RetouchPRO

Welcome to RetouchPRO, the web community for retouchers.

You are currently viewing as an unregistered guest which gives you limited access. Registration is fast, simple and absolutely free so please, join RetouchPRO today!

If you have any problems with the registration process or your account login, please contact us. If you've forgotten your password, click here.

Go Back   RetouchPRO > Tools > Hardware
Reload this Page

Virus

Register Blogs FAQ Search Today's Posts Mark Forums Read

Hardware Computers, displays, tablets, scanners, cameras, printers, etc.

Reply
Page 1 of 5 1 23 > Last »
 
LinkBack Thread Tools
  #1  
Old 12-21-2007, 05:17 AM
skydog's Avatar
Senior Member
  
Join Date: Jan 2006
Location: Carolina
Posts: 469
Virus
Is anyone familar with this virus? I did a search on Google and didn't find it. I've run numerous removal programs and thus far it is still there. Does anyone know its function?
Attached Images
File Type: jpg virus.jpg (22.5 KB, 84 views)
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiReddit! Float This Post!Stumble this Post!Google Bookmark this Post!Yahoo Bookmark this Post!Live Bookmark this Post!Share this post on Facebook
Reply With Quote
  #2  
Old 12-21-2007, 05:48 AM
Alison's Avatar
Senior Member
  
Join Date: Jul 2007
Location: Sanctuary Point, N.S.W Australia
Posts: 273
Re: Virus
Hi Skydog,

Found this -
Quote:
What is Obfuscated? (Description):

Obfuscated Remover
Keep your computer safe from spyware & malware attacks.

90% of the computers connected to the Web are infected.

Obfuscated is a Trojan downloader. Trojans are distinguished by their ability to be contracted and installed without the user's noticing. Downloaders in particular pose a variable threat because once they're installed, they're designed to contact the resident internet connection and download whatever programs have been written into their objectives. Subsequently, downloaders can facilitate the spread of Adware and other Trojans. Obfuscated uses HTTP to download its payload.
at this website -

http://www.adwarealert.com/glossary_details.php?ID=3135
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiReddit! Float This Post!Stumble this Post!Google Bookmark this Post!Yahoo Bookmark this Post!Live Bookmark this Post!Share this post on Facebook
Reply With Quote
  #3  
Old 12-21-2007, 05:55 AM
skydog's Avatar
Senior Member
  
Join Date: Jan 2006
Location: Carolina
Posts: 469
Re: Virus
so...how do I remove it...
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiReddit! Float This Post!Stumble this Post!Google Bookmark this Post!Yahoo Bookmark this Post!Live Bookmark this Post!Share this post on Facebook
Reply With Quote
  #4  
Old 12-21-2007, 05:56 AM
Swampy's Avatar
Senior Member
Patron
  
Join Date: Feb 2005
Location: The Swamps of Florida
Posts: 3,457
Re: Virus
>>>>90% of the computers connected to the Web are infected.

The other 10% are Macs. LOL

Sorry, I just had to do that...
__________________
Swampy
Adobe CS3 on a Mac MacPro Quad Xeon
Photoshop Tutorials
Visit my Photobucket art gallery
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiReddit! Float This Post!Stumble this Post!Google Bookmark this Post!Yahoo Bookmark this Post!Live Bookmark this Post!Share this post on Facebook
Reply With Quote
  #5  
Old 12-21-2007, 09:23 AM
Gary Richardson's Avatar
Moderator
  
Join Date: Mar 2004
Location: Yorkshire, England
Posts: 2,644
Re: Virus
Post me a HJT log please Skydog, many viruses have randomly generated filenames which is why you're not able to get a result from Google, your HJT log may provide more information on what is on your computer.

Download HJTInstall.exe to your Desktop.
  • Doubleclick HJTInstall.exe to install it.
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed, it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Copy/Paste the log to your next reply please.
  • Don't use the Analyse This button, its findings are dangerous if misinterpreted.
  • Don't have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

I'm a bit tied for time at the moment, so I may not have time to fully resolve your virus problems, but I can do a quick analysis of the log and if it looks like it might be a long job to remove the infection I can direct you to where you'll get good advice.

If it looks like being a quick job I'll talk you through it myself.

Any other symptoms other than the flag from AVG?
__________________
Gary

Please visit the RetouchPro Library for links to a host of resources.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiReddit! Float This Post!Stumble this Post!Google Bookmark this Post!Yahoo Bookmark this Post!Live Bookmark this Post!Share this post on Facebook
Reply With Quote
  #6  
Old 12-21-2007, 10:02 AM
skydog's Avatar
Senior Member
  
Join Date: Jan 2006
Location: Carolina
Posts: 469
Re: Virus
Thanks Gary...
not sure what that dll file is all about. I haven't noticed anything different about the computer or operation, but I keep getting a pop up that I have this virus. I tried to heal it with no result. I have an installation disk for windows home xp and I did a seach on the dll file and it wasn't on the disk to I put the file in the virus vault.

Swampy...low low blow...the only thing I can think of in response..."Go Wildcats"

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:50:57 AM, on 12/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Sony\Giga Pocket\shwserv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Sony\Photo Server\appsrv\PhotoAppSrv.exe
C:\Program Files\Sony\Giga Pocket\GPVSvr.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\Program Files\Sony\Giga Pocket\RM_SV.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Jasc Software Inc\Paint Shop Pro 9\Paint Shop Pro 9.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe
C:\WINDOWS\SoftwareDistribution\Download\Install\IE7-WindowsXP-x86-enu.exe
i:\39889d8599f8bce7881f\update\iesetup.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
i:\39889d8599f8bce7881f\update\nlsdl.exe
i:\33186b4796cc8ababf83b0d1\update\update.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {19777B64-C146-4007-8DDD-A1CB8AE5BF0F} - c:\windows\system32\dsauthg.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [CreateCD_Reminder] C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [VAIO Recovery] C:\Windows\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.2\apdproxy.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Remocon Driver.lnk = ?
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - http://www.cyberlink.com/winxp/CheckDVD.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/...oUploader3.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase4009.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1184536128578
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: rbhgyche - C:\WINDOWS\SYSTEM32\dsauthg.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Giga Pocket Hardware Detector - Sony Corporation - C:\Program Files\Sony\Giga Pocket\shwserv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\Giga Pocket\halsv.exe
O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\Giga Pocket\RM_SV.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\Photo Server\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\Giga Pocket\GPVSvr.exe
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 11309 bytes
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiReddit! Float This Post!Stumble this Post!Google Bookmark this Post!Yahoo Bookmark this Post!Live Bookmark this Post!Share this post on Facebook
Reply With Quote
  #7  
Old 12-21-2007, 12:02 PM
Swampy's Avatar
Senior Member
Patron
  
Join Date: Feb 2005
Location: The Swamps of Florida
Posts: 3,457
Re: Virus
>>>
Swampy...low low blow...the only thing I can think of in response..."Go Wildcats"

Skydogie, I'll be surprised if FSU can field a team with all their problems. Gawd, kids are so stupid!
__________________
Swampy
Adobe CS3 on a Mac MacPro Quad Xeon
Photoshop Tutorials
Visit my Photobucket art gallery
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiReddit! Float This Post!Stumble this Post!Google Bookmark this Post!Yahoo Bookmark this Post!Live Bookmark this Post!Share this post on Facebook
Reply With Quote
  #8  
Old 12-21-2007, 02:45 PM
Gary Richardson's Avatar
Moderator
  
Join Date: Mar 2004
Location: Yorkshire, England
Posts: 2,644
Re: Virus
Looks like you've got a Vundo infection.
  • Download combofix.exe by sUBs to your Desktop.
  • Alternate Download
  • (If you already have a previous version, delete it and download a new version).
  • Double click combofix.exe & follow the prompts.
  • When finished, it will produce a log for you. (it can also be found at C:\Combofix.txt)
  • Post that log in your next reply please, along with a new HJT log.
IMPORTANT
  • Do not use your computer while Combofix is running.
  • Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
__________________
Gary

Please visit the RetouchPro Library for links to a host of resources.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiReddit! Float This Post!Stumble this Post!Google Bookmark this Post!Yahoo Bookmark this Post!Live Bookmark this Post!Share this post on Facebook
Reply With Quote
  #9  
Old 12-21-2007, 03:53 PM
plugsnpixels's Avatar
Senior Member
  
Join Date: Dec 2005
Location: LA area
Posts: 239
Re: Virus
See how the US Army handles such problems...
__________________
Image creation, manipulation & education
www.plugsandpixels.com
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiReddit! Float This Post!Stumble this Post!Google Bookmark this Post!Yahoo Bookmark this Post!Live Bookmark this Post!Share this post on Facebook
Reply With Quote
  #10  
Old 12-21-2007, 03:57 PM
Swampy's Avatar
Senior Member
Patron
  
Join Date: Feb 2005
Location: The Swamps of Florida
Posts: 3,457
Re: Virus
I read that earlier today, PnP. Interesting article. Maybe my stock will go up even more! :-)
__________________
Swampy
Adobe CS3 on a Mac MacPro Quad Xeon
Photoshop Tutorials
Visit my Photobucket art gallery
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiReddit! Float This Post!Stumble this Post!Google Bookmark this Post!Yahoo Bookmark this Post!Live Bookmark this Post!Share this post on Facebook
Reply With Quote
  #11  
Old 12-22-2007, 05:16 AM
skydog's Avatar
Senior Member
  
Join Date: Jan 2006
Location: Carolina
Posts: 469
Re: Virus
ComboFix 07-12-21.4 - Dad 2007-12-22 7:03:56.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1050 [GMT -5:00]
Running from: C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\QPV9AMJN\ComboFix[1].exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\drivers\rhhaiofb.dat
C:\WINDOWS\system32\dsauthg.dll
C:\WINDOWS\Tasks.\At1.job

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_KDARJMBC
-------\LEGACY_RXIZZUXA
-------\LEGACY_ZBKRFHCQ
-------\kdarjmbc
-------\rxizzuxa
-------\zbkrfhcq


((((((((((((((((((((((((( Files Created from 2007-11-22 to 2007-12-22 )))))))))))))))))))))))))))))))
.

2007-12-20 22:22 . 2007-12-20 22:22 <DIR> d-------- C:\Documents and Settings\Dad\Lightroom
2007-12-20 09:44 . 2007-12-21 15:56 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-12-20 09:44 . 2007-12-20 09:44 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-20 09:44 . 2007-12-20 09:44 <DIR> d-------- C:\Documents and Settings\Dad\Application Data\SUPERAntiSpyware.com
2007-12-20 09:44 . 2007-12-20 09:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-12-20 09:30 . 2007-12-22 06:37 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2007-12-20 09:21 . 2007-12-20 09:22 <DIR> d-------- C:\Program Files\RogueRemover FREE
2007-12-20 09:18 . 2007-12-20 09:18 <DIR> d-------- C:\Program Files\Microsoft Easy Assist
2007-12-20 07:53 . 2007-12-20 07:53 <DIR> d-------- C:\Documents and Settings\Dad\Application Data\Lavasoft
2007-12-20 07:38 . 2007-12-20 07:39 <DIR> d-------- C:\Documents and Settings\Dad\Application Data\AdwareAlert
2007-12-19 19:31 . 2007-12-19 19:31 <DIR> d-------- C:\Documents and Settings\Dad\Application Data\iolo
2007-12-19 19:31 . 2007-12-19 19:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\iolo
2007-12-19 19:31 . 2007-12-19 19:31 406 --a------ C:\WINDOWS\system32\ioloBootDefrag.cfg
2007-12-19 19:12 . 2007-12-19 19:12 <DIR> d-------- C:\Program Files\ZoneAlarmSB
2007-12-19 18:54 . 2007-12-19 18:57 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2007-12-19 18:37 . 2004-08-03 23:14 359,040 --a------ C:\WINDOWS\tcpip.sy_
2007-12-19 18:10 . 2003-04-11 05:14 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\MSN6
2007-12-19 18:10 . 2003-04-11 04:52 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\InterTrust
2007-12-19 16:25 . 2007-12-19 16:25 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\AVG7
2007-12-19 13:29 . 2007-12-19 13:29 8,192 --ahs---- C:\WINDOWS\Thumbs.db
2007-12-19 06:41 . 2007-12-19 06:41 1,188,375 --a------ C:\WINDOWS\system32\libeay32.dll
2007-12-19 06:41 . 2007-12-19 06:41 741,632 --a------ C:\WINDOWS\system32\qtijcbnr.dat
2007-12-19 06:41 . 2007-12-19 06:41 246,545 --a------ C:\WINDOWS\system32\libssl32.dll
2007-12-19 06:41 . 2007-12-19 06:41 119,552 --a------ C:\WINDOWS\system32\plqiiten.dat
2007-12-19 06:41 . 2007-12-19 06:41 42,240 --a------ C:\WINDOWS\system32\ocuygllh.dat
2007-12-19 06:41 . 2007-12-19 06:41 36,096 --a------ C:\WINDOWS\system32\wowwmiqt.dat
2007-12-19 06:41 . 2007-12-19 06:41 35,072 --a------ C:\WINDOWS\system32\yxanswll.dat
2007-12-19 06:30 . 2007-12-19 06:30 28 --a------ C:\WINDOWS\DustKleen.INI
2007-12-19 06:20 . 2007-12-19 06:20 1,396 --a------ C:\WINDOWS\system32\wpa.bak
2007-12-18 23:34 . 2004-08-04 07:00 156,672 --a--c--- C:\WINDOWS\system32\dllcache\winzm.ime
2007-12-18 23:34 . 2004-08-04 07:00 156,672 --a--c--- C:\WINDOWS\system32\dllcache\winsp.ime
2007-12-18 23:34 . 2004-08-04 07:00 156,672 --a--c--- C:\WINDOWS\system32\dllcache\winpy.ime
2007-12-18 23:34 . 2004-08-04 07:00 79,360 --a--c--- C:\WINDOWS\system32\dllcache\winar30.ime
2007-12-18 23:34 . 2004-08-04 07:00 69,120 --a--c--- C:\WINDOWS\system32\dllcache\wingb.ime
2007-12-18 23:34 . 2004-08-04 07:00 65,536 --a--c--- C:\WINDOWS\system32\dllcache\winime.ime
2007-12-18 23:34 . 2004-08-04 07:00 28,288 --a--c--- C:\WINDOWS\system32\dllcache\xjis.nls
2007-12-18 23:32 . 2004-08-04 07:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2007-12-18 23:31 . 2004-08-04 07:00 1,677,824 --a--c--- C:\WINDOWS\system32\dllcache\chsbrkr.dll
2007-12-18 23:30 . 2004-05-13 00:39 876,653 --a--c--- C:\WINDOWS\system32\dllcache\fp4awel.dll
2007-12-18 23:29 . 2007-12-18 23:29 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2007-12-18 23:28 . 2007-12-18 23:28 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2007-12-18 23:28 . 2007-12-18 23:28 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2007-12-18 23:28 . 2007-12-18 23:28 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2007-12-18 23:28 . 2007-12-18 23:28 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2007-12-18 22:05 . 2004-08-03 23:04 134,912 --a------ C:\WINDOWS\ipnat.sy_
2007-12-16 11:31 . 2007-12-16 11:31 12,288 --ahs---- C:\WINDOWS\system32\Thumbs.db
2007-12-15 12:05 . 2007-12-15 12:05 119,552 --a------ C:\WINDOWS\system32\qhxosowh.dat
2007-12-15 11:59 . 2002-08-29 07:00 83,456 --a------ C:\WINDOWS\system32\dsauthg.dll.bak
2007-11-23 08:05 . 2007-11-24 10:11 156 --a------ C:\WINDOWS\Twunk001.MTX
2007-11-23 08:05 . 2007-11-24 10:11 4 --a------ C:\WINDOWS\Twain001.Mtx
2007-11-23 08:05 . 2007-11-23 08:05 0 --a------ C:\WINDOWS\Twunk002.MTX
2007-11-22 21:54 . 2004-08-04 02:10 48,128 --a------ C:\WINDOWS\system32\drivers\61883.sys
2007-11-22 21:54 . 2004-08-04 02:10 38,912 --a------ C:\WINDOWS\system32\drivers\avc.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-22 12:10 6,533,152 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2007-12-22 12:09 78,656 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2007-12-21 20:17 --------- d-----w C:\Documents and Settings\Dad\Application Data\LumaPix
2007-12-21 20:04 279,334 ----a-w C:\WINDOWS\FotoFusionV4 Uninstaller.exe
2007-12-21 20:02 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-21 13:00 --------- d-----w C:\Documents and Settings\Dad\Application Data\AVG7
2007-12-19 21:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2007-12-16 12:42 --------- d-----w C:\Documents and Settings\Other\Application Data\AVG7
2007-11-24 13:00 --------- d-----w C:\Documents and Settings\Dad\Application Data\Canon
2007-11-14 21:05 75,248 ----a-w C:\WINDOWS\zllsputility.exe
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-30 01:20 --------- d-----w C:\Documents and Settings\Dad\Application Data\Move Networks
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
2007-12-19 19:12 262144 --a------ C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [2007-12-19 19:12 262144]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\MSMSGS.exe" [2004-10-13 11:24]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 15:45]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 07:00 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2003-03-03 21:44 C:\WINDOWS\system32\nwiz.exe]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 16:24 C:\WINDOWS\system32\Ati2mdxx.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-02-28 23:00]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2003-03-11 13:24]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-03-11 13:11]
"ezShieldProtector for Px"="C:\WINDOWS\System32\ezSP_Px.exe" [2002-08-20 12:29]
"CreateCD_Reminder"="C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe" [2003-04-17 19:51]
"AGRSMMSG"="AGRSMMSG.exe" [2004-07-22 12:38 C:\WINDOWS\AGRSMMSG.exe]
"StorageGuard"="C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" [2002-06-17 23:01]
"VAIO Recovery"="C:\Windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 00:08]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-10-29 11:09]
"Omnipage"="C:\Program Files\ScanSoft\OmniPageSE\opware32.exe" [2002-06-03 10:38]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 10:24]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-07-28 09:43]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-04-11 14:25]
"DeviceDiscovery"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2003-05-21 17:37]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.2\apdproxy.exe" [2007-08-30 05:32]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 13:42]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 16:05]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-29 11:09]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26]
Remocon Driver.lnk - C:\Program Files\Sony\USBSircs\usbsircs.exe [2007-07-16 17:49:52]
TabUserW.exe.lnk - C:\WINDOWS\system32\WTablet\TabUserW.exe [2007-07-19 21:09:11]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

R3 SONYWBMS;Sony Memory Stick controller(WB);C:\WINDOWS\system32\DRIVERS\SonyWBMS.SYS [2002-12-18 10:03]

.
Contents of the 'Scheduled Tasks' folder
"2007-12-22 08:00:00 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job"
- C:\Program Files\AdwareAlert\AdwareAlert.ex
- C:\Program Files\AdwareAlert
"2007-12-19 18:38:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-12-11 21:19:07 C:\WINDOWS\Tasks\HP DArC Task #Hewlett-Packard#deskjet5100#MY3923M2ZD7A.job"
- C:\Program Files\HP\hpcoretech\comp\hpdarc.exe+/#Hewlett-Packard#deskjet5100#MY3923M2ZD7A
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-22 07:12:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-22 7:13:47 - machine was rebooted
.
2007-12-22 08:00:49 --- E O F ---
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiReddit! Float This Post!Stumble this Post!Google Bookmark this Post!Yahoo Bookmark this Post!Live Bookmark this Post!Share this post on Facebook
Reply With Quote
  #12  
Old 12-22-2007, 05:17 AM
skydog's Avatar
Senior Member
  
Join Date: Jan 2006
Location: Carolina
Posts: 469
Re: Virus
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:16:33 AM, on 12/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Sony\Giga Pocket\shwserv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe
C:\Program Files\Sony\Photo Server\appsrv\PhotoAppSrv.exe
C:\Program Files\Sony\Giga Pocket\GPVSvr.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\Program Files\Sony\Giga Pocket\RM_SV.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ezSP_Px.exe
C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.2\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Sony\USBSircs\usbsircs.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [CreateCD_Reminder] C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [VAIO Recovery] C:\Windows\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.2\apdproxy.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Remocon Driver.lnk = ?
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - http://www.cyberlink.com/winxp/CheckDVD.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/...oUploader3.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase4009.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1184536128578
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Giga Pocket Hardware Detector - Sony Corporation - C:\Program Files\Sony\Giga Pocket\shwserv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\Giga Pocket\halsv.exe
O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\Giga Pocket\RM_SV.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\Photo Server\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\Giga Pocket\GPVSvr.exe
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 12236 bytes
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiReddit! Float This Post!Stumble this Post!Google Bookmark this Post!Yahoo Bookmark this Post!Live Bookmark this Post!Share this post on Facebook
Reply With Quote
  #13  
Old 12-22-2007, 05:47 AM
skydog's Avatar
Senior Member
  
Join Date: Jan 2006
Location: Carolina
Posts: 469
Re: Virus
Gary...it appears the virus is gone. What exactly did combo fix do and what did it correct?

Swampy..you have an Apple...thank God I have Gary!

Actually, I need to replace my computer. It is ~ 5 years old and I'm concerned of a complete failure at some point. My concern with the apple is the cost of converting all of my software to the apple environment and how many of my applications will work in this environment. Any thoughts?

For those of you that use windows, what is the lastest on vista? Initially it received a lot of bad press like the recent launch of the Canon Mark III. Can most applications now run in this environment? Most of my friends say stick with XP.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiReddit! Float This Post!Stumble this Post!Google Bookmark this Post!