Ok i have this virus(s) that was worse than it is now but there are a few that i cant get rid of or find information on. I ran Avast 4.8 at system startup and found 31 trojans, ridiculous lol. I deleted each one and at the end of the scan at 100 % it froze. so i restarted and ran avast from windows and found 9 trojans and removed them. I think i got most of them now but here are the two that i think generate them. The first is byXqPIAP.dll which if you type it in google doesnt appear. Avast i think deleted it or a part of it because when i start windows it comes up saying error loading dll which is annoying and want to eliminate. The second is a startup program. i went into msconfig and in the startup list was this entry BM6da9bc5a . So i uncheck it so it doesnt startup, reboot, and when i come back its checked again and the one i unchecked is at the bottom of the list with other things unchecked. Any help or ideas would be great ty.

Click start and type in services.msc Have a look through there for anything suspicious by right clicking and selecting properties. You can google the entries while services is running and if you find a suspect one disable it.

These were the ones suspicious, i disabled them under properties but no change. everytime i try and use firefox it still doesnt load but loads certain bookmarks, this site is one of them thank god. here are the services i found to be suspicious. ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## which just sounds bad IcVzMonLauncher IviRegMgr PACSPTISVR MSCSPTISVR

Hi Dcezy, Please Disable AVast temporary! before start. Click here to see how to disable real time monitoring: http://spywaredetail.com/forum/show... Download the "HijackThis" Installer from this link: http://www.trendsecure.com/portal/e... 1. Save " HJTInstall.exe" to your desktop. 2. Double click on HJTInstall.exe to run the program. 3. By default it will install to C:\Program Files\Trend Micro\HijackThis. 4. Accept the license agreement by clicking the "I Accept" button. 5.Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log. 6. Click "Save log" to save the log file and then the log will open in Notepad. 7. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log. 8. Paste the log in your next reply. 9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required. Post Hijackthis Log in your next reply. Download Combofix by sUBs and save to your desktop. (If you have previously downloaded ComboFix,please delete that version now.) download link HERE: http://download.bleepingcomputer.co... http://www.forospyware.com/sUBs/Com... Note It is important that it is saved directly to your desktop Close any open browsers. Double click on combofix.exe and follow the prompts. When it's finished it will produce a log. Post the entire contents of C:\ComboFix.txt into your next reply. Note Do not mouseclick combofix's window while it's running. That may cause the program to freeze/hang. Note In case your Antivirus or any other realtime scanner is displaying an alert after you downloaded Combofix or while you use Combofix,please disable your scanner and redownload Combofix again. Some scanners may see some combofix related components as suspicious and block or delete them while there's nothing wrong with them. *Do Safe Computing*

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:06:34 PM, on 4/24/2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16643) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.exe C:\Windows\system32\taskeng.exe C:\Windows\RtHDVCpl.exe C:\Windows\system32\taskeng.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Sony\ISB Utility\ISBMgr.exe C:\Program Files\Sony\AppMonUtil\AppMonUtility.exe C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Windows\System32\rundll32.exe C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Windows\System32\rundll32.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe C:\Windows\System32\rundll32.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.live.com/?searchonly=tru... R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin... R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin... R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin... R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [Skytel] Skytel.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe" O4 - HKLM\..\Run: [AppMon Utility] "C:\Program Files\Sony\AppMonUtil\AppMonUtility.exe" @@@Start O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe" O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [VAIOSecurity] "C:\Program Files\Sony\VAIO Security Center\VSC.exe" 1 O4 - HKLM\..\Run: [NvSvc] RUNDLL32.exe C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.exe C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.exe C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [Sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Dcezy\AppData\Local\Temp\byXqPIAP.dll,c O4 - HKCU\..\Run: [BM6da9bc5a] Rundll32.exe "C:\Users\Dcezy\AppData\Local\Temp\cwjnqsws.dll",s O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user') O4 - Global Startup: Bluetooth Manager.lnk = ? O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O13 - Gopher Prefix: O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: Image Converter SCSI Service (ICScsiSV) - Sony Corporation - C:\Program Files\Sony\Image Converter 3\ICScsiSV.exe O23 - Service: IcVzMonLauncher - Sony Corporation - C:\Program Files\Sony\Image Converter 3\IcVzMonLauncher.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 3\IcVzMon.exe O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2008 32-bit 32-bit (mi-raysat_3dsMax2008_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2008\mentalray\satellite\raysat_3dsMax2008_32server.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\stacsv.exe O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 12076 bytes ComboFix 08-04-22.5 - Dcezy 2008-04-24 12:09:41.1 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.876 [GMT -4:00] Running from: C:\Users\Dcezy\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2008-03-24 to 2008-04-24 ))))))))))))))))))))))))))))))) . 2008-04-24 12:06 . 2008-04-24 12:06 <DIR> d-------- C:\Program Files\Trend Micro 2008-04-23 12:14 . 2008-04-23 12:14 <DIR> d-------- C:\Program Files\Microsoft Silverlight 2008-04-22 16:26 . 2008-04-22 16:56 524,288 --ahs---- C:\Users\Dcezy\NTUSER.DAT{094ebcd7-10a7-11dd-93fc-0019c1fcfb66}.TMContainer00000000000000000002.regtrans-ms 2008-04-22 16:26 . 2008-04-22 16:56 524,288 --ahs---- C:\Users\Dcezy\NTUSER.DAT{094ebcd7-10a7-11dd-93fc-0019c1fcfb66}.TMContainer00000000000000000001.regtrans-ms 2008-04-22 16:26 . 2008-04-22 16:56 65,536 --ahs---- C:\Users\Dcezy\NTUSER.DAT{094ebcd7-10a7-11dd-93fc-0019c1fcfb66}.TM.blf 2008-04-22 12:14 . 2008-04-22 12:14 <DIR> d-------- C:\Windows\Intuit 2008-04-22 11:56 . 2007-03-23 04:05 29,272 -ra------ C:\Windows\System32\AdobePDF.dll 2008-04-22 10:38 . 2008-04-22 10:38 <DIR> d-------- C:\Program Files\MagicISO 2008-04-21 16:33 . 2008-03-29 14:32 50,768 --a------ C:\Windows\System32\drivers\aswMonFlt.sys 2008-04-21 15:52 . 2008-04-21 15:49 691,545 --a------ C:\Windows\unins000.exe 2008-04-21 15:52 . 2008-04-21 15:52 2,540 --a------ C:\Windows\unins000.dat 2008-04-21 14:16 . 2008-04-21 14:16 <DIR> d-------- C:\Program Files\PowerISO 2008-04-21 12:28 . 2008-04-21 14:09 524,288 --ahs---- C:\Users\Dcezy\NTUSER.DAT{47ce336b-0fae-11dd-8265-0019c1fcfb66}.TMContainer00000000000000000002.regtrans-ms 2008-04-21 12:28 . 2008-04-21 14:09 524,288 --ahs---- C:\Users\Dcezy\NTUSER.DAT{47ce336b-0fae-11dd-8265-0019c1fcfb66}.TMContainer00000000000000000001.regtrans-ms 2008-04-21 12:28 . 2008-04-21 14:09 65,536 --ahs---- C:\Users\Dcezy\NTUSER.DAT{47ce336b-0fae-11dd-8265-0019c1fcfb66}.TM.blf 2008-04-18 20:33 . 2008-04-23 10:52 <DIR> d-------- C:\Program Files\Security Task Manager 2008-04-17 13:54 . 2004-08-04 07:00 506,368 --a------ C:\Windows\System32\msxml.dll 2008-04-08 15:05 . 2008-02-14 19:19 944,184 --a------ C:\Windows\System32\winload.exe 2008-04-08 15:05 . 2008-02-19 01:10 620,088 --a------ C:\Windows\System32\ci.dll 2008-04-08 15:05 . 2008-02-29 02:39 371,712 --a------ C:\Windows\System32\srcore.dll 2008-04-08 15:05 . 2008-02-29 02:38 313,856 --a------ C:\Windows\System32\rstrui.exe 2008-04-08 15:05 . 2008-02-29 02:39 40,960 --a------ C:\Windows\System32\srclient.dll 2008-04-08 15:05 . 2008-02-29 02:51 19,000 --a------ C:\Windows\System32\kd1394.dll 2008-04-08 15:05 . 2008-02-29 02:38 16,384 --a------ C:\Windows\System32\srdelayed.exe 2008-04-08 15:05 . 2008-02-29 02:34 7,168 --a------ C:\Windows\System32\f3ahvoas.dll 2008-04-08 15:05 . 2008-02-29 02:35 6,656 --a------ C:\Windows\System32\kbd106n.dll 2008-04-07 00:53 . 2008-04-07 00:53 <DIR> d-------- C:\Program Files\Global Star 2008-04-06 22:47 . 2008-04-07 18:24 <DIR> d-------- C:\Program Files\AnMing 2008-03-27 12:21 . 2008-03-27 12:21 <DIR> d-------- C:\Users\Default\Roaming 2008-03-27 12:21 . 2008-03-27 12:21 <DIR> d-------- C:\Users\Dcezy\Roaming 2008-03-27 12:21 . 2008-03-27 12:21 <DIR> d-------- C:\Users\Dcezy\AppData\Roaming\MySpace 2008-03-27 12:21 . 2008-03-27 12:21 <DIR> d-------- C:\Program Files\MySpace . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-24 01:46 --------- d-----w C:\Users\Dcezy\AppData\Roaming\LimeWire 2008-04-23 16:26 --------- d-----w C:\PROGRA~2\Roxio 2008-04-22 16:17 --------- d-----w C:\Users\Dcezy\AppData\Roaming\Corel 2008-04-22 16:14 --------- d-----w C:\Program Files\Common Files\Intuit 2008-04-22 16:14 --------- d-----w C:\PROGRA~2\Intuit 2008-04-22 16:10 --------- d-----w C:\Program Files\AviSynth 2.5 2008-04-22 04:12 35,031 ----a-w C:\Users\Dcezy\AppData\Roaming\nvModes.dat 2008-04-21 19:55 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-04-08 21:10 --------- d-----w C:\Program Files\Windows Mail 2008-03-15 02:04 --------- d-----w C:\Program Files\OCA Marker 2008-03-14 06:04 46,652 ----a-w C:\Windows\system32\drivers\scdemu.sys 2008-03-08 02:14 148,992 ----a-w C:\Windows\system32\drivers\ks.sys 2008-03-05 15:48 --------- d-----w C:\PROGRA~2\Lavasoft 2008-03-05 15:44 --------- d-----w C:\Program Files\Lavasoft 2008-03-05 15:43 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-02-29 04:25 --------- d-----w C:\Program Files\Spyware Doctor 2008-02-29 04:19 --------- d---a-w C:\PROGRA~2\TEMP 2008-02-29 04:17 --------- d-----w C:\Program Files\Avi2Dvd 2008-02-29 04:16 2,027,008 ----a-w C:\Windows\System32\win32k.sys 2008-02-29 04:16 --------- d-----w C:\Program Files\Active WebCam 2008-02-29 04:02 --------- d-----w C:\Program Files\DivX 2008-02-29 03:39 --------- d-----w C:\Program Files\LimeWire 2008-02-21 04:43 826,368 ----a-w C:\Windows\System32\wininet.dll 2008-02-21 04:43 56,320 ----a-w C:\Windows\System32\iesetup.dll 2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll 2008-02-21 04:43 296,448 ----a-w C:\Windows\System32\gdi32.dll 2008-02-21 04:43 26,624 ----a-w C:\Windows\System32\ieUnatt.exe 2008-02-15 18:59 194,560 ----a-w C:\Windows\System32\WebClnt.dll 2008-02-15 18:57 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe 2008-02-15 18:57 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe 2008-02-15 18:56 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll 2008-02-15 18:56 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll 2008-02-15 18:56 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll 2008-02-15 18:56 24,064 ----a-w C:\Windows\System32\netcfg.exe 2008-02-15 18:56 22,016 ----a-w C:\Windows\System32\netiougc.exe 2008-02-15 18:56 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll 2008-02-15 18:56 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll 2008-02-15 18:56 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll 2008-02-15 18:56 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll 2008-02-15 18:56 1,686,528 ----a-w C:\Windows\System32\gameux.dll 2008-02-09 21:16 88,064 ----a-w C:\Windows\System32\audiodg.exe 2008-02-09 21:16 398,848 ----a-w C:\Windows\System32\AudioEng.dll 2008-02-09 21:16 310,272 ----a-w C:\Windows\System32\audiosrv.dll 2008-02-09 21:16 273,408 ----a-w C:\Windows\System32\AUDIOKSE.dll 2008-02-09 21:16 169,984 ----a-w C:\Windows\System32\EncDump.dll 2008-02-09 21:16 115,712 ----a-w C:\Windows\System32\AudioSes.dll 2008-01-11 17:39 174 --sha-w C:\Program Files\desktop.ini . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-11 13:07 1232896] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 08:35 125440] "BM6da9bc5a"="C:\Users\Dcezy\AppData\Local\Temp\cwjnqsws.dll" [2008-04-21 10:33 97344] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="RtHDVCpl.exe" [2007-03-27 23:39 4390912 C:\Windows\RtHDVCpl.exe] "Skytel"="Skytel.exe" [2007-03-27 23:40 1822720 C:\Windows\SkyTel.exe] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-09 03:59 835584] "ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [2007-04-02 19:25 321656] "AppMon Utility"="C:\Program Files\Sony\AppMonUtil\AppMonUtility.exe" [2007-04-12 19:23 415864] "VAIOCameraUtility"="C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe" [2007-02-07 22:43 411768] "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 16:37 174872] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496] "VAIOSecurity"="C:\Program Files\Sony\VAIO Security Center\VSC.exe" [2007-03-13 20:13 2322432] "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-11-07 03:35 86016] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-11-07 03:35 8534560] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-11-07 03:35 81920] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 14:37 79224] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2008-02-01 16:32 8699904] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon] VESWinlogon.dll 2007-04-23 20:19 98304 C:\Windows\System32\VESWinlogon.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.dvsd"= C:\Program Files\Common Files\Sony Shared\VideoLib\sonydv.dll [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk] backup=C:\Windows\pss\QuickBooks Update Agent.lnk.CommonStartup backupExtension=.CommonStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\6e9a8fc6] C:\Users\Dcezy\AppData\Local\Temp\aeaojgmx.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0] --a------ 2007-05-10 22:46 624248 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2007-10-10 20:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater] --a------ 2007-03-01 00:06 2321600 C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM6da9bc5a] --------- 2008-04-21 10:33 97344 C:\Users\Dcezy\AppData\Local\Temp\cwjnqsws.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] --a------ 2008-01-03 09:54 486856 C:\Program Files\DAEMON Tools Lite\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IS CfgWiz] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MS Juan] C:\Users\Dcezy\AppData\Local\Temp\uhbwjudy.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM] --a------ 2008-02-01 16:32 8699904 C:\Program Files\MySpace\IM\MySpaceIM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE] --a------ 2008-03-14 19:50 233472 C:\Program Files\PowerISO\PWRISOVM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickBooks Simple Start] --a------ 2007-01-31 00:59 371712 C:\Program Files\Intuit\SimpleStartEntice\entice.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2007-12-11 11:56 286720 C:\Program Files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Center Access Bar] --a------ 2007-03-06 18:22 36864 c:\program files\sony\VAIO Center Access Bar\VCAB.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIOSurvey] --a------ 2006-12-06 20:08 577536 C:\Program Files\Sony\VAIO Survey\Vista VAIO Survey.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] --a------ 2007-05-29 23:06 1006264 C:\Program Files\Windows Defender\MSASCui.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{EF443D16-1144-4C60-A9B5-BD830A39BFCC}"= UDP:C:\Program Files\Sony\LocationFreePlayer\LFPC3\LFPC3.exe:LocationFree Player "{19B0B73F-714C-4C89-AF7D-7E4492396866}"= TCP:C:\Program Files\Sony\LocationFreePlayer\LFPC3\LFPC3.exe:LocationFree Player "{8925B37B-E923-4D41-BCC1-2DE6BCA0E526}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{765E6C6B-E432-4017-B60F-B589C6FF6FE7}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{C7570283-24A7-48E4-B162-C59ED0276A9C}"= Disabled:UDP:C:\Program Files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media "{ED75781D-E866-4DA4-94E5-685E52128979}"= Disabled:TCP:C:\Program Files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media "TCP Query User{7BCF0EFD-B314-4376-95CD-E82947A9CE01}C:\\program files\\bittornado\\btdownloadgui.exe"= UDP:C:\program files\bittornado\btdownloadgui.exe:btdownloadgui "UDP Query User{1B181DA7-0274-4B4E-AB12-F8547E58FA02}C:\\program files\\bittornado\\btdownloadgui.exe"= TCP:C:\program files\bittornado\btdownloadgui.exe:btdownloadgui "{51378A0A-4ED5-4575-A42F-06965FC6DF9E}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis SP Demo\Bin32\Crysis.exe:Crysis_32_sp_demo "{D3BC3047-2CB3-40F8-B08C-7A4948E2D080}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis SP Demo\Bin32\Crysis.exe:Crysis_32_sp_demo "TCP Query User{1813B2B9-862C-4EB1-B598-DE21BD4F015B}C:\\program files\\bittornado\\btdownloadgui.exe"= UDP:C:\program files\bittornado\btdownloadgui.exe:btdownloadgui "UDP Query User{55B76C07-4620-468E-A4FD-1B4DD150317C}C:\\program files\\bittornado\\btdownloadgui.exe"= TCP:C:\program files\bittornado\btdownloadgui.exe:btdownloadgui "TCP Query User{2BC7E526-366E-4AB4-BF5E-E88C31325395}C:\\program files\\activision value\\soldier of fortune payback\\sof3.exe"= UDP:C:\program files\activision value\soldier of fortune payback\sof3.exe:sof3 "UDP Query User{5DBF9E58-4BA6-4A4B-8913-D6A7DC174E35}C:\\program files\\activision value\\soldier of fortune payback\\sof3.exe"= TCP:C:\program files\activision value\soldier of fortune payback\sof3.exe:sof3 "TCP Query User{CD36CA99-33E0-437E-BD01-69B593004DA2}C:\\program files\\audiospin media recorder\\audiospin.exe"= UDP:C:\program files\audiospin media recorder\audiospin.exe:AudioSpin "UDP Query User{A4AB33F5-5213-47A4-A145-B4B1A48C42F0}C:\\program files\\audiospin media recorder\\audiospin.exe"= TCP:C:\program files\audiospin media recorder\audiospin.exe:AudioSpin "TCP Query User{A74FD64B-D0CA-438D-BEEC-6648C1C4203B}C:\\program files\\activision value\\soldier of fortune payback\\sof3.exe"= UDP:C:\program files\activision value\soldier of fortune payback\sof3.exe:sof3 "UDP Query User{E5929B2C-83C0-41EA-8295-92E36176FD52}C:\\program files\\activision value\\soldier of fortune payback\\sof3.exe"= TCP:C:\program files\activision value\soldier of fortune payback\sof3.exe:sof3 "{B3E8072B-1E19-431B-ADB1-810968E7E86E}"= UDP:C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4 "{981328D3-0F53-411D-91FF-D4242B3FE4DA}"= TCP:C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4 "{CA06B7A7-1E8C-4E07-957E-C262808E81E3}"= UDP:C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords.exe:Sid Meier's Civilization 4 Warlords "{C301D174-31F8-4843-B94F-0231808FA0A6}"= TCP:C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords.exe:Sid Meier's Civilization 4 Warlords "{7C9CC649-5D2F-41AD-9C0A-397B8ACA1915}"= UDP:C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords_PitBoss.exe:Sid Meier's Civilization 4 Pitboss "{AB2DD6E6-8C76-4615-8065-CA659DB2EF2C}"= TCP:C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords_PitBoss.exe:Sid Meier's Civilization 4 Pitboss "{B3B5F616-93C3-43A0-A862-7CB94C41DC28}"= UDP:C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe:Sid Meier's Civilization 4 Beyond the Sword "{42BAEE8A-4740-4BD1-AF25-8145E7599532}"= TCP:C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe:Sid Meier's Civilization 4 Beyond the Sword "{41E67440-DACF-4881-821E-AF6597A3D3B8}"= UDP:C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe:Sid Meier's Civilization 4 Beyond the Sword Pitboss "{8218E6EF-24D2-48FC-8CB8-1B5CA37EFC1F}"= TCP:C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe:Sid Meier's Civilization 4 Beyond the Sword Pitboss "{AC2C6621-282B-4E31-967B-9C7184DA920B}"= UDP:C:\Program Files\Autodesk\Backburner\monitor.exe:backburner 2.3 monitor "{71535F8C-531A-40BF-874D-7C0F7417AD59}"= TCP:C:\Program Files\Autodesk\Backburner\monitor.exe:backburner 2.3 monitor "{DAA5756D-47DD-45E8-8F6A-111FF2DE655C}"= UDP:C:\Program Files\Autodesk\Backburner\manager.exe:backburner 2.3 manager "{0706DEDB-4532-4C16-97BA-A17738278445}"= TCP:C:\Program Files\Autodesk\Backburner\manager.exe:backburner 2.3 manager "{A8FFA7BE-CA4F-4957-9428-EDCC2FF409B7}"= UDP:C:\Program Files\Autodesk\Backburner\server.exe:backburner 2.3 server "{1BFE6F12-1C49-4CE2-85A4-D3396BBD98B2}"= TCP:C:\Program Files\Autodesk\Backburner\server.exe:backburner 2.3 server "{3AAE95D1-4602-4B14-AF86-BC7E1EDB2666}"= UDP:C:\Program Files\Autodesk\3ds Max 2008\3dsmax.exe:Autodesk 3ds Max 2008 32-bit "{C8BED157-25CD-420B-9584-7A5BB5339887}"= TCP:C:\Program Files\Autodesk\3ds Max 2008\3dsmax.exe:Autodesk 3ds Max 2008 32-bit "TCP Query User{39401EF9-633D-4298-8CE7-24FE750AA8AF}C:\\program files\\windows sidebar\\sidebar.exe"= UDP:C:\program files\windows sidebar\sidebar.exe:Windows Sidebar "UDP Query User{146D6020-72FC-40BD-B356-5D3D27F80C2F}C:\\program files\\windows sidebar\\sidebar.exe"= TCP:C:\program files\windows sidebar\sidebar.exe:Windows Sidebar "TCP Query User{525410AE-4DE7-4AA0-BA5B-79D9B42B52F5}C:\\program files\\e-on software\\vue 6 infinite\\application\\vue 6 infinite.eon"= UDP:C:\program files\e-on software\vue 6 infinite\application\vue 6 infinite.eon:Vue 6 Infinite.eon "UDP Query User{9D00BDDE-A8C2-4BB0-9BCE-6D78D11595DC}C:\\program files\\e-on software\\vue 6 infinite\\application\\vue 6 infinite.eon"= TCP:C:\program files\e-on software\vue 6 infinite\application\vue 6 infinite.eon:Vue 6 Infinite.eon "TCP Query User{731A607A-6C42-4C2D-A3BD-BE7049E27F05}C:\\program files\\e-on software\\vue 6 xstream\\application\\vue 6 xstream.eon"= UDP:C:\program files\e-on software\vue 6 xstream\application\vue 6 xstream.eon:Vue 6 xStream.eon "UDP Query User{F38EBF85-BBE2-4C69-A6D5-24DC2A46688F}C:\\program files\\e-on software\\vue 6 xstream\\application\\vue 6 xstream.eon"= TCP:C:\program files\e-on software\vue 6 xstream\application\vue 6 xstream.eon:Vue 6 xStream.eon "TCP Query User{3211EB49-942D-4D32-89CC-7064864F3536}C:\\program files\\firaxis games\\sid meier's civilization 4\\beyond the sword\\civ4beyondsword.exe"= UDP:C:\program files\firaxis games\sid meier's civilization 4\beyond the sword\civ4beyondsword.exe:Sid Meier's Civilization 4 : Beyond The Sword "UDP Query User{5FE39C0A-9894-4BD7-B5EE-EADC44D434E2}C:\\program files\\firaxis games\\sid meier's civilization 4\\beyond the sword\\civ4beyondsword.exe"= TCP:C:\program files\firaxis games\sid meier's civilization 4\beyond the sword\civ4beyondsword.exe:Sid Meier's Civilization 4 : Beyond The Sword "TCP Query User{933375C1-B7C3-4F35-BA62-01C388F1600C}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire "UDP Query User{D638AC08-45AC-4931-AC57-E5C850FD8712}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire "TCP Query User{A472E6F4-34BE-402B-8E7A-4BEB14C00044}C:\\program files\\myspace\\im\\myspaceim.exe"= UDP:C:\program files\myspace\im\myspaceim.exe:MySpace Instant Messenger "UDP Query User{0501C000-18C1-4ACA-9C43-21A19FB3FB83}C:\\program files\\myspace\\im\\myspaceim.exe"= TCP:C:\program files\myspace\im\myspaceim.exe:MySpace Instant Messenger "TCP Query User{A17560A2-8DA1-43ED-82B2-0910DC5419A6}C:\\program files\\zone.com deluxe games\\wheel of fortune deluxe\\wheel of fortune deluxe.exe"= UDP:C:\program files\zone.com deluxe games\wheel of fortune deluxe\wheel of fortune deluxe.exe:Wheel of Fortune Deluxe "UDP Query User{394186FF-E3D3-4517-986F-DF068E99D891}C:\\program files\\zone.com deluxe games\\wheel of fortune deluxe\\wheel of fortune deluxe.exe"= TCP:C:\program files\zone.com deluxe games\wheel of fortune deluxe\wheel of fortune deluxe.exe:Wheel of Fortune Deluxe "TCP Query User{D03AA555-74F4-40CE-8736-A0163EA53681}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire "UDP Query User{ED6277B8-9AB1-4F49-A18E-DF0235B9BF27}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System] "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic| [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List] "C:\\WINDOWS\\winlogon.exe"= C:\WINDOWS\winlogon.exe R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-03-29 14:31] R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-03-29 14:35] R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-03-29 14:32] R2 MSSQL$VAIO_VEDB;SQL Server (VAIO_VEDB);"C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sVAIO_VEDB [] R2 regi;regi;C:\Windows\system32\drivers\regi.sys [2007-04-17 23:09] R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43] R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service;C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2007-02-02 17:56] R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-05-16 13:55] R3 R5U870FLx86;R5U870 UVC Lower Filter ;C:\Windows\system32\Drivers\R5U870FLx86.sys [2007-04-04 10:13] R3 R5U870FUx86;R5U870 UVC Upper Filter ;C:\Windows\system32\Drivers\R5U870FUx86.sys [2007-04-04 10:13] R3 SonyImgF;Sony Image Conversion Filter Driver;C:\Windows\system32\DRIVERS\SonyImgF.sys [2007-04-05 09:06] R3 ti21sony;ti21sony;C:\Windows\system32\drivers\ti21sony.sys [2007-04-23 14:29] R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-05-08 09:11] S3 ICScsiSV;Image Converter SCSI Service;C:\Program Files\Sony\Image Converter 3\ICScsiSV.exe [2007-01-26 14:41] S3 IcVzMonLauncher;IcVzMonLauncher;"C:\Program Files\Sony\Image Converter 3\IcVzMonLauncher.exe" [2007-01-26 14:41] S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment;C:\Program Files\Sony\Image Converter 3\IcVzMon.exe [2007-01-26 14:41] S3 Ph3xIB32;Philips 713x Inbox PCI TV Card;C:\Windows\system32\DRIVERS\Ph3xIB32.sys [2007-04-03 11:43] S3 slim;Sony Lucid Integrated Mpeg encoder;C:\Windows\system32\drivers\slim.sys [2007-01-30 08:01] S3 SQLWriter;SQL Server VSS Writer;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2006-04-14 13:04] S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe [2007-01-10 19:51] S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);"C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-UCLS-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\UCLS\HTTP" [] S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-01-16 17:05] *Newly Created Service* - CATCHME . Contents of the 'Scheduled Tasks' folder "2008-04-23 16:03:31 C:\Windows\Tasks\User_Feed_Synchronization-{F4B1F396-9AF8-435E-8327-29B645E95174}.job" - C:\Windows\system32\msfeedssync.exe . ************************************************************************** catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-24 12:12:27 Windows 6.0.6000 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\Windows\Explorer.exe -> C:\Users\Dcezy\AppData\Local\Temp\cwjnqsws.dll . Completion time: 2008-04-24 12:13:39 ComboFix-quarantined-files.txt 2008-04-24 16:13:17 Pre-Run: 53,848,932,352 bytes free Post-Run: 54,527,188,992 bytes free 267 --- E O F --- 2008-04-23 14:19:32

Please run HijackThis again! and click "Scan." Place checks next to the following entries: R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Dcezy\AppData\Local\Temp\byXqPIAP.dll,c O4 - HKCU\..\Run: [BM6da9bc5a] Rundll32.exe "C:\Users\Dcezy\AppData\Local\Temp\cwjnqsws.dll",s Close all browsers and other windows except for HijackThis!, and click "Fix checked". Make sure Avast is still Disable. Open notepad, Don't use any other texteditor than notepad or the script will fail. Copy/paste the bold text below into notepad: File:: C:\Users\Dcezy\AppData\Local\Temp\byXqPIAP.dll C:\Users\Dcezy\AppData\Local\Temp\cwjnqsws.dll Save this as text file with name of CFScript. Select "All files" from Save as Type. Then drag the CFScript file into ComboFix.exe icon. This will start ComboFix again. ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal. When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply. A fresh HiJackThis Log. *Do Safe Computing*

ComboFix 08-04-22.5 - Dcezy 2008-04-25 11:24:25.2 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1129 [GMT -4:00] Running from: C:\Users\Dcezy\Desktop\ComboFix.exe Command switches used :: C:\Users\Dcezy\Desktop\CFScript.txt * Created a new restore point FILE :: C:\Users\Dcezy\AppData\Local\Temp\byXqPIAP.dll C:\Users\Dcezy\AppData\Local\Temp\cwjnqsws.dll . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Users\Dcezy\AppData\Local\Temp\cwjnqsws.dll . ((((((((((((((((((((((((( Files Created from 2008-03-25 to 2008-04-25 ))))))))))))))))))))))))))))))) . 2008-04-24 12:44 . 2008-04-24 12:45 <DIR> d-------- C:\Program Files\XoftSpySE 2008-04-24 12:06 . 2008-04-24 12:06 <DIR> d-------- C:\Program Files\Trend Micro 2008-04-23 12:14 . 2008-04-23 12:14 <DIR> d-------- C:\Program Files\Microsoft Silverlight 2008-04-22 16:26 . 2008-04-22 16:56 524,288 --ahs---- C:\Users\Dcezy\NTUSER.DAT{094ebcd7-10a7-11dd-93fc-0019c1fcfb66}.TMContainer00000000000000000002.regtrans-ms 2008-04-22 16:26 . 2008-04-22 16:56 524,288 --ahs---- C:\Users\Dcezy\NTUSER.DAT{094ebcd7-10a7-11dd-93fc-0019c1fcfb66}.TMContainer00000000000000000001.regtrans-ms 2008-04-22 16:26 . 2008-04-22 16:56 65,536 --ahs---- C:\Users\Dcezy\NTUSER.DAT{094ebcd7-10a7-11dd-93fc-0019c1fcfb66}.TM.blf 2008-04-22 12:14 . 2008-04-22 12:14 <DIR> d-------- C:\Windows\Intuit 2008-04-22 11:56 . 2007-03-23 04:05 29,272 -ra------ C:\Windows\System32\AdobePDF.dll 2008-04-22 10:38 . 2008-04-22 10:38 <DIR> d-------- C:\Program Files\MagicISO 2008-04-21 16:33 . 2008-03-29 14:32 50,768 --a------ C:\Windows\System32\drivers\aswMonFlt.sys 2008-04-21 15:52 . 2008-04-21 15:49 691,545 --a------ C:\Windows\unins000.exe 2008-04-21 15:52 . 2008-04-21 15:52 2,540 --a------ C:\Windows\unins000.dat 2008-04-21 14:16 . 2008-04-21 14:16 <DIR> d-------- C:\Program Files\PowerISO 2008-04-21 12:28 . 2008-04-21 14:09 524,288 --ahs---- C:\Users\Dcezy\NTUSER.DAT{47ce336b-0fae-11dd-8265-0019c1fcfb66}.TMContainer00000000000000000002.regtrans-ms 2008-04-21 12:28 . 2008-04-21 14:09 524,288 --ahs---- C:\Users\Dcezy\NTUSER.DAT{47ce336b-0fae-11dd-8265-0019c1fcfb66}.TMContainer00000000000000000001.regtrans-ms 2008-04-21 12:28 . 2008-04-21 14:09 65,536 --ahs---- C:\Users\Dcezy\NTUSER.DAT{47ce336b-0fae-11dd-8265-0019c1fcfb66}.TM.blf 2008-04-18 20:33 . 2008-04-23 10:52 <DIR> d-------- C:\Program Files\Security Task Manager 2008-04-17 13:54 . 2004-08-04 07:00 506,368 --a------ C:\Windows\System32\msxml.dll 2008-04-08 15:05 . 2008-02-14 19:19 944,184 --a------ C:\Windows\System32\winload.exe 2008-04-08 15:05 . 2008-02-19 01:10 620,088 --a------ C:\Windows\System32\ci.dll 2008-04-08 15:05 . 2008-02-29 02:39 371,712 --a------ C:\Windows\System32\srcore.dll 2008-04-08 15:05 . 2008-02-29 02:38 313,856 --a------ C:\Windows\System32\rstrui.exe 2008-04-08 15:05 . 2008-02-29 02:39 40,960 --a------ C:\Windows\System32\srclient.dll 2008-04-08 15:05 . 2008-02-29 02:51 19,000 --a------ C:\Windows\System32\kd1394.dll 2008-04-08 15:05 . 2008-02-29 02:38 16,384 --a------ C:\Windows\System32\srdelayed.exe 2008-04-08 15:05 . 2008-02-29 02:34 7,168 --a------ C:\Windows\System32\f3ahvoas.dll 2008-04-08 15:05 . 2008-02-29 02:35 6,656 --a------ C:\Windows\System32\kbd106n.dll 2008-04-07 00:53 . 2008-04-07 00:53 <DIR> d-------- C:\Program Files\Global Star 2008-04-06 22:47 . 2008-04-07 18:24 <DIR> d-------- C:\Program Files\AnMing 2008-03-27 12:21 . 2008-03-27 12:21 <DIR> d-------- C:\Users\Default\Roaming 2008-03-27 12:21 . 2008-03-27 12:21 <DIR> d-------- C:\Users\Dcezy\Roaming 2008-03-27 12:21 . 2008-03-27 12:21 <DIR> d-------- C:\Users\Dcezy\AppData\Roaming\MySpace 2008-03-27 12:21 . 2008-03-27 12:21 <DIR> d-------- C:\Program Files\MySpace . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-24 21:22 --------- d-----w C:\PROGRA~2\Roxio 2008-04-24 17:25 --------- d-----w C:\Users\Dcezy\AppData\Roaming\LimeWire 2008-04-22 16:17 --------- d-----w C:\Users\Dcezy\AppData\Roaming\Corel 2008-04-22 16:14 --------- d-----w C:\Program Files\Common Files\Intuit 2008-04-22 16:14 --------- d-----w C:\PROGRA~2\Intuit 2008-04-22 16:10 --------- d-----w C:\Program Files\AviSynth 2.5 2008-04-22 04:12 35,031 ----a-w C:\Users\Dcezy\AppData\Roaming\nvModes.dat 2008-04-21 19:55 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-04-08 21:10 --------- d-----w C:\Program Files\Windows Mail 2008-03-15 02:04 --------- d-----w C:\Program Files\OCA Marker 2008-03-14 06:04 46,652 ----a-w C:\Windows\system32\drivers\scdemu.sys 2008-03-08 02:14 148,992 ----a-w C:\Windows\system32\drivers\ks.sys 2008-03-05 15:48 --------- d-----w C:\PROGRA~2\Lavasoft 2008-03-05 15:44 --------- d-----w C:\Program Files\Lavasoft 2008-03-05 15:43 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-02-29 04:25 --------- d-----w C:\Program Files\Spyware Doctor 2008-02-29 04:19 --------- d---a-w C:\PROGRA~2\TEMP 2008-02-29 04:17 --------- d-----w C:\Program Files\Avi2Dvd 2008-02-29 04:16 2,027,008 ----a-w C:\Windows\System32\win32k.sys 2008-02-29 04:16 --------- d-----w C:\Program Files\Active WebCam 2008-02-29 04:02 --------- d-----w C:\Program Files\DivX 2008-02-29 03:39 --------- d-----w C:\Program Files\LimeWire 2008-02-21 04:43 826,368 ----a-w C:\Windows\System32\wininet.dll 2008-02-21 04:43 56,320 ----a-w C:\Windows\System32\iesetup.dll 2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll 2008-02-21 04:43 296,448 ----a-w C:\Windows\System32\gdi32.dll 2008-02-21 04:43 26,624 ----a-w C:\Windows\System32\ieUnatt.exe 2008-02-15 18:59 194,560 ----a-w C:\Windows\System32\WebClnt.dll 2008-02-15 18:57 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe 2008-02-15 18:57 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe 2008-02-15 18:56 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll 2008-02-15 18:56 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll 2008-02-15 18:56 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll 2008-02-15 18:56 24,064 ----a-w C:\Windows\System32\netcfg.exe 2008-02-15 18:56 22,016 ----a-w C:\Windows\System32\netiougc.exe 2008-02-15 18:56 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll 2008-02-15 18:56 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll 2008-02-15 18:56 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll 2008-02-15 18:56 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll 2008-02-15 18:56 1,686,528 ----a-w C:\Windows\System32\gameux.dll 2008-02-09 21:16 88,064 ----a-w C:\Windows\System32\audiodg.exe 2008-02-09 21:16 398,848 ----a-w C:\Windows\System32\AudioEng.dll 2008-02-09 21:16 310,272 ----a-w C:\Windows\System32\audiosrv.dll 2008-02-09 21:16 273,408 ----a-w C:\Windows\System32\AUDIOKSE.dll 2008-02-09 21:16 169,984 ----a-w C:\Windows\System32\EncDump.dll 2008-02-09 21:16 115,712 ----a-w C:\Windows\System32\AudioSes.dll 2008-01-11 17:39 174 --sha-w C:\Program Files\desktop.ini . ((((((((((((((((((((((((((((( snapshot@2008-04-24_12.13.00.74 ))))))))))))))))))))))))))))))))))))))))) . - 2008-04-24 14:26:13 67,584 --s-a-w C:\Windows\bootstat.dat + 2008-04-25 15:28:08 67,584 --s-a-w C:\Windows\bootstat.dat - 2008-04-24 14:26:14 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2008-04-25 15:28:09 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2008-04-24 14:26:14 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2008-04-25 15:28:09 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2008-04-24 16:02:24 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat + 2008-04-25 15:12:59 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat - 2008-04-24 16:02:33 208,896 ----a-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT + 2008-04-25 15:29:32 208,896 ----a-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT - 2008-04-24 16:09:11 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat + 2008-04-25 15:29:33 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat - 2008-04-24 14:29:19 237,568 ----a-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT + 2008-04-25 15:29:32 237,568 ----a-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT - 2008-04-24 14:29:25 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2008-04-25 15:00:09 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2008-04-24 14:29:25 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2008-04-25 15:00:09 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2008-04-24 14:29:25 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2008-04-25 15:00:09 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2008-04-24 14:34:02 125,296 ----a-w C:\Windows\System32\perfc009.dat + 2008-04-25 15:05:27 125,296 ----a-w C:\Windows\System32\perfc009.dat - 2008-04-24 14:34:02 673,684 ----a-w C:\Windows\System32\perfh009.dat + 2008-04-25 15:05:27 673,684 ----a-w C:\Windows\System32\perfh009.dat - 2008-04-24 14:30:17 10,672 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2398068353-1385232758-2543445987-1005_UserData.bin + 2008-04-25 14:59:46 10,688 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2398068353-1385232758-2543445987-1005_UserData.bin - 2008-04-24 14:30:16 86,170 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin + 2008-04-25 14:59:46 86,326 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin - 2008-04-24 14:30:15 46,660 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin + 2008-04-25 15:30:53 46,930 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-11 13:07 1232896] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 08:35 125440] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="RtHDVCpl.exe" [2007-03-27 23:39 4390912 C:\Windows\RtHDVCpl.exe] "Skytel"="Skytel.exe" [2007-03-27 23:40 1822720 C:\Windows\SkyTel.exe] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-09 03:59 835584] "ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [2007-04-02 19:25 321656] "AppMon Utility"="C:\Program Files\Sony\AppMonUtil\AppMonUtility.exe" [2007-04-12 19:23 415864] "VAIOCameraUtility"="C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe" [2007-02-07 22:43 411768] "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 16:37 174872] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496] "VAIOSecurity"="C:\Program Files\Sony\VAIO Security Center\VSC.exe" [2007-03-13 20:13 2322432] "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-11-07 03:35 86016] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-11-07 03:35 8534560] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-11-07 03:35 81920] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2008-02-01 16:32 8699904] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon] VESWinlogon.dll 2007-04-23 20:19 98304 C:\Windows\System32\VESWinlogon.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.dvsd"= C:\Program Files\Common Files\Sony Shared\VideoLib\sonydv.dll [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk] backup=C:\Windows\pss\QuickBooks Update Agent.lnk.CommonStartup backupExtension=.CommonStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\6e9a8fc6] C:\Users\Dcezy\AppData\Local\Temp\aeaojgmx.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0] --a------ 2007-05-10 22:46 624248 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2007-10-10 20:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater] --a------ 2007-03-01 00:06 2321600 C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM6da9bc5a] C:\Users\Dcezy\AppData\Local\Temp\cwjnqsws.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] --a------ 2008-01-03 09:54 486856 C:\Program Files\DAEMON Tools Lite\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IS CfgWiz] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MS Juan] C:\Users\Dcezy\AppData\Local\Temp\uhbwjudy.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM] --a------ 2008-02-01 16:32 8699904 C:\Program Files\MySpace\IM\MySpaceIM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE] --a------ 2008-03-14 19:50 233472 C:\Program Files\PowerISO\PWRISOVM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickBooks Simple Start] --a------ 2007-01-31 00:59 371712 C:\Program Files\Intuit\SimpleStartEntice\entice.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2007-12-11 11:56 286720 C:\Program Files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Center Access Bar] --a------ 2007-03-06 18:22 36864 c:\program files\sony\VAIO Center Access Bar\VCAB.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIOSurvey] --a------ 2006-12-06 20:08 577536 C:\Program Files\Sony\VAIO Survey\Vista VAIO Survey.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] --a------ 2007-05-29 23:06 1006264 C:\Program Files\Windows Defender\MSASCui.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{EF443D16-1144-4C60-A9B5-BD830A39BFCC}"= UDP:C:\Program Files\Sony\LocationFreePlayer\LFPC3\LFPC3.exe:LocationFree Player "{19B0B73F-714C-4C89-AF7D-7E4492396866}"= TCP:C:\Program Files\Sony\LocationFreePlayer\LFPC3\LFPC3.exe:LocationFree Player "{8925B37B-E923-4D41-BCC1-2DE6BCA0E526}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{765E6C6B-E432-4017-B60F-B589C6FF6FE7}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{C7570283-24A7-48E4-B162-C59ED0276A9C}"= Disabled:UDP:C:\Program Files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media "{ED75781D-E866-4DA4-94E5-685E52128979}"= Disabled:TCP:C:\Program Files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media "TCP Query User{7BCF0EFD-B314-4376-95CD-E82947A9CE01}C:\\program files\\bittornado\\btdownloadgui.exe"= UDP:C:\program files\bittornado\btdownloadgui.exe:btdownloadgui "UDP Query User{1B181DA7-0274-4B4E-AB12-F8547E58FA02}C:\\program files\\bittornado\\btdownloadgui.exe"= TCP:C:\program files\bittornado\btdownloadgui.exe:btdownloadgui "{51378A0A-4ED5-4575-A42F-06965FC6DF9E}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis SP Demo\Bin32\Crysis.exe:Crysis_32_sp_demo "{D3BC3047-2CB3-40F8-B08C-7A4948E2D080}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis SP Demo\Bin32\Crysis.exe:Crysis_32_sp_demo "TCP Query User{1813B2B9-862C-4EB1-B598-DE21BD4F015B}C:\\program files\\bittornado\\btdownloadgui.exe"= UDP:C:\program files\bittornado\btdownloadgui.exe:btdownloadgui "UDP Query User{55B76C07-4620-468E-A4FD-1B4DD150317C}C:\\program files\\bittornado\\btdownloadgui.exe"= TCP:C:\program files\bittornado\btdownloadgui.exe:btdownloadgui "TCP Query User{2BC7E526-366E-4AB4-BF5E-E88C31325395}C:\\program files\\activision value\\soldier of fortune payback\\sof3.exe"= UDP:C:\program files\activision value\soldier of fortune payback\sof3.exe:sof3 "UDP Query User{5DBF9E58-4BA6-4A4B-8913-D6A7DC174E35}C:\\program files\\activision value\\soldier of fortune payback\\sof3.exe"= TCP:C:\program files\activision value\soldier of fortune payback\sof3.exe:sof3 "TCP Query User{CD36CA99-33E0-437E-BD01-69B593004DA2}C:\\program files\\audiospin media recorder\\audiospin.exe"= UDP:C:\program files\audiospin media recorder\audiospin.exe:AudioSpin "UDP Query User{A4AB33F5-5213-47A4-A145-B4B1A48C42F0}C:\\program files\\audiospin media recorder\\audiospin.exe"= TCP:C:\program files\audiospin media recorder\audiospin.exe:AudioSpin "TCP Query User{A74FD64B-D0CA-438D-BEEC-6648C1C4203B}C:\\program files\\activision value\\soldier of fortune payback\\sof3.exe"= UDP:C:\program files\activision value\soldier of fortune payback\sof3.exe:sof3 "UDP Query User{E5929B2C-83C0-41EA-8295-92E36176FD52}C:\\program files\\activision value\\soldier of fortune payback\\sof3.exe"= TCP:C:\program files\activision value\soldier of fortune payback\sof3.exe:sof3 "{B3E8072B-1E19-431B-ADB1-810968E7E86E}"= UDP:C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4 "{981328D3-0F53-411D-91FF-D4242B3FE4DA}"= TCP:C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4 "{CA06B7A7-1E8C-4E07-957E-C262808E81E3}"= UDP:C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords.exe:Sid Meier's Civilization 4 Warlords "{C301D174-31F8-4843-B94F-0231808FA0A6}"= TCP:C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords.exe:Sid Meier's Civilization 4 Warlords "{7C9CC649-5D2F-41AD-9C0A-397B8ACA1915}"= UDP:C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords_PitBoss.exe:Sid Meier's Civilization 4 Pitboss "{AB2DD6E6-8C76-4615-8065-CA659DB2EF2C}"= TCP:C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords_PitBoss.exe:Sid Meier's Civilization 4 Pitboss "{B3B5F616-93C3-43A0-A862-7CB94C41DC28}"= UDP:C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe:Sid Meier's Civilization 4 Beyond the Sword "{42BAEE8A-4740-4BD1-AF25-8145E7599532}"= TCP:C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe:Sid Meier's Civilization 4 Beyond the Sword "{41E67440-DACF-4881-821E-AF6597A3D3B8}"= UDP:C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe:Sid Meier's Civilization 4 Beyond the Sword Pitboss "{8218E6EF-24D2-48FC-8CB8-1B5CA37EFC1F}"= TCP:C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe:Sid Meier's Civilization 4 Beyond the Sword Pitboss "{AC2C6621-282B-4E31-967B-9C7184DA920B}"= UDP:C:\Program Files\Autodesk\Backburner\monitor.exe:backburner 2.3 monitor "{71535F8C-531A-40BF-874D-7C0F7417AD59}"= TCP:C:\Program Files\Autodesk\Backburner\monitor.exe:backburner 2.3 monitor "{DAA5756D-47DD-45E8-8F6A-111FF2DE655C}"= UDP:C:\Program Files\Autodesk\Backburner\manager.exe:backburner 2.3 manager "{0706DEDB-4532-4C16-97BA-A17738278445}"= TCP:C:\Program Files\Autodesk\Backburner\manager.exe:backburner 2.3 manager "{A8FFA7BE-CA4F-4957-9428-EDCC2FF409B7}"= UDP:C:\Program Files\Autodesk\Backburner\server.exe:backburner 2.3 server "{1BFE6F12-1C49-4CE2-85A4-D3396BBD98B2}"= TCP:C:\Program Files\Autodesk\Backburner\server.exe:backburner 2.3 server "{3AAE95D1-4602-4B14-AF86-BC7E1EDB2666}"= UDP:C:\Program Files\Autodesk\3ds Max 2008\3dsmax.exe:Autodesk 3ds Max 2008 32-bit "{C8BED157-25CD-420B-9584-7A5BB5339887}"= TCP:C:\Program Files\Autodesk\3ds Max 2008\3dsmax.exe:Autodesk 3ds Max 2008 32-bit "TCP Query User{39401EF9-633D-4298-8CE7-24FE750AA8AF}C:\\program files\\windows sidebar\\sidebar.exe"= UDP:C:\program files\windows sidebar\sidebar.exe:Windows Sidebar "UDP Query User{146D6020-72FC-40BD-B356-5D3D27F80C2F}C:\\program files\\windows sidebar\\sidebar.exe"= TCP:C:\program files\windows sidebar\sidebar.exe:Windows Sidebar "TCP Query User{525410AE-4DE7-4AA0-BA5B-79D9B42B52F5}C:\\program files\\e-on software\\vue 6 infinite\\application\\vue 6 infinite.eon"= UDP:C:\program files\e-on software\vue 6 infinite\application\vue 6 infinite.eon:Vue 6 Infinite.eon "UDP Query User{9D00BDDE-A8C2-4BB0-9BCE-6D78D11595DC}C:\\program files\\e-on software\\vue 6 infinite\\application\\vue 6 infinite.eon"= TCP:C:\program files\e-on software\vue 6 infinite\application\vue 6 infinite.eon:Vue 6 Infinite.eon "TCP Query User{731A607A-6C42-4C2D-A3BD-BE7049E27F05}C:\\program files\\e-on software\\vue 6 xstream\\application\\vue 6 xstream.eon"= UDP:C:\program files\e-on software\vue 6 xstream\application\vue 6 xstream.eon:Vue 6 xStream.eon "UDP Query User{F38EBF85-BBE2-4C69-A6D5-24DC2A46688F}C:\\program files\\e-on software\\vue 6 xstream\\application\\vue 6 xstream.eon"= TCP:C:\program files\e-on software\vue 6 xstream\application\vue 6 xstream.eon:Vue 6 xStream.eon "TCP Query User{3211EB49-942D-4D32-89CC-7064864F3536}C:\\program files\\firaxis games\\sid meier's civilization 4\\beyond the sword\\civ4beyondsword.exe"= UDP:C:\program files\firaxis games\sid meier's civilization 4\beyond the sword\civ4beyondsword.exe:Sid Meier's Civilization 4 : Beyond The Sword "UDP Query User{5FE39C0A-9894-4BD7-B5EE-EADC44D434E2}C:\\program files\\firaxis games\\sid meier's civilization 4\\beyond the sword\\civ4beyondsword.exe"= TCP:C:\program files\firaxis games\sid meier's civilization 4\beyond the sword\civ4beyondsword.exe:Sid Meier's Civilization 4 : Beyond The Sword "TCP Query User{933375C1-B7C3-4F35-BA62-01C388F1600C}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire "UDP Query User{D638AC08-45AC-4931-AC57-E5C850FD8712}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire "TCP Query User{A472E6F4-34BE-402B-8E7A-4BEB14C00044}C:\\program files\\myspace\\im\\myspaceim.exe"= UDP:C:\program files\myspace\im\myspaceim.exe:MySpace Instant Messenger "UDP Query User{0501C000-18C1-4ACA-9C43-21A19FB3FB83}C:\\program files\\myspace\\im\\myspaceim.exe"= TCP:C:\program files\myspace\im\myspaceim.exe:MySpace Instant Messenger "TCP Query User{A17560A2-8DA1-43ED-82B2-0910DC5419A6}C:\\program files\\zone.com deluxe games\\wheel of fortune deluxe\\wheel of fortune deluxe.exe"= UDP:C:\program files\zone.com deluxe games\wheel of fortune deluxe\wheel of fortune deluxe.exe:Wheel of Fortune Deluxe "UDP Query User{394186FF-E3D3-4517-986F-DF068E99D891}C:\\program files\\zone.com deluxe games\\wheel of fortune deluxe\\wheel of fortune deluxe.exe"= TCP:C:\program files\zone.com deluxe games\wheel of fortune deluxe\wheel of fortune deluxe.exe:Wheel of Fortune Deluxe "TCP Query User{D03AA555-74F4-40CE-8736-A0163EA53681}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire "UDP Query User{ED6277B8-9AB1-4F49-A18E-DF0235B9BF27}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System] "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic| [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List] "C:\\WINDOWS\\winlogon.exe"= C:\WINDOWS\winlogon.exe R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-03-29 14:31] R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-03-29 14:35] R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-03-29 14:32] R2 MSSQL$VAIO_VEDB;SQL Server (VAIO_VEDB);"C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sVAIO_VEDB [] R2 regi;regi;C:\Windows\system32\drivers\regi.sys [2007-04-17 23:09] R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43] R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service;C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2007-02-02 17:56] R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-05-16 13:55] R3 R5U870FLx86;R5U870 UVC Lower Filter ;C:\Windows\system32\Drivers\R5U870FLx86.sys [2007-04-04 10:13] R3 R5U870FUx86;R5U870 UVC Upper Filter ;C:\Windows\system32\Drivers\R5U870FUx86.sys [2007-04-04 10:13] R3 SonyImgF;Sony Image Conversion Filter Driver;C:\Windows\system32\DRIVERS\SonyImgF.sys [2007-04-05 09:06] R3 ti21sony;ti21sony;C:\Windows\system32\drivers\ti21sony.sys [2007-04-23 14:29] R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-05-08 09:11] S3 ICScsiSV;Image Converter SCSI Service;C:\Program Files\Sony\Image Converter 3\ICScsiSV.exe [2007-01-26 14:41] S3 IcVzMonLauncher;IcVzMonLauncher;"C:\Program Files\Sony\Image Converter 3\IcVzMonLauncher.exe" [2007-01-26 14:41] S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment;C:\Program Files\Sony\Image Converter 3\IcVzMon.exe [2007-01-26 14:41] S3 Ph3xIB32;Philips 713x Inbox PCI TV Card;C:\Windows\system32\DRIVERS\Ph3xIB32.sys [2007-04-03 11:43] S3 slim;Sony Lucid Integrated Mpeg encoder;C:\Windows\system32\drivers\slim.sys [2007-01-30 08:01] S3 SQLWriter;SQL Server VSS Writer;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2006-04-14 13:04] S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe [2007-01-10 19:51] S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);"C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-UCLS-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\UCLS\HTTP" [] S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-01-16 17:05] . Contents of the 'Scheduled Tasks' folder "2008-04-24 16:40:03 C:\Windows\Tasks\User_Feed_Synchronization-{F4B1F396-9AF8-435E-8327-29B645E95174}.job" - C:\Windows\system32\msfeedssync.exe "2008-04-25 15:29:02 C:\Windows\Tasks\XoftSpySE 2.job" - C:\Program Files\XoftSpySE\XoftSpy.exe "2008-04-25 14:57:55 C:\Windows\Tasks\XoftSpySE.job" - C:\Program Files\XoftSpySE\XoftSpy.exe . ************************************************************************** catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-25 11:29:44 Windows 6.0.6000 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . r Running Proce . C:\Windows\System32\audiodg.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Program Files\Autodesk\3ds Max 2008\mentalray\satellite\raysat_3dsMax2008_32server.exe C:\Windows\System32\stacsv.exe C:\Program Files\Sony\VAIO Event Service\VESMgr.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe C:\Windows\System32\drivers\XAudio.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe C:\Windows\System32\WUDFHost.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe C:\Program Files\Sony\VAIO Power Management\SPMgr.exe C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe C:\Program Files\Sony\VAIO Service Utility\VAIO-SUTOOL.exe C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe C:\Windows\System32\rundll32.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Windows\System32\rundll32.exe C:\Windows\ehome\ehmsas.exe C:\Windows\ehome\ehsched.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe C:\Windows\ehome\ehrecvr.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe C:\Windows\System32\dllhost.exe . ************************************************************************** . Completion time: 2008-04-25 11:37:54 - machine was rebooted ComboFix-quarantined-files.txt 2008-04-25 15:37:42 ComboFix2.txt 2008-04-24 16:13:40 Pre-Run: 54,606,897,152 bytes free Post-Run: 54,583,062,528 bytes free 344 --- E O F --- 2008-04-25 15:03:06