Massive random CPU usage spikes
-
Re: Massive random CPU usage spikes
It all depends on how severe the infection is, and how big is your hard drive.
In any case, we can't rush it.
-
Here's the GMER log. I'll get the Hijack log now.
GMER 1.0.15.14944 - http://www.gmer.net
Rootkit scan 2009-03-23 04:12:51
Windows 5.1.2600 Service Pack 3
---- System - GMER 1.0.15 ----
SSDT 8A397E98 ZwConnectPort
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Program Files\Microsoft LifeCam\MSCamS32.exe[232] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135140
IAT C:\Program Files\Microsoft LifeCam\MSCamS32.exe[232] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 0013508C
IAT C:\Program Files\Microsoft LifeCam\MSCamS32.exe[232] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00135027
IAT C:\Program Files\Microsoft LifeCam\MSCamS32.exe[232] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00134FF5
IAT C:\Program Files\Microsoft LifeCam\MSCamS32.exe[232] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001353F9
IAT C:\Program Files\Microsoft LifeCam\MSCamS32.exe[232] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 001356AB
IAT C:\Program Files\Microsoft LifeCam\MSCamS32.exe[232] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 001356AB
IAT C:\Program Files\Microsoft LifeCam\MSCamS32.exe[232] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 001353F9
IAT C:\Program Files\Microsoft LifeCam\MSCamS32.exe[232] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 001356AB
IAT C:\Program Files\Microsoft LifeCam\MSCamS32.exe[232] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135140
IAT C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe[360] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135140
IAT C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe[360] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 0013508C
IAT C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe[360] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00135027
IAT C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe[360] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00134FF5
IAT C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe[360] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001353F9
IAT C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe[360] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 001356AB
IAT C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe[360] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 001356AB
IAT C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe[360] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 001353F9
IAT C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe[360] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 001356AB
IAT C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe[360] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135140
IAT C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe[388] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 000B5140
IAT C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe[388] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 000B508C
IAT C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe[388] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 000B5027
IAT C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe[388] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 000B4FF5
IAT C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe[388] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 000B56AB
IAT C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe[388] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 000B53F9
IAT C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe[388] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 000B56AB
IAT C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe[388] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 000B5140
IAT C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe[388] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 000B53F9
IAT C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe[388] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 000B56AB
IAT C:\WINDOWS\System32\svchost.exe[556] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00405140
IAT C:\WINDOWS\System32\svchost.exe[556] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 0040508C
IAT C:\WINDOWS\System32\svchost.exe[556] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00405027
IAT C:\WINDOWS\System32\svchost.exe[556] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00404FF5
IAT C:\WINDOWS\System32\svchost.exe[556] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 004053F9
IAT C:\WINDOWS\System32\svchost.exe[556] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 004056AB
IAT C:\WINDOWS\System32\svchost.exe[556] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 004056AB
IAT C:\WINDOWS\System32\svchost.exe[556] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 004053F9
IAT C:\WINDOWS\System32\svchost.exe[556] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 004056AB
IAT C:\WINDOWS\System32\svchost.exe[556] @ C:\WINDOWS\System32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00405140
IAT C:\WINDOWS\system32\nvsvc32.exe[664] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135140
IAT C:\WINDOWS\system32\nvsvc32.exe[664] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 0013508C
IAT C:\WINDOWS\system32\nvsvc32.exe[664] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00135027
IAT C:\WINDOWS\system32\nvsvc32.exe[664] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00134FF5
IAT C:\WINDOWS\system32\nvsvc32.exe[664] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 001356AB
IAT C:\WINDOWS\system32\nvsvc32.exe[664] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 001353F9
IAT C:\WINDOWS\system32\nvsvc32.exe[664] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 001356AB
IAT C:\WINDOWS\system32\nvsvc32.exe[664] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135140
IAT C:\WINDOWS\system32\nvsvc32.exe[664] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001353F9
IAT C:\WINDOWS\system32\nvsvc32.exe[664] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 001356AB
IAT C:\WINDOWS\ehome\RMSvc.exe[716] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00075140
IAT C:\WINDOWS\ehome\RMSvc.exe[716] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 0007508C
IAT C:\WINDOWS\ehome\RMSvc.exe[716] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00075027
IAT C:\WINDOWS\ehome\RMSvc.exe[716] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00074FF5
IAT C:\WINDOWS\ehome\RMSvc.exe[716] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 000753F9
IAT C:\WINDOWS\ehome\RMSvc.exe[716] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 000756AB
IAT C:\WINDOWS\ehome\RMSvc.exe[716] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 000756AB
IAT C:\WINDOWS\ehome\RMSvc.exe[716] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 000753F9
IAT C:\WINDOWS\ehome\RMSvc.exe[716] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 000756AB
IAT C:\WINDOWS\ehome\RMSvc.exe[716] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00075140
IAT C:\WINDOWS\system32\services.exe[800] @ C:\WINDOWS\system32\services.exe [ntdll.dll!NtQueryDirectoryFile] 00E75140
IAT C:\WINDOWS\system32\services.exe[800] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00E75140
IAT C:\WINDOWS\system32\services.exe[800] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00E7508C
IAT C:\WINDOWS\system32\services.exe[800] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00E75027
IAT C:\WINDOWS\system32\services.exe[800] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00E74FF5
IAT C:\WINDOWS\system32\services.exe[800] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00E75140
IAT C:\WINDOWS\system32\services.exe[800] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 00E756AB
IAT C:\WINDOWS\system32\services.exe[800] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 00E753F9
IAT C:\WINDOWS\system32\services.exe[800] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00E756AB
IAT C:\WINDOWS\system32\services.exe[800] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00E753F9
IAT C:\WINDOWS\system32\services.exe[800] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00E756AB
IAT C:\WINDOWS\system32\lsass.exe[812] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00BE5140
IAT C:\WINDOWS\system32\lsass.exe[812] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00BE508C
IAT C:\WINDOWS\system32\lsass.exe[812] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00BE5027
IAT C:\WINDOWS\system32\lsass.exe[812] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00BE4FF5
IAT C:\WINDOWS\system32\lsass.exe[812] @ C:\WINDOWS\system32\LSASRV.dll [ntdll.dll!LdrLoadDll] 00BE508C
IAT C:\WINDOWS\system32\lsass.exe[812] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00BE5140
IAT C:\WINDOWS\system32\lsass.exe[812] @ C:\WINDOWS\system32\SAMSRV.dll [ntdll.dll!LdrLoadDll] 00BE508C
IAT C:\WINDOWS\system32\lsass.exe[812] @ C:\WINDOWS\system32\SAMSRV.dll [ntdll.dll!LdrGetProcedureAddress] 00BE5027
IAT C:\WINDOWS\system32\lsass.exe[812] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00BE53F9
IAT C:\WINDOWS\system32\lsass.exe[812] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00BE56AB
IAT C:\WINDOWS\system32\lsass.exe[812] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00BE56AB
IAT C:\WINDOWS\system32\lsass.exe[812] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00BE53F9
IAT C:\WINDOWS\system32\lsass.exe[812] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00BE56AB
IAT C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[868] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00145140
IAT C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[868] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 0014508C
IAT C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[868] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00145027
IAT C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[868] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00144FF5
IAT C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[868] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001453F9
IAT C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[868] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 001456AB
IAT C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[868] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 001456AB
IAT C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[868] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 001453F9
IAT C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[868] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 001456AB
IAT C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[868] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00145140
IAT C:\WINDOWS\system32\svchost.exe[1012] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00A94FF5
IAT C:\WINDOWS\system32\dllhost.exe[1072] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00405140
IAT C:\WINDOWS\system32\dllhost.exe[1072] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 0040508C
IAT C:\WINDOWS\system32\dllhost.exe[1072] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00405027
IAT C:\WINDOWS\system32\dllhost.exe[1072] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00404FF5
IAT C:\WINDOWS\system32\dllhost.exe[1072] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 004053F9
IAT C:\WINDOWS\system32\dllhost.exe[1072] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 004056AB
IAT C:\WINDOWS\system32\dllhost.exe[1072] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 004056AB
IAT C:\WINDOWS\system32\dllhost.exe[1072] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 004053F9
IAT C:\WINDOWS\system32\dllhost.exe[1072] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 004056AB
IAT C:\WINDOWS\system32\dllhost.exe[1072] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00405140
IAT C:\WINDOWS\system32\svchost.exe[1088] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00B75140
IAT C:\WINDOWS\system32\svchost.exe[1088] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00B7508C
IAT C:\WINDOWS\system32\svchost.exe[1088] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00B75027
IAT C:\WINDOWS\system32\svchost.exe[1088] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00B74FF5
IAT C:\WINDOWS\system32\svchost.exe[1088] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00B753F9
IAT C:\WINDOWS\system32\svchost.exe[1088] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00B756AB
IAT C:\WINDOWS\system32\svchost.exe[1088] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00B756AB
IAT C:\WINDOWS\system32\svchost.exe[1088] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00B753F9
IAT C:\WINDOWS\system32\svchost.exe[1088] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00B756AB
IAT C:\WINDOWS\system32\svchost.exe[1088] @ c:\windows\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00B75140
IAT C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe[1164] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135140
IAT C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe[1164] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 0013508C
IAT C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe[1164] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00135027
IAT C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe[1164] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00134FF5
IAT C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe[1164] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 001356AB
IAT C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe[1164] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 001353F9
IAT C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe[1164] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 001356AB
IAT C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe[1164] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001353F9
IAT C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe[1164] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 001356AB
IAT C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe[1164] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135140
IAT C:\WINDOWS\System32\svchost.exe[1176] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 016F5140
IAT C:\WINDOWS\System32\svchost.exe[1176] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 016F508C
IAT C:\WINDOWS\System32\svchost.exe[1176] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 016F5027
IAT C:\WINDOWS\System32\svchost.exe[1176] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 016F4FF5
IAT C:\WINDOWS\System32\svchost.exe[1176] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 016F53F9
IAT C:\WINDOWS\System32\svchost.exe[1176] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 016F56AB
IAT C:\WINDOWS\System32\svchost.exe[1176] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 016F56AB
IAT C:\WINDOWS\System32\svchost.exe[1176] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 016F53F9
IAT C:\WINDOWS\System32\svchost.exe[1176] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 016F56AB
IAT C:\WINDOWS\System32\svchost.exe[1176] @ c:\windows\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 016F5140
IAT C:\WINDOWS\eHome\ehRecvr.exe[1564] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00075140
IAT C:\WINDOWS\eHome\ehRecvr.exe[1564] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 0007508C
IAT C:\WINDOWS\eHome\ehRecvr.exe[1564] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00075027
IAT C:\WINDOWS\eHome\ehRecvr.exe[1564] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00074FF5
IAT C:\WINDOWS\eHome\ehRecvr.exe[1564] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 000753F9
IAT C:\WINDOWS\eHome\ehRecvr.exe[1564] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 000756AB
IAT C:\WINDOWS\eHome\ehRecvr.exe[1564] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 000756AB
IAT C:\WINDOWS\eHome\ehRecvr.exe[1564] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 000756AB
IAT C:\WINDOWS\eHome\ehRecvr.exe[1564] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 000753F9
IAT C:\WINDOWS\eHome\ehRecvr.exe[1564] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00075140
IAT C:\WINDOWS\eHome\ehSched.exe[1668] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00075140
IAT C:\WINDOWS\eHome\ehSched.exe[1668] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 0007508C
IAT C:\WINDOWS\eHome\ehSched.exe[1668] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00075027
IAT C:\WINDOWS\eHome\ehSched.exe[1668] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00074FF5
IAT C:\WINDOWS\eHome\ehSched.exe[1668] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 000753F9
IAT C:\WINDOWS\eHome\ehSched.exe[1668] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 000756AB
IAT C:\WINDOWS\eHome\ehSched.exe[1668] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 000756AB
IAT C:\WINDOWS\eHome\ehSched.exe[1668] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 000753F9
IAT C:\WINDOWS\eHome\ehSched.exe[1668] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 000756AB
IAT C:\WINDOWS\eHome\ehSched.exe[1668] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00075140
IAT C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe[1744] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135140
IAT C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe[1744] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 0013508C
IAT C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe[1744] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00135027
IAT C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe[1744] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00134FF5
IAT C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe[1744] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 001356AB
IAT C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe[1744] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 001353F9
IAT C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe[1744] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 001356AB
IAT C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe[1744] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001353F9
IAT C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe[1744] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 001356AB
IAT C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe[1744] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135140
IAT C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1920] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135140
IAT C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1920] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 0013508C
IAT C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1920] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00135027
IAT C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1920] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00134FF5
IAT C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1920] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001353F9
IAT C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1920] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 001356AB
IAT C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1920] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 001356AB
IAT C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1920] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 001353F9
IAT C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1920] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 001356AB
IAT C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1920] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135140
IAT C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe[2052] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135140
IAT C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe[2052] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 0013508C
IAT C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe[2052] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00135027
IAT C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe[2052] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00134FF5
IAT C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe[2052] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001353F9
IAT C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe[2052] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 001356AB
IAT C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe[2052] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 001356AB
IAT C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe[2052] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 001353F9
IAT C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe[2052] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 001356AB
IAT C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe[2052] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135140
IAT C:\Program Files\iPod\bin\iPodService.exe[2104] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135140
IAT C:\Program Files\iPod\bin\iPodService.exe[2104] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 0013508C
IAT C:\Program Files\iPod\bin\iPodService.exe[2104] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00135027
IAT C:\Program Files\iPod\bin\iPodService.exe[2104] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00134FF5
IAT C:\Program Files\iPod\bin\iPodService.exe[2104] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001353F9
IAT C:\Program Files\iPod\bin\iPodService.exe[2104] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 001356AB
IAT C:\Program Files\iPod\bin\iPodService.exe[2104] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 001356AB
IAT C:\Program Files\iPod\bin\iPodService.exe[2104] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 001353F9
IAT C:\Program Files\iPod\bin\iPodService.exe[2104] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 001356AB
IAT C:\Program Files\iPod\bin\iPodService.exe[2104] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135140
IAT C:\WINDOWS\system32\svchost.exe[2148] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00405140
IAT C:\WINDOWS\system32\svchost.exe[2148] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 0040508C
IAT C:\WINDOWS\system32\svchost.exe[2148] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00405027
IAT C:\WINDOWS\system32\svchost.exe[2148] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00404FF5
IAT C:\WINDOWS\system32\svchost.exe[2148] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 004053F9
IAT C:\WINDOWS\system32\svchost.exe[2148] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 004056AB
IAT C:\WINDOWS\system32\svchost.exe[2148] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 004056AB
IAT C:\WINDOWS\system32\svchost.exe[2148] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 004053F9
IAT C:\WINDOWS\system32\svchost.exe[2148] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 004056AB
IAT C:\WINDOWS\system32\svchost.exe[2148] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00405140
IAT C:\WINDOWS\system32\svchost.exe[2420] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00405140
IAT C:\WINDOWS\system32\svchost.exe[2420] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 0040508C
IAT C:\WINDOWS\system32\svchost.exe[2420] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00405027
IAT C:\WINDOWS\system32\svchost.exe[2420] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00404FF5
IAT C:\WINDOWS\system32\svchost.exe[2420] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 004053F9
IAT C:\WINDOWS\system32\svchost.exe[2420] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 004056AB
IAT C:\WINDOWS\system32\svchost.exe[2420] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 004056AB
IAT C:\WINDOWS\system32\svchost.exe[2420] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 004053F9
IAT C:\WINDOWS\system32\svchost.exe[2420] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 004056AB
IAT C:\WINDOWS\system32\svchost.exe[2420] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00405140
IAT C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe[2524] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135140
IAT C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe[2524] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 0013508C
IAT C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe[2524] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00135027
IAT C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe[2524] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00134FF5
IAT C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe[2524] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 001356AB
IAT C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe[2524] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 001353F9
IAT C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe[2524] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 001356AB
IAT C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe[2524] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001353F9
IAT C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe[2524] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 001356AB
IAT C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe[2524] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135140
IAT C:\Program Files\Viewpoint\Common\ViewpointService.exe[2592] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135140
IAT C:\Program Files\Viewpoint\Common\ViewpointService.exe[2592] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 0013508C
IAT C:\Program Files\Viewpoint\Common\ViewpointService.exe[2592] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00135027
IAT C:\Program Files\Viewpoint\Common\ViewpointService.exe[2592] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00134FF5
IAT C:\Program Files\Viewpoint\Common\ViewpointService.exe[2592] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 001356AB
IAT C:\Program Files\Viewpoint\Common\ViewpointService.exe[2592] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 001353F9
IAT C:\Program Files\Viewpoint\Common\ViewpointService.exe[2592] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 001356AB
IAT C:\Program Files\Viewpoint\Common\ViewpointService.exe[2592] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001353F9
IAT C:\Program Files\Viewpoint\Common\ViewpointService.exe[2592] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 001356AB
IAT C:\Program Files\Viewpoint\Common\ViewpointService.exe[2592] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135140
IAT C:\WINDOWS\ehome\mcrdsvc.exe[2680] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00075140
IAT C:\WINDOWS\ehome\mcrdsvc.exe[2680] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 0007508C
IAT C:\WINDOWS\ehome\mcrdsvc.exe[2680] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00075027
IAT C:\WINDOWS\ehome\mcrdsvc.exe[2680] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00074FF5
IAT C:\WINDOWS\ehome\mcrdsvc.exe[2680] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 000753F9
IAT C:\WINDOWS\ehome\mcrdsvc.exe[2680] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 000756AB
IAT C:\WINDOWS\ehome\mcrdsvc.exe[2680] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00075140
IAT C:\WINDOWS\ehome\mcrdsvc.exe[2680] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 000756AB
IAT C:\WINDOWS\ehome\mcrdsvc.exe[2680] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 000753F9
IAT C:\WINDOWS\ehome\mcrdsvc.exe[2680] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 000756AB
IAT C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe[2800] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135140
IAT C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe[2800] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 0013508C
IAT C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe[2800] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00135027
IAT C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe[2800] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00134FF5
IAT C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe[2800] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 001356AB
IAT C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe[2800] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 001353F9
IAT C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe[2800] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 001356AB
IAT C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe[2800] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001353F9
IAT C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe[2800] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 001356AB
IAT C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe[2800] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135140
IAT C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe[3028] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135140
IAT C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe[3028] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 0013508C
IAT C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe[3028] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00135027
IAT C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe[3028] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00134FF5
IAT C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe[3028] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001353F9
IAT C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe[3028] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 001356AB
IAT C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe[3028] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 001356AB
IAT C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe[3028] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 001353F9
IAT C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe[3028] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 001356AB
IAT C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe[3028] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135140
IAT C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3400] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00145140
IAT C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3400] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 0014508C
IAT C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3400] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00145027
IAT C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3400] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00144FF5
IAT C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3400] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 001456AB
IAT C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3400] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 001453F9
IAT C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3400] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 001456AB
IAT C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3400] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001453F9
IAT C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3400] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 001456AB
IAT C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3400] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00145140
IAT C:\WINDOWS\System32\alg.exe[3952] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00405140
IAT C:\WINDOWS\System32\alg.exe[3952] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 0040508C
IAT C:\WINDOWS\System32\alg.exe[3952] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00405027
IAT C:\WINDOWS\System32\alg.exe[3952] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00404FF5
IAT C:\WINDOWS\System32\alg.exe[3952] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 004053F9
IAT C:\WINDOWS\System32\alg.exe[3952] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 004056AB
IAT C:\WINDOWS\System32\alg.exe[3952] @ C:\WINDOWS\System32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00405140
IAT C:\WINDOWS\System32\alg.exe[3952] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 004056AB
IAT C:\WINDOWS\System32\alg.exe[3952] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 004053F9
IAT C:\WINDOWS\System32\alg.exe[3952] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 004056AB
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 sdcplh.sys (SDCPLH/Macrovision Europe Ltd)
Device \Driver\atapi \Device\Ide\IdePort0 sdcplh.sys (SDCPLH/Macrovision Europe Ltd)
Device \Driver\atapi \Device\Ide\IdePort1 sdcplh.sys (SDCPLH/Macrovision Europe Ltd)
Device \Driver\atapi \Device\Ide\IdePort2 sdcplh.sys (SDCPLH/Macrovision Europe Ltd)
Device \Driver\atapi \Device\Ide\IdePort3 sdcplh.sys (SDCPLH/Macrovision Europe Ltd)
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e sdcplh.sys (SDCPLH/Macrovision Europe Ltd)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)
AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
-
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:17:05 PM, on 3/23/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Razer\Tarantula\razerhid.exe
C:\Program Files\Razer\DeathAdder\razerhid.exe
C:\Program Files\Razer\Lycosa\razerhid.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Razer\DeathAdder\razerofa.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDO WS\system32\sdra64.exe,
O1 - Hosts: 195.245.119.131 browser-security.microsoft.com
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\sw g.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [CreateCD_Reminder] C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Tarantula] C:\Program Files\Razer\Tarantula\razerhid.exe
O4 - HKLM\..\Run: [DeathAdder] C:\Program Files\Razer\DeathAdder\razerhid.exe
O4 - HKLM\..\Run: [Lycosa] "C:\Program Files\Razer\Lycosa\razerhid.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PromoReg] C:\DOCUME~1\Michael\LOCALS~1\Temp\s.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: officejet 6100.lnk = ?
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h30155.www3.hp.com/ediags/dd/...osticsxp2k.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C99A3541-7A7F-41FC-95B6-4099E81792C1}: NameServer = 209.165.131.12,209.165.131.13
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MaxBackServiceInt - Unknown owner - C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SonicStageMonitoring - Sony Corporation - C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\halsv.exe
O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
O23 - Service: Sony TVTA Manager - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardware ResourceManager.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
--
End of file - 14193 bytes
-
Download HostsXpert ( |MG| HostsXpert 4.3 ) and then follow the steps below:
* Unzip HostsXpert.zip
* It will create a folder named HostsXpert in whatever folder you extract it to.
* Run HostsXpert.exe by double clicking on it.
* click Restore MS Hosts File and then click OK.
* Click the X to exit the program
Restart computer.
Post fresh HJT log.
-
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:35:38 PM, on 3/23/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Razer\Tarantula\razerhid.exe
C:\Program Files\Razer\DeathAdder\razerhid.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Program Files\Razer\Lycosa\razerhid.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\Razer\DeathAdder\razerofa.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDO WS\system32\sdra64.exe,
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\sw g.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [CreateCD_Reminder] C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Tarantula] C:\Program Files\Razer\Tarantula\razerhid.exe
O4 - HKLM\..\Run: [DeathAdder] C:\Program Files\Razer\DeathAdder\razerhid.exe
O4 - HKLM\..\Run: [Lycosa] "C:\Program Files\Razer\Lycosa\razerhid.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PromoReg] C:\DOCUME~1\Michael\LOCALS~1\Temp\s.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: officejet 6100.lnk = ?
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h30155.www3.hp.com/ediags/dd/...osticsxp2k.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C99A3541-7A7F-41FC-95B6-4099E81792C1}: NameServer = 209.165.131.12,209.165.131.13
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MaxBackServiceInt - Unknown owner - C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SonicStageMonitoring - Sony Corporation - C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\halsv.exe
O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
O23 - Service: Sony TVTA Manager - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardware ResourceManager.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
--
End of file - 14083 bytes
-
*** Unless you installed Viewpoint Manager knowledgeably...
Go Start>Control Panel>Add\Remove (Programs and Features in Vista), and...
Uninstall any of the following programs associated with Viewpoint:
* Viewpoint Manager
* Viewpoint Media Player
* Viewpoint Toolbar
This program does not do anything bad such as deliver ads or spy on you, but it is considered foistware ("drive-by-install") as it is installed without your consent through programs like AOl, AIM, Compuserve, etc.
1. Print this post out, since you won't have an access to it, at some point.
2. Close all windows, except for HijackThis.
3. Put a checkmark next to the following HijackThis entries (some entries will be checkmarked to disable unnecessary startups; in those cases [marked with *], no actual program will be removed):
- O2 - BHO: (no name) - AutorunsDisabled - (no file)
- O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
- *O4 - HKLM\..\Run: [CreateCD_Reminder] C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe (it'd be good idea to create Recovery CD, for which this entry is asking)
- *O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
- *O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
- *O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
- *O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
- O4 - HKLM\..\Run: [PromoReg] C:\DOCUME~1\Michael\LOCALS~1\Temp\s.exe
- *O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
- *O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_1
- *O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
- O4 - Global Startup: hpoddt01.exe.lnk = ?
- O4 - Global Startup: officejet 6100.lnk = ?
- *O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
- *O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
4. Click on Fix checked button.
5. Download, and install CCleaner: CCleaner - Builds. Get "Slim" version.
Read CCleaner instruction here: CCleaner Manual, and run CCleaner.
6. Restart in Normal Mode.
7. Post new HijackThis log.
-
I'm going on a trip this week and I won't be back until next monday. I'm going to remove the hijack stuff right now, but can the CCleaner wait a week? I won't have access to this computer.
-
One of the infected files resides in Temp folder, that's why I wanted you to run CCleaner.
It takes only few minutes to run it, not like other scans.
If nobody is going to use your computer, then it's fine. It can wait.
-
Okay, I'll try and finish that up tomorrow if I can, I don't have access to that computer right now.
-
Is anyone using the computer right now?
Will anyone be using the computer, while you're gone?
If so, we may be forced to re-run some scans.
Senior Member
