Works
Calendar Reminders.lnk = ?
O4 - Global Startup: VAIO Action Setup
(Server).lnk = ?
O8 - Extra context menu item: &Download
All with FlashGet - C:\Program
Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download
with FlashGet - C:\Program
Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to
Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EX
CEL.EXE/3000
O8 - Extra context menu item: Sothink SWF
Catcher - C:\Program Files\Common
Files\SourceTec\SWF
Catcher\InternetExplorer.htm
O9 - Extra button: Run WinHTTrack -
{36ECAF82-3300-8F84-092E-AFF36D6C7040}
- C:\Program
Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch
WinHTTrack -
{36ECAF82-3300-8F84-092E-AFF36D6C7040}
- C:\Program
Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Yahoo! Services -
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A789
7} - C:\Program
Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research -
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~2\OFFICE11\REFIEB
AR.DLL
O9 - Extra button: FlashGet -
{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} -
C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet -
{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} -
C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Sothink SWF Catcher -
{E19ADC6E-3909-43E4-9A89-B7B676377EE3} -
C:\Program Files\Common
Files\SourceTec\SWF
Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF
Catcher -
{E19ADC6E-3909-43E4-9A89-B7B676377EE3} -
C:\Program Files\Common
Files\SourceTec\SWF
Catcher\InternetExplorer.htm
O9 - Extra button: (no name) -
{e2e2dd38-d088-4134-82b7-f2ba38496583} -
%windir%\Network
Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem:
@xpsp3res.dll,-20001 -
{e2e2dd38-d088-4134-82b7-f2ba38496583} -
%windir%\Network
Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows
Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL]
International*
O12 - Plugin for .spop: C:\Program
Files\Internet
Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF:
START_PAGE_URL=http://www.club-vaio.s
ony-europe.com
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O16 - DPF:
{1239CC52-59EF-4DFA-8C61-90FFA846DF7E}
(Musicnotes Viewer) -
http://www.musicnotes.com/download/mnv
iewer.cab
O16 - DPF:
{215B8138-A3CF-44C5-803F-8226143CFC0A}
(Trend Micro ActiveX Scan Agent 6.6) -
http://housecall65.trendmicro.com/housecall
/applet/html/native/x86/win32/activex/hcI
mpl.cab
O16 - DPF:
{238F6F83-B8B4-11CF-8771-00A024541EE3}
(Citrix ICA Client) -
http://a516.g.akamai.net/f/516/25175/7d/run
aware.download.akamai.com/25175/citrix/w
ficat-no-eula.cab
O16 - DPF:
{2D8ED06D-3C30-438B-96AE-4D110FDC1FB8
} (ActiveScan 2.0 Installer Class) -
http://acs.pandasoftware.com/activescan/ca
bs/as2stubie.cab
O16 - DPF:
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}
(Installation Support) - C:\Program
Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF:
{4EFA317A-8569-4788-B175-5BAF9731A549}
(Microsoft Virtual Server VMRC Advanced
Control) -
http://www.windowsvistatestdrive.com/Act
iveX/VMRCActiveXClient1.cab
O16 - DPF:
{6414512B-B978-451D-A0D8-FCFDF33E833C}
(WUWebControl Class) -
http://update.microsoft.com/windowsupdate
/v6/V5Controls/en/x86/client/wuweb_site.ca
b?1196111463330
O16 - DPF:
{67DABFBF-D0AB-41FA-9C46-CC0F21721616}
(DivXBrowserPlugin Object) -
http://download.divx.com/player/DivXBro
wserPlugin.cab
O16 - DPF:
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}
(MUWebControl Class) -
http://www.update.microsoft.com/microsoft
update/v6/V5Controls/en/x86/client/muweb
_site.cab?1202660852000
O16 - DPF:
{A8F2B9BD-A6A0-486A-9744-18920D898429
} (ScorchPlugin Class) -
http://www.sibelius.com/download/software
/win/ActiveXPlugin.cab
O16 - DPF:
{D4323BF2-006A-4440-A2F5-27E3E7AB25F8}
(Virtools WebPlayer Class) -
http://a532.g.akamai.net/f/532/6712/5m/virt
ools.download.akamai.com/6712/player/insta
ll/installer.exe
O18 - Protocol: linkscanner -
{F274614C-63F8-47D5-A4D1-FBDDE494F8D1
} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: ms-help -
{314111C7-A502-11D2-BBCA-00C04F8EC294} -
C:\Program Files\Common Files\Microsoft
Shared\Help\hxds.dll
O20 - AppInit_DLLs: karna.dat
O20 - Winlogon Notify: dimsntfy -
%SystemRoot%\System32\dimsntfy.dll (file
missing)
O21 - SSODL: WPDShServiceObj -
{AAA288BA-9A4C-45B0-95D7-94D524869DB
5} -
C:\WINDOWS\system32\WPDShServiceObj.d
ll
O23 - Service: AVG Free8 WatchDog
(avg8wd) - AVG Technologies CZ, s.r.o. -
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Belkin Wireless USB Network
Adapter (Belkin Wireless USB Network
Adapter Service) - Unknown owner -
C:\Program Files\Belkin\Belkin Wireless
Network Utility\WLService.exe
O23 - Service: Google Updater Service (gusvc)
- Google - C:\Program
Files\Google\Common\Google
Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter
(JavaQuickStarterService) - Unknown owner
- C:\Program Files\Java\jre6\bin\jqs.exe"
-service -config "C:\Program
Files\Java\jre6\lib\deploy\jqs\jqs.conf (file
missing)
O23 - Service: NVIDIA Display Driver
Service (NVSvc) - NVIDIA Corporation -
C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP -
C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner -
C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner -
C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Sony SPTI Service (SPTISRV) -
Sony Corporation -
C:\PROGRA~1\COMMON~1\SONYSH~1\AVL
ib\Sptisrv.exe
O23 - Service: Windows Defender
(WinDefend) - Unknown owner - C:\Program
Files\Windows Defender\MsMpEng.exe (file
missing)