View Single Post

btrain87 · 08-31-2008, 03:28 AM

ComboFix 08-08-30.01 - Brad 2008-08-30 21:04:19.1 - NTFSx86
Running from: C:\Documents and Settings\Brad\My Documents\download\btrain0087\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Brad\Application Data\macromedia\Flash Player\#SharedObjects\ZSWFEFHW\bin.clearspring.com
C:\Documents and Settings\Brad\Application Data\macromedia\Flash Player\#SharedObjects\ZSWFEFHW\bin.clearspring.com \clearspring.sol
C:\Documents and Settings\Brad\Application Data\macromedia\Flash Player\#SharedObjects\ZSWFEFHW\interclick.com
C:\Documents and Settings\Brad\Application Data\macromedia\Flash Player\#SharedObjects\ZSWFEFHW\interclick.com\ud.s ol
C:\Documents and Settings\Brad\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin .clearspring.com
C:\Documents and Settings\Brad\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin .clearspring.com\settings.sol
C:\Documents and Settings\Brad\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#int erclick.com
C:\Documents and Settings\Brad\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#int erclick.com\settings.sol
C:\WINDOWS\setup.exe
C:\WINDOWS\system32\a.exe
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\WINDOWS\system32\lsprst7.dll
C:\WINDOWS\system32\uninstall.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TDSSSERV
-------\Service_tdssserv

((((((((((((((((((((((((( Files Created from 2008-07-28 to 2008-08-31 )))))))))))))))))))))))))))))))
.

2008-08-30 18:50 . 2008-08-30 21:12 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-08-30 18:50 . 2008-08-30 21:12 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-08-30 18:50 . 2008-08-30 21:12 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-08-30 18:50 . 2008-08-30 21:12 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-08-30 14:52 . 2008-08-30 14:52 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-30 14:52 . 2008-08-30 14:52 <DIR> d-------- C:\Documents and Settings\Brad\Application Data\Malwarebytes
2008-08-30 14:52 . 2008-08-30 14:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-30 14:52 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-30 14:52 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-28 19:53 . 2008-08-28 19:53 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-28 18:47 . 2008-08-28 18:56 96,976 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-08-28 18:47 . 2008-08-28 18:47 87,855 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-08-28 18:46 . 2008-08-29 12:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-08-28 18:13 . 2008-08-28 18:13 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-08-28 18:13 . 2008-08-28 18:13 1,409 --a------ C:\WINDOWS\QTFont.for
2008-08-28 17:34 . 2008-08-28 17:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-08-28 11:33 . 2008-08-28 11:33 <DIR> d-------- C:\Documents and Settings\Brad\Application Data\TrojanHunter
2008-08-28 03:01 . 2008-08-28 03:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-08-28 02:54 . 2008-08-28 02:54 <DIR> d-------- C:\Program Files\TrojanHunter 5.0
2008-08-23 09:50 . 2008-08-23 10:07 <DIR> d-------- C:\Documents and Settings\Brad\Application Data\Red Alert 3 Beta
2008-08-23 09:49 . 2008-08-23 09:49 <DIR> dr-h----- C:\Documents and Settings\Brad\Application Data\SecuROM
2008-08-23 09:22 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2008-08-23 09:22 . 2007-07-19 18:14 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll
2008-08-23 09:22 . 2007-07-19 18:14 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll
2008-08-20 22:49 . 2008-08-20 22:49 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-08-14 19:23 . 2008-05-01 10:30 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-07-29 20:21 . 2008-07-29 20:21 218,376 --a------ C:\WINDOWS\system32\klogon.dll
2008-07-29 20:20 . 2008-07-29 20:20 24,774 --a------ C:\WINDOWS\system32\drivers\klopp.dat
2008-07-21 18:34 . 2008-07-21 18:34 121,872 --a------ C:\WINDOWS\system32\drivers\kl1.sys
2008-07-15 01:12 . 2008-04-14 12:57 462,848 --a------ C:\WINDOWS\system32\Firebird2Control.cpl
2008-07-15 01:12 . 2008-04-14 12:52 450,560 --a------ C:\WINDOWS\system32\GDS32.DLL
2008-07-13 14:03 . 2008-07-13 14:05 <DIR> d-------- C:\Program Files\Pocket Tanks Deluxe
2008-07-07 16:32 . 2008-07-07 16:32 253,952 -----c--- C:\WINDOWS\system32\dllcache\es.dll
2008-07-04 20:37 . 2008-07-04 20:37 <DIR> d-------- C:\Program Files\foobar2000
2008-07-04 20:37 . 2008-08-17 03:28 <DIR> d-------- C:\Documents and Settings\Brad\Application Data\foobar2000

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-08-29 02:12 --------- d-----w C:\Documents and Settings\Brad\Application Data\Viewpoint
2008-08-29 02:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-08-29 02:10 --------- d-----w C:\Program Files\Viewpoint
2008-08-28 22:46 --------- d-----w C:\Program Files\Kaspersky Lab
2008-08-28 07:01 --------- d-----w C:\Program Files\Lavasoft
2008-08-28 06:59 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-08-23 13:22 --------- d-----w C:\Program Files\EA GAMES
2008-08-23 03:46 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-08-23 03:46 --------- d-----w C:\Documents and Settings\Brad\Application Data\SystemRequirementsLab
2008-08-17 06:23 --------- d-----w C:\Documents and Settings\Brad\Application Data\tunebite
2008-07-15 05:12 --------- d-----w C:\Program Files\Firebird
2008-07-05 00:26 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-05 00:23 --------- d-----w C:\Program Files\Sony
2008-07-05 00:22 --------- d-----w C:\Program Files\Paint.NET
2008-07-05 00:21 --------- d-----w C:\Program Files\MoodLogic
2008-07-05 00:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony Corporation
2008-07-05 00:11 --------- d-----w C:\Program Files\Audiosurf
2008-06-30 17:52 --------- d-----w C:\Program Files\PixiePack Codec Pack
2008-06-30 17:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\RapidSolution
2008-06-30 17:26 --------- d-----w C:\Documents and Settings\Brad\Application Data\Ruckus Network
2008-06-30 17:09 --------- d-----w C:\Program Files\Ruckus Player
2008-06-30 17:09 --------- d-----w C:\Documents and Settings\Brad\Application Data\goombah
2008-06-28 07:22 --------- d-----w C:\Program Files\MSXML 6.0
2006-11-03 01:00 151,978 ----a-w C:\Program Files\Warez P2P ClientIPGUARD.LOG
2006-05-04 03:33 17,944 ----a-w C:\Documents and Settings\Brad\Application Data\wklnhst.dat
2006-05-06 16:42 7,260,160 ----a-w C:\Program Files\mozilla firefox\plugins\libvlc.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"AIM"="C:\Program Files\AIM\aim.exe" [2005-08-05 16:08 67160]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2006-11-30 22:49 4662776]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-08-17 16:23 8478720]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2003-11-07 20:21 114688]
"CreateCD_Reminder"="C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe" [2004-07-16 15:17 53248]
"VAIO Recovery"="C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 01:08 28672]
"TVTunerLib"="C:\Program Files\Common Files\Sony Shared\TVTunerLib\TVTLInstTool.exe" [2005-02-16 22:41 245760]
"SonyPowerCfg"="C:\Program Files\Sony\VAIO Power Management\SPMgr.exe" [2005-01-14 20:18 184320]
"Switcher.exe"="C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2005-01-21 00:24 167936]
"ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 18:12 32768]
"VAIO Update 2"="C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-01-14 17:43 151552]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-02-22 20:37 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-02-22 20:34 126976]
"VZRemoteCommander"="C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe" [2005-01-31 14:10 192512]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 10:22 155648]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2004-04-14 14:46 57393]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2004-04-14 15:04 40960]
"ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [2004-07-20 09:34 851968]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.e xe" [2001-07-09 11:50 155648]
"NeroCheck"="C:\WINDOWS\system32\\NeroCheck.ex e" [2001-07-09 11:50 155648]
"DeadAIM"="C:\Program Files\AIM\\DeadAIM.ocm" [2004-04-10 23:51 144896]
"SsAAD.exe"="C:\PROGRA~1\sony\SONICS~1\SsAAD.e xe" [2005-01-24 23:58 81920]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray. dll" [2007-08-17 16:23 81920]
"THGuard"="C:\Program Files\TrojanHunter 5.0\THGuard.exe" [2008-03-25 19:08 1047712]
"Logitech Utility"="Logi_MwX.Exe" [2003-06-30 05:50 19968 C:\WINDOWS\LOGI_MWX.EXE]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-12 17:33 16132608 C:\WINDOWS\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2007-08-17 16:23 1626112 C:\WINDOWS\system32\nwiz.exe]
"WTClient"="WTClient.exe" [2007-04-11 12:27 40960 C:\WINDOWS\system32\WTClient.exe]

C:\Documents and Settings\Brad\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 08:44:06 29696]
Cisco Systems VPN Client.lnk - C:\Program Files\Cisco Systems\VPN Client\vpngui.exe [2005-10-06 19:16:48 1466384]
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 21:23:32 74308]
Status Monitor.lnk - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [2005-08-03 19:09:47 819200]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
Source= C:\Documents and Settings\Brad\Desktop\mario\mario\mario.htm
FriendlyName=

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2005-01-18 16:48 73728 C:\WINDOWS\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= C:\PROGRA~1\COMMON~1\SONYSH~1\VideoLib\sonydv.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\securityproviders]
SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\Program Files\\Warez P2P Client\\warez.exe"=
"C:\\Program Files\\Valve\\Steam\\SteamApps\\thecanadian1337\\c ounter-strike\\hl.exe"=
"C:\\Program Files\\Valve\\Steam\\SteamApps\\thecanadian1337\\c ondition zero\\hl.exe"=
"C:\\Program Files\\Valve\\Steam\\SteamApps\\thecanadian1337\\c ondition zero deleted scenes\\hl.exe"=
"C:\\Program Files\\Valve\\Steam\\SteamApps\\thecanadian1337\\r icochet\\hl.exe"=
"C:\\Program Files\\Valve\\Steam\\SteamApps\\thecanadian1337\\d eathmatch classic\\hl.exe"=
"C:\\Program Files\\Valve\\Steam\\SteamApps\\thecanadian1337\\d ay of defeat\\hl.exe"=
"C:\\Program Files\\Napster\\NapsterClient-US-3.6.0.7.dat"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\GalaNet\\Flyff\\Flyff.exe"=
"C:\\Program Files\\GalaNet\\Flyff\\GameGuard\\GameMon.des"=
"C:\\Program Files\\GalaNet\\Flyff\\GameGuard.des"=
"C:\\Program Files\\StepMania CVS\\Program\\StepMania.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Paltalk Messenger\\paltalk.exe"=
"C:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Ruckus Player\\Ruckus.exe"=
"C:\\Program Files\\Valve\\Steam\\steam.exe"=
"C:\\Program Files\\SopCast\\SopCast.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\SpacialAudio\\SAMBC\\SAMBC.exe"=
"C:\\Program Files\\Valve\\Steam\\SteamApps\\thecanadian1337\\t eam fortress 2\\hl2.exe"=
"C:\\Documents and Settings\\Brad\\Desktop\\tankymcpocket\\Pocket Tanks\\pockettanks.exe"=
"C:\\Program Files\\Firebird\\Firebird_2_1\\bin\\fbserver.exe"=
"C:\\Program Files\\EA GAMES\\Red Alert 3 Beta\\RetailExe\\1.3\\ra3game.dat"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"9842:TCP"= 9842:TCP:*

isabled:SolidNetworkManager
"9842:UDP"= 9842:UDP:*

isabled:SolidNetworkManager

R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 18:29]
R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\orea ns32.sys [2006-07-12 22:28]
R2 aksfridge;HASP Fridge;C:\WINDOWS\system32\DRIVERS\aksfridge.sys [2008-03-18 15:45]
R2 hasplms;HASP License Manager;C:\WINDOWS\system32\hasplms.exe [2008-03-19 12:53]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe [2002-12-17 21:26]
R2 UxTuneUp;TuneUp Design Expansion;C:\WINDOWS\System32\svchost.exe [2004-08-04 08:00]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-04-30 18:06]
R3 PTSimBus;PenTablet Bus Enumerator;C:\WINDOWS\system32\DRIVERS\PTSimBus.sy s [2007-06-07 13:16]
R3 PTSimHid;PenTablet Simulated HID MiniDriver;C:\WINDOWS\system32\DRIVERS\PTSimHid.sy s [2007-04-23 11:28]
S3 akshhl;Aladdin HASP HL Key;C:\WINDOWS\system32\DRIVERS\akshhl.sys [2007-09-11 14:40]
S3 BrSerIf;Brother MFC Serial Port Interface WDM Driver;C:\WINDOWS\system32\Drivers\BrSerIf.sys [2004-06-12 05:27]
S3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\WINDOWS\system32\Drivers\BrUsbSer.sys [2004-01-10 04:28]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE [2002-12-17 21:23]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{18e34131-bb2a-11db-89d2-0013ce00a112}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{621FCD24-4498-4324-A81E-07D331376EDF}]
C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder

2008-08-15 C:\WINDOWS\Tasks\1-Click Maintenance.job
- C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe [2006-10-05 16:09]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Tunebite - H:\tunebite\Tunebite.exe

.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Brad\Application Data\Mozilla\Firefox\Profiles\qfj5vjbp.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.luelinks.net/
.

************************************************** ************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-30 21:14:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Apoint\ApntEx.exe
C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\WINDOWS\system32\drivers\WTSrv.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
.
************************************************** ************************
.
Completion time: 2008-08-30 21:25:04 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-31 01:24:57

Pre-Run: 272,805,888 bytes free
Post-Run: 3,564,064,768 bytes free

263 --- E O F --- 2008-08-15 07:05:38

08-31-2008, 03:28 AM	#20 (permalink)
btrain87 New Member Join Date: Aug 2008 Posts: 14	ComboFix 08-08-30.01 - Brad 2008-08-30 21:04:19.1 - NTFSx86 Running from: C:\Documents and Settings\Brad\My Documents\download\btrain0087\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Brad\Application Data\macromedia\Flash Player\#SharedObjects\ZSWFEFHW\bin.clearspring.com C:\Documents and Settings\Brad\Application Data\macromedia\Flash Player\#SharedObjects\ZSWFEFHW\bin.clearspring.com \clearspring.sol C:\Documents and Settings\Brad\Application Data\macromedia\Flash Player\#SharedObjects\ZSWFEFHW\interclick.com C:\Documents and Settings\Brad\Application Data\macromedia\Flash Player\#SharedObjects\ZSWFEFHW\interclick.com\ud.s ol C:\Documents and Settings\Brad\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin .clearspring.com C:\Documents and Settings\Brad\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin .clearspring.com\settings.sol C:\Documents and Settings\Brad\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#int erclick.com C:\Documents and Settings\Brad\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#int erclick.com\settings.sol C:\WINDOWS\setup.exe C:\WINDOWS\system32\a.exe C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML C:\WINDOWS\system32\lsprst7.dll C:\WINDOWS\system32\uninstall.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_TDSSSERV -------\Service_tdssserv ((((((((((((((((((((((((( Files Created from 2008-07-28 to 2008-08-31 ))))))))))))))))))))))))))))))) . 2008-08-30 18:50 . 2008-08-30 21:12 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx 2008-08-30 18:50 . 2008-08-30 21:12 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat 2008-08-30 18:50 . 2008-08-30 21:12 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx 2008-08-30 18:50 . 2008-08-30 21:12 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2008-08-30 14:52 . 2008-08-30 14:52 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-08-30 14:52 . 2008-08-30 14:52 <DIR> d-------- C:\Documents and Settings\Brad\Application Data\Malwarebytes 2008-08-30 14:52 . 2008-08-30 14:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-08-30 14:52 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-08-30 14:52 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-08-28 19:53 . 2008-08-28 19:53 <DIR> d-------- C:\Program Files\Trend Micro 2008-08-28 18:47 . 2008-08-28 18:56 96,976 --a------ C:\WINDOWS\system32\drivers\klin.dat 2008-08-28 18:47 . 2008-08-28 18:47 87,855 --a------ C:\WINDOWS\system32\drivers\klick.dat 2008-08-28 18:46 . 2008-08-29 12:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-08-28 18:13 . 2008-08-28 18:13 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-08-28 18:13 . 2008-08-28 18:13 1,409 --a------ C:\WINDOWS\QTFont.for 2008-08-28 17:34 . 2008-08-28 17:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files 2008-08-28 11:33 . 2008-08-28 11:33 <DIR> d-------- C:\Documents and Settings\Brad\Application Data\TrojanHunter 2008-08-28 03:01 . 2008-08-28 03:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-08-28 02:54 . 2008-08-28 02:54 <DIR> d-------- C:\Program Files\TrojanHunter 5.0 2008-08-23 09:50 . 2008-08-23 10:07 <DIR> d-------- C:\Documents and Settings\Brad\Application Data\Red Alert 3 Beta 2008-08-23 09:49 . 2008-08-23 09:49 <DIR> dr-h----- C:\Documents and Settings\Brad\Application Data\SecuROM 2008-08-23 09:22 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll 2008-08-23 09:22 . 2007-07-19 18:14 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll 2008-08-23 09:22 . 2007-07-19 18:14 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll 2008-08-20 22:49 . 2008-08-20 22:49 <DIR> d-------- C:\Program Files\Microsoft Silverlight 2008-08-14 19:23 . 2008-05-01 10:30 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll 2008-07-29 20:21 . 2008-07-29 20:21 218,376 --a------ C:\WINDOWS\system32\klogon.dll 2008-07-29 20:20 . 2008-07-29 20:20 24,774 --a------ C:\WINDOWS\system32\drivers\klopp.dat 2008-07-21 18:34 . 2008-07-21 18:34 121,872 --a------ C:\WINDOWS\system32\drivers\kl1.sys 2008-07-15 01:12 . 2008-04-14 12:57 462,848 --a------ C:\WINDOWS\system32\Firebird2Control.cpl 2008-07-15 01:12 . 2008-04-14 12:52 450,560 --a------ C:\WINDOWS\system32\GDS32.DLL 2008-07-13 14:03 . 2008-07-13 14:05 <DIR> d-------- C:\Program Files\Pocket Tanks Deluxe 2008-07-07 16:32 . 2008-07-07 16:32 253,952 -----c--- C:\WINDOWS\system32\dllcache\es.dll 2008-07-04 20:37 . 2008-07-04 20:37 <DIR> d-------- C:\Program Files\foobar2000 2008-07-04 20:37 . 2008-08-17 03:28 <DIR> d-------- C:\Documents and Settings\Brad\Application Data\foobar2000 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )) . 2008-08-29 02:12 --------- d-----w C:\Documents and Settings\Brad\Application Data\Viewpoint 2008-08-29 02:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint 2008-08-29 02:10 --------- d-----w C:\Program Files\Viewpoint 2008-08-28 22:46 --------- d-----w C:\Program Files\Kaspersky Lab 2008-08-28 07:01 --------- d-----w C:\Program Files\Lavasoft 2008-08-28 06:59 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-08-23 13:22 --------- d-----w C:\Program Files\EA GAMES 2008-08-23 03:46 --------- d-----w C:\Program Files\SystemRequirementsLab 2008-08-23 03:46 --------- d-----w C:\Documents and Settings\Brad\Application Data\SystemRequirementsLab 2008-08-17 06:23 --------- d-----w C:\Documents and Settings\Brad\Application Data\tunebite 2008-07-15 05:12 --------- d-----w C:\Program Files\Firebird 2008-07-05 00:26 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-07-05 00:23 --------- d-----w C:\Program Files\Sony 2008-07-05 00:22 --------- d-----w C:\Program Files\Paint.NET 2008-07-05 00:21 --------- d-----w C:\Program Files\MoodLogic 2008-07-05 00:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony Corporation 2008-07-05 00:11 --------- d-----w C:\Program Files\Audiosurf 2008-06-30 17:52 --------- d-----w C:\Program Files\PixiePack Codec Pack 2008-06-30 17:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\RapidSolution 2008-06-30 17:26 --------- d-----w C:\Documents and Settings\Brad\Application Data\Ruckus Network 2008-06-30 17:09 --------- d-----w C:\Program Files\Ruckus Player 2008-06-30 17:09 --------- d-----w C:\Documents and Settings\Brad\Application Data\goombah 2008-06-28 07:22 --------- d-----w C:\Program Files\MSXML 6.0 2006-11-03 01:00 151,978 ----a-w C:\Program Files\Warez P2P ClientIPGUARD.LOG 2006-05-04 03:33 17,944 ----a-w C:\Documents and Settings\Brad\Application Data\wklnhst.dat 2006-05-06 16:42 7,260,160 ----a-w C:\Program Files\mozilla firefox\plugins\libvlc.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "AIM"="C:\Program Files\AIM\aim.exe" [2005-08-05 16:08 67160] "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2006-11-30 22:49 4662776] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-08-17 16:23 8478720] "Apoint"="C:\Program Files\Apoint\Apoint.exe" [2003-11-07 20:21 114688] "CreateCD_Reminder"="C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe" [2004-07-16 15:17 53248] "VAIO Recovery"="C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 01:08 28672] "TVTunerLib"="C:\Program Files\Common Files\Sony Shared\TVTunerLib\TVTLInstTool.exe" [2005-02-16 22:41 245760] "SonyPowerCfg"="C:\Program Files\Sony\VAIO Power Management\SPMgr.exe" [2005-01-14 20:18 184320] "Switcher.exe"="C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2005-01-21 00:24 167936] "ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 18:12 32768] "VAIO Update 2"="C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-01-14 17:43 151552] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-02-22 20:37 155648] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-02-22 20:34 126976] "VZRemoteCommander"="C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe" [2005-01-31 14:10 192512] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696] "SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 10:22 155648] "PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2004-04-14 14:46 57393] "IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2004-04-14 15:04 40960] "ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [2004-07-20 09:34 851968] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.e xe" [2001-07-09 11:50 155648] "NeroCheck"="C:\WINDOWS\system32\\NeroCheck.ex e" [2001-07-09 11:50 155648] "DeadAIM"="C:\Program Files\AIM\\DeadAIM.ocm" [2004-04-10 23:51 144896] "SsAAD.exe"="C:\PROGRA~1\sony\SONICS~1\SsAAD.e xe" [2005-01-24 23:58 81920] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray. dll" [2007-08-17 16:23 81920] "THGuard"="C:\Program Files\TrojanHunter 5.0\THGuard.exe" [2008-03-25 19:08 1047712] "Logitech Utility"="Logi_MwX.Exe" [2003-06-30 05:50 19968 C:\WINDOWS\LOGI_MWX.EXE] "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe] "RTHDCPL"="RTHDCPL.EXE" [2007-04-12 17:33 16132608 C:\WINDOWS\RTHDCPL.exe] "nwiz"="nwiz.exe" [2007-08-17 16:23 1626112 C:\WINDOWS\system32\nwiz.exe] "WTClient"="WTClient.exe" [2007-04-11 12:27 40960 C:\WINDOWS\system32\WTClient.exe] C:\Documents and Settings\Brad\Start Menu\Programs\Startup\ Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 08:44:06 29696] Cisco Systems VPN Client.lnk - C:\Program Files\Cisco Systems\VPN Client\vpngui.exe [2005-10-06 19:16:48 1466384] Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 21:23:32 74308] Status Monitor.lnk - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [2005-08-03 19:09:47 819200] [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1] Source= C:\Documents and Settings\Brad\Desktop\mario\mario\mario.htm FriendlyName= [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon] 2005-01-18 16:48 73728 C:\WINDOWS\system32\VESWinlogon.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.dvsd"= C:\PROGRA~1\COMMON~1\SONYSH~1\VideoLib\sonydv.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\securityproviders] SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"= "C:\\Program Files\\AIM\\aim.exe"= "C:\\Program Files\\mIRC\\mirc.exe"= "C:\\Program Files\\Warez P2P Client\\warez.exe"= "C:\\Program Files\\Valve\\Steam\\SteamApps\\thecanadian1337\\c ounter-strike\\hl.exe"= "C:\\Program Files\\Valve\\Steam\\SteamApps\\thecanadian1337\\c ondition zero\\hl.exe"= "C:\\Program Files\\Valve\\Steam\\SteamApps\\thecanadian1337\\c ondition zero deleted scenes\\hl.exe"= "C:\\Program Files\\Valve\\Steam\\SteamApps\\thecanadian1337\\r icochet\\hl.exe"= "C:\\Program Files\\Valve\\Steam\\SteamApps\\thecanadian1337\\d eathmatch classic\\hl.exe"= "C:\\Program Files\\Valve\\Steam\\SteamApps\\thecanadian1337\\d ay of defeat\\hl.exe"= "C:\\Program Files\\Napster\\NapsterClient-US-3.6.0.7.dat"= "C:\\Program Files\\Mozilla Firefox\\firefox.exe"= "C:\\Program Files\\GalaNet\\Flyff\\Flyff.exe"= "C:\\Program Files\\GalaNet\\Flyff\\GameGuard\\GameMon.des"= "C:\\Program Files\\GalaNet\\Flyff\\GameGuard.des"= "C:\\Program Files\\StepMania CVS\\Program\\StepMania.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "C:\\Program Files\\Paltalk Messenger\\paltalk.exe"= "C:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\Ruckus Player\\Ruckus.exe"= "C:\\Program Files\\Valve\\Steam\\steam.exe"= "C:\\Program Files\\SopCast\\SopCast.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "C:\\Program Files\\SpacialAudio\\SAMBC\\SAMBC.exe"= "C:\\Program Files\\Valve\\Steam\\SteamApps\\thecanadian1337\\t eam fortress 2\\hl2.exe"= "C:\\Documents and Settings\\Brad\\Desktop\\tankymcpocket\\Pocket Tanks\\pockettanks.exe"= "C:\\Program Files\\Firebird\\Firebird_2_1\\bin\\fbserver.exe"= "C:\\Program Files\\EA GAMES\\Red Alert 3 Beta\\RetailExe\\1.3\\ra3game.dat"= [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List] "9842:TCP"= 9842:TCP:isabled:SolidNetworkManager "9842:UDP"= 9842:UDP:isabled:SolidNetworkManager R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 18:29] R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\orea ns32.sys [2006-07-12 22:28] R2 aksfridge;HASP Fridge;C:\WINDOWS\system32\DRIVERS\aksfridge.sys [2008-03-18 15:45] R2 hasplms;HASP License Manager;C:\WINDOWS\system32\hasplms.exe [2008-03-19 12:53] R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe [2002-12-17 21:26] R2 UxTuneUp;TuneUp Design Expansion;C:\WINDOWS\System32\svchost.exe [2004-08-04 08:00] R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-04-30 18:06] R3 PTSimBus;PenTablet Bus Enumerator;C:\WINDOWS\system32\DRIVERS\PTSimBus.sy s [2007-06-07 13:16] R3 PTSimHid;PenTablet Simulated HID MiniDriver;C:\WINDOWS\system32\DRIVERS\PTSimHid.sy s [2007-04-23 11:28] S3 akshhl;Aladdin HASP HL Key;C:\WINDOWS\system32\DRIVERS\akshhl.sys [2007-09-11 14:40] S3 BrSerIf;Brother MFC Serial Port Interface WDM Driver;C:\WINDOWS\system32\Drivers\BrSerIf.sys [2004-06-12 05:27] S3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\WINDOWS\system32\Drivers\BrUsbSer.sys [2004-01-10 04:28] S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE [2002-12-17 21:23] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{18e34131-bb2a-11db-89d2-0013ce00a112}] \Shell\AutoRun\command - G:\LaunchU3.exe -a [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{621FCD24-4498-4324-A81E-07D331376EDF}] C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe . Contents of the 'Scheduled Tasks' folder 2008-08-15 C:\WINDOWS\Tasks\1-Click Maintenance.job - C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe [2006-10-05 16:09] . - - - - ORPHANS REMOVED - - - - HKCU-Run-Tunebite - H:\tunebite\Tunebite.exe . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\Brad\Application Data\Mozilla\Firefox\Profiles\qfj5vjbp.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.luelinks.net/ . ************************************************ ******************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-30 21:14:31 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************** ******************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\brss01a.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\Brmfrmps.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\Apoint\ApntEx.exe C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\UPHClean\uphclean.exe C:\Program Files\Sony\VAIO Event Service\VESMgr.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe C:\WINDOWS\system32\drivers\WTSrv.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe C:\WINDOWS\system32\WISPTIS.EXE C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe . ********************************************** ********************** . Completion time: 2008-08-30 21:25:04 - machine was rebooted ComboFix-quarantined-files.txt 2008-08-31 01:24:57 Pre-Run: 272,805,888 bytes free Post-Run: 3,564,064,768 bytes free 263 --- E O F --- 2008-08-15 07:05:38