Member Avatar for dukeassa

when i scanned the folder system32, avg says the following

Object: C:\Windows\system32\ntoskrnl.exe

Result: Changed
Status: Changed

The only problem i'm having now is everytime when i write a url in the address bar or new page comes up, small window comes up and says that my pc is infected by unknown trojan ... press OK to download anti-virus software to clean it. It's dangerous....bla bla
First, i thought that it's a trojan so i detected and deleted 2 things that've been secretly installed in my pc from the program files. but still the window pops up! --- so annoying.
even Trojan Hunter, ESET, ErrorSmart, Winpatrol are not detecting it!

I usually repair and fix problems, but this one seems to be a simple yet i can't take care of it.
can somebody please help me out here?! i would very appreciate

  • 2 Contributors
  • 7 Replies
  • 176 Views
  • 1 Day Discussion Span
  • Latest Post Latest Post by crunchie

Recommended Answers

All 7 Replies

Member Avatar for crunchie

Download HijackThis from here. Download it to your desktop and NOT a temporary folder.


==

Please download ComboFix by sUBs from HERE or HERE

  • You must download it to and run it from your Desktop
  • Physically disconnect from the internet.
  • Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
  • Double click combofix.exe & follow the prompts.
  • When finished, it will produce a log. Please save that log to post in your next reply along with an hijackthis log
  • Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Member Avatar for dukeassa

THANK YOU SO MUCH FOR YOUR REPLY! HERE THE COMBOFIX SAYS...........


ComboFix 08-02-15.2 - Duke 2008-02-15 2:34:37.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.832 [GMT -8:00]
Running from: C:\Users\Duke\Downloads\Orignals.rar\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2008-01-15 to 2008-02-15 )))))))))))))))))))))))))))))))
.

2008-02-14 22:11 . 2008-02-14 22:11 <DIR> d-------- C:\Users\Duke\AppData\Roaming\TrojanHunter
2008-02-14 21:36 . 2008-02-14 21:36 <DIR> d-------- C:\Users\All Users\CheckPoint
2008-02-14 21:36 . 2008-02-14 21:36 <DIR> d-------- C:\ProgramData\CheckPoint
2008-02-14 21:36 . 2008-02-14 21:36 <DIR> d-------- C:\Program Files\Zone Labs
2008-02-14 21:36 . 2008-01-09 03:31 1,086,952 --a------ C:\Windows\System32\zpeng24.dll
2008-02-14 21:36 . 2008-01-09 03:32 276,368 --a------ C:\Windows\System32\drivers\vsdatant.sys
2008-02-14 21:33 . 2008-02-14 21:36 <DIR> d-------- C:\Windows\System32\ZoneLabs
2008-02-14 21:33 . 2008-02-14 21:43 352,614 --ah----- C:\Windows\System32\drivers\vsconfig.xml
2008-02-14 21:21 . 2008-02-14 21:22 <DIR> d-------- C:\Program Files\TrojanHunter 5.0
2008-02-14 20:54 . 2008-02-14 20:56 <DIR> d-------- C:\Users\Duke\AppData\Roaming\ErrorSmart
2008-02-14 20:54 . 2008-02-14 21:11 <DIR> d-------- C:\Program Files\ErrorSmart
2008-02-14 20:17 . 2008-02-14 20:17 <DIR> d-------- C:\Users\Duke\AppData\Roaming\WinPatrol
2008-02-14 11:53 . 2008-02-14 11:53 230,400 --a------ C:\Windows\AcroIEHelper.dll
2008-02-14 11:53 . 2008-02-14 11:53 50 --a------ C:\tmp.bat
2008-02-13 03:07 . 2008-02-13 03:07 194,560 --a------ C:\Windows\System32\WebClnt.dll
2008-02-13 03:07 . 2008-02-13 03:07 110,080 --a------ C:\Windows\System32\drivers\mrxdav.sys
2008-02-13 03:04 . 2008-02-13 03:04 3,504,696 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-02-13 03:04 . 2008-02-13 03:04 3,470,392 --a------ C:\Windows\System32\ntoskrnl.exe
2008-02-13 03:04 . 2008-02-13 03:04 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-02-13 03:04 . 2008-02-13 03:04 109,624 --a------ C:\Windows\System32\drivers\ataport.sys
2008-02-13 03:04 . 2008-02-13 03:04 45,112 --a------ C:\Windows\System32\drivers\pciidex.sys
2008-02-13 03:04 . 2008-02-13 03:04 21,560 --a------ C:\Windows\System32\drivers\atapi.sys
2008-02-13 03:04 . 2008-02-13 03:04 17,464 --a------ C:\Windows\System32\drivers\intelide.sys
2008-02-13 03:03 . 2008-02-13 03:03 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-13 03:03 . 2008-02-13 03:03 1,686,528 --a------ C:\Windows\System32\gameux.dll
2008-02-13 03:03 . 2008-02-13 03:03 806,400 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-02-13 03:03 . 2008-02-13 03:03 217,144 --a------ C:\Windows\System32\drivers\netio.sys
2008-02-13 03:03 . 2008-02-13 03:03 167,424 --a------ C:\Windows\System32\tcpipcfg.dll
2008-02-13 03:03 . 2008-02-13 03:03 24,064 --a------ C:\Windows\System32\netcfg.exe
2008-02-13 03:03 . 2008-02-13 03:03 22,016 --a------ C:\Windows\System32\netiougc.exe
2008-02-09 15:57 . 2008-02-09 15:57 <DIR> d-------- C:\Users\Duke\AppData\Roaming\ESET
2008-02-09 15:56 . 2008-02-09 15:56 <DIR> d-------- C:\Users\All Users\ESET
2008-02-09 15:56 . 2008-02-09 15:56 <DIR> d-------- C:\ProgramData\ESET
2008-02-09 15:56 . 2008-02-09 15:56 <DIR> d-------- C:\Program Files\ESET
2008-02-07 13:26 . 2008-02-07 13:26 <DIR> d-------- C:\Users\Duke\048298C9A4D3490B9FF9AB023A9238F3.TMP
2008-02-05 23:02 . 1999-06-25 10:55 149,504 --a------ C:\Windows\UNWISE.EXE
2008-01-28 20:56 . 2008-01-28 20:56 <DIR> d-------- C:\Program Files\Common Files\xing shared

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-15 08:36 --------- d-----w C:\Program Files\Steam
2008-02-15 08:34 --------- d-----w C:\Program Files\Common Files\Steam
2008-02-15 05:37 58,368 ----a-w C:\Windows\Internet Logs\xDBCE84.tmp
2008-02-15 05:37 1,269,248 ----a-w C:\Windows\Internet Logs\xDBD069.tmp
2008-02-15 05:32 --------- d-----w C:\Program Files\Babylon
2008-02-15 03:40 --------- d-----w C:\Users\Duke\AppData\Roaming\AVG7
2008-02-13 11:06 943,800 ----a-w C:\Windows\System32\winload.exe
2008-02-13 11:06 905,400 ----a-w C:\Windows\System32\winresume.exe
2008-02-13 11:06 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll
2008-02-13 11:06 613,888 ----a-w C:\Windows\System32\wpd_ci.dll
2008-02-13 11:06 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-13 11:06 595,456 ----a-w C:\Windows\System32\schedsvc.dll
2008-02-13 11:06 558,080 ----a-w C:\Windows\System32\oleaut32.dll
2008-02-13 11:06 54,784 ----a-w C:\Windows\system32\drivers\i8042prt.sys
2008-02-13 11:06 495,160 ----a-w C:\Windows\system32\drivers\Wdf01000.sys
2008-02-13 11:06 39,424 ----a-w C:\Windows\System32\lodctr.exe
2008-02-13 11:06 35,384 ----a-w C:\Windows\system32\drivers\WdfLdr.sys
2008-02-13 11:06 35,384 ----a-w C:\Windows\system32\drivers\kbdclass.sys
2008-02-13 11:06 35,328 ----a-w C:\Windows\System32\dispci.dll
2008-02-13 11:06 34,360 ----a-w C:\Windows\system32\drivers\mouclass.sys
2008-02-13 11:06 32,256 ----a-w C:\Windows\System32\unlodctr.exe
2008-02-13 11:06 260,096 ----a-w C:\Windows\System32\dpx.dll
2008-02-13 11:06 23,552 ----a-w C:\Windows\System32\nshhttp.dll
2008-02-13 11:06 224,824 ----a-w C:\Windows\System32\clfs.sys
2008-02-13 11:06 221,696 ----a-w C:\Windows\System32\umpnpmgr.dll
2008-02-13 11:06 19,968 ----a-w C:\Windows\system32\drivers\sermouse.sys
2008-02-13 11:06 19,456 ----a-w C:\Windows\System32\cfgmgr32.dll
2008-02-13 11:06 17,408 ----a-w C:\Windows\System32\prflbmsg.dll
2008-02-13 11:06 15,872 ----a-w C:\Windows\system32\drivers\mouhid.sys
2008-02-13 11:06 12,800 ----a-w C:\Windows\System32\batt.dll
2008-02-13 11:06 115,200 ----a-w C:\Windows\System32\loadperf.dll
2008-02-13 11:06 101,888 ----a-w C:\Windows\System32\drvinst.exe
2008-02-13 11:06 1,585,664 ----a-w C:\Windows\System32\setupapi.dll
2008-02-13 11:03 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-13 11:03 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-13 11:03 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-13 11:03 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-13 11:01 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-13 11:01 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-13 11:01 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-13 11:01 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-12 07:25 --------- d-----w C:\Users\Duke\AppData\Roaming\Corel
2008-02-07 21:34 --------- d-----w C:\Program Files\Warcraft III
2008-02-06 18:44 --------- d-----w C:\ProgramData\Symantec
2008-02-06 18:44 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-02 10:12 3,452 --sha-w C:\Windows\System32\KGyGaAvL.sys
2008-01-29 04:56 --------- d-----w C:\Program Files\Real
2008-01-29 04:56 --------- d-----w C:\Program Files\Common Files\Real
2008-01-27 21:22 --------- d-----w C:\Users\Duke\AppData\Roaming\LimeWire
2008-01-09 10:00 --------- d-----w C:\Program Files\Windows Sidebar
2008-01-09 10:00 --------- d-----w C:\Program Files\Windows Mail
2008-01-09 05:50 --------- d-----w C:\Program Files\BearShare Applications
2008-01-09 00:00 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-01-09 00:00 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-01-09 00:00 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-01-08 04:25 --------- d-----w C:\Users\Duke\AppData\Roaming\BearShare
2008-01-03 04:56 --------- d-----w C:\ProgramData\InstallShield
2008-01-03 04:56 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-01-03 04:52 --------- d-----w C:\ProgramData\Corel
2008-01-03 04:52 --------- d-----w C:\Program Files\Corel
2008-01-03 04:52 --------- d-----w C:\Program Files\Common Files\Protexis
2008-01-03 04:52 --------- d-----w C:\Program Files\Common Files\Corel
2008-01-02 22:06 --------- d-----w C:\ProgramData\Skype
2008-01-02 22:06 --------- d-----w C:\Program Files\Skype
2008-01-02 21:57 --------- d-----w C:\Program Files\Common Files\Pointstone
2008-01-02 21:53 --------- d-----w C:\Program Files\Pointstone
2008-01-02 02:55 --------- d-----w C:\Users\Duke\AppData\Roaming\Roxio
2008-01-02 02:51 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-02 02:51 --------- d-----w C:\Program Files\Sony
2008-01-02 02:41 --------- d-----w C:\Users\Duke\AppData\Roaming\Sony Corporation
2008-01-02 01:01 --------- d-----w C:\Program Files\intel
2008-01-01 22:32 --------- d-----w C:\Users\Duke\AppData\Roaming\Pointstone
2008-01-01 22:03 32 ----a-w C:\Users\All Users\ezsid.dat
2008-01-01 22:03 32 ----a-w C:\ProgramData\ezsid.dat
2008-01-01 22:03 --------- d-----w C:\Users\Duke\AppData\Roaming\skypePM
2007-12-31 20:53 --------- d-----w C:\Program Files\Common Files\Skype
2007-12-31 19:57 --------- d-----w C:\Users\Duke\AppData\Roaming\WebCallDirect
2007-12-31 06:50 --------- d-----w C:\Users\Duke\AppData\Roaming\Ventrilo
2007-12-31 06:49 --------- d-----w C:\Program Files\Ventrilo
2007-12-31 06:48 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-12-29 00:55 --------- d-----w C:\ProgramData\Yahoo! Companion
2007-12-29 00:54 --------- d-----w C:\Program Files\Veoh Networks
2007-12-28 21:47 --------- d-----w C:\ProgramData\Yahoo!
2007-12-28 21:41 --------- d-----w C:\Users\Duke\AppData\Roaming\Yahoo!
2007-12-25 03:58 --------- d-----w C:\Program Files\Java
2007-12-23 10:39 126,976 ----a-w C:\Windows\War3Unin.exe
2007-12-23 05:17 --------- d-----w C:\Program Files\Smart Projects
2007-12-22 23:15 --------- d-----w C:\ProgramData\avg7
2007-12-22 23:11 9,216 ----a-w C:\Windows\System32\avgwlntf.dll
2007-12-22 23:11 55,304 ----a-w C:\Windows\system32\drivers\avgwfp.sys
2007-12-22 23:11 --------- d-----w C:\ProgramData\Grisoft
2007-12-22 22:00 --------- d-----w C:\Program Files\FDRLab
2007-12-21 16:21 71,176 ----a-w C:\Windows\system32\drivers\epfw.sys
2007-12-21 16:21 53,768 ----a-w C:\Windows\system32\drivers\epfwtdi.sys
2007-12-21 16:21 30,728 ----a-w C:\Windows\system32\drivers\epfwndis.sys
2007-12-21 16:20 30,216 ----a-w C:\Windows\system32\drivers\easdrv.sys
2007-12-21 16:19 39,944 ----a-w C:\Windows\system32\drivers\eamon.sys
2007-12-18 23:47 --------- d-----w C:\Program Files\LimeWire
2007-12-18 23:31 --------- d-----w C:\Users\Duke\AppData\Roaming\DivX
2007-12-15 01:41 --------- d-----w C:\Program Files\Web Page Maker V2
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{358A14C3-CB2F-4366-9A6C-1AEB63F0B036}]
2008-02-14 11:53 230400 --a------ C:\Windows\AcroIEHelper.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-08 16:00 1232896]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-01-30 13:11 3497984]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 16:15 221184]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 04:36 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-08-01 18:54 1006264]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-06-29 04:57 137752]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-06-29 04:56 154136]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2007-06-29 04:56 133656]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2007-06-08 04:35 118784]
"ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [2007-06-11 17:27 317560]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"VAIO Center Access Bar"="c:\program files\sony\VAIO Center Access Bar\VCAB.exe" [2007-06-21 15:54 53248]
"VWLASU"="C:\Program Files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe" [2007-07-12 10:31 45056]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 19:54 623992]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-22 15:11 579072]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 16:15 81920]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-01-28 20:55 185896]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2007-12-21 08:21 1443072]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"THGuard"="C:\Program Files\TrojanHunter 5.0\THGuard.exe" [2008-02-08 11:22 1047712]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-01-09 03:31 959976]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-12-22 15:11 219136]

C:\Users\Duke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 19:24:54 98632]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-06-22 09:55:32 739880]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2007-03-01 02:55:18 972320]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 2007-12-22 15:11 9216 C:\Windows\System32\avgwlntf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
VESWinlogon.dll 2007-07-24 18:26 98304 C:\Windows\System32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\kloehk.dll

R2 regi;regi;C:\Windows\system32\drivers\regi.sys [2007-04-17 19:09]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-08-01 08:54]
R3 AvgWFP;AVG7 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfp.sys [2007-12-22 15:11]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-06-29 04:56]
R3 NETw4v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit;C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-06-30 03:04]
R3 R5U870FLx86;R5U870 UVC Lower Filter ;C:\Windows\system32\Drivers\R5U870FLx86.sys [2007-06-27 04:13]
R3 R5U870FUx86;R5U870 UVC Upper Filter ;C:\Windows\system32\Drivers\R5U870FUx86.sys [2007-06-27 04:13]
R3 SonyImgF;Sony Image Conversion Filter Driver;C:\Windows\system32\DRIVERS\SonyImgF.sys [2007-04-05 05:06]
R3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-02-14 17:17]
R3 ti21sony;ti21sony;C:\Windows\system32\drivers\ti21sony.sys [2007-06-05 04:17]
S3 btwaudio;Bluetooth Audio Device Service;C:\Windows\system32\drivers\btwaudio.sys [2007-07-02 06:10]
S3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [2007-07-02 06:10]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys [2007-07-02 06:09]
S3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2007-07-02 06:10]
S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe [2007-01-10 15:51]
S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);"C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-UCLS-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" []
S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-06-20 14:34]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;"C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe" [2007-07-13 09:55]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;"C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe" [2007-07-05 16:43]
S3 wampapache;wampapache;"c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe" [2007-09-05 08:59]
S3 wampmysqld;wampmysqld;c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe wampmysqld []
S3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-05-18 05:19]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{142308f2-a487-11dc-9ec0-001a804a5e37}]
\shell\Auto\command - boot.exe
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL boot.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7d066e7a-ca1a-11dc-abb3-001a804a5e37}]
\shell\AutoRun\command - G:\ntde1ect.com
\shell\explore\Command - G:\ntde1ect.com
\shell\open\Command - G:\ntde1ect.com

.
Contents of the 'Scheduled Tasks' folder
"2008-02-15 05:40:27 C:\Windows\Tasks\ErrorSmart Scheduled Scan.job"
- C:\Program Files\ErrorSmart\ErrorSmart.ex
- C:\Program Files\ErrorSmart
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-15 02:35:35
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-15 2:36:12
ComboFix-quarantined-files.txt 2008-02-15 10:36:09
ComboFix2.txt 2008-02-15 10:26:55
.
2008-02-14 17:54:37 --- E O F ---

AND HERE THE HIJACKTHIS SAYS..........

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:42:07 AM, on 2/15/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Duke\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Adobe PDF Reader Link Helper - {358A14C3-CB2F-4366-9A6C-1AEB63F0B036} - C:\Windows\AcroIEHelper.dll
O2 - BHO: (no name) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [VAIO Center Access Bar] "c:\program files\sony\VAIO Center Access Bar\VCAB.exe" 1
O4 - HKLM\..\Run: [VWLASU] "C:\Program Files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -
O16 - DPF: {9B75502C-BBED-4BBD-8FE2-822E5E0AD32C} (MagicLockOCX Control) - http://www.duunet.com/MagicLockOCX.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\kloehk.dll
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
O23 - Service: QuickBooks Database Manager Service (QBCFMonitorService) - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\stacsv.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 13948 bytes

Member Avatar for crunchie

Thank you for running combofix twice :(. The log from the first run you did would be preferred.
You never followed my instruction regarding running it from the desktop and instead you are running it directly from the compressed folder.
If you cannot follow instructions, then I cannot help you.

==

Member Avatar for dukeassa

sorry for my in-convenience. i downloaded the hijackthis and combofix to the destop and ran them from there. and the following shows what combofix says....

ComboFix 08-02-16.2 - Duke 2008-02-15 18:35:49.3 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.862 [GMT -8:00]
Running from: C:\Users\Duke\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-01-16 to 2008-02-16 )))))))))))))))))))))))))))))))
.

2008-02-14 22:11 . 2008-02-14 22:11 <DIR> d-------- C:\Users\Duke\AppData\Roaming\TrojanHunter
2008-02-14 21:36 . 2008-02-14 21:36 <DIR> d-------- C:\Users\All Users\CheckPoint
2008-02-14 21:36 . 2008-02-14 21:36 <DIR> d-------- C:\ProgramData\CheckPoint
2008-02-14 21:36 . 2008-02-14 21:36 <DIR> d-------- C:\Program Files\Zone Labs
2008-02-14 21:36 . 2008-01-09 03:31 1,086,952 --a------ C:\Windows\System32\zpeng24.dll
2008-02-14 21:36 . 2008-01-09 03:32 276,368 --a------ C:\Windows\System32\drivers\vsdatant.sys
2008-02-14 21:33 . 2008-02-14 21:36 <DIR> d-------- C:\Windows\System32\ZoneLabs
2008-02-14 21:33 . 2008-02-15 15:16 352,614 --ah----- C:\Windows\System32\drivers\vsconfig.xml
2008-02-14 21:21 . 2008-02-15 18:29 <DIR> d-------- C:\Program Files\TrojanHunter 5.0
2008-02-14 20:54 . 2008-02-14 20:56 <DIR> d-------- C:\Users\Duke\AppData\Roaming\ErrorSmart
2008-02-14 20:54 . 2008-02-14 21:11 <DIR> d-------- C:\Program Files\ErrorSmart
2008-02-14 20:17 . 2008-02-14 20:17 <DIR> d-------- C:\Users\Duke\AppData\Roaming\WinPatrol
2008-02-14 11:53 . 2008-02-14 11:53 50 --a------ C:\tmp.bat
2008-02-13 03:07 . 2008-02-13 03:07 194,560 --a------ C:\Windows\System32\WebClnt.dll
2008-02-13 03:07 . 2008-02-13 03:07 110,080 --a------ C:\Windows\System32\drivers\mrxdav.sys
2008-02-13 03:04 . 2008-02-13 03:04 3,504,696 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-02-13 03:04 . 2008-02-13 03:04 3,470,392 --a------ C:\Windows\System32\ntoskrnl.exe
2008-02-13 03:04 . 2008-02-13 03:04 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-02-13 03:04 . 2008-02-13 03:04 109,624 --a------ C:\Windows\System32\drivers\ataport.sys
2008-02-13 03:04 . 2008-02-13 03:04 45,112 --a------ C:\Windows\System32\drivers\pciidex.sys
2008-02-13 03:04 . 2008-02-13 03:04 21,560 --a------ C:\Windows\System32\drivers\atapi.sys
2008-02-13 03:04 . 2008-02-13 03:04 17,464 --a------ C:\Windows\System32\drivers\intelide.sys
2008-02-13 03:03 . 2008-02-13 03:03 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-13 03:03 . 2008-02-13 03:03 1,686,528 --a------ C:\Windows\System32\gameux.dll
2008-02-13 03:03 . 2008-02-13 03:03 806,400 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-02-13 03:03 . 2008-02-13 03:03 217,144 --a------ C:\Windows\System32\drivers\netio.sys
2008-02-13 03:03 . 2008-02-13 03:03 167,424 --a------ C:\Windows\System32\tcpipcfg.dll
2008-02-13 03:03 . 2008-02-13 03:03 24,064 --a------ C:\Windows\System32\netcfg.exe
2008-02-13 03:03 . 2008-02-13 03:03 22,016 --a------ C:\Windows\System32\netiougc.exe
2008-02-09 15:57 . 2008-02-09 15:57 <DIR> d-------- C:\Users\Duke\AppData\Roaming\ESET
2008-02-09 15:56 . 2008-02-09 15:56 <DIR> d-------- C:\Users\All Users\ESET
2008-02-09 15:56 . 2008-02-09 15:56 <DIR> d-------- C:\ProgramData\ESET
2008-02-09 15:56 . 2008-02-09 15:56 <DIR> d-------- C:\Program Files\ESET
2008-02-07 13:26 . 2008-02-07 13:26 <DIR> d-------- C:\Users\Duke\048298C9A4D3490B9FF9AB023A9238F3.TMP
2008-02-05 23:02 . 1999-06-25 10:55 149,504 --a------ C:\Windows\UNWISE.EXE
2008-01-28 20:56 . 2008-01-28 20:56 <DIR> d-------- C:\Program Files\Common Files\xing shared

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-15 18:25 --------- d-----w C:\Users\Duke\AppData\Roaming\AVG7
2008-02-15 08:36 --------- d-----w C:\Program Files\Steam
2008-02-15 08:34 --------- d-----w C:\Program Files\Common Files\Steam
2008-02-15 05:37 58,368 ----a-w C:\Windows\Internet Logs\xDBCE84.tmp
2008-02-15 05:37 1,269,248 ----a-w C:\Windows\Internet Logs\xDBD069.tmp
2008-02-15 05:32 --------- d-----w C:\Program Files\Babylon
2008-02-13 11:03 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-13 11:03 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-13 11:03 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-13 11:03 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-13 11:01 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-13 11:01 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-13 11:01 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-13 11:01 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-12 07:25 --------- d-----w C:\Users\Duke\AppData\Roaming\Corel
2008-02-07 21:34 --------- d-----w C:\Program Files\Warcraft III
2008-02-06 18:44 --------- d-----w C:\ProgramData\Symantec
2008-02-06 18:44 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-02 10:12 3,452 --sha-w C:\Windows\System32\KGyGaAvL.sys
2008-01-29 04:56 --------- d-----w C:\Program Files\Real
2008-01-29 04:56 --------- d-----w C:\Program Files\Common Files\Real
2008-01-27 21:22 --------- d-----w C:\Users\Duke\AppData\Roaming\LimeWire
2008-01-09 10:00 --------- d-----w C:\Program Files\Windows Sidebar
2008-01-09 10:00 --------- d-----w C:\Program Files\Windows Mail
2008-01-09 05:50 --------- d-----w C:\Program Files\BearShare Applications
2008-01-09 00:00 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-01-09 00:00 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-01-09 00:00 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-01-08 04:25 --------- d-----w C:\Users\Duke\AppData\Roaming\BearShare
2008-01-03 04:56 --------- d-----w C:\ProgramData\InstallShield
2008-01-03 04:56 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-01-03 04:52 --------- d-----w C:\ProgramData\Corel
2008-01-03 04:52 --------- d-----w C:\Program Files\Corel
2008-01-03 04:52 --------- d-----w C:\Program Files\Common Files\Protexis
2008-01-03 04:52 --------- d-----w C:\Program Files\Common Files\Corel
2008-01-02 22:06 --------- d-----w C:\ProgramData\Skype
2008-01-02 22:06 --------- d-----w C:\Program Files\Skype
2008-01-02 21:57 --------- d-----w C:\Program Files\Common Files\Pointstone
2008-01-02 21:53 --------- d-----w C:\Program Files\Pointstone
2008-01-02 02:55 --------- d-----w C:\Users\Duke\AppData\Roaming\Roxio
2008-01-02 02:51 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-02 02:51 --------- d-----w C:\Program Files\Sony
2008-01-02 02:41 --------- d-----w C:\Users\Duke\AppData\Roaming\Sony Corporation
2008-01-02 01:01 --------- d-----w C:\Program Files\intel
2008-01-01 22:32 --------- d-----w C:\Users\Duke\AppData\Roaming\Pointstone
2008-01-01 22:03 32 ----a-w C:\Users\All Users\ezsid.dat
2008-01-01 22:03 32 ----a-w C:\ProgramData\ezsid.dat
2008-01-01 22:03 --------- d-----w C:\Users\Duke\AppData\Roaming\skypePM
2007-12-31 20:53 --------- d-----w C:\Program Files\Common Files\Skype
2007-12-31 19:57 --------- d-----w C:\Users\Duke\AppData\Roaming\WebCallDirect
2007-12-31 06:50 --------- d-----w C:\Users\Duke\AppData\Roaming\Ventrilo
2007-12-31 06:49 --------- d-----w C:\Program Files\Ventrilo
2007-12-31 06:48 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-12-29 00:55 --------- d-----w C:\ProgramData\Yahoo! Companion
2007-12-29 00:54 --------- d-----w C:\Program Files\Veoh Networks
2007-12-28 21:47 --------- d-----w C:\ProgramData\Yahoo!
2007-12-28 21:41 --------- d-----w C:\Users\Duke\AppData\Roaming\Yahoo!
2007-12-25 03:58 --------- d-----w C:\Program Files\Java
2007-12-23 10:39 126,976 ----a-w C:\Windows\War3Unin.exe
2007-12-23 05:17 --------- d-----w C:\Program Files\Smart Projects
2007-12-22 23:15 --------- d-----w C:\ProgramData\avg7
2007-12-22 23:11 9,216 ----a-w C:\Windows\System32\avgwlntf.dll
2007-12-22 23:11 55,304 ----a-w C:\Windows\system32\drivers\avgwfp.sys
2007-12-22 23:11 --------- d-----w C:\ProgramData\Grisoft
2007-12-22 22:00 --------- d-----w C:\Program Files\FDRLab
2007-12-21 16:21 71,176 ----a-w C:\Windows\system32\drivers\epfw.sys
2007-12-21 16:21 53,768 ----a-w C:\Windows\system32\drivers\epfwtdi.sys
2007-12-21 16:21 30,728 ----a-w C:\Windows\system32\drivers\epfwndis.sys
2007-12-21 16:20 30,216 ----a-w C:\Windows\system32\drivers\easdrv.sys
2007-12-21 16:19 39,944 ----a-w C:\Windows\system32\drivers\eamon.sys
2007-12-18 23:47 --------- d-----w C:\Program Files\LimeWire
2007-12-18 23:31 --------- d-----w C:\Users\Duke\AppData\Roaming\DivX
2007-12-12 07:35 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2007-12-12 07:34 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2007-12-12 07:34 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2007-12-07 08:31 174 --sha-w C:\Program Files\desktop.ini
2007-12-07 06:38 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2007-12-07 06:38 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2007-12-07 06:38 542,720 ----a-w C:\Windows\System32\sysmain.dll
2007-12-07 06:38 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2007-12-07 06:38 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2007-12-07 06:38 297,984 ----a-w C:\Windows\System32\wlansec.dll
2007-12-07 06:38 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2007-12-07 06:38 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2007-12-07 06:38 2,923,520 ----a-w C:\Windows\explorer.exe
2007-12-07 06:38 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2007-12-07 06:35 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2007-12-07 06:35 7,680 ----a-w C:\Windows\System32\spwmp.dll
2007-12-07 06:35 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2007-12-07 06:35 374,456 ----a-w C:\Windows\System32\mcupdate_GenuineIntel.dll
2007-12-07 06:35 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2007-12-07 06:34 86,016 ----a-w C:\Windows\System32\icfupgd.dll
2007-12-07 06:34 61,952 ----a-w C:\Windows\System32\cmifw.dll
2007-12-07 06:34 396,800 ----a-w C:\Windows\System32\MPSSVC.dll
2007-12-07 06:34 392,192 ----a-w C:\Windows\System32\FirewallAPI.dll
2007-12-07 06:34 178,688 ----a-w C:\Windows\System32\iphlpsvc.dll
2007-12-07 06:34 16,896 ----a-w C:\Windows\System32\wfapigp.dll
2007-12-07 06:34 1,191,936 ----a-w C:\Windows\System32\msxml3.dll
2007-12-07 06:31 57,856 ----a-w C:\Windows\System32\SLUINotify.dll
2007-12-07 06:31 566,784 ----a-w C:\Windows\System32\SLCommDlg.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{358A14C3-CB2F-4366-9A6C-1AEB63F0B036}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-08 16:00 1232896]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-01-30 13:11 3497984]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 16:15 221184]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 04:36 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-08-01 18:54 1006264]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-06-29 04:57 137752]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-06-29 04:56 154136]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2007-06-29 04:56 133656]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2007-06-08 04:35 118784]
"ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [2007-06-11 17:27 317560]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"VAIO Center Access Bar"="c:\program files\sony\VAIO Center Access Bar\VCAB.exe" [2007-06-21 15:54 53248]
"VWLASU"="C:\Program Files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe" [2007-07-12 10:31 45056]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 19:54 623992]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-22 15:11 579072]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 16:15 81920]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-01-28 20:55 185896]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2007-12-21 08:21 1443072]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-01-09 03:31 959976]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-12-22 15:11 219136]

C:\Users\Duke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 19:24:54 98632]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-06-22 09:55:32 739880]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2007-03-01 02:55:18 972320]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 2007-12-22 15:11 9216 C:\Windows\System32\avgwlntf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
VESWinlogon.dll 2007-07-24 18:26 98304 C:\Windows\System32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\kloehk.dll

R2 regi;regi;C:\Windows\system32\drivers\regi.sys [2007-04-17 19:09]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-08-01 08:54]
R3 AvgWFP;AVG7 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfp.sys [2007-12-22 15:11]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-06-29 04:56]
R3 NETw4v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit;C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-06-30 03:04]
R3 R5U870FLx86;R5U870 UVC Lower Filter ;C:\Windows\system32\Drivers\R5U870FLx86.sys [2007-06-27 04:13]
R3 R5U870FUx86;R5U870 UVC Upper Filter ;C:\Windows\system32\Drivers\R5U870FUx86.sys [2007-06-27 04:13]
R3 SonyImgF;Sony Image Conversion Filter Driver;C:\Windows\system32\DRIVERS\SonyImgF.sys [2007-04-05 05:06]
R3 ti21sony;ti21sony;C:\Windows\system32\drivers\ti21sony.sys [2007-06-05 04:17]
S3 btwaudio;Bluetooth Audio Device Service;C:\Windows\system32\drivers\btwaudio.sys [2007-07-02 06:10]
S3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [2007-07-02 06:10]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys [2007-07-02 06:09]
S3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2007-07-02 06:10]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-02-14 17:17]
S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe [2007-01-10 15:51]
S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);"C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-UCLS-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" []
S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-06-20 14:34]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;"C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe" [2007-07-13 09:55]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;"C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe" [2007-07-05 16:43]
S3 wampapache;wampapache;"c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe" [2007-09-05 08:59]
S3 wampmysqld;wampmysqld;c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe wampmysqld []
S3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-05-18 05:19]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{142308f2-a487-11dc-9ec0-001a804a5e37}]
\shell\Auto\command - boot.exe
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL boot.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7d066e7a-ca1a-11dc-abb3-001a804a5e37}]
\shell\AutoRun\command - G:\ntde1ect.com
\shell\explore\Command - G:\ntde1ect.com
\shell\open\Command - G:\ntde1ect.com

.
Contents of the 'Scheduled Tasks' folder
"2008-02-15 05:40:27 C:\Windows\Tasks\ErrorSmart Scheduled Scan.job"
- C:\Program Files\ErrorSmart\ErrorSmart.ex
- C:\Program Files\ErrorSmart
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-15 18:38:10
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-15 18:38:45
ComboFix-quarantined-files.txt 2008-02-16 02:38:43
ComboFix2.txt 2008-02-15 10:26:55
.
2008-02-14 17:54:37 --- E O F ---


this is from hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:44:19 PM, on 2/15/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe
C:\Windows\Explorer.exe
C:\Users\Duke\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Adobe PDF Reader Link Helper - {358A14C3-CB2F-4366-9A6C-1AEB63F0B036} - (no file)
O2 - BHO: (no name) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [VAIO Center Access Bar] "c:\program files\sony\VAIO Center Access Bar\VCAB.exe" 1
O4 - HKLM\..\Run: [VWLASU] "C:\Program Files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -
O16 - DPF: {9B75502C-BBED-4BBD-8FE2-822E5E0AD32C} (MagicLockOCX Control) - http://www.duunet.com/MagicLockOCX.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\kloehk.dll
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
O23 - Service: QuickBooks Database Manager Service (QBCFMonitorService) - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\stacsv.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 13050 bytes

Member Avatar for crunchie

You only need one AV. Two will create conflictions on your pc. NOD32 is hands down better than AVG. If you have a paid up prescription for it, then get rid of AVG.

==

Please go to Jotti's or to virustotal and have this file scanned. Post the results back here.

C:\Windows\System32\ntoskrnl.exe

==

Can you please do the following.

===============

Can you disable Windows Defender as it may interfere with the removal process. Please leave it disabled until your PC has been given the all clear.

  • Open Windows Defender
  • Click Tools
  • Click General Settings
  • Scroll down to Real Time Protection Options
  • Uncheck Turn on Real Time Protection (recommended)
  • After you uncheck this, click on the Save button
  • Close Windows Defender

===============

Scan with HijackThis and then place a check next to all the following, if present:


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {358A14C3-CB2F-4366-9A6C-1AEB63F0B036} - (no file)
O2 - BHO: (no name) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - (no file)

O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - (no file)

O13 - Gopher Prefix:


Now, close all instances of Internet Explorer and any other windows you have open except HiJackThis, click "Fix checked".

===============

After rebooting, rescan with hijackthis and post back a new log. Please let me know how your pc is now.

Member Avatar for dukeassa

it's very ridiculous. i didn't even fix anything through combofix or hijackthis,

or any other soft on my pc. but when i got back home and turned on my laptop. the

window is not coming up anymore. but anyways, i did what you told me. by the way,
both nod32 and avg are free trial versions. and i'm getting rid of avg according

to your advise.

--------------
this is what virusscan.jotti.org says....

Scanner results
Scan taken on 16 Feb 2008 03:55:16 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found Heur.W32
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Rising Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing

-----------------------------

hijackthis fixed all what you asked and when rescaning shows the following.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:27:29 PM, on 2/15/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe
C:\Users\Duke\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://www.sony.com/vaiopeople
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -

C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} -

C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -

C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Adobe PDF Reader Link Helper - {358A14C3-CB2F-4366-9A6C-1AEB63F0B036} -

(no file)
O2 - BHO: (no name) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program

Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-

0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program

Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -

C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe

-hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03

\bin\jusched.exe"
O4 - HKLM\..\Run: [VAIO Center Access Bar] "c:\program files\sony\VAIO Center

Access Bar\VCAB.exe" 1
O4 - HKLM\..\Run: [VWLASU] "C:\Program Files\Sony\VAIO PC Wireless LAN

Wizard\AutoLaunchWLASU.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0

\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common

Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common

Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe"

/hide /waitservice
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader

8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone

Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe"

/VeohHide
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1

\ISUSPM.exe -startup
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE

(User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE

(User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program

Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common

Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program

Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program

Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF -

res://C:\Program Files\Adobe\Acrobat 8.0

\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF -

res://C:\Program Files\Adobe\Acrobat 8.0

\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF -

res://C:\Program Files\Adobe\Acrobat 8.0

\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program

Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF -

res://C:\Program Files\Adobe\Acrobat 8.0

\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program

Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1

\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-

00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} -

C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-

5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - (no

file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} -

C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-

5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -
O16 - DPF: {9B75502C-BBED-4BBD-8FE2-822E5E0AD32C} (MagicLockOCX Control) -

http://www.duunet.com/MagicLockOCX.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1

\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\kloehk.dll
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1

\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1

\Grisoft\AVG7\avgemc.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET

Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart

Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program

Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation -

C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common

Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony

Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony

Shared\AVLib\PACSPTISVR.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Program Files\Common

Files\Protexis\License Service\PSIService.exe
O23 - Service: QuickBooks Database Manager Service (QBCFMonitorService) - Intuit

- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program

Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program

Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. -

C:\Windows\system32\stacsv.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common

Files\Steam\SteamService.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony

Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment

Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO

Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-

AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated

Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-

IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media

Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-

IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media

Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) -

Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated

Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) -

Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP)

- Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated

Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP)

- Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated

Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) -

Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing

Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony

Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation -

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment

Platform\VCSW\VCSW.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software

Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation

- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment

Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation -

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment

Platform\VzCdb\VzFw.exe
O23 - Service: wampapache - Apache Software Foundation -

c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.45

\bin\mysqld-nt.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32

\DRIVERS\xaudio.exe

--
End of file - 12894 bytes

Member Avatar for crunchie

Whatever you did changed the formatting of the log. Compare it to the first one you posted.
As far as I can tell, your log is clean.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.