resycled\ntldr.com error

Sony / Vgn-ar21s
January 21, 2009 at 09:41:43
Specs: Microsoft Windows XP Professional, 1.994 GHz / 2046 MB
Hi

i have started getting a message saying

resycled\ntldr.com is not a valid Win32 application.

The message appears when I try to "click" access my HDDs, i can access them through the address bar and dos.

I am also getting pop ups and my mouse is constanty stuck in the working mode (with the hour glass next to it)

can someone please help me out with this.

Thanks a lot


See More: resycled\ntldr.com error

Report •


#1
January 21, 2009 at 11:11:08
Check out the earlier posts with this same problem. There are lots of them unfortunately.

"So won’t you give this man his wings
What a shame
To have to beg you to see
We’re not all the same
What a shame" - Shinedown


Report •

#2
January 21, 2009 at 14:09:13
Please download Malwarebytes' Anti-Malware from one of these sites:

MalwareBytes1

MalwareBytes2

Rename the setup file, mbam-setup.exe, before you download it. To do that once the "enter name of file to save to" box appears as the download begins in the filename box rename mbam-setup.exe to tool.exe> click save.

1. Double Click tool.exe to install the application.
2. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
3. If an update is found, it will download and install the latest version.
4. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient.
5. When the scan is complete, click OK, then Show Results to view the results.
6. Make sure that everything found is checked, and click Remove Selected.
7. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
8. The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
9. Copy&Paste the entire report in your next reply.


Please download and install the latest version of HijackThis v2.0.2:


Download the "HijackThis" Installer from this link:
Hijack This

Rename the setup file, HJTInstall.exe, before you download it. To do that once the "enter name of file to save to" box appears as the download begins in the filename box rename HJTInstall.exe to tools.exe> click save.
1. Save " tools.exe" to your desktop.
2. Double click on tools.exe to run the program.
3. By default it will install to C:\Program Files\Trend Micro\HijackThis.
4. Accept the license agreement by clicking the "I Accept" button.
5.Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
6. Click "Save log" to save the log file and then the log will open in Notepad.
7. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
8. Paste the log in your next reply.
9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.


Report •

#3
January 22, 2009 at 01:02:07
Here is the Malwarebytes file.

Malwarebytes' Anti-Malware 1.33
Database version: 1676
Windows 5.1.2600 Service Pack 2

22/01/2009 14:30:08
mbam-log-2009-01-22 (14-30-08).txt

Scan type: Quick Scan
Objects scanned: 58500
Time elapsed: 5 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 13
Folders Infected: 2
Files Infected: 11

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\videoplay (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\seneka (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.107,85.255.112.182 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{20a8ac39-9eac-4658-bf94-27cafd11b285}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.110,85.255.112.151 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7a863293-af9d-41a6-a170-11a0461366c8}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.110,85.255.112.151 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.107,85.255.112.182 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{20a8ac39-9eac-4658-bf94-27cafd11b285}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.110,85.255.112.151 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{7a863293-af9d-41a6-a170-11a0461366c8}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.110,85.255.112.151 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{8329e03b-b232-4bdd-b11d-2b8a1568a7c0}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.107,85.255.112.182 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.107,85.255.112.182 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{20a8ac39-9eac-4658-bf94-27cafd11b285}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.110,85.255.112.151 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{7a863293-af9d-41a6-a170-11a0461366c8}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.110,85.255.112.151 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.107,85.255.112.182 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{20a8ac39-9eac-4658-bf94-27cafd11b285}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.110,85.255.112.151 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{7a863293-af9d-41a6-a170-11a0461366c8}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.110,85.255.112.151 -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009 (Rogue.Multiple) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\gaopdxelqgdvpt.dll (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bajaj\Local Settings\Temp\XPKey.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\gaopdxlnkvetvo.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\gaopdxserv.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\senekachrndwkm.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\senekarqphfcxm.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\senekavemrmvkc.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bajaj\Local Settings\Temp\BN10.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bajaj\Local Settings\Temp\BN1D.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bajaj\Local Settings\Temp\BN75.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSkkai.log (Trojan.TDSS) -> Quarantined and deleted successfully.


HijackThis file as below

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:38:46, on 22/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Sony\AppMonUtil\AppMonUtility.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\SonicStage Mastering Studio\Audio Filter\SSMSFilter.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Documents and Settings\Bajaj\Desktop\tools.exe.exe
C:\Documents and Settings\Bajaj\Bajaj.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.vaio-link.com/vu/vu2x/in...
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe"
O4 - HKLM\..\Run: [SonyPowerCfg] "C:\Program Files\Sony\VAIO Power Management\SPMgr.exe"
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [AppMon Utility] "C:\Program Files\Sony\AppMonUtil\AppMonUtility.exe" @@@Start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [VAIO Update 4] "C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Java Runtime Enviornment] C:\Documents and Settings\Bajaj\Application Data\_a918656223cc21762ef174fb876d7b69\down\C:\Documents and Settings\Bajaj\Application Data\_a918656223cc21762ef174fb876d7b69\down\chimera.exe000
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Bajaj] C:\Documents and Settings\Bajaj\Bajaj.exe /i
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Audio Filter.lnk = C:\Program Files\Sony\SonicStage Mastering Studio\Audio Filter\SSMSFilter.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.com/en/
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/g...
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Symantec Eraser Service (EraserSvc10824) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: getPlus(R) Helper - Unknown owner - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (file missing)
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Cooporated Initialisation (VCI) - Sony Corporation - C:\Program Files\Sony\VAIO Cooperated Initialisation\VCI_SVC.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

--
End of file - 14816 bytes


Report •

Related Solutions

#4
January 22, 2009 at 03:37:56
Please download ComboFix to the desktop from one of the following links:

Link1

Link 2

Link 3

Combofix is a powerful tool so follow the instructions exactly or you could damage your computer.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with Combofix and remove some of its embedded files which may cause "unpredictable results".
Click on This Link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

In your case to run Combofix do the following:
1. Go offline turn off your AVG antivirus, and any other antispyware that you may have.
2. Run Combofix and save its log.
3. Restart the computer to get the antivirus running again but leave the antispyware programs off until we get the computer cleaned.
4. Post the Combofix log.


Remember to re-enable the protection again afterwards before connecting to the Internet.

Double-click combofix.exe
Follow the prompts.
(Don't click on the window while the program is running or move the mouse, it will cause your system to hang.)
Please post the log it produces.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Please download ComboFix to the desktop from one of the following links:

Link1

Link 2

Link 3

Rename the setup file, combofix.exe, before you download it. To do that once the "enter name of file to save to" box appears as the download begins in the filename box rename combofix.exe to toolb.exe> click save.

Combofix is a powerful tool so follow the instructions exactly or you could damage your computer.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with Combofix and remove some of its embedded files which may cause "unpredictable results".
Click on This Link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

In your case to run Combofix do the following:
1. Go offline turn off your Norton antivirus, and other antispyware that you may have.
2. Run Combofix and save its log.
3. Restart the computer to get the antivirus running again but leave the antispyware programs off until we get the computer cleaned.
4. Post the Combofix log.


Remember to re-enable the protection again afterwards before connecting to the Internet.

Double-click combofix.exe
Follow the prompts.
(Don't click on the window while the program is running or move the mouse, it will cause your system to hang.)
Please post the log it produces.


Report •

#5
January 22, 2009 at 06:45:13
ComboFix report

ComboFix 09-01-21.02 - Bajaj 2009-01-22 19:56:30.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1337 [GMT 5.5:30]
Running from: d:\documents and settings\Bajaj\Desktop\ComboFix.exe
AV: Norton 360 *On-access scanning disabled* (Updated)
FW: Norton 360 *enabled*
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\Bajaj\Bajaj.exe
c:\windows\system32\senekafnxapcoi.dat
c:\windows\system32\senekalgyvldct.dat
c:\windows\system32\TDSSmtve.dat
D:\Autorun.inf
D:\resycled
d:\resycled\ntldr.com

----- BITS: Possible infected sites -----

hxxp://onestopstation.net
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_syssrv


((((((((((((((((((((((((( Files Created from 2008-12-22 to 2009-01-22 )))))))))))))))))))))))))))))))
.

2009-01-22 14:22 . 2009-01-22 14:22 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-22 14:22 . 2009-01-22 14:22 <DIR> d-------- c:\documents and settings\Bajaj\Application Data\Malwarebytes
2009-01-22 14:22 . 2009-01-22 14:22 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-22 14:22 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-22 14:22 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-22 01:58 . 2009-01-22 01:58 <DIR> d-------- c:\program files\Support Tools
2009-01-21 03:28 . 2009-01-21 03:28 <DIR> d-------- c:\documents and settings\Bajaj\Application Data\sony
2009-01-21 03:27 . 2009-01-21 03:27 <DIR> d-------- c:\program files\Common Files\SWF Studio
2009-01-20 12:58 . 2009-01-21 01:23 46,640 --a------ c:\windows\system32\msln.exe
2009-01-20 12:49 . 2009-01-20 12:50 <DIR> d-------- c:\documents and settings\Bajaj\Application Data\_a918656223cc21762ef174fb876d7b69
2009-01-20 02:50 . 2004-08-10 17:30 18,944 --a------ c:\windows\system32\simptcp.dll
2009-01-20 02:50 . 2004-08-10 17:30 18,944 --a--c--- c:\windows\system32\dllcache\simptcp.dll
2009-01-20 01:33 . 2009-01-20 01:33 <DIR> d-------- c:\windows\system32\N360_BACKUP
2009-01-20 00:54 . 2009-01-20 00:54 108,336 --a------ c:\windows\system32\mswinsck.ocx
2009-01-20 00:53 . 2009-01-20 00:53 <DIR> d-------- c:\documents and settings\Bajaj\Application Data\_b76fdec8c4622ed1b59412923ceea7b5
2009-01-20 00:53 . 2009-01-20 00:53 33 --a------ c:\documents and settings\Bajaj\Application Data\__t.bin
2009-01-20 00:51 . 2009-01-20 00:51 <DIR> d-------- c:\documents and settings\All Users\Application Data\FLEXnet
2009-01-20 00:46 . 2009-01-20 00:46 <DIR> d-------- c:\documents and settings\Bajaj\Application Data\Sonic
2009-01-20 00:46 . 2009-01-20 00:46 <DIR> d-------- c:\documents and settings\Bajaj\Application Data\Leadertech
2009-01-20 00:44 . 2009-01-20 00:44 <DIR> d-------- c:\program files\Adobe Media Player
2009-01-20 00:34 . 2009-01-20 00:34 <DIR> d-------- c:\program files\Common Files\Adobe AIR
2009-01-20 00:23 . 2009-01-20 00:23 <DIR> d-------- c:\program files\Common Files\Macrovision Shared
2009-01-19 03:19 . 2009-01-19 03:19 <DIR> d-------- c:\documents and settings\All Users\Application Data\NOS
2009-01-19 02:53 . 2009-01-19 02:53 <DIR> d-------- c:\documents and settings\Bajaj\Application Data\AdobeUM
2009-01-18 18:51 . 2009-01-18 18:51 <DIR> d-------- c:\program files\MSBuild
2009-01-18 18:49 . 2009-01-18 18:49 <DIR> d-------- c:\windows\system32\XPSViewer
2009-01-18 18:48 . 2009-01-18 18:48 <DIR> d-------- c:\program files\Reference Assemblies
2009-01-18 18:48 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll
2009-01-18 18:47 . 2006-10-04 19:36 1,197,294 -----c--- c:\windows\system32\dllcache\sysmain.sdb
2009-01-18 18:47 . 2006-10-04 19:36 764,868 -----c--- c:\windows\system32\dllcache\apph_sp.sdb
2009-01-18 18:47 . 2006-10-04 19:36 217,118 -----c--- c:\windows\system32\dllcache\apphelp.sdb
2009-01-18 18:46 . 2009-01-18 18:46 <DIR> d-------- c:\program files\Windows Media Connect 2
2009-01-18 18:45 . 2009-01-18 18:45 <DIR> d-------- c:\windows\system32\drivers\UMDF
2009-01-18 18:38 . 2009-01-18 18:38 99 --a------ c:\windows\WirelessFTP.INI
2009-01-17 20:30 . 2009-01-17 20:30 <DIR> d-------- c:\program files\MSXML 6.0
2009-01-17 20:30 . 2004-08-03 23:07 59,264 --a------ c:\windows\system32\drivers\USBAUDIO.sys
2009-01-17 20:30 . 2004-08-03 23:07 59,264 --a--c--- c:\windows\system32\dllcache\usbaudio.sys
2009-01-17 20:15 . 2006-11-13 11:32 288,768 --------- c:\windows\system32\rhttpaa.dll
2009-01-17 20:15 . 2006-11-13 11:32 116,736 --------- c:\windows\system32\aaclient.dll
2009-01-17 20:15 . 2006-11-13 11:32 36,352 --------- c:\windows\system32\tsgqec.dll
2009-01-17 19:29 . 2009-01-17 19:29 <DIR> d-------- c:\documents and settings\LocalService\Application Data\DivX
2009-01-17 19:26 . 2008-11-06 22:07 3,596,288 --a------ c:\windows\system32\qt-dx331.dll
2009-01-17 19:26 . 2008-09-25 00:11 839,680 --a------ c:\windows\system32\lameACM.acm
2009-01-17 19:26 . 2008-12-07 23:38 795,648 --a------ c:\windows\system32\xvidcore.dll
2009-01-17 19:26 . 2008-11-06 22:03 684,032 --a------ c:\windows\system32\divx.dll
2009-01-17 19:26 . 2004-01-25 21:48 217,088 --a------ c:\windows\system32\yv12vfw.dll
2009-01-17 19:26 . 2008-12-07 23:38 130,048 --a------ c:\windows\system32\xvidvfw.dll
2009-01-17 19:26 . 2007-09-21 06:22 118,784 --a------ c:\windows\system32\ac3acm.acm
2009-01-17 19:26 . 2008-12-11 06:03 86,016 --a------ c:\windows\system32\dpl100.dll
2009-01-17 19:26 . 2008-12-08 17:23 57,344 --a------ c:\windows\system32\ff_vfw.dll
2009-01-17 19:26 . 2007-07-10 21:40 547 --a------ c:\windows\system32\ff_vfw.dll.manifest
2009-01-17 19:26 . 2008-10-03 18:00 414 --a------ c:\windows\system32\lame_acm.xml
2009-01-17 19:22 . 2009-01-17 19:22 <DIR> d-------- c:\documents and settings\Bajaj\Application Data\Apple Computer
2009-01-17 19:21 . 2009-01-17 19:21 <DIR> d-------- c:\program files\Bonjour
2009-01-17 19:20 . 2009-01-17 19:21 <DIR> d-------- c:\program files\QuickTime
2009-01-17 19:20 . 2009-01-18 20:09 <DIR> d-------- c:\program files\Common Files\Apple
2009-01-17 19:20 . 2009-01-17 19:20 <DIR> d-------- c:\program files\Apple Software Update
2009-01-17 19:20 . 2009-01-18 20:09 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple Computer
2009-01-17 19:19 . 2009-01-17 19:19 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple
2009-01-17 17:50 . 2008-10-08 14:27 526,428,264 --a------ c:\windows\system32\MS_Office_Enterprise_2007.exe
2009-01-17 17:50 . 2009-01-08 11:24 98 --a------ c:\windows\system32\run.bat
2009-01-17 03:52 . 2009-01-17 03:52 410,984 --a------ c:\windows\system32\deploytk.dll
2009-01-17 03:52 . 2009-01-17 03:52 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-01-17 03:38 . 2009-01-17 03:38 <DIR> d-------- c:\windows\Sun
2009-01-17 02:47 . 2009-01-17 02:48 <DIR> d-------- c:\windows\system32\Adobe
2009-01-17 02:41 . 2009-01-17 02:41 <DIR> d-------- c:\documents and settings\Bajaj\Application Data\Logitech
2009-01-17 02:35 . 2009-01-17 02:35 0 --ah----- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-01-17 02:35 . 2009-01-17 02:35 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2009-01-17 02:34 . 2007-11-15 10:06 301,656 --a------ c:\windows\system32\BtCoreIf.dll
2009-01-17 02:34 . 2007-11-15 10:07 170,512 --a------ c:\windows\system32\kemutb.dll
2009-01-17 02:34 . 2007-11-15 10:07 141,840 --a------ c:\windows\system32\KemUtil.dll
2009-01-17 02:34 . 2007-11-15 10:07 117,264 --a------ c:\windows\system32\KemWnd.dll
2009-01-17 02:34 . 2007-11-15 10:07 76,304 --a------ c:\windows\system32\KemXML.dll
2009-01-17 02:33 . 2009-01-17 02:33 <DIR> d-------- c:\program files\Logitech
2009-01-17 02:33 . 2009-01-17 02:34 <DIR> d-------- c:\program files\Common Files\Logishrd
2009-01-17 02:33 . 2009-01-17 02:41 <DIR> d-------- c:\documents and settings\All Users\Application Data\Logitech
2009-01-17 02:32 . 2009-01-17 02:32 <DIR> d-------- c:\documents and settings\All Users\Application Data\LogiShrd
2009-01-17 02:31 . 2009-01-17 02:31 0 --a------ c:\windows\nsreg.dat
2009-01-17 02:30 . 2008-10-17 02:08 6,066,176 -----c--- c:\windows\system32\dllcache\ieframe.dll
2009-01-17 02:30 . 2007-04-17 15:02 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat
2009-01-17 02:30 . 2007-03-08 10:40 991,232 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui
2009-01-17 02:30 . 2008-10-17 02:08 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll
2009-01-17 02:30 . 2008-10-17 02:08 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll
2009-01-17 02:30 . 2008-10-17 02:08 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll
2009-01-17 02:30 . 2008-10-17 02:08 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll
2009-01-17 02:30 . 2008-10-17 02:08 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll
2009-01-17 02:30 . 2008-10-16 18:41 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe
2009-01-17 02:27 . 2009-01-17 02:27 <DIR> d-------- c:\documents and settings\Bajaj\Application Data\Media Player Classic
2009-01-17 02:26 . 2007-08-13 18:54 33,792 --a--c--- c:\windows\system32\dllcache\custsat.dll
2009-01-17 02:23 . 2009-01-17 02:23 <DIR> d-------- c:\program files\uTorrent
2009-01-17 02:23 . 2009-01-22 02:54 <DIR> d-------- c:\documents and settings\Bajaj\Application Data\uTorrent
2009-01-17 02:15 . 2006-11-28 14:15 35,704 --a------ c:\windows\system32\NicInst.dll
2009-01-17 02:15 . 2006-11-28 14:15 28,536 --a------ c:\windows\system32\NicCo.dll
2009-01-17 02:06 . 2009-01-17 02:22 <DIR> d-------- C:\Update
2009-01-16 23:25 . 2009-01-16 23:25 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-16 23:19 . 2009-01-17 19:26 <DIR> d-------- c:\program files\K-Lite Codec Pack
2009-01-16 23:19 . 2008-09-17 00:53 168,448 --a------ c:\windows\system32\unrar.dll
2009-01-16 23:08 . 2008-08-14 15:27 2,185,984 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2009-01-16 23:08 . 2008-08-14 15:25 2,142,720 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-01-16 23:08 . 2008-08-14 14:48 2,062,976 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-01-16 23:08 . 2008-08-14 14:48 2,020,864 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2009-01-16 23:07 . 2008-12-13 12:10 3,593,216 -----c--- c:\windows\system32\dllcache\mshtml.dll
2009-01-16 23:05 . 2008-09-04 22:12 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2009-01-16 23:05 . 2008-10-24 16:40 453,632 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2009-01-16 23:05 . 2008-12-11 17:27 333,184 -----c--- c:\windows\system32\dllcache\srv.sys
2009-01-16 23:05 . 2008-10-03 15:45 247,326 -----c--- c:\windows\system32\dllcache\strmdll.dll
2009-01-16 22:57 . 2007-07-09 18:39 584,192 -----c--- c:\windows\system32\dllcache\rpcrt4.dll
2009-01-16 22:52 . 2006-08-21 14:44 128,896 -----c--- c:\windows\system32\dllcache\fltmgr.sys
2009-01-16 22:52 . 2006-08-21 14:44 23,040 -----c--- c:\windows\system32\dllcache\fltmc.exe
2009-01-16 22:52 . 2006-08-21 17:51 16,896 -----c--- c:\windows\system32\dllcache\fltlib.dll
2009-01-16 22:41 . 2004-08-03 23:08 31,616 --a------ c:\windows\system32\drivers\usbccgp.sys
2009-01-16 22:41 . 2004-08-03 23:08 31,616 --a--c--- c:\windows\system32\dllcache\usbccgp.sys
2009-01-15 19:58 . 2009-01-15 19:58 <DIR> d-------- c:\program files\Windows Sidebar
2009-01-15 19:56 . 2009-01-17 02:45 <DIR> d-------- c:\program files\Norton 360
2009-01-15 19:54 . 2009-01-16 23:29 <DIR> d-------- c:\program files\Symantec
2009-01-15 19:54 . 2009-01-16 23:29 124,464 --a------ c:\windows\system32\drivers\SYMEVENT.SYS
2009-01-15 19:54 . 2009-01-16 23:29 60,808 --a------ c:\windows\system32\S32EVNT1.DLL
2009-01-15 19:54 . 2009-01-16 23:29 10,635 --a------ c:\windows\system32\drivers\SYMEVENT.CAT
2009-01-15 19:54 . 2009-01-16 23:29 806 --a------ c:\windows\system32\drivers\SYMEVENT.INF
2009-01-15 19:33 . 2009-01-15 19:33 <DIR> d-------- C:\VAIO Entertainment

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-22 14:30 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-01-19 19:16 --------- d-----w c:\program files\Common Files\Adobe
2009-01-16 23:11 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-01-16 22:22 --------- d-----w c:\program files\Java
2009-01-16 21:03 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-16 20:48 --------- d-----w c:\program files\Sony
2009-01-16 17:26 --------- d-----w c:\documents and settings\Bajaj\Application Data\Symantec
2009-01-16 17:18 --------- d-----w c:\documents and settings\Bajaj\Application Data\Sony Corporation
2009-01-15 14:19 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee
2009-01-15 14:16 --------- d-----w c:\documents and settings\All Users\Application Data\SiteAdvisor
2008-12-11 11:57 333,184 ----a-w c:\windows\system32\drivers\srv.sys
2008-06-30 08:14 324,976 ----a-w c:\program files\mozilla firefox\components\coFFPlgn.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayExcluded]
@="{4433A54A-1AC8-432F-90FC-85F045CF383C}"
[HKEY_CLASSES_ROOT\CLSID\{4433A54A-1AC8-432F-90FC-85F045CF383C}]
2008-10-31 12:24 576352 --a------ c:\program files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayPending]
@="{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}"
[HKEY_CLASSES_ROOT\CLSID\{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}]
2008-10-31 12:24 576352 --a------ c:\program files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayProtected]
@="{476D0EA3-80F9-48B5-B70B-05E677C9C148}"
[HKEY_CLASSES_ROOT\CLSID\{476D0EA3-80F9-48B5-B70B-05E677C9C148}]
2008-10-31 12:24 576352 --a------ c:\program files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Java Runtime Enviornment"="c:\documents and settings\Bajaj\Application Data\_a918656223cc21762ef174fb876d7b69\down\c:\documents and settings\Bajaj\Application Data\_a918656223cc21762ef174fb876d7b69\down\chimera.exe000" [X]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-07-06 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-06 7561216]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-11-17 118784]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"VAIOCameraUtility"="c:\program files\Sony\VAIO Camera Utility\VCUServe.exe" [2005-12-27 69632]
"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2006-08-05 217088]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]
"Switcher.exe"="c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2006-02-14 176128]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-02-21 143360]
"AppMon Utility"="c:\program files\Sony\AppMonUtil\AppMonUtility.exe" [2006-06-22 29696]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-06-06 127036]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2005-03-03 483328]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"osCheck"="c:\program files\Norton 360\osCheck.exe" [2008-02-26 988512]
"VAIO Update 4"="c:\program files\Sony\VAIO Update 4\VAIOUpdt.exe" [2008-08-24 870240]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-17 136600]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Mouse Suite 98 Daemon"="ICO.EXE" [2002-03-14 c:\windows\system32\ico.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 c:\windows\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-10 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Audio Filter.lnk - c:\program files\Sony\SonicStage Mastering Studio\Audio Filter\SSMSFilter.exe [2008-11-11 5649408]
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2006-02-02 1753088]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-01-17 784912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2007-11-15 10:10 72208 c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2006-03-09 19:21 73728 c:\windows\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= c:\progra~1\COMMON~1\SONYSH~1\VideoLib\sonydv.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Adobe\\Photoshop Elements 4.0\\AdobePhotoshopElementsMediaServer.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Apoint\\Apoint.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R3 5U870CAP_VID_1262&PID_25FD;Sony Visual Communication Camera VGP-VCC2 ;c:\windows\system32\drivers\5U870CAP.sys [2006-08-18 75264]
R3 AVerM115S;AVerM115S service;c:\windows\system32\drivers\AVerM115S.sys [2006-08-18 754688]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-01-16 99376]
R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [2006-08-18 30080]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2006-08-18 812544]
R4 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [2008-02-19 149352]
R4 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB [?]
R4 regi;regi;c:\windows\system32\drivers\regi.sys [2008-11-11 5376]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-01-13 23888]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe --> c:\program files\NOS\bin\getPlus_HelperSvc.exe [?]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2006-09-07 10112]
S4 acpi32;acpi32;\??\c:\windows\system32\drivers\acpi32.sys --> c:\windows\system32\drivers\acpi32.sys [?]
S4 amd64si;amd64si;\??\c:\windows\system32\drivers\amd64si.sys --> c:\windows\system32\drivers\amd64si.sys [?]
S4 ati64si;ati64si;\??\c:\windows\system32\drivers\ati64si.sys --> c:\windows\system32\drivers\ati64si.sys [?]
S4 EraserSvc10824;Symantec Eraser Service;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [2008-02-19 149352]
S4 i386si;i386si;\??\c:\windows\system32\drivers\i386si.sys --> c:\windows\system32\drivers\i386si.sys [?]
S4 netsik;netsik;\??\c:\windows\system32\drivers\netsik.sys --> c:\windows\system32\drivers\netsik.sys [?]
S4 port135sik;port135sik;\??\c:\windows\system32\drivers\port135sik.sys --> c:\windows\system32\drivers\port135sik.sys [?]
S4 securentm;securentm;\??\c:\windows\system32\drivers\securentm.sys --> c:\windows\system32\drivers\securentm.sys [?]
S4 systemntmi;systemntmi;\??\c:\windows\system32\drivers\systemntmi.sys --> c:\windows\system32\drivers\systemntmi.sys [?]
S4 ws2_32sik;ws2_32sik;\??\c:\windows\system32\drivers\ws2_32sik.sys --> c:\windows\system32\drivers\ws2_32sik.sys [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Contents of the 'Scheduled Tasks' folder

2009-01-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Bajaj - c:\documents and settings\Bajaj\Bajaj.exe


.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.vaio-link.com/vu/vu2x/index.asp?u=a&h=0409
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\documents and settings\Bajaj\Application Data\Mozilla\Firefox\Profiles\dxbvb312.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - component: c:\documents and settings\Bajaj\Application Data\Mozilla\Firefox\Profiles\dxbvb312.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: c:\program files\Mozilla Firefox\components\coFFPlgn.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-22 20:01:14
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(800)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
c:\windows\system32\VESWinlogon.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
r Running Proce
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\ehome\ehSched.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\tcpsvcs.exe
c:\program files\SigmaTel\C-Major Audio\WDM\stacsv.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\windows\system32\rundll32.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
c:\program files\Apoint\ApntEx.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\dllhost.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
.
**************************************************************************
.
Completion time: 2009-01-22 20:03:46 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-22 14:33:43

Pre-Run: 82,526,552,064 bytes free
Post-Run: 82,675,707,904 bytes free

343 --- E O F --- 2009-01-19 06:41:02


The Problem seems to have been solved, Thanks a lot Jabuck, You saved me a whole lot of trouble.


Report •


Ask Question