Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

« previous next »
Pages: [1]   Go Down

Author Topic: Sysvxd.exe problem  (Read 24303 times)

0 Members and 1 Guest are viewing this topic.

pbfoot

    Topic Starter


    Rookie

    Sysvxd.exe problem
    « on: February 26, 2009, 12:03:16 AM »
    A couple weeks ago I started getting the illegal instruction message relating to Sysvxd.exe. I could ignore or cancel it and keep doing whatever I was doing. It didn't become a problem until it happened in the middle of an online gaming session and ruined my night of racing!  >:(

    I've read through the FAQ. Here is the link to my SuperAntiSpyware log:
    http://rapidshare.com/files/202681912/SAS_log.txt.html

    I checked Java and I do have the latest version. I cannot get Malwarebytes to run through the quick scan- it keeps locking up at c:\windows\installer\11a9be2d.msp
    I did not run HijackThis yet since I cannot get Malwarebytes to scan completely.

    Any help would be appreciated!
    Logged

    kpac

    • Web moderator


      • Hacker

    • kpac®
      • Thanked: 184
      • Yes
      • Yes
      • Yes
    • Certifications: List
    • Computer: Specs
    • Experience: Expert
    • OS: Windows 7
    Re: Sysvxd.exe problem
    « Reply #1 on: February 26, 2009, 03:11:14 PM »
    Please run HijackThis and post the log.

    (It would be easier if you posted it, rather than uploading it to a file hosting site) ;)
    Logged

    pbfoot

      Topic Starter


      Rookie

      Re: Sysvxd.exe problem
      « Reply #2 on: February 26, 2009, 03:20:30 PM »
      Sorry- I would have but the SaS log was too big to insert in the post.

      I'll run HjT when I get home tonight. Thank you for taking the time to reply kpac.

      « Last Edit: February 26, 2009, 09:51:48 PM by pbfoot »
      Logged

      pbfoot

        Topic Starter


        Rookie

        Re: Sysvxd.exe problem
        « Reply #3 on: February 26, 2009, 09:52:00 PM »
        Ok here is the HJT log file:

        Logfile of Trend Micro HijackThis v2.0.2
        Scan saved at 8:34:22 PM, on 2/26/2009
        Platform: Windows XP SP3 (WinNT 5.01.2600)
        MSIE: Internet Explorer v8.00 (8.00.6001.18372)
        Boot mode: Normal

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
        C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
        C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
        C:\Program Files\Bonjour\mDNSResponder.exe
        C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
        C:\Program Files\Java\jre6\bin\jqs.exe
        C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
        C:\WINDOWS\system32\nvsvc32.exe
        C:\WINDOWS\System32\svchost.exe
        C:\Program Files\Viewpoint\Common\ViewpointService.exe
        C:\WINDOWS\Explorer.EXE
        C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
        C:\WINDOWS\System32\hphmon04.exe
        C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
        C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
        C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
        C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
        C:\PROGRA~1\Yahoo!\YOP\yop.exe
        C:\Program Files\Common Files\Symantec Shared\ccApp.exe
        C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
        C:\Program Files\Java\jre6\bin\jusched.exe
        C:\WINDOWS\system32\ctfmon.exe
        C:\Program Files\iTunes\iTunesHelper.exe
        C:\Program Files\Common Files\Real\Update_OB\realsched.exe
        C:\PROGRA~1\Yahoo!\browser\ycommon.exe
        C:\Program Files\Microsoft IntelliType Pro\itype.exe
        C:\WINDOWS\system32\RUNDLL32.EXE
        C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
        C:\Program Files\Creative Home\Hallmark Card Studio 2006\Planner\PLNRnote.exe
        C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
        C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
        C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe
        C:\Program Files\iPod\bin\iPodService.exe
        C:\WINDOWS\System32\svchost.exe
        C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
        C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
        C:\WINDOWS\System32\HPHipm11.exe
        C:\Program Files\Trend Micro\HijackThis\sniper.exe.exe

        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
        R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
        R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
        R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
        O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
        O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
        O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\SearchSuggest\YSearchSuggest.dll
        O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
        O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
        O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
        O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
        O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
        O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
        O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
        O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
        O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe
        O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
        O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
        O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
        O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
        O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
        O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
        O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
        O4 - HKLM\..\Run: [osCheck] "C:\PROGRA~1\Symantec\osCheck.exe"
        O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
        O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
        O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
        O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
        O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
        O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
        O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
        O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
        O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
        O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
        O4 - HKLM\..\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"
        O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
        O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
        O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
        O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
        O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
        O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
        O4 - Global Startup: AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
        O4 - Global Startup: Event Planner Reminder.lnk = C:\Program Files\Creative Home\Hallmark Card Studio 2006\Planner\PLNRnote.exe
        O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
        O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
        O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
        O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
        O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
        O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
        O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
        O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
        O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
        O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
        O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab
        O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1204475683140
        O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
        O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/ocx/15106/CTPID.cab
        O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll
        O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
        O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
        O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
        O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
        O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
        O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
        O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
        O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
        O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
        O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
        O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
        O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
        O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\PROGRA~1\Symantec\isPwdSvc.exe
        O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
        O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
        O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
        O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
        O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
        O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
        O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
        O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
        O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe
        O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
        O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
        O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
        O23 - Service: Viewpoint Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
        O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

        --
        End of file - 13733 bytes
        Logged

        evilfantasy

        • Malware Removal Specialist
        • Moderator


          • Genius
        • Calm like a bomb
          • Thanked: 493
        • Experience: Experienced
        • OS: Windows 11
        Re: Sysvxd.exe problem
        « Reply #4 on: February 27, 2009, 09:19:01 PM »
        Open HijackThis and select Do a system scan only.

        Place a check mark next to the following entries: (if there)

        - R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
        - R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
        - R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
        - R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com

        Important: Close all open windows except for HijackThis and then click Fix checked.

        Once completed, exit HijackThis.

        ----------

        Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.

        Link #1
        Link #2

        **Note:  It is important that it is saved directly to your Desktop

        Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.

        Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.
         
        Double click combofix.exe & follow the prompts.
        When finished ComboFix will produce a log for you.
        Post the ComboFix log in your next reply.

        Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

        Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.

        If you have problems with ComboFix usage, see How to use ComboFix
        Logged

        pbfoot

          Topic Starter


          Rookie

          Re: Sysvxd.exe problem
          « Reply #5 on: February 27, 2009, 10:05:21 PM »
          Thank you for the reply! Here is the ComboFix log:

          ComboFix 09-02-27.02 - Kevin 2009-02-27 23:00:13.1 - NTFSx86
          Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3071.2250 [GMT -6:00]
          Running from: c:\documents and settings\Kevin\Desktop\ComboFix.exe
          AV: Norton Security Online *On-access scanning disabled* (Updated)
          FW: Norton Security Online *disabled*

          WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
          .

          (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
          .

          c:\documents and settings\All Users\Application Data\ZangoSA
          c:\documents and settings\All Users\Application Data\ZangoSA\ZangoSA.dat
          c:\documents and settings\All Users\Application Data\ZangoSA\ZangoSA_kyf.dat
          c:\documents and settings\All Users\Application Data\ZangoSA\ZangoSAAbout.mht
          c:\documents and settings\All Users\Application Data\ZangoSA\ZangoSAau.dat
          c:\documents and settings\All Users\Application Data\ZangoSA\ZangoSAEula.mht
          c:\program files\INSTALL.LOG

          .
          (((((((((((((((((((((((((   Files Created from 2009-01-28 to 2009-02-28  )))))))))))))))))))))))))))))))
          .

          2009-02-26 20:31 . 2009-02-26 20:31   <DIR>   d--------   c:\program files\Trend Micro
          2009-02-26 00:22 . 2009-02-27 21:12   <DIR>   d--------   c:\program files\Malwarebytes' Anti-Malware
          2009-02-26 00:22 . 2009-02-26 00:22   <DIR>   d--------   c:\documents and settings\Kevin\Application Data\Malwarebytes
          2009-02-26 00:22 . 2009-02-26 00:22   <DIR>   d--------   c:\documents and settings\All Users\Application Data\Malwarebytes
          2009-02-26 00:22 . 2009-02-11 10:19   38,496   --a------   c:\windows\system32\drivers\mbamswissarmy.sys
          2009-02-26 00:22 . 2009-02-11 10:19   15,504   --a------   c:\windows\system32\drivers\mbam.sys
          2009-02-25 23:10 . 2009-02-25 23:10   <DIR>   d--------   c:\program files\SUPERAntiSpyware
          2009-02-25 23:10 . 2009-02-25 23:10   <DIR>   d--------   c:\documents and settings\Kevin\Application Data\SUPERAntiSpyware.com
          2009-02-25 23:10 . 2009-02-25 23:10   <DIR>   d--------   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
          2009-02-25 23:09 . 2009-02-25 23:09   <DIR>   d--------   c:\program files\Common Files\Wise Installation Wizard
          2009-02-24 21:24 . 2009-02-24 21:24   <DIR>   d--------   c:\documents and settings\All Users\Application Data\PCPitstop
          2009-02-22 01:06 . 2009-02-22 01:06   0   --a------   C:\~VMAC.tmp
          2009-02-22 01:06 . 2009-02-22 01:06   0   --a------   C:\~VMAB.tmp
          2009-02-22 01:06 . 2009-02-22 01:06   0   --a------   C:\~VMAA.tmp
          2009-02-22 01:06 . 2009-02-22 01:06   0   --a------   C:\~VMA9.tmp
          2009-02-22 01:06 . 2009-02-22 01:06   0   --a------   C:\~VMA8.tmp
          2009-02-22 01:06 . 2009-02-22 01:06   0   --a------   C:\~VMA7.tmp
          2009-02-22 01:06 . 2009-02-22 01:06   0   --a------   C:\~VMA6.tmp
          2009-02-22 01:06 . 2009-02-22 01:06   0   --a------   C:\~VMA5.tmp
          2009-02-22 01:06 . 2009-02-22 01:06   0   --a------   C:\~VMA4.tmp
          2009-02-15 16:50 . 2009-02-25 22:24   54,073   --a------   c:\windows\Sysvxd.exe
          2009-02-15 10:25 . 2009-02-15 10:25   <DIR>   d--hs----   c:\documents and settings\Kevin\IECompatCache
          2009-02-01 14:48 . 2009-02-01 14:48   <DIR>   d--hs----   c:\documents and settings\Kevin\IETldCache
          2009-01-29 21:40 . 2009-01-29 21:42   <DIR>   d--h-c---   c:\windows\ie8
          2009-01-29 21:38 . 2009-01-10 23:00   79,360   -----c---   c:\windows\system32\dllcache\iecompat.dll

          .
          ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          2009-02-28 04:49   ---------   d-----w   c:\program files\Common Files\Symantec Shared
          2009-02-26 05:00   ---------   d-----w   c:\program files\NRatings
          2009-02-26 04:12   ---------   d--h--w   c:\program files\InstallShield Installation Information
          2009-02-25 03:43   ---------   d-----w   c:\program files\Common Files\AOL
          2009-02-25 03:42   ---------   d-----w   c:\documents and settings\All Users\Application Data\BVRP Software
          2009-02-25 03:41   ---------   d-----w   c:\program files\N4um
          2009-02-25 03:33   ---------   d-----w   c:\program files\CCleaner
          2009-02-23 01:42   ---------   d-----w   c:\documents and settings\Kevin\Application Data\teamspeak2
          2009-02-12 02:28   ---------   d-----w   c:\documents and settings\All Users\Application Data\Microsoft Help
          2009-02-08 04:33   ---------   d-----w   c:\program files\NETGEAR HDX101 Configuration Utility
          2009-02-06 05:35   ---------   d-----w   c:\documents and settings\All Users\Application Data\yahoo!
          2009-01-20 05:50   ---------   d-----w   c:\program files\Creative
          2009-01-18 22:03   ---------   d-----w   c:\program files\Teamspeak2_RC2
          2009-01-18 06:38   ---------   d-----w   c:\documents and settings\Kevin\Application Data\Yahoo!
          2009-01-15 08:05   911,872   ----a-w   c:\windows\system32\wininet.dll
          2009-01-15 08:05   43,008   ----a-w   c:\windows\system32\licmgr10.dll
          2009-01-15 08:04   18,944   ----a-w   c:\windows\system32\corpol.dll
          2009-01-15 08:03   72,704   ----a-w   c:\windows\system32\admparse.dll
          2009-01-15 08:03   71,680   ----a-w   c:\windows\system32\iesetup.dll
          2009-01-15 08:03   420,352   ----a-w   c:\windows\system32\vbscript.dll
          2009-01-15 08:01   34,304   ----a-w   c:\windows\system32\imgutil.dll
          2009-01-15 08:00   48,128   ----a-w   c:\windows\system32\mshtmler.dll
          2009-01-15 08:00   45,568   ----a-w   c:\windows\system32\mshta.exe
          2009-01-15 07:50   156,160   ----a-w   c:\windows\system32\msls31.dll
          2009-01-12 18:15   410,984   ----a-w   c:\windows\system32\deploytk.dll
          2009-01-12 18:15   ---------   d-----w   c:\program files\Java
          2009-01-08 03:01   806   ----a-w   c:\windows\system32\drivers\SYMEVENT.INF
          2009-01-08 03:01   60,808   ----a-w   c:\windows\system32\S32EVNT1.DLL
          2009-01-08 03:01   124,464   ----a-w   c:\windows\system32\drivers\SYMEVENT.SYS
          2009-01-08 03:01   10,635   ----a-w   c:\windows\system32\drivers\SYMEVENT.CAT
          2009-01-08 03:01   ---------   d-----w   c:\program files\Symantec
          2009-01-01 07:32   ---------   d-----w   c:\program files\XML Notepad 2007
          2008-12-29 01:12   ---------   d-----w   c:\program files\SystemRequirementsLab
          2008-12-28 01:39   ---------   d-----w   c:\program files\eMule
          2008-12-24 03:58   453,152   ----a-w   c:\windows\system32\NVUNINST.EXE
          2008-07-10 13:30   92,064   ----a-w   c:\documents and settings\Kevin\mqdmmdm.sys
          2008-07-10 13:30   9,232   ----a-w   c:\documents and settings\Kevin\mqdmmdfl.sys
          2008-07-10 13:30   79,328   ----a-w   c:\documents and settings\Kevin\mqdmserd.sys
          2008-07-10 13:30   66,656   ----a-w   c:\documents and settings\Kevin\mqdmbus.sys
          2008-07-10 13:30   6,208   ----a-w   c:\documents and settings\Kevin\mqdmcmnt.sys
          2008-07-10 13:30   5,936   ----a-w   c:\documents and settings\Kevin\mqdmwhnt.sys
          2008-07-10 13:30   4,048   ----a-w   c:\documents and settings\Kevin\mqdmcr.sys
          2008-07-10 13:30   25,600   ----a-w   c:\documents and settings\Kevin\usbsermptxp.sys
          2008-07-10 13:30   22,768   ----a-w   c:\documents and settings\Kevin\usbsermpt.sys
          2008-05-26 01:36   32,768   --sha-w   c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008052520080526\index.dat
          .

          (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          .
          *Note* empty entries & legit default entries are not shown
          REGEDIT4

          [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
          "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 1688872]
          "Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2008-11-20 4347120]

          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "HPDJ Taskbar Utility"="c:\windows\System32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-05-24 188416]
          "HPHmon04"="c:\windows\System32\hphmon04.exe" [2002-06-20 339968]
          "HPHUPD04"="c:\program files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe" [2002-05-24 49152]
          "Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
          "PRONoMgr.exe"="c:\program files\Intel\NCS\PROSet\PRONoMgr.exe" [2003-03-11 86016]
          "YBrowser"="c:\progra~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 129536]
          "Motive SmartBridge"="c:\progra~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2005-08-24 442455]
          "YOP"="c:\progra~1\Yahoo!\YOP\yop.exe" [2007-10-26 509224]
          "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 115816]
          "osCheck"="c:\progra~1\Symantec\osCheck.exe" [2007-01-14 771704]
          "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
          "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-12 136600]
          "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
          "Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
          "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
          "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
          "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
          "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-11-09 185872]
          "NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
          "NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 2213160]
          "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2008-06-10 1442888]
          "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-26 13680640]
          "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-26 86016]
          "nwiz"="nwiz.exe" [2008-12-26 c:\windows\system32\nwiz.exe]

          c:\documents and settings\All Users\Start Menu\Programs\Startup\
          AT&T Self Support Tool.lnk - c:\program files\SBC Self Support Tool\bin\matcli.exe [2008-03-02 217088]
          Event Planner Reminder.lnk - c:\program files\Creative Home\Hallmark Card Studio 2006\Planner\PLNRnote.exe [2005-08-30 25896]

          [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
          "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

          [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
          2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

          [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
          "DisableMonitoring"=dword:00000001

          [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
          "DisableMonitoring"=dword:00000001

          [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
          "DisableMonitoring"=dword:00000001

          [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
          "EnableFirewall"= 0 (0x0)

          [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
          "%windir%\\system32\\sessmgr.exe"=
          "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
          "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
          "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
          "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
          "c:\\Program Files\\Messenger\\msmsgs.exe"=
          "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
          "c:\\Program Files\\iTunes\\iTunes.exe"=
          "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

          R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-02-17 8944]
          R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-02-17 55024]
          R2 Kithara-RBsoft;RBsoft Customer Driver;c:\windows\system32\RBsoft.sys [2008-05-06 184864]
          R2 Viewpoint Service;Viewpoint Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2008-09-16 30152]
          R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-02-25 101936]
          R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-02-26 38496]
          S3 imhidusb;Immersion's HID USB Driver;c:\windows\system32\drivers\ImHidUsb.sys [2001-12-12 30772]
          S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-01-25 42000]
          S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-02-17 7408]

          --- Other Services/Drivers In Memory ---

          *NewlyCreated* - COMHOST

          [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
          "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
          .
          Contents of the 'Scheduled Tasks' folder

          2009-02-08 c:\windows\Tasks\AppleSoftwareUpdate.job
          - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]

          2008-12-26 c:\windows\Tasks\Microsoft_Hardware_Launch_IType_exe.job
          - c:\program files\Microsoft IntelliType Pro\itype.exe [2008-06-10 12:56]

          2008-03-29 c:\windows\Tasks\Norton Security Online - Run Full System Scan - Kevin.job
          - c:\progra~1\Symantec\Norton AntiVirus\Navw32.exe [2007-01-14 03:09]
          .
          .
          ------- Supplementary Scan -------
          .
          uStart Page = hxxp://att.yahoo.com
          uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
          uInternet Settings,ProxyOverride = 127.0.0.1;*.local
          IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
          DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
          DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab
          .

          **************************************************************************

          catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
          Rootkit scan 2009-02-27 23:01:58
          Windows 5.1.2600 Service Pack 3 NTFS

          scanning hidden processes ... 

          scanning hidden autostart entries ...

          scanning hidden files ... 

          scan completed successfully
          hidden files: 0

          **************************************************************************
          .
          --------------------- DLLs Loaded Under Running Processes ---------------------

          - - - - - - - > 'winlogon.exe'(868)
          c:\program files\SUPERAntiSpyware\SASWINLO.dll
          .
          Completion time: 2009-02-27 23:03:29
          ComboFix-quarantined-files.txt  2009-02-28 05:03:19

          Pre-Run: 108,706,639,872 bytes free
          Post-Run: 110,020,526,080 bytes free

          203   --- E O F ---   2009-02-26 02:41:05
          Logged

          flameking



            Beginner

            Re: Sysvxd.exe problem
            « Reply #6 on: February 27, 2009, 10:08:12 PM »
            i don't recommend using norton. i screwed my computer once and i had buy another one. i have different protection now. it works no problem yet. thank god. switch while u still can.
            Logged

            evilfantasy

            • Malware Removal Specialist
            • Moderator


              • Genius
            • Calm like a bomb
              • Thanked: 493
            • Experience: Experienced
            • OS: Windows 11
            Re: Sysvxd.exe problem
            « Reply #7 on: February 27, 2009, 10:23:19 PM »
            Delete these files/folders, as follows:

            1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
            It must be Notepad, not Wordpad.
            2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

            Code: [Select]
            KillAll::

            File::
            C:\~VMAC.tmp
            C:\~VMAB.tmp
            C:\~VMAA.tmp
            C:\~VMA9.tmp
            C:\~VMA8.tmp
            C:\~VMA7.tmp
            C:\~VMA6.tmp
            C:\~VMA5.tmp
            C:\~VMA4.tmp
            c:\windows\Sysvxd.exe

            Folder::
            c:\program files\Viewpoint

            Driver::
            Viewpoint Service
            3. Go to the Notepad window and click Edit > Paste
            4. Then click File > Save
            5. Name the file CFScript.txt - Save the file to your Desktop
            6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!



            ComboFix will begin to execute, just follow the prompts.
            After reboot (in case it asks to reboot), it will produce a log for you.
            Post that log (Combofix.txt) in your next reply.

            Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze
            Logged

            pbfoot

              Topic Starter


              Rookie

              Re: Sysvxd.exe problem
              « Reply #8 on: February 27, 2009, 10:40:15 PM »
              Next ComboFix log:

              ComboFix 09-02-27.02 - Kevin 2009-02-27 23:30:44.2 - NTFSx86
              Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3071.2488 [GMT -6:00]
              Running from: c:\documents and settings\Kevin\Desktop\ComboFix.exe
              Command switches used :: c:\documents and settings\Kevin\Desktop\CFScript.txt
              AV: Norton Security Online *On-access scanning disabled* (Updated)
              FW: Norton Security Online *disabled*
               * Created a new restore point

              WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

              FILE ::
              C:\~VMA4.tmp
              C:\~VMA5.tmp
              C:\~VMA6.tmp
              C:\~VMA7.tmp
              C:\~VMA8.tmp
              C:\~VMA9.tmp
              C:\~VMAA.tmp
              C:\~VMAB.tmp
              C:\~VMAC.tmp
              c:\windows\Sysvxd.exe
              .

              (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
              .

              C:\~VMA4.tmp
              C:\~VMA5.tmp
              C:\~VMA6.tmp
              C:\~VMA7.tmp
              C:\~VMA8.tmp
              C:\~VMA9.tmp
              C:\~VMAA.tmp
              C:\~VMAB.tmp
              C:\~VMAC.tmp
              c:\program files\Viewpoint
              c:\program files\Viewpoint\Common\ViewpointService.exe
              c:\program files\Viewpoint\Common\VistaBoot.sdll
              c:\program files\Viewpoint\Viewpoint Media Player\AxMetaStream.dll
              c:\program files\Viewpoint\Viewpoint Media Player\ClassIDs.ini
              c:\program files\Viewpoint\Viewpoint Media Player\ComponentMgr.dll
              c:\program files\Viewpoint\Viewpoint Media Player\ComponentRegistry.ini
              c:\program files\Viewpoint\Viewpoint Media Player\Components\AOLUserShell.dll
              c:\program files\Viewpoint\Viewpoint Media Player\Components\Cursors.dll
              c:\program files\Viewpoint\Viewpoint Media Player\Components\ExtremeShot.dll
              c:\program files\Viewpoint\Viewpoint Media Player\Components\JpegReader.dll
              c:\program files\Viewpoint\Viewpoint Media Player\Components\Mts3Reader.dll
              c:\program files\Viewpoint\Viewpoint Media Player\Components\SceneComponent.dll
              c:\program files\Viewpoint\Viewpoint Media Player\Components\SreeDMMX.dll
              c:\program files\Viewpoint\Viewpoint Media Player\Components\SWFView.dll
              c:\program files\Viewpoint\Viewpoint Media Player\Components\SWFViewHost.dll
              c:\program files\Viewpoint\Viewpoint Media Player\Components\VETScriptInterpreter.dll
              c:\program files\Viewpoint\Viewpoint Media Player\Components\VMPVideo2.dll
              c:\program files\Viewpoint\Viewpoint Media Player\Components\WaveletReader.dll
              c:\program files\Viewpoint\Viewpoint Media Player\DownLoadHist.ini
              c:\program files\Viewpoint\Viewpoint Media Player\HostRegistry.ini
              c:\program files\Viewpoint\Viewpoint Media Player\MetaStreamConfig.ini
              c:\program files\Viewpoint\Viewpoint Media Player\MetaStreamID.ini
              c:\program files\Viewpoint\Viewpoint Media Player\MtsAxInstaller.exe
              c:\program files\Viewpoint\Viewpoint Media Player\MTSDownloadSites.txt
              c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
              c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.xpt
              c:\program files\Viewpoint\Viewpoint Media Player\VMPUpdateCount.ini
              c:\windows\Sysvxd.exe

              .
              (((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
              .

              -------\Legacy_VIEWPOINT_SERVICE
              -------\Service_Viewpoint Service


              (((((((((((((((((((((((((   Files Created from 2009-01-28 to 2009-02-28  )))))))))))))))))))))))))))))))
              .

              2009-02-26 20:31 . 2009-02-26 20:31   <DIR>   d--------   c:\program files\Trend Micro
              2009-02-26 00:22 . 2009-02-27 21:12   <DIR>   d--------   c:\program files\Malwarebytes' Anti-Malware
              2009-02-26 00:22 . 2009-02-26 00:22   <DIR>   d--------   c:\documents and settings\Kevin\Application Data\Malwarebytes
              2009-02-26 00:22 . 2009-02-26 00:22   <DIR>   d--------   c:\documents and settings\All Users\Application Data\Malwarebytes
              2009-02-26 00:22 . 2009-02-11 10:19   38,496   --a------   c:\windows\system32\drivers\mbamswissarmy.sys
              2009-02-26 00:22 . 2009-02-11 10:19   15,504   --a------   c:\windows\system32\drivers\mbam.sys
              2009-02-25 23:10 . 2009-02-25 23:10   <DIR>   d--------   c:\program files\SUPERAntiSpyware
              2009-02-25 23:10 . 2009-02-25 23:10   <DIR>   d--------   c:\documents and settings\Kevin\Application Data\SUPERAntiSpyware.com
              2009-02-25 23:10 . 2009-02-25 23:10   <DIR>   d--------   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
              2009-02-25 23:09 . 2009-02-25 23:09   <DIR>   d--------   c:\program files\Common Files\Wise Installation Wizard
              2009-02-24 21:24 . 2009-02-24 21:24   <DIR>   d--------   c:\documents and settings\All Users\Application Data\PCPitstop
              2009-02-15 10:25 . 2009-02-15 10:25   <DIR>   d--hs----   c:\documents and settings\Kevin\IECompatCache
              2009-02-01 14:48 . 2009-02-01 14:48   <DIR>   d--hs----   c:\documents and settings\Kevin\IETldCache
              2009-01-29 21:40 . 2009-01-29 21:42   <DIR>   d--h-c---   c:\windows\ie8
              2009-01-29 21:38 . 2009-01-10 23:00   79,360   -----c---   c:\windows\system32\dllcache\iecompat.dll

              .
              ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
              .
              2009-02-28 05:34   ---------   d-----w   c:\program files\Common Files\Symantec Shared
              2009-02-26 05:00   ---------   d-----w   c:\program files\NRatings
              2009-02-26 04:12   ---------   d--h--w   c:\program files\InstallShield Installation Information
              2009-02-25 03:43   ---------   d-----w   c:\program files\Common Files\AOL
              2009-02-25 03:42   ---------   d-----w   c:\documents and settings\All Users\Application Data\BVRP Software
              2009-02-25 03:41   ---------   d-----w   c:\program files\N4um
              2009-02-25 03:33   ---------   d-----w   c:\program files\CCleaner
              2009-02-23 01:42   ---------   d-----w   c:\documents and settings\Kevin\Application Data\teamspeak2
              2009-02-12 02:28   ---------   d-----w   c:\documents and settings\All Users\Application Data\Microsoft Help
              2009-02-08 04:33   ---------   d-----w   c:\program files\NETGEAR HDX101 Configuration Utility
              2009-02-06 05:35   ---------   d-----w   c:\documents and settings\All Users\Application Data\yahoo!
              2009-01-20 05:50   ---------   d-----w   c:\program files\Creative
              2009-01-18 22:03   ---------   d-----w   c:\program files\Teamspeak2_RC2
              2009-01-18 06:38   ---------   d-----w   c:\documents and settings\Kevin\Application Data\Yahoo!
              2009-01-12 18:15   ---------   d-----w   c:\program files\Java
              2009-01-08 03:01   806   ----a-w   c:\windows\system32\drivers\SYMEVENT.INF
              2009-01-08 03:01   124,464   ----a-w   c:\windows\system32\drivers\SYMEVENT.SYS
              2009-01-08 03:01   10,635   ----a-w   c:\windows\system32\drivers\SYMEVENT.CAT
              2009-01-08 03:01   ---------   d-----w   c:\program files\Symantec
              2009-01-01 07:32   ---------   d-----w   c:\program files\XML Notepad 2007
              2008-12-29 01:12   ---------   d-----w   c:\program files\SystemRequirementsLab
              2008-12-28 01:39   ---------   d-----w   c:\program files\eMule
              2008-07-10 13:30   92,064   ----a-w   c:\documents and settings\Kevin\mqdmmdm.sys
              2008-07-10 13:30   9,232   ----a-w   c:\documents and settings\Kevin\mqdmmdfl.sys
              2008-07-10 13:30   79,328   ----a-w   c:\documents and settings\Kevin\mqdmserd.sys
              2008-07-10 13:30   66,656   ----a-w   c:\documents and settings\Kevin\mqdmbus.sys
              2008-07-10 13:30   6,208   ----a-w   c:\documents and settings\Kevin\mqdmcmnt.sys
              2008-07-10 13:30   5,936   ----a-w   c:\documents and settings\Kevin\mqdmwhnt.sys
              2008-07-10 13:30   4,048   ----a-w   c:\documents and settings\Kevin\mqdmcr.sys
              2008-07-10 13:30   25,600   ----a-w   c:\documents and settings\Kevin\usbsermptxp.sys
              2008-07-10 13:30   22,768   ----a-w   c:\documents and settings\Kevin\usbsermpt.sys
              2008-05-26 01:36   32,768   --sha-w   c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008052520080526\index.dat
              .

              (((((((((((((((((((((((((((((   SnapShot@2009-02-27_23.02.26.06   )))))))))))))))))))))))))))))))))))))))))
              .
              + 2005-10-21 02:02:28   163,328   ----a-w   c:\windows\ERDNT\subs\ERDNT.EXE
              + 2009-02-28 05:34:29   16,384   ----atw   c:\windows\temp\Perflib_Perfdata_1c4.dat
              .
              (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
              .
              .
              *Note* empty entries & legit default entries are not shown
              REGEDIT4

              [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
              "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
              "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 1688872]
              "Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2008-11-20 4347120]

              [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
              "HPDJ Taskbar Utility"="c:\windows\System32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-05-24 188416]
              "HPHmon04"="c:\windows\System32\hphmon04.exe" [2002-06-20 339968]
              "HPHUPD04"="c:\program files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe" [2002-05-24 49152]
              "Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
              "PRONoMgr.exe"="c:\program files\Intel\NCS\PROSet\PRONoMgr.exe" [2003-03-11 86016]
              "YBrowser"="c:\progra~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 129536]
              "Motive SmartBridge"="c:\progra~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2005-08-24 442455]
              "YOP"="c:\progra~1\Yahoo!\YOP\yop.exe" [2007-10-26 509224]
              "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 115816]
              "osCheck"="c:\progra~1\Symantec\osCheck.exe" [2007-01-14 771704]
              "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
              "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-12 136600]
              "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
              "Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
              "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
              "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
              "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
              "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-11-09 185872]
              "NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
              "NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 2213160]
              "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2008-06-10 1442888]
              "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-26 13680640]
              "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-26 86016]
              "nwiz"="nwiz.exe" [2008-12-26 c:\windows\system32\nwiz.exe]

              c:\documents and settings\All Users\Start Menu\Programs\Startup\
              AT&T Self Support Tool.lnk - c:\program files\SBC Self Support Tool\bin\matcli.exe [2008-03-02 217088]
              Event Planner Reminder.lnk - c:\program files\Creative Home\Hallmark Card Studio 2006\Planner\PLNRnote.exe [2005-08-30 25896]

              [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
              "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

              [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
              2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

              [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
              "DisableMonitoring"=dword:00000001

              [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
              "DisableMonitoring"=dword:00000001

              [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
              "DisableMonitoring"=dword:00000001

              [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
              "EnableFirewall"= 0 (0x0)

              [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
              "%windir%\\system32\\sessmgr.exe"=
              "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
              "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
              "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
              "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
              "c:\\Program Files\\Messenger\\msmsgs.exe"=
              "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
              "c:\\Program Files\\iTunes\\iTunes.exe"=
              "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

              R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-02-17 8944]
              R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-02-17 55024]
              R2 Kithara-RBsoft;RBsoft Customer Driver;c:\windows\system32\RBsoft.sys [2008-05-06 184864]
              R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-02-25 101936]
              S3 imhidusb;Immersion's HID USB Driver;c:\windows\system32\drivers\ImHidUsb.sys [2001-12-12 30772]
              S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-02-26 38496]
              S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-01-25 42000]
              S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-02-17 7408]

              --- Other Services/Drivers In Memory ---

              *NewlyCreated* - COMHOST

              [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
              "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
              .
              Contents of the 'Scheduled Tasks' folder

              2009-02-08 c:\windows\Tasks\AppleSoftwareUpdate.job
              - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]

              2008-12-26 c:\windows\Tasks\Microsoft_Hardware_Launch_IType_exe.job
              - c:\program files\Microsoft IntelliType Pro\itype.exe [2008-06-10 12:56]

              2008-03-29 c:\windows\Tasks\Norton Security Online - Run Full System Scan - Kevin.job
              - c:\progra~1\Symantec\Norton AntiVirus\Navw32.exe [2007-01-14 03:09]
              .
              .
              ------- Supplementary Scan -------
              .
              uStart Page = hxxp://att.yahoo.com
              uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
              uInternet Settings,ProxyOverride = 127.0.0.1;*.local
              IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
              DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
              DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab
              .

              **************************************************************************

              catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
              Rootkit scan 2009-02-27 23:34:59
              Windows 5.1.2600 Service Pack 3 NTFS

              scanning hidden processes ... 

              scanning hidden autostart entries ...

              scanning hidden files ... 

              scan completed successfully
              hidden files: 0

              **************************************************************************
              .
              --------------------- DLLs Loaded Under Running Processes ---------------------

              - - - - - - - > 'winlogon.exe'(872)
              c:\program files\SUPERAntiSpyware\SASWINLO.dll
              .
              ------------------------ Other Running Processes ------------------------
              .
              c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
              c:\program files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
              c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
              c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
              c:\program files\Bonjour\mDNSResponder.exe
              c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
              c:\program files\Java\jre6\bin\jqs.exe
              c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
              c:\windows\system32\nvsvc32.exe
              c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
              c:\progra~1\Yahoo!\browser\ycommon.exe
              c:\windows\system32\hphipm11.exe
              c:\windows\system32\rundll32.exe
              c:\progra~1\Yahoo!\YOP\SSDK02.exe
              c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
              c:\program files\SBC Self Support Tool\bin\mpbtn.exe
              c:\program files\iPod\bin\iPodService.exe
              c:\progra~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe
              .
              **************************************************************************
              .
              Completion time: 2009-02-27 23:38:10 - machine was rebooted
              ComboFix-quarantined-files.txt  2009-02-28 05:38:08
              ComboFix2.txt  2009-02-28 05:03:30

              Pre-Run: 110,083,506,176 bytes free
              Post-Run: 109,977,575,424 bytes free

              256   --- E O F ---   2009-02-26 02:41:05
              Logged

              evilfantasy

              • Malware Removal Specialist
              • Moderator


                • Genius
              • Calm like a bomb
                • Thanked: 493
              • Experience: Experienced
              • OS: Windows 11
              Re: Sysvxd.exe problem
              « Reply #9 on: February 27, 2009, 10:53:11 PM »
              Click Start then Run and enter everything from the Code box below into the run box and then click OK.
              Code: [Select]
              "%userprofile%\Desktop\Combofix" /u
              Note:               The space between the Combofix" and the /u must be there.

              The above procedure will
              • Delete ComboFix and its associated files and folders.
              • Reset the clock settings.
              • Hide file extensions, if required.
              • Hide System/Hidden files, if required.
              • Set a new, clean Restore Point.
              .
              ----------

              How is the computer running now?

              .
              Logged

              pbfoot

                Topic Starter


                Rookie

                Re: Sysvxd.exe problem
                « Reply #10 on: February 27, 2009, 11:22:55 PM »
                Seems fine- that warning window only popped up on me a handful of times and I don't recall it interfering with other programs like I've read about in the forums here. I guess it effects each computer differently for the most part?
                I gather that the Sysvxd.exe was the main culprit?

                Hopefully this is another "case closed" for the sluths at Computer Hope.com!  ;D

                Thanks SO much for staying up late with me and all the help!  :)
                Logged

                evilfantasy

                • Malware Removal Specialist
                • Moderator


                  • Genius
                • Calm like a bomb
                  • Thanked: 493
                • Experience: Experienced
                • OS: Windows 11
                Re: Sysvxd.exe problem
                « Reply #11 on: February 27, 2009, 11:26:09 PM »
                Your welcome.

                Use the Secunia Software Inspector to check for out of date software.
                • Click Start Now
                • Check the box next to Enable thorough system inspection.
                • Click Start
                • Allow the scan to finish and scroll down to see if any updates are needed.
                • Update anything listed.
                .
                ----------

                Go to Microsoft Windows Update and get all critical updates.

                ----------

                Here are some great FREE tools to help you keep from getting infected again. These tools use little or no resources so won't slow down your PC.

                I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

                SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
                * Using SpywareBlaster to protect your computer from Spyware and Malware
                * If you don't know what ActiveX controls are, see here

                Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

                Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.
                Logged
                Pages: [1]   Go Up
                « previous next »