I had a problem a couple weeks back and posted on here. I never followed up though because as I was reading through here I thought I figured it out and got it all fixed. Well recently my computer started acting up again and I am starting to think that it might have something to do with my previous problem.

My computer is running very slowly and recently I was getting pop ups. It was also freezing up a lot. Here are the logs

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:49:19 PM, on 10/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Sony\VAIO Event Service\VESMgr.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe C:\Program Files\Sony\ISB Utility\ISBMgr.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SUPERAntiSpyware\da9adcdf-9bc8-48ad-8b47-b83d9f54c87f.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 168.94.74.68:8080 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O1 - Hosts: ::1 localhost O1 - Hosts: 209.44.111.57 antivguardian.com O1 - Hosts: 209.44.111.57 www.antivguardian.com O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.7.2.11\IPSBHO.DLL O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll O3 - Toolbar: (no name) - {3BA0B600-4B38-43E5-B104-C6CCF4FA4E29} - (no file) O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Switcher.exe] "C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe" O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe" O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe" O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\da9adcdf-9bc8-48ad-8b47-b83d9f54c87f.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Transfer by Image Converter 2 - C:\Program Files\Sony\Image Converter 2\menu.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab O16 - DPF: {2E12FB00-546B-4EE3-9CC2-057BF02E1C17} (Webshots Multiple Media Uploader - Container) - http://community.webshots.com/html/atx/wsaxcontrol.cab O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1123171086250 O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1229171027328 O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by101fd.bay101.hotmail.msn.com/activex/HMAtchmt.ocx O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll O20 - AppInit_DLLs: pikedahu.dll c:\windows\system32\jiwirido.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe O23 - Service: VAIO Entertainment Task Scheduler - Sony Corporation - C:\Program Files\Sony\vaio entertainment\VzTaskScheduler.exe O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- End of file - 14459 bytes Malwarebytes' Anti-Malware 1.41 Database version: 2949 Windows 5.1.2600 Service Pack 3 10/12/2009 7:31:40 PM mbam-log-2009-10-12 (19-31-40).txt Scan type: Quick Scan Objects scanned: 108350 Time elapsed: 20 minute(s), 45 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 1 Registry Data Items Infected: 1 Folders Infected: 1 Files Infected: 5 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hayudekom (Trojan.Vundo.H) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: C:\Documents and Settings\All Users\Application Data\44545022 (Rogue.Multiple) -> Quarantined and deleted successfully. Files Infected: C:\WINDOWS\system32\vonomona.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\WINDOWS\system32\vopuvemi.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\WINDOWS\system32\vubebiye.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\WINDOWS\system32\bazoveza.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\WINDOWS\system32\jihaketi.exe (Trojan.Dropper) -> Quarantined and deleted successfully. I do not know if I should do anything with the HJT scan. Should I tell it to fix those things or not? How should I proceed with my computer? Thanks in advance 4 Contributors 40 Replies 41 Views 8 Years Discussion Span Last Post by PhilliePhan Hmm, no responses. I guess I should also mention that I am using Windows XP. My comp will now restart on its own, but when it comes back up it has some kind of "protection" like Security tool or WPP Hmm, no responses. Sorry - It happens. We are all volunteers with real lives to worry about + most support forums are overwhelmed with requests for help these days..... Let's just cut to the quick and do this: If you already have Combofix on your machine, DELETE it. Then follow the instructions in the link below to download a fresh copy of Combofix and run it: http://www.bleepingcomputer.com/combofix/how-to-use-combofix What I want you to do, though, is this: When you download it and it asks you to "Save File As," rename combofix to Combo-Fix and then download it to your Desktop as that and follow the instructions in the linky very carefully to run it and then post the combofix log for me. Be sure to install Recovery Console (if you are able to do so) and disable any other security programs or Anti-Virus programs as per the linky before running Combofix! Post me the log and we'll see where it leads us. Cheers :) PP Here is the Combo-Fix log. Thanks for helping PP ComboFix 09-10-15.01 - User 10/15/2009 17:38.2.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.249 [GMT -4:00] Running from: c:\documents and settings\User\Desktop\Combo-Fix.exe AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Previous Run ------- . c:\documents and settings\All Users\Application Data\lydiqoruky.ban c:\documents and settings\All Users\Application Data\obosecajy.dll c:\documents and settings\All Users\Application Data\tasit.ban c:\documents and settings\All Users\Application Data\xyda.bin c:\documents and settings\All Users\Documents\gasedap.vbs c:\documents and settings\All Users\Documents\orodofe.sys c:\documents and settings\All Users\Documents\satyhu.com c:\documents and settings\User\Application Data\boci._dl c:\documents and settings\User\Application Data\iniasd.txt c:\documents and settings\User\Application Data\juligeku.dl c:\documents and settings\User\Local Settings\Temporary Internet Files\hyqifati.com c:\documents and settings\User\Local Settings\Temporary Internet Files\mowa.sys c:\program files\Common Files\aragekosik._sy c:\windows\Installer\100fd1.msp c:\windows\Installer\105462c5.msp c:\windows\Installer\10b25dea.msp c:\windows\Installer\10fb799d.msp c:\windows\Installer\1107e1e.msp c:\windows\Installer\110f5af.msp c:\windows\Installer\1124762a.msp c:\windows\Installer\112c2c78.msp c:\windows\Installer\117b5e56.msp c:\windows\Installer\11808ec4.msp c:\windows\Installer\1180c2d4.msp c:\windows\Installer\1181a861.msp c:\windows\Installer\11832a7d.msp c:\windows\Installer\11910fae.msp c:\windows\Installer\11d6f694.msp c:\windows\Installer\11d7bef4.msp c:\windows\Installer\11de18.msp c:\windows\Installer\1242fea5.msp c:\windows\Installer\126c5a1b.msp c:\windows\Installer\12a7bbf3.msp c:\windows\Installer\1302942d.msp c:\windows\Installer\132b766c.msp c:\windows\Installer\138c8c5e.msp c:\windows\Installer\13b2137c.msp c:\windows\Installer\13cb4c07.msp c:\windows\Installer\13e02b98.msp c:\windows\Installer\13e29bdc.msp c:\windows\Installer\144ff729.msp c:\windows\Installer\148f7281.msp c:\windows\Installer\14904b9b.msp c:\windows\Installer\1490cd4e.msp c:\windows\Installer\1491ab89.msp c:\windows\Installer\14926a06.msp c:\windows\Installer\1522f93a.msp c:\windows\Installer\157ac983.msp c:\windows\Installer\1621e7cd.msp c:\windows\Installer\16a6ad8c.msp c:\windows\Installer\16a74c0e.msp c:\windows\Installer\16a8d917.msp c:\windows\Installer\16a99041.msp c:\windows\Installer\16b7b6a1.msp c:\windows\Installer\16fe01ee.msp c:\windows\Installer\17445b2.msp c:\windows\Installer\1769c361.msp c:\windows\Installer\179310fd.msp c:\windows\Installer\179a222.msp c:\windows\Installer\17cd6cfe.msp c:\windows\Installer\17fcbc.msp c:\windows\Installer\182963e6.msp c:\windows\Installer\183ce80.msp c:\windows\Installer\1851a6f7.msp c:\windows\Installer\1886a8e.msp c:\windows\Installer\18b2d071.msp c:\windows\Installer\18d89b9c.msp c:\windows\Installer\18e3e3ac.msp c:\windows\Installer\18f21036.msp c:\windows\Installer\1909acc5.msp c:\windows\Installer\197438b5.msp c:\windows\Installer\198882a.msp c:\windows\Installer\1988867.msp c:\windows\Installer\1994cf1.msp c:\windows\Installer\199ce2.msp c:\windows\Installer\19b698b6.msp c:\windows\Installer\19b7056b.msp c:\windows\Installer\19b893db.msp c:\windows\Installer\1a49552a.msp c:\windows\Installer\1aa1368b.msp c:\windows\Installer\1b4849f7.msp c:\windows\Installer\1bcda7fe.msp c:\windows\Installer\1bcdca6b.msp c:\windows\Installer\1bd063e2.msp c:\windows\Installer\1c21de58.msp c:\windows\Installer\1c24632e.msp c:\windows\Installer\1c4badd.msp c:\windows\Installer\1c579a9.msp c:\windows\Installer\1c7ca7e.msp c:\windows\Installer\1c8fa8ca.msp c:\windows\Installer\1cc011b.msp c:\windows\Installer\1cf3e04e.msp c:\windows\Installer\1d90aa.msp c:\windows\Installer\1e18225c.msp c:\windows\Installer\1e31a416.msp c:\windows\Installer\1e40b48.msp c:\windows\Installer\1e51f87.msp c:\windows\Installer\1e6a2d2b.msp c:\windows\Installer\1edd1212.msp c:\windows\Installer\1edd635f.msp c:\windows\Installer\1ede8f4c.msp c:\windows\Installer\1edf363a.msp c:\windows\Installer\1f6fe2d9.msp c:\windows\Installer\1f85c3.msp c:\windows\Installer\1fb1fb52.msp c:\windows\Installer\1fc7950b.msp c:\windows\Installer\20090cc.msp c:\windows\Installer\206eada8.msp c:\windows\Installer\20d54bd.msp c:\windows\Installer\20d8a816.msp c:\windows\Installer\20d8ac1.msp c:\windows\Installer\20e4c3d.msp c:\windows\Installer\20ee6c2b.msp c:\windows\Installer\20f38a1b.msp c:\windows\Installer\20f452da.msp c:\windows\Installer\20f68e91.msp c:\windows\Installer\20ff818.msp c:\windows\Installer\210aa4d7.msp c:\windows\Installer\2119a03.msp c:\windows\Installer\21485f35.msp c:\windows\Installer\214ad314.msp c:\windows\Installer\21b673a1.msp c:\windows\Installer\21e12c0.msp c:\windows\Installer\2208580b.msp c:\windows\Installer\221a3f1d.msp c:\windows\Installer\23251a3d.msp c:\windows\Installer\2355ad1d.msp c:\windows\Installer\2373ae0.msp c:\windows\Installer\2373b1d.msp c:\windows\Installer\23a02f26.msp c:\windows\Installer\2403213a.msp c:\windows\Installer\240332bf.msp c:\windows\Installer\2404c759.msp c:\windows\Installer\248a484.msp c:\windows\Installer\24eea99d.msp c:\windows\Installer\2524cfeb.msp c:\windows\Installer\25953dd7.msp c:\windows\Installer\2614ceb3.msp c:\windows\Installer\261a3600.msp c:\windows\Installer\261b501b.msp c:\windows\Installer\261d515a.msp c:\windows\Installer\263c75b.msp c:\windows\Installer\264a4da.msp c:\windows\Installer\266ed15d.msp c:\windows\Installer\2740ef77.msp c:\windows\Installer\279de3da.msp c:\windows\Installer\27c5ee3.msp c:\windows\Installer\284b9c24.msp c:\windows\Installer\287bd57a.msp c:\windows\Installer\28b5872.msp c:\windows\Installer\2929752c.msp c:\windows\Installer\292a15c1.msp c:\windows\Installer\292b712b.msp c:\windows\Installer\2961caae.msp c:\windows\Installer\2b40facc.msp c:\windows\Installer\2b422ded.msp c:\windows\Installer\2b432d1e.msp c:\windows\Installer\2b6127e.msp c:\windows\Installer\2b67bf6.msp c:\windows\Installer\2b82b6ec.msp c:\windows\Installer\2b94d3d3.msp c:\windows\Installer\2cc4100f.msp c:\windows\Installer\2d05ab4.msp c:\windows\Installer\2d71df3d.msp c:\windows\Installer\2da25399.msp c:\windows\Installer\2e2a36e.msp c:\windows\Installer\2e2a3ab.msp c:\windows\Installer\2e2a3e8.msp c:\windows\Installer\2e4fde6a.msp c:\windows\Installer\2e5071f0.msp c:\windows\Installer\2e54c01c.msp c:\windows\Installer\2f719588.msp c:\windows\Installer\2f915a5.msp c:\windows\Installer\30673078.msp c:\windows\Installer\30bb3ded.msp c:\windows\Installer\30e7a64.msp c:\windows\Installer\30f751f.msp c:\windows\Installer\31eaa715.msp c:\windows\Installer\32284b3.msp c:\windows\Installer\32c8fc71.msp c:\windows\Installer\3340ab9.msp c:\windows\Installer\3376514e.msp c:\windows\Installer\3376d0af.msp c:\windows\Installer\33783f91.msp c:\windows\Installer\342be65.msp c:\windows\Installer\358d79fa.msp c:\windows\Installer\35d302c.msp c:\windows\Installer\35e19e81.msp c:\windows\Installer\35fb4c7a.msp c:\windows\Installer\361ce5c.msp c:\windows\Installer\372a66f.msp c:\windows\Installer\37ef8b87.msp c:\windows\Installer\389c966a.msp c:\windows\Installer\389cf498.msp c:\windows\Installer\389f6c7d.msp c:\windows\Installer\38d5e95.msp c:\windows\Installer\38e6799.msp c:\windows\Installer\38f736b.msp c:\windows\Installer\391c23d.msp c:\windows\Installer\392ca47.msp c:\windows\Installer\394501c.msp c:\windows\Installer\39ebcdd8.msp c:\windows\Installer\39f7542.msp c:\windows\Installer\3ab3fe13.msp c:\windows\Installer\3afa8ee5.msp c:\windows\Installer\3b0829ce.msp c:\windows\Installer\3b25688f.msp c:\windows\Installer\3b812e5.msp c:\windows\Installer\3c0a1.msp c:\windows\Installer\3ce561a7.msp c:\windows\Installer\3d159c26.msp c:\windows\Installer\3dc30595.msp c:\windows\Installer\3dc409a7.msp c:\windows\Installer\3dcff0b.msp c:\windows\Installer\3dd317e6.msp c:\windows\Installer\3e70ae.msp c:\windows\Installer\3ee4d8f4.msp c:\windows\Installer\3fdb7fd6.msp c:\windows\Installer\402e7a54.msp c:\windows\Installer\41985bc.msp c:\windows\Installer\420ba4fe.msp c:\windows\Installer\4218094.msp c:\windows\Installer\423bf70d.msp c:\windows\Installer\42e9d0aa.msp c:\windows\Installer\42f12fdf.msp c:\windows\Installer\438d5497.msp c:\windows\Installer\43f2812.msp c:\windows\Installer\440b01a0.msp c:\windows\Installer\4444d96c.msp c:\windows\Installer\445a5434.msp c:\windows\Installer\44b55f26.msp c:\windows\Installer\45009f3f.msp c:\windows\Installer\457d92d.msp c:\windows\Installer\4582ccc.msp c:\windows\Installer\4596fcb.msp c:\windows\Installer\46d070d.msp c:\windows\Installer\46f12fa.msp c:\windows\Installer\46f7c53.msp c:\windows\Installer\4731f277.msp c:\windows\Installer\47625ec5.msp c:\windows\Installer\4778e.msp c:\windows\Installer\480fb4cb.msp c:\windows\Installer\481009ff.msp c:\windows\Installer\49317bf5.msp c:\windows\Installer\4a272e27.msp c:\windows\Installer\4aaed5e.msp c:\windows\Installer\4c583477.msp c:\windows\Installer\4cf62.msp c:\windows\Installer\4d344a24.msp c:\windows\Installer\4d357e4f.msp c:\windows\Installer\4e57ba8a.msp c:\windows\Installer\4f78c72f.msp c:\windows\Installer\50e77e9.msp c:\windows\Installer\519b22d.msp c:\windows\Installer\51acf17.msp c:\windows\Installer\51b5e09.msp c:\windows\Installer\51d1463.msp c:\windows\Installer\51d45f3.msp c:\windows\Installer\51dfc81.msp c:\windows\Installer\51eadb1.msp c:\windows\Installer\525c9f64.msp c:\windows\Installer\5473b478.msp c:\windows\Installer\549f7a67.msp c:\windows\Installer\55060c17.msp c:\windows\Installer\56019.msp c:\windows\Installer\5601a.msp c:\windows\Installer\578213d2.msp c:\windows\Installer\58f50fcf.msp c:\windows\Installer\599a37f5.msp c:\windows\Installer\59c5b93a.msp c:\windows\Installer\59ca2c73.msp c:\windows\Installer\5afbdad.msp c:\windows\Installer\5b2899e.msp c:\windows\Installer\5bcb0.msp c:\windows\Installer\5dca9986.msp c:\windows\Installer\5ec07dfc.msp c:\windows\Installer\5eed0b62.msp c:\windows\Installer\60044e9.msp c:\windows\Installer\632c5fd.msp c:\windows\Installer\63e6d49d.msp c:\windows\Installer\6413fdf4.msp c:\windows\Installer\690d7c0e.msp c:\windows\Installer\693a9596.msp c:\windows\Installer\69ab653.msp c:\windows\Installer\6b06ea1.msp c:\windows\Installer\6bfceaa.msp c:\windows\Installer\6d07b650.msp c:\windows\Installer\6e33f673.msp c:\windows\Installer\6e60ebd9.msp c:\windows\Installer\6ea8f00.msp c:\windows\Installer\6ebe1af.msp c:\windows\Installer\6ef042c.msp c:\windows\Installer\6f069b8.msp c:\windows\Installer\70a513f.msp c:\windows\Installer\728d3.msp c:\windows\Installer\72e932b.msp c:\windows\Installer\733b958.msp c:\windows\Installer\733fb92.msp c:\windows\Installer\7349820.msp c:\windows\Installer\735a9911.msp c:\windows\Installer\736758a.msp c:\windows\Installer\73872f21.msp c:\windows\Installer\7446c01.msp c:\windows\Installer\746da.msp c:\windows\Installer\76b8141.msp c:\windows\Installer\78a209c.msp c:\windows\Installer\78abf1e.msp c:\windows\Installer\78adc898.msp c:\windows\Installer\7a29da7.msp c:\windows\Installer\7a2ef32.msp c:\windows\Installer\7d85c.msp c:\windows\Installer\7f62fc1.msp c:\windows\Installer\80c5d.msp c:\windows\Installer\80ea50c.msp c:\windows\Installer\81f8702.msp c:\windows\Installer\83519f5.msp c:\windows\Installer\83b1d.msp c:\windows\Installer\8490979.msp c:\windows\Installer\85a514d.msp c:\windows\Installer\869263c.msp c:\windows\Installer\88362ab.msp c:\windows\Installer\890ee.msp c:\windows\Installer\89671c.msp c:\windows\Installer\8b581e8.msp c:\windows\Installer\8b68a7e.msp c:\windows\Installer\8ba34d9.msp c:\windows\Installer\8c359d.msp c:\windows\Installer\8de73d7.msp c:\windows\Installer\9033c58.msp c:\windows\Installer\90786.msp c:\windows\Installer\93f89f7.msp c:\windows\Installer\94794cd.msp c:\windows\Installer\9654b20.msp c:\windows\Installer\97f683f.msp c:\windows\Installer\9866a.msp c:\windows\Installer\9936649.msp c:\windows\Installer\9955cba.msp c:\windows\Installer\995c558.msp c:\windows\Installer\9d7e5.msp c:\windows\Installer\9dd168b.msp c:\windows\Installer\9ed6be1.msp c:\windows\Installer\a41ba09.msp c:\windows\Installer\a435be1.msp c:\windows\Installer\a43a3f6.msp c:\windows\Installer\a44eafd.msp c:\windows\Installer\a468f66.msp c:\windows\Installer\a4a37.msp c:\windows\Installer\a9b35.msp c:\windows\Installer\a9bb9b5.msp c:\windows\Installer\aa509.msp c:\windows\Installer\ad628c0.msp c:\windows\Installer\ae6efeb.msp c:\windows\Installer\ae6f028.msp c:\windows\Installer\bc301b0.msp c:\windows\Installer\bd51a41.msp c:\windows\Installer\bf16f.msp c:\windows\Installer\c10447f.msp c:\windows\Installer\c10b79b.msp c:\windows\Installer\c123a92.msp c:\windows\Installer\c154292.msp c:\windows\Installer\c312d2d.msp c:\windows\Installer\c552520.msp c:\windows\Installer\c5a609a.msp c:\windows\Installer\c5af103.msp c:\windows\Installer\c5b85b1.msp c:\windows\Installer\c5cb632.msp c:\windows\Installer\c6ac755.msp c:\windows\Installer\c85217d.msp c:\windows\Installer\c9c3fa.msp c:\windows\Installer\cb08026.msp c:\windows\Installer\cb11a82.msp c:\windows\Installer\cc345.msp c:\windows\Installer\cc99654.msp c:\windows\Installer\d1ca1ca.msp c:\windows\Installer\d37d9.msp c:\windows\Installer\d45ff63.msp c:\windows\Installer\d5b6cec.msp c:\windows\Installer\d80e823.msp c:\windows\Installer\da3fb4.msp c:\windows\Installer\da9cad0.msp c:\windows\Installer\ddd97dc.msp c:\windows\Installer\e04c99d.msp c:\windows\Installer\e1364c.msp c:\windows\Installer\e172d.msp c:\windows\Installer\e29c91c.msp c:\windows\Installer\e57ef.msp c:\windows\Installer\e5928.msp c:\windows\Installer\e660101.msp c:\windows\Installer\e8baf8c.msp c:\windows\Installer\e98f0.msp c:\windows\Installer\ea4e5e5.msp c:\windows\Installer\eb9d005.msp c:\windows\Installer\ebbde92.msp c:\windows\Installer\ebc5662.msp c:\windows\Installer\eeaf8.msp c:\windows\Installer\f1f9df8.msp c:\windows\Installer\f683e03.msp c:\windows\Installer\f69c03e.msp c:\windows\Installer\f6aa5cc.msp c:\windows\Installer\f6b38f3.msp c:\windows\Installer\f6b6785.msp c:\windows\Installer\ffcea12.msp c:\windows\qikihykoxo.ban c:\windows\sajyridyw.inf c:\windows\setup.exe c:\windows\system32\_003052_.tmp.dll c:\windows\system32\_003053_.tmp.dll c:\windows\system32\_003054_.tmp.dll c:\windows\system32\_003055_.tmp.dll c:\windows\system32\_003062_.tmp.dll c:\windows\system32\_003063_.tmp.dll c:\windows\system32\_003064_.tmp.dll c:\windows\system32\_003065_.tmp.dll c:\windows\system32\_003067_.tmp.dll c:\windows\system32\_003068_.tmp.dll c:\windows\system32\_003071_.tmp.dll c:\windows\system32\_003072_.tmp.dll c:\windows\system32\_003074_.tmp.dll c:\windows\system32\_003075_.tmp.dll c:\windows\system32\_003076_.tmp.dll c:\windows\system32\_003078_.tmp.dll c:\windows\system32\_003079_.tmp.dll c:\windows\system32\_003081_.tmp.dll c:\windows\system32\_003082_.tmp.dll c:\windows\system32\_003086_.tmp.dll c:\windows\system32\_003087_.tmp.dll c:\windows\system32\_003089_.tmp.dll c:\windows\system32\_003091_.tmp.dll c:\windows\system32\_003092_.tmp.dll c:\windows\system32\_003094_.tmp.dll c:\windows\system32\_003095_.tmp.dll c:\windows\system32\_003096_.tmp.dll c:\windows\system32\_003097_.tmp.dll c:\windows\system32\_003098_.tmp.dll c:\windows\system32\_003101_.tmp.dll c:\windows\system32\_003102_.tmp.dll c:\windows\system32\_003103_.tmp.dll c:\windows\system32\_003104_.tmp.dll c:\windows\system32\_003105_.tmp.dll c:\windows\system32\_003110_.tmp.dll c:\windows\system32\_003112_.tmp.dll c:\windows\system32\_003113_.tmp.dll c:\windows\system32\fewudilu.dll c:\windows\system32\genaleleti.inf c:\windows\system32\ghNXyccf.ini c:\windows\system32\ghNXyccf.ini2 c:\windows\system32\images\i1.gif c:\windows\system32\images\i2.gif c:\windows\system32\images\i3.gif c:\windows\system32\images\j1.gif c:\windows\system32\images\j2.gif c:\windows\system32\images\j3.gif c:\windows\system32\images\jj1.gif c:\windows\system32\images\jj2.gif c:\windows\system32\images\jj3.gif c:\windows\system32\images\l1.gif c:\windows\system32\images\l2.gif c:\windows\system32\images\l3.gif c:\windows\system32\images\pix.gif c:\windows\system32\images\t1.gif c:\windows\system32\images\t2.gif c:\windows\system32\images\up1.gif c:\windows\system32\images\up2.gif c:\windows\system32\images\w1.gif c:\windows\system32\images\w11.gif c:\windows\system32\images\w2.gif c:\windows\system32\images\w3.gif c:\windows\system32\images\w3.jpg c:\windows\system32\images\wt1.gif c:\windows\system32\images\wt2.gif c:\windows\system32\images\wt3.gif c:\windows\system32\qawogor.ban c:\windows\udasi.pif -- Previous Run -- c:\windows\system32\grpconv.exe was missing Restored copy from - c:\windows\ServicePackFiles\i386\grpconv.exe c:\windows\system32\proquota.exe was missing Restored copy from - c:\windows\ServicePackFiles\i386\proquota.exe -------- . ((((((((((((((((((((((((( Files Created from 2009-09-15 to 2009-10-15 ))))))))))))))))))))))))))))))) . 2009-10-15 21:21 . 2009-10-15 21:21 -------- d-----w- c:\windows\LastGood 2009-10-15 20:50 . 2008-04-14 00:12 50176 -c--a-w- c:\windows\system32\dllcache\proquota.exe 2009-10-15 20:50 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe 2009-10-15 20:50 . 2008-04-14 00:12 39424 -c--a-w- c:\windows\system32\dllcache\grpconv.exe 2009-10-15 20:50 . 2008-04-14 00:12 39424 ----a-w- c:\windows\system32\grpconv.exe 2009-10-15 17:28 . 2008-04-13 17:36 42368 ----a-w- c:\windows\system32\drivers\agp440.sys 2009-10-15 14:27 . 2009-10-15 14:27 11439 ----a-w- c:\windows\yhipi.com 2009-10-15 14:27 . 2009-10-15 14:27 19898 ----a-w- c:\windows\system32\efiqap.dat 2009-10-15 14:27 . 2009-10-15 14:27 19068 ----a-w- c:\windows\system32\serutok.com 2009-10-14 23:10 . 2009-10-14 23:10 9216 ----a-w- C:\svhkapw.exe 2009-10-12 23:44 . 2009-10-12 23:44 -------- d-----w- c:\program files\Trend Micro 2009-10-12 23:07 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-10-12 23:07 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-10-12 23:07 . 2009-10-12 23:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-09-30 20:05 . 2008-04-13 17:36 42368 -c--a-w- c:\windows\system32\dllcache\agp440.sys 2009-09-29 14:55 . 2009-09-29 14:55 -------- d-----w- c:\documents and settings\User\Application Data\Amazon 2009-09-29 14:49 . 2009-09-29 14:49 -------- d-----w- c:\program files\Amazon 2009-09-22 17:29 . 2009-09-22 17:29 33420 ---ha-w- c:\windows\system32\mlfcache.dat 2009-09-22 14:28 . 2009-09-22 14:30 -------- d-----w- c:\program files\iTunes 2009-09-22 14:28 . 2009-09-22 14:30 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} 2009-09-22 14:21 . 2009-09-22 14:23 -------- d-----w- c:\program files\QuickTime 2009-09-21 20:10 . 2009-09-21 20:10 -------- d-----w- c:\documents and settings\User\Application Data\Malwarebytes 2009-09-21 20:10 . 2009-09-21 20:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-10-15 20:04 . 2009-01-12 21:59 -------- d-----w- c:\program files\SUPERAntiSpyware 2009-10-15 14:27 . 2009-10-15 14:27 12228 ----a-w- c:\program files\Common Files\vinyfilube.lib 2009-10-15 14:25 . 2008-08-21 13:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater 2009-10-12 21:59 . 2005-08-23 22:00 -------- d-----w- c:\program files\AIM 2009-10-12 21:59 . 2005-10-02 20:34 -------- d-----w- c:\documents and settings\User\Application Data\Aim 2009-10-12 21:58 . 2007-01-22 21:55 -------- d-----w- c:\program files\Common Files\AOL 2009-10-12 21:58 . 2007-01-22 21:57 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL 2009-09-29 14:55 . 2005-08-05 20:37 -------- d-----w- c:\documents and settings\LocalService\Application Data\Sony Corporation 2009-09-22 17:28 . 2005-08-24 19:16 -------- d-----w- c:\documents and settings\User\Application Data\Apple Computer 2009-09-22 14:29 . 2005-10-14 14:49 -------- d-----w- c:\program files\iPod 2009-09-22 14:29 . 2007-09-11 20:41 -------- d-----w- c:\program files\Common Files\Apple 2009-08-19 02:02 . 2005-08-04 16:33 -------- d-----w- c:\program files\Symantec 2009-08-19 02:02 . 2007-08-07 20:54 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF 2009-08-19 02:02 . 2007-08-07 20:54 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT 2009-08-19 02:02 . 2005-08-04 16:33 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL 2009-08-19 02:02 . 2005-08-04 16:33 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2009-08-18 19:11 . 2009-03-22 13:38 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys 2009-08-05 09:01 . 2005-03-09 19:19 204800 ----a-w- c:\windows\system32\mswebdvd.dll . ((((((((((((((((((((((((((((( SnapShot@2009-10-15_20.58.03 ))))))))))))))))))))))))))))))))))))))))) . + 2009-10-15 21:29 . 2009-10-15 21:29 16384 c:\windows\Temp\Perflib_Perfdata_d60.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-17 68856] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\da9adcdf-9bc8-48ad-8b47-b83d9f54c87f.exe" [2009-08-03 1830128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-02-17 5406720] "Switcher.exe"="c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2005-01-21 167936] "ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-02-23 155648] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-02-23 126976] "osCheck"="c:\program files\Norton Internet Security\osCheck.exe" [2007-06-26 771440] "Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-29 583048] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-01-29 185896] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-21 00:48 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon] 2005-01-18 20:48 73728 ----a-w- c:\windows\system32\VESWinlogon.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys] @="FSFilter Activity Monitor" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package Menu.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Picture Package Menu.lnk backup=c:\windows\pss\Picture Package Menu.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package VCD Maker.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Picture Package VCD Maker.lnk backup=c:\windows\pss\Picture Package VCD Maker.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk backup=c:\windows\pss\Service Manager.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^Adobe Gamma.lnk] path=c:\documents and settings\User\Start Menu\Programs\Startup\Adobe Gamma.lnk backup=c:\windows\pss\Adobe Gamma.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^PictureGear Studio Media Watcher.lnk] path=c:\documents and settings\User\Start Menu\Programs\Startup\PictureGear Studio Media Watcher.lnk backup=c:\windows\pss\PictureGear Studio Media Watcher.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1007020.00B\SymEFA.sys [9/9/2009 4:50 PM 310320] R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NIS\1007020.00B\BHDrvx86.sys [9/9/2009 4:50 PM 259632] R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1007020.00B\cchpx86.sys [9/9/2009 4:45 PM 482432] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [12/22/2008 12:06 PM 9968] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/22/2008 12:05 PM 74480] R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB [?] R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe [9/9/2009 4:47 PM 117640] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/11/2007 10:00 AM 24652] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [9/5/2009 1:07 PM 102448] R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12/22/2008 12:06 PM 7408] S1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090916.003\IDSXpx86.sys [9/16/2009 6:26 PM 329080] S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL\$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST
*NewlyCreated* - SASDIFSV
.
Contents of the 'Scheduled Tasks' folder

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34]

- c:\windows\system32\OOBE\oobebaln.exe [2005-03-09 00:12]

- c:\windows\system32\OOBE\oobebaln.exe [2005-03-09 00:12]

- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2004-11-05 21:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com/?ncid=customie8
uInternet Settings,ProxyServer = 168.94.74.68:8080
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Transfer by Image Converter 2 - c:\program files\Sony\Image Converter 2\menu.htm
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{3BA0B600-4B38-43E5-B104-C6CCF4FA4E29} - (no file)
WebBrowser-{3BA0B600-4B38-43E5-B104-C6CCF4FA4E29} - (no file)
AddRemove-SymSetupTemp.{C1C185CA-C531-49F5-A6FA-B838405A049D} - c:\program files\Common Files\Symantec Shared\SymSetup\{C1C185CA-C531-49F5-A6FA-B838405A049D}_15_5_0_23\Setup.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-15 17:51
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Norton Internet Security\Engine\16.7.2.11\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1252)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\VESWinlogon.dll

- - - - - - - > 'explorer.exe'(2416)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\IME\SPGRMR.DLL
c:\program files\Common Files\Microsoft Shared\INK\SKCHUI.DLL
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-10-15 17:57
ComboFix-quarantined-files.txt 2009-10-15 21:55

Pre-Run: 27,734,335,488 bytes free
Post-Run: 27,696,414,720 bytes free

695 --- E O F --- 2009-09-20 18:11

Let's check these out:

c:\windows\yhipi.com
c:\windows\system32\efiqap.dat
c:\windows\system32\serutok.com
C:\svhkapw.exe
c:\windows\system32\mlfcache.dat

Go here ---> and use the Browse Button at the top of the page to navigate to each of those items and and Submit them for analysis.
If any come back as malware - and I imagine a few will - just Delete them.

Let me know how that shakes out.

PP :)

Edited by PhilliePhan: The Usual...

just a quick one..try to download Malware Bytes.. and scan your system.. check if it will help.. :)

PP the only one that came up with malware was the svhkapw. I did delete it. The last one, the mlfcache I could not find in my system32 folder. Why would that be?

PP the only one that came up with malware was the svhkapw. I did delete it. The last one, the mlfcache I could not find in my system32 folder. Why would that be?

My bad - that's a hidden file. You'll need to enable the viewing of hidden files to find that one.

-- Let me know what you find. I am curious about that one.....

How are things working now?

PP :)

ohhh..so sorry i thought you don't have it..is your malware bytes updated? and did you perform quick scan or full scan? update first then do a full scan..if you got thumbdrives or other usb storage and you use it frequently in your pc..most probably it's infected..insert it and include that in your full scan..

or you can try this: http://housecall.trendmicro.com/

PP the only one that came up with malware was the svhkapw. I did delete it. The last one, the mlfcache I could not find in my system32 folder. Why would that be? if you know the path for mlfcache..try going to safe mode..then go to command prompt..then at command prompt type: del mlfcache*.*
if you don't know the path go to your root directory like c:\ then type: dir mlfcache /s /a.. it will search for that file in your drive whether it's hidden or not..then if you find it navigate to that directory then delete it..type del mlfcache*.*

but if you're sure that it's in the system32 folder..at command prompt navigate to that folder then type: dir mlcache*.* /a check whether it's their or not..

Goodluck!

Well that last hidden file showed no malware.

My computer was running fine yesterday then this morning it would not let me access the internet. Then after running SAS and cleaning some stuff out it restarted and worked. It seems like every other it runs well.

How should I precede from here?

I appreciate everyones help with this

How should I precede from here?

DELETE your current copy of Combofix.
Download a fresh Combofix and run it as you did before and post that log for me as well. You do not need to rename it this time.

PP :)

Just a quick update. I updated my Windows and now I have WPP, Security Tool, and one other similar virus. Also, MBAM will no longer work but SAS will so I am using that to remove some of the virus' and will get that new combofix scan done some time tonight or tomorrow.

Bojo, WPP uses rootkits to replace the trojans usually at reboot. Untill the rootkit is killed you will be deleting the same trojans back and forth, it's unfortunate that Mb-am doesn't run because I don't know if there are other anti malware programs that are as effective as MB?

But one things for sure you will need to follow PP's instructions step by step until this is taken care of or it will just get worse. Try to do ONLY the things he advises and if you want to do anything else ask him if it wouldn't affect the progress he is trying to achieve.

Okay well now I have basically no control over my computer. I cannot even open taskmngr. When I try it says it has been disabled by the admin, which is not true. When I try to open any program another pop up occurs. I cannot afford to lose some of the stuff on my comp either.

Oh and it does not let me start in safe mode either. Is my comp basically toast?

Oh and it does not let me start in safe mode either. Is my comp basically toast?

Not quite yet . . . We really didn't get to finish up from before and a lot can happen in 4 days.

-- Are you able to run your existing combofix? Try that. Post the log if you can run it.

-- Are you posting from the ill computer?

Let me know.

If combofix won't run:

-- Inside the folder, you'll see RunThis.bat - DoubleClick it and let it run for as long as it takes.
A log should pop up - please post that for me.

PP :)

Edited by PhilliePhan: n/a

I am not posting from the ill computer. I tried to run the combo fix and it is asking for the program I would like to open it with. So I tried to go online and dl the findwpp.zip but it will no longer connect to the internet.

I am not posting from the ill computer. I tried to run the combo fix and it is asking for the program I would like to open it with. So I tried to go online and dl the findwpp.zip but it will no longer connect to the internet.

-- Do you have a flash drive?

-- Can you get a command prompt on ill machine?
START > RUN > type cmd > OK
or
START > RUN > type command.com > OK

-- Can you RightClick on combofix and Run As administrator?

If not, and you can get a command prompt, type this at the prompt:
%userprofile%\desktop\combo-fix.exe /KillAll ENTER

If you followed my last set of instructions regarding downloading a fresh combofix and did not rename it that time, then remove the dash in combofix for the command.

Please post me the log, if it runs.

PP :)

Edited by PhilliePhan: n/a

Just want to make sure before I type all that out. When I type CMD in a screen pops up and I type this after C:\Documents and Settings\User>

Oh and I cannot run it as right click run as admin

I also forgot to answer your question about the flash drive. I do not have one but will get one if need be

When I type CMD in a screen pops up and I type this after C:\Documents and Settings\User>

Right - that is your command prompt. Just type in the command carefully - make sure all spaces and quotes are included - and hit ENTER.
If you get error messages, let me know.

I also forgot to answer your question about the flash drive. I do not have one but will get one if need be

If we are unable to get your existing combofix to run, you'll need a flash drive to transfer other tools onto the ill machine.

Let me know if combofix runs. Make sure it is still on desktop and that the name matches the command (combofix.exe or combo-fix.exe)

PP :)

After typing that all in and hitting enter i got back

'C:\Documents' is not recognized as an internal or external command, operable program or batch file.

After typing that all in and hitting enter i got back

'C:\Documents' is not recognized as an internal or external command, operable program or batch file.

Hit START > Run > type cmd > OK
At the prompt, type cd /? and hit enter.

What happens?

I long paragraph came up about wanting to change to the parent directory. It goes through how to switch to what drives. Do you need me to retype all of this or do you know what we are looking for?

I long paragraph came up about wanting to change to the parent directory. It goes through how to switch to what drives. Do you need me to retype all of this or do you know what we are looking for?

No - just checking that prompt was working properly.
Often I have to use command.com (the DOS shell) because this malware blocks cmd.exe (the native shell).

Do this at the prompt:

Type cd %userprofile%\desktop ENTER

Then Type combo-fix.exe /KillAll ENTER

If combofix runs, post the log.

PP:)

Combo-fix seems to be running. My only concern is how to get the log from one comp to the other. All the other comps in my house are Macs, will this be a problem?

Combo-fix seems to be running. My only concern is how to get the log from one comp to the other. All the other comps in my house are Macs, will this be a problem?

That's a good question - last time I used a Mac was fifteen years ago.... :)
-- I know there used to be issues with .txt conversion.
Perhaps save the log as .doc or .rtf if it has issues with .txt?

After combofix runs you'll likely be able to get the ill compy back online and that would simplify things a bit....

PP :)

Okay my computer restarted. I don't remember it doing that the first time I ran Combo-fix. It actually will not boot. It just keeps restarting. It asks if I want it to start in safe mode should I try that. When I was watching the screen it said it was deleting some files but I assumed they were malware it was deleting

Just tried to get it started in safe mode , but I got the blue screen.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.