Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

« previous next »
Pages: [1]   Go Down

Author Topic: Laptop still running slowly - rootkit?  (Read 7411 times)

0 Members and 1 Guest are viewing this topic.

andrew0181

    Topic Starter


    Starter

    Laptop still running slowly - rootkit?
    « on: September 18, 2009, 06:29:58 AM »
    Hey,

     I realised I had a problem when I attempted to start Windows Vista, but I couldn't get past the 'welcome' screen. The screen hadn't frozen (the loading circle was still spinning) but after waiting for some time it wouldn't start. I ran in safe mode, ran avast and showed I had a rootkit win32:Alureon-CY in my operating memory, so I ran a boot time scan.

     It supposedly got rid of it, but since my laptop has still been running a lot slower, so I followed your guidelines (which were by far the most useful I could find online - thanks!) and have the copies of the three logs below. Please advise, I'd be extremely grateful for any help!

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 09/18/2009 at 12:35 PM

    Application Version : 4.28.1010

    Core Rules Database Version : 4107
    Trace Rules Database Version: 2047

    Scan type       : Custom Scan
    Total Scan Time : 17:45:25

    Memory items scanned      : 965
    Memory threats detected   : 0
    Registry items scanned    : 6865
    Registry threats detected : 10
    File items scanned        : 2210718
    File threats detected     : 2

    Trojan.Agent/Gen-Downloader[Packed]
       HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C3D409DF-0316-4FC0-89E2-DBDD885232A0}
       HKCR\CLSID\{C3D409DF-0316-4FC0-89E2-DBDD885232A0}
       HKCR\CLSID\{C3D409DF-0316-4FC0-89E2-DBDD885232A0}
       HKCR\CLSID\{C3D409DF-0316-4FC0-89E2-DBDD885232A0}\InprocServer32
       HKCR\CLSID\{C3D409DF-0316-4FC0-89E2-DBDD885232A0}\InprocServer32#ThreadingModel
       HKCR\CLSID\{C3D409DF-0316-4FC0-89E2-DBDD885232A0}\ProgID
       HKCR\CLSID\{C3D409DF-0316-4FC0-89E2-DBDD885232A0}\TypeLib
       HKCR\glok
       HKCR\TypeLib\{1ABA6D39-508C-483C-8466-9A9E69BC708F}
       C:\WINDOWS\SYSTEM32\YXHL0.DLL
       HKU\S-1-5-21-3356350433-2492298019-641508283-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C3D409DF-0316-4FC0-89E2-DBDD885232A0}
       YXHL0.DLL


    --------------------


    Malwarebytes' Anti-Malware 1.41
    Database version: 2819
    Windows 6.0.6001 Service Pack 1

    18/09/2009 12:58:07
    mbam-log-2009-09-18 (12-58-07).txt

    Scan type: Quick Scan
    Objects scanned: 84657
    Time elapsed: 2 minute(s), 52 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 1
    Registry Values Infected: 6
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 5

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\kt_bho.KettleBho (Trojan.BHO) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\MSN\BN (Trojan.Ambler) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\MSN\D1 (Trojan.Ambler) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\MSN\D2 (Trojan.Ambler) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\MSN\D3 (Trojan.Ambler) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\MSN\gd (Trojan.Ambler) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\MSN\pr (Trojan.Ambler) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\Windows\System32\gasfkybxoqqocc.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.
    C:\Windows\System32\gasfkyvphklrci.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.
    C:\Windows\System32\drivers\gasfkyxxwuqpig.sys (Rootkit.TDSS) -> Quarantined and deleted successfully.
    C:\Windows\System32\gasfkytevcynvs.dat (Rootkit.TDSS) -> Quarantined and deleted successfully.
    C:\Windows\System32\gasfkyuijvmetw.dat (Rootkit.TDSS) -> Quarantined and deleted successfully.


    ---------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:13:53, on 18/09/2009
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18294)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\Program Files\Sony\ISB Utility\ISBMgr.exe
    C:\Program Files\Sony\Marketing Tools\MarketingTools.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\Program Files\Sony\Network Utility\LANUtil.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\Apoint\ApMsgFwd.exe
    C:\Program Files\Apoint\Apvfb.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
    C:\Program Files\Sony\VAIO Reminder\VAIOReminder.exe
    C:\Program Files\Internet Explorer\ieuser.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Trend Micro\HijackThis\Sniper.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Partner BHO Class - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\partner.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [MarketingTools] C:\Program Files\Sony\Marketing Tools\MarketingTools.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKCU\..\Run: [NSUFloatingUI] "C:\Program Files\Sony\Network Utility\LANUtil.exe"
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Global Startup: Bluetooth.lnk = ?
    O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O13 - Gopher Prefix:
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    O23 - Service: NSUService - Sony Corporation - C:\Program Files\Sony\Network Utility\NSUService.exe
    O23 - Service: Partner Service - Google Inc. - C:\ProgramData\Partner\partner.exe
    O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe
    O23 - Service: VAIO Media plus Content Importer (SOHCImp) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\SOHLib\SOHCImp.exe
    O23 - Service: VAIO Media plus Database Manager (SOHDBSvr) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe
    O23 - Service: VAIO Media plus Digital Media Server (SOHDms) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDms.exe
    O23 - Service: VAIO Media plus Device Searcher (SOHDs) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDs.exe
    O23 - Service: VAIO Media plus Playlist Manager (SOHPlMgr) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe
    O23 - Service: TWAP - Unknown owner - C:\Users\Andrew\AppData\Local\Temp\TWAP.exe (file missing)
    O23 - Service: CamMonitor (uCamMonitor) - ArcSoft, Inc. - C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
    O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe
    O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
    O23 - Service: VAIO Power Management - Sony Corporation - C:\Program Files\Sony\VAIO Power Management\SPMService.exe
    O23 - Service: VAIO Content Folder Watcher (VCFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
    O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
    O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
    O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
    O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
    O23 - Service: WPLJQNI - Unknown owner - C:\Users\Andrew\AppData\Local\Temp\WPLJQNI.exe (file missing)

    --
    End of file - 10599 bytes

    Logged

    CBMatt

    • Mod & Malware Specialist


      • Prodigy

    • Sad and lonely...and loving every minute of it.
      • Thanked: 167
      • Yes
    • Experience: Experienced
    • OS: Windows 7
    Re: Laptop still running slowly - rootkit?
    « Reply #1 on: September 19, 2009, 10:06:43 PM »
    You've got a fun one...

    First, do the following...
    Click Start > Control Panel > System > Hardware > Device Manager > View > Show Hidden Devices.
    • Scroll down to “Non-plug and Play Drivers” and click the plus icon to open those drivers.
    • Then search for TDSSserv.sys
    • Let me know if you find this or not.
    • If you do find it, right click on it, and select “Disable”. Do not try to uninstall it.
    • Also if this is found and you disable it, then reboot and see if you can run the other scans that would not run.



    Then follow these steps...
    Please print these instructions as they will be needed later when Internet access is not available.
     
    Download SDFix by AndyManchesta and save it to your desktop. http://rapidshare.com/files/156236231/SDFix.exe.html

    When using this tool, you must use the Administrator's account or an account with Administrative rights
    • Double-click SDFix.exe and it will extract the files to %systemdrive% (this is the drive that contains the Windows Directory, typically C:\SDFix).
    • DO NOT use it just yet.
    Reboot your computer in Safe Mode using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears), press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

    Open the SDFix folder and double-click RunThis.bat to start the script.
    • Type Y to begin the cleanup process.
    • It will remove any Trojan Services or Registry Entries found then prompt you to press any key to reboot.
    • Press any Key and it will restart the PC.
    • When the PC restarts, the Fixtool will run again and complete the removal process then display Finished.  Press any key to end the script and load your desktop icons.
    • Once the desktop icons load, the SDFix report will open on screen and also save into the SDFix folder as Report.txt.
    • Copy and paste the contents of the results file Report.txt in your next reply.
    Logged
    Quote
    An undefined problem has an infinite number of solutions.
    —Robert A. Humphrey

    andrew0181

      Topic Starter


      Starter

      Re: Laptop still running slowly - rootkit?
      « Reply #2 on: September 20, 2009, 04:33:18 AM »
      Thanks for looking at the logs and advising - it's appreciated.

      I tried the first step and searched for TDSSserv.sys but it didn't appear. I the started with the second steps, but when I try to run SDFix.exe in safe mode it just flashes open then closes again. I had a look at the readme, and it suggests that SDFix only works with Windows 2000/XP, but I'm running Vista.

      Could catchme work instead?

      Logged

      CBMatt

      • Mod & Malware Specialist


        • Prodigy

      • Sad and lonely...and loving every minute of it.
        • Thanked: 167
        • Yes
      • Experience: Experienced
      • OS: Windows 7
      Re: Laptop still running slowly - rootkit?
      « Reply #3 on: September 20, 2009, 05:00:30 AM »
      Right, I don't use SDFix as often lately, so it slipped my mind that it doesn't work for Vista.  Sorry about that.  I was holding off on using ComboFix (which includes Catchme), but because you've already put such a large dent in TDSServ, there shouldn't be any conflict.

      Before following my steps, you may need to disable UAC.  If you don't know how to do this, read STEP 2 on this page:
      http://forums.majorgeeks.com/showthread.php?t=139681

      Then download ComboFix by sUBs from one of the below links.  Be sure to save it to the Desktop.

      http://download.bleepingcomputer.com/sUBs/ComboFix.exe
      http://subs.geekstogo.com/ComboFix.exe

      Close any open web browsers (Firefox, Internet Explorer, etc) before starting ComboFix.

      Temporarily disable your anti-virus, and any anti-spyware real-time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

      Double-click combofix.exe and follow the prompts.
      When finished, ComboFix will produce a log for you.
      Post the ComboFix log and a new HijackThis log in your next reply.

      NOTE: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

      Remember to re-enable your anti-virus and anti-spyware protection when ComboFix is complete.
      Logged
      Quote
      An undefined problem has an infinite number of solutions.
      —Robert A. Humphrey

      andrew0181

        Topic Starter


        Starter

        Re: Laptop still running slowly - rootkit?
        « Reply #4 on: September 20, 2009, 08:51:28 AM »
        OK followed all the steps. Here we go, hopefully we're making some progress!

        Combofix log:

        ComboFix 09-09-18.02 - Andrew 20/09/2009 14:52.1.2 - NTFSx86
        Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.44.1033.18.3038.1809 [GMT 1:00]
        Running from: c:\users\Andrew\Desktop\ComboFix.exe
        FW: Outpost Firewall *enabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}
        SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
        SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
        .

        (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
        .

        c:\$recycle.bin\S-1-5-21-3982674394-68895260-2756340350-500
        c:\$recycle.bin\S-1-5-21-769387424-2473901706-93561034-500

        .
        (((((((((((((((((((((((((   Files Created from 2009-08-20 to 2009-09-20  )))))))))))))))))))))))))))))))
        .

        2009-09-20 14:02 . 2009-09-20 14:03   --------   d-----w-   c:\users\Andrew\AppData\Local\temp
        2009-09-20 14:02 . 2009-09-20 14:02   --------   d-----w-   c:\users\Default\AppData\Local\temp
        2009-09-20 10:00 . 2008-10-16 11:17   --------   d-----w-   C:\SDFix
        2009-09-19 11:28 . 2009-09-19 11:28   --------   d-----w-   C:\Sandbox
        2009-09-19 11:25 . 2009-09-19 11:25   --------   d-----w-   c:\program files\Sandboxie
        2009-09-19 11:21 . 2006-11-30 21:24   86016   ----a-w-   c:\windows\system32\custmon32.dll
        2009-09-19 11:21 . 2009-09-19 11:21   --------   dc-h--w-   c:\programdata\{2A28C3FB-FC79-4677-A128-0D87F28F7084}
        2009-09-19 11:21 . 2009-09-19 11:21   --------   d-----w-   c:\program files\Capsoft
        2009-09-19 11:21 . 2009-09-19 11:21   --------   d-----w-   c:\program files\PDF Creator
        2009-09-19 00:28 . 2009-04-06 10:37   704384   ----a-w-   c:\windows\system32\drivers\SandBox.sys
        2009-09-19 00:27 . 2009-02-10 15:12   307224   ----a-w-   c:\windows\system32\drivers\afwcore.sys
        2009-09-19 00:25 . 2009-02-18 16:27   29208   ----a-w-   c:\windows\system32\drivers\afw.sys
        2009-09-19 00:25 . 2009-09-19 00:25   --------   d-----w-   c:\program files\Agnitum
        2009-09-19 00:24 . 2009-09-19 00:24   --------   d-----w-   c:\programdata\Agnitum
        2009-09-18 13:13 . 2009-09-20 13:42   --------   d-----w-   c:\users\Andrew\Tracing
        2009-09-18 12:10 . 2009-09-18 12:10   --------   d-----w-   c:\program files\Trend Micro
        2009-09-18 11:52 . 2009-09-18 11:52   --------   d-----w-   c:\users\Andrew\AppData\Roaming\Malwarebytes
        2009-09-18 11:52 . 2009-09-10 13:54   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
        2009-09-18 11:52 . 2009-09-18 11:52   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
        2009-09-18 11:52 . 2009-09-18 11:52   --------   d-----w-   c:\programdata\Malwarebytes
        2009-09-18 11:52 . 2009-09-10 13:53   19160   ----a-w-   c:\windows\system32\drivers\mbam.sys
        2009-09-17 17:37 . 2009-09-17 17:37   --------   d-----w-   c:\programdata\SUPERAntiSpyware.com
        2009-09-17 17:37 . 2009-09-18 11:42   --------   d-----w-   c:\program files\SUPERAntiSpyware
        2009-09-17 17:37 . 2009-09-17 17:37   --------   d-----w-   c:\users\Andrew\AppData\Roaming\SUPERAntiSpyware.com
        2009-09-17 17:36 . 2009-09-17 17:36   --------   d-----w-   c:\program files\Common Files\Wise Installation Wizard
        2009-09-17 16:15 . 2009-09-17 16:15   --------   d-----w-   c:\program files\CCleaner
        2009-09-17 15:24 . 2009-09-17 15:24   --------   d-----w-   c:\users\Andrew\Pavark
        2009-09-17 15:15 . 2009-09-17 15:15   --------   d-----w-   c:\users\Andrew\AppData\Roaming\AVG8
        2009-09-15 23:41 . 2009-09-15 23:41   --------   d-----w-   c:\programdata\ArcSoft
        2009-09-15 23:40 . 2009-09-15 23:41   --------   d-----w-   c:\users\Andrew\AppData\Roaming\ArcSoft
        2009-09-15 19:34 . 2009-09-15 19:37   --------   d-----w-   c:\users\Andrew\AppData\Local\Adobe
        2009-09-15 14:04 . 2009-09-15 14:04   --------   d-----w-   c:\program files\YouTube Downloader
        2009-09-15 13:04 . 2009-09-20 12:33   --------   d-----w-   c:\users\Andrew\AppData\Roaming\skypePM
        2009-09-15 13:04 . 2009-08-17 16:04   51376   ----a-w-   c:\windows\system32\drivers\aswTdi.sys
        2009-09-15 13:04 . 2009-08-17 16:04   23152   ----a-w-   c:\windows\system32\drivers\aswRdr.sys
        2009-09-15 13:04 . 2009-08-17 16:02   97480   ----a-w-   c:\windows\system32\AvastSS.scr
        2009-09-15 13:04 . 2009-08-17 16:05   114768   ----a-w-   c:\windows\system32\drivers\aswSP.sys
        2009-09-15 13:04 . 2009-08-17 16:05   20560   ----a-w-   c:\windows\system32\drivers\aswFsBlk.sys
        2009-09-15 13:03 . 2009-08-17 16:10   1279456   ----a-w-   c:\windows\system32\aswBoot.exe
        2009-09-15 13:03 . 2009-08-17 16:05   53328   ----a-w-   c:\windows\system32\drivers\aswMonFlt.sys
        2009-09-15 13:03 . 2009-09-15 13:03   --------   d-----w-   c:\program files\Alwil Software
        2009-09-15 13:03 . 2009-06-22 10:22   2048   ----a-w-   c:\windows\system32\tzres.dll
        2009-09-15 13:02 . 2009-09-20 13:40   --------   d-----w-   c:\users\Andrew\AppData\Roaming\Skype
        2009-09-15 13:02 . 2009-09-15 13:02   --------   d-----w-   c:\program files\Common Files\Skype
        2009-09-15 13:02 . 2009-09-15 13:02   --------   d-----r-   c:\program files\Skype
        2009-09-15 12:59 . 2009-09-15 12:59   --------   d-----w-   C:\VAIO Entertainment
        2009-09-15 10:36 . 2009-09-15 10:36   --------   d-----w-   c:\programdata\Azureus
        2009-09-15 10:35 . 2008-06-20 01:14   97800   ----a-w-   c:\windows\system32\infocardapi.dll
        2009-09-15 10:35 . 2009-09-20 11:34   --------   d-----w-   c:\users\Andrew\AppData\Roaming\Azureus
        2009-09-15 10:35 . 2008-06-20 01:14   105016   ----a-w-   c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
        2009-09-15 10:35 . 2008-06-20 01:14   622080   ----a-w-   c:\windows\system32\icardagt.exe
        2009-09-15 10:35 . 2008-06-20 01:14   43544   ----a-w-   c:\windows\system32\PresentationHostProxy.dll
        2009-09-15 10:35 . 2008-06-20 01:14   11264   ----a-w-   c:\windows\system32\icardres.dll
        2009-09-15 10:35 . 2008-06-20 01:14   781344   ----a-w-   c:\windows\system32\PresentationNative_v0300.dll
        2009-09-15 10:35 . 2008-06-20 01:14   326160   ----a-w-   c:\windows\system32\PresentationHost.exe
        2009-09-15 10:34 . 2009-09-15 10:34   --------   d-----w-   c:\program files\Vuze
        2009-09-15 10:29 . 2008-07-27 18:03   96760   ----a-w-   c:\windows\system32\dfshim.dll
        2009-09-15 10:29 . 2008-07-27 18:03   282112   ----a-w-   c:\windows\system32\mscoree.dll
        2009-09-15 10:29 . 2008-07-27 18:03   41984   ----a-w-   c:\windows\system32\netfxperf.dll
        2009-09-15 10:28 . 2008-07-27 18:03   158720   ----a-w-   c:\windows\system32\mscorier.dll
        2009-09-15 10:28 . 2008-07-27 18:03   83968   ----a-w-   c:\windows\system32\mscories.dll
        2009-09-15 10:26 . 2009-06-15 15:24   156672   ----a-w-   c:\windows\system32\t2embed.dll
        2009-09-15 10:26 . 2009-06-15 15:20   72704   ----a-w-   c:\windows\system32\fontsub.dll
        2009-09-15 10:26 . 2009-06-15 15:20   10240   ----a-w-   c:\windows\system32\dciman32.dll
        2009-09-15 10:26 . 2009-06-15 12:52   289792   ----a-w-   c:\windows\system32\atmfd.dll
        2009-09-15 10:26 . 2009-04-23 12:42   636928   ----a-w-   c:\windows\system32\localspl.dll
        2009-09-15 10:26 . 2008-10-22 03:57   241152   ----a-w-   c:\windows\system32\PortableDeviceApi.dll
        2009-09-15 10:26 . 2009-04-23 12:43   784896   ----a-w-   c:\windows\system32\rpcrt4.dll
        2009-09-15 10:22 . 2009-04-30 12:37   428544   ----a-w-   c:\windows\system32\EncDec.dll
        2009-09-15 10:21 . 2009-07-17 14:35   71680   ----a-w-   c:\windows\system32\atl.dll
        2009-09-15 10:16 . 2009-09-19 20:52   --------   d-----w-   c:\users\Andrew\AppData\Local\Apple Computer
        2009-09-15 10:16 . 2009-09-15 10:18   --------   d-----w-   c:\users\Andrew\AppData\Roaming\Apple Computer
        2009-09-15 10:16 . 2009-09-15 10:16   --------   dc----w-   c:\windows\system32\DRVSTORE
        2009-09-15 10:16 . 2009-05-18 13:17   26600   ----a-w-   c:\windows\system32\drivers\GEARAspiWDM.sys
        2009-09-15 10:16 . 2008-04-17 12:12   107368   ----a-w-   c:\windows\system32\GEARAspi.dll
        2009-09-15 10:15 . 2009-09-15 10:15   --------   d-----w-   c:\program files\iPod
        2009-09-15 10:15 . 2009-09-15 10:16   --------   d-----w-   c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
        2009-09-15 10:15 . 2009-09-15 10:16   --------   d-----w-   c:\program files\iTunes
        2009-09-15 10:14 . 2009-09-15 10:14   --------   d-----w-   c:\program files\Bonjour
        2009-09-15 10:13 . 2009-09-15 10:14   --------   d-----w-   c:\program files\QuickTime
        2009-09-15 10:13 . 2009-09-15 10:15   --------   d-----w-   c:\programdata\Apple Computer
        2009-09-15 10:12 . 2009-09-15 10:12   --------   d-----w-   c:\users\Andrew\AppData\Local\Apple
        2009-09-15 10:12 . 2009-09-15 10:12   --------   d-----w-   c:\program files\Apple Software Update
        2009-09-15 10:10 . 2009-09-15 10:15   --------   d-----w-   c:\program files\Common Files\Apple
        2009-09-15 10:10 . 2009-09-15 10:10   --------   d-----w-   c:\programdata\Apple
        2009-09-15 10:04 . 2008-10-16 21:13   1809944   ----a-w-   c:\windows\system32\wuaueng.dll
        2009-09-15 10:04 . 2008-10-16 21:09   51224   ----a-w-   c:\windows\system32\wuauclt.exe
        2009-09-15 10:04 . 2008-10-16 21:09   43544   ----a-w-   c:\windows\system32\wups2.dll
        2009-09-15 10:04 . 2008-10-16 20:56   1524736   ----a-w-   c:\windows\system32\wucltux.dll
        2009-09-15 10:04 . 2008-10-16 21:12   561688   ----a-w-   c:\windows\system32\wuapi.dll
        2009-09-15 10:04 . 2008-10-16 21:08   34328   ----a-w-   c:\windows\system32\wups.dll
        2009-09-15 10:04 . 2008-10-16 20:55   83456   ----a-w-   c:\windows\system32\wudriver.dll
        2009-09-15 10:04 . 2008-10-16 13:08   162064   ----a-w-   c:\windows\system32\wuwebv.dll
        2009-09-15 10:04 . 2008-10-16 12:56   31232   ----a-w-   c:\windows\system32\wuapp.exe
        2009-09-15 09:51 . 2009-09-15 09:51   --------   d-----w-   c:\users\Andrew\AppData\Local\Sony_Corporation
        2009-09-15 09:51 . 2009-09-15 09:51   --------   d-----w-   c:\users\Andrew\AppData\Roaming\ATI
        2009-09-15 09:51 . 2009-09-15 09:51   --------   d-----w-   c:\users\Andrew\AppData\Local\ATI
        2009-09-15 09:51 . 2009-09-15 09:51   --------   d-----w-   c:\users\Andrew\AppData\Local\Broadcom
        2009-09-15 09:51 . 2009-09-18 23:58   --------   d-----w-   c:\users\Andrew\AppData\Local\Google
        2009-09-15 09:51 . 2009-09-15 10:40   --------   d-----w-   c:\users\Andrew\AppData\Roaming\Sony Corporation
        2009-09-15 09:50 . 2009-09-17 15:10   --------   d-----w-   c:\users\Andrew\AppData\Local\VirtualStore

        .
        ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
        .
        2009-09-20 13:40 . 2009-05-15 18:54   12   ----a-w-   c:\windows\bthservsdp.dat
        2009-09-18 23:59 . 2009-06-17 16:25   --------   d-----w-   c:\program files\Google
        2009-09-18 12:05 . 2009-05-15 21:18   411368   ----a-w-   c:\windows\system32\deploytk.dll
        2009-09-15 15:25 . 2009-05-15 21:17   --------   d-----w-   c:\programdata\Sony Corporation
        2009-09-15 14:00 . 2009-05-15 21:18   --------   d-----w-   c:\program files\Java
        2009-09-15 13:52 . 2009-06-17 16:27   --------   d-----w-   c:\programdata\McAfee
        2009-09-15 13:06 . 2006-11-02 11:18   --------   d-----w-   c:\program files\Windows Mail
        2009-09-15 13:04 . 2009-09-15 13:04   56   ---ha-w-   c:\programdata\ezsidmv.dat
        2009-09-15 13:02 . 2009-06-17 16:44   --------   d-----w-   c:\programdata\Skype
        2009-09-15 09:49 . 2009-09-15 09:49   0   ---ha-r-   c:\windows\system32\drivers\104D_Sony_VGN-NW11SS.mrk
        2009-09-15 09:47 . 2009-09-15 09:47   79096   ----a-w-   c:\users\Andrew\AppData\Local\GDIPFONTCACHEV1.DAT
        2009-08-28 12:39 . 2009-09-15 10:22   28672   ----a-w-   c:\windows\system32\Apphlpdm.dll
        2009-08-28 10:15 . 2009-09-15 10:22   4240384   ----a-w-   c:\windows\system32\GameUXLegacyGDFs.dll
        2009-08-14 17:07 . 2009-09-15 10:25   897608   ----a-w-   c:\windows\system32\drivers\tcpip.sys
        2009-08-14 16:29 . 2009-09-15 10:25   104960   ----a-w-   c:\windows\system32\netiohlp.dll
        2009-08-14 16:29 . 2009-09-15 10:25   17920   ----a-w-   c:\windows\system32\netevent.dll
        2009-08-14 14:16 . 2009-09-15 10:25   9728   ----a-w-   c:\windows\system32\TCPSVCS.EXE
        2009-08-14 14:16 . 2009-09-15 10:25   17920   ----a-w-   c:\windows\system32\ROUTE.EXE
        2009-08-14 14:16 . 2009-09-15 10:25   11264   ----a-w-   c:\windows\system32\MRINFO.EXE
        2009-08-14 14:16 . 2009-09-15 10:25   27136   ----a-w-   c:\windows\system32\NETSTAT.EXE
        2009-08-14 14:16 . 2009-09-15 10:25   19968   ----a-w-   c:\windows\system32\ARP.EXE
        2009-08-14 14:16 . 2009-09-15 10:25   8704   ----a-w-   c:\windows\system32\HOSTNAME.EXE
        2009-08-14 14:16 . 2009-09-15 10:25   10240   ----a-w-   c:\windows\system32\finger.exe
        2009-07-18 16:06 . 2009-09-15 10:22   827904   ----a-w-   c:\windows\system32\wininet.dll
        2009-07-18 16:01 . 2009-09-15 10:22   78336   ----a-w-   c:\windows\system32\ieencode.dll
        2009-07-18 09:46 . 2009-09-15 10:22   26624   ----a-w-   c:\windows\system32\ieUnatt.exe
        2009-07-14 13:00 . 2009-09-15 10:21   313344   ----a-w-   c:\windows\system32\wmpdxm.dll
        2009-07-14 12:59 . 2009-09-15 10:21   4096   ----a-w-   c:\windows\system32\dxmasf.dll
        2009-07-14 12:58 . 2009-09-15 10:21   7680   ----a-w-   c:\windows\system32\spwmp.dll
        2009-07-14 10:59 . 2009-09-15 10:21   8147456   ----a-w-   c:\windows\system32\wmploc.DLL
        2009-07-11 19:32 . 2009-09-15 10:21   302592   ----a-w-   c:\windows\system32\wlansec.dll
        2009-07-11 19:32 . 2009-09-15 10:21   293376   ----a-w-   c:\windows\system32\wlanmsm.dll
        2009-07-11 19:32 . 2009-09-15 10:21   513024   ----a-w-   c:\windows\system32\wlansvc.dll
        2009-07-11 19:29 . 2009-09-15 10:21   127488   ----a-w-   c:\windows\system32\L2SecHC.dll
        .

        (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
        .
        .
        *Note* empty entries & legit default entries are not shown
        REGEDIT4

        [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
        2009-06-17 16:25   159728   ----a-w-   c:\programdata\Partner\partner.dll

        [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
        "NSUFloatingUI"="c:\program files\Sony\Network Utility\LANUtil.exe" [2008-12-22 274432]
        "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-17 39408]
        "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-12-03 3882312]
        "SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2009-05-28 380416]

        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
        "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
        "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-01-06 6703648]
        "Apoint"="c:\program files\Apoint\Apoint.exe" [2009-04-13 155648]
        "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-12-03 35184]
        "ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2008-12-18 317288]
        "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-11 61440]
        "MarketingTools"="c:\program files\Sony\Marketing Tools\MarketingTools.exe" [2009-06-17 26624]
        "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
        "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-08 305440]
        "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
        "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
        "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-18 149280]
        "OutpostMonitor"="c:\progra~1\Agnitum\OUTPOS~1\op_mon.exe" [2009-04-28 2374464]
        "OutpostFeedBack"="c:\program files\Agnitum\Outpost Firewall\feedback.exe" [2009-04-28 428032]

        c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
        Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-3-2 789032]

        [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
        "EnableLUA"= 0 (0x0)
        "EnableUIADesktopToggle"= 0 (0x0)

        [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
        "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

        [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
        2009-09-03 14:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.dll

        [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
        2009-01-19 19:49   98304   ----a-w-   c:\windows\System32\VESWinlogon.dll

        [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
        "AppInit_DLLs"=c:\progra~1\Agnitum\OUTPOS~1\wl_hook.dll

        [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
        @="Service"

        [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
        "{129514D1-4AC8-4E1F-BDFD-B21A5F0F9BEA}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
        "{A1F59285-8068-48B7-AE07-A8E62975667B}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
        "{ABB61563-A40C-4DD4-B816-166008DA01C3}"= c:\program files\Skype\Phone\Skype.exe:Skype
        "{06B6A460-D768-415D-B42B-3EB47FF36165}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
        "{D23146E0-9C53-41F9-8BF3-060E45152425}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
        "{F04AB291-7465-4283-9A83-8CDA902852BF}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
        "{B27D64D9-5B16-445D-BF86-FB9011C7A75B}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
        "TCP Query User{2FA59455-1B7B-4BE2-A7FB-20C7878FC43B}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus
        "UDP Query User{ACEEC3FD-2288-4FC5-939F-CE82CD3CB122}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus

        R1 afw;Agnitum Firewall Driver;c:\windows\System32\drivers\afw.sys [19/09/2009 01:25 29208]
        R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [15/09/2009 14:04 114768]
        R1 SandBox;SandBox;c:\windows\System32\drivers\SandBox.sys [19/09/2009 01:28 704384]
        R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [04/09/2009 14:50 9968]
        R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [04/09/2009 14:49 74480]
        R2 acssrv;Agnitum Client Security Service;c:\progra~1\Agnitum\OUTPOS~1\acs.exe [19/09/2009 01:25 1195008]
        R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [15/09/2009 14:04 20560]
        R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [15/09/2009 14:03 53328]
        R2 NSUService;NSUService;c:\program files\Sony\Network Utility\NSUService.exe [17/06/2009 17:59 303104]
        R2 regi;regi;c:\windows\System32\drivers\regi.sys [18/04/2007 04:09 11032]
        R2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService.exe [15/05/2009 19:34 109088]
        R2 uCamMonitor;CamMonitor;c:\program files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [17/06/2009 17:26 104960]
        R2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [15/05/2009 22:18 415592]
        R2 VCFw;VAIO Content Folder Watcher;c:\program files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [14/01/2009 21:38 5184872]
        R2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [17/06/2009 17:45 394536]
        R2 yksvc;Marvell Yukon Service;c:\windows\System32\svchost.exe -k yksvcs [21/01/2008 03:23 21504]
        R3 afwcore;afwcore;c:\windows\System32\drivers\afwcore.sys [19/09/2009 01:27 307224]
        R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\System32\drivers\ArcSoftKsUFilter.sys [17/06/2009 17:26 17920]
        R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\System32\drivers\btwl2cap.sys [15/05/2009 20:07 29736]
        R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [29/08/2008 07:48 3664384]
        R3 SbieDrv;SbieDrv;c:\program files\Sandboxie\SbieDrv.sys [28/05/2009 14:32 108032]
        R3 SFEP;Sony Firmware Extension Parser;c:\windows\System32\drivers\SFEP.sys [15/05/2009 19:35 9344]
        S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [19/09/2009 00:58 133104]
        S3 Partner Service;Partner Service;c:\programdata\Partner\partner.exe [17/06/2009 17:25 111088]
        S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [04/09/2009 14:50 7408]
        S3 SOHCImp;VAIO Media plus Content Importer;c:\program files\Common Files\Sony Shared\SOHLib\SOHCImp.exe [17/06/2009 17:49 120104]
        S3 SOHDBSvr;VAIO Media plus Database Manager;c:\program files\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [17/06/2009 17:49 70952]
        S3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\Common Files\Sony Shared\SOHLib\SOHDms.exe [17/06/2009 17:49 390440]
        S3 SOHDs;VAIO Media plus Device Searcher;c:\program files\Common Files\Sony Shared\SOHLib\SOHDs.exe [17/06/2009 17:49 75048]
        S3 SOHPlMgr;VAIO Media plus Playlist Manager;c:\program files\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [17/06/2009 17:49 91432]
        S3 TWAP;TWAP;c:\users\Andrew\AppData\Local\Temp\TWAP.exe --> c:\users\Andrew\AppData\Local\Temp\TWAP.exe [?]
        S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [17/06/2009 17:45 83240]
        S3 WPLJQNI;WPLJQNI;c:\users\Andrew\AppData\Local\Temp\WPLJQNI.exe --> c:\users\Andrew\AppData\Local\Temp\WPLJQNI.exe [?]

        [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
        bthsvcs   REG_MULTI_SZ      BthServ
        yksvcs   REG_MULTI_SZ      yksvc
        .
        Contents of the 'Scheduled Tasks' folder

        2009-09-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
        - c:\program files\Google\Update\GoogleUpdate.exe [2009-09-18 23:58]

        2009-09-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
        - c:\program files\Google\Update\GoogleUpdate.exe [2009-09-18 23:58]
        .
        .
        ------- Supplementary Scan -------
        .
        uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNYT&bmod=EU01
        mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNYT&bmod=SNYT
        uInternet Settings,ProxyOverride = *.local
        IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
        IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
        IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
        .
        - - - - ORPHANS REMOVED - - - -

        AddRemove-HijackThis - c:\program files\Trend Micro\HijackThis\HijackThis.exe



        **************************************************************************

        catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
        Rootkit scan 2009-09-20 15:02
        Windows 6.0.6001 Service Pack 1 NTFS

        scanning hidden processes ... 

        scanning hidden autostart entries ...

        scanning hidden files ... 


        c:\users\Andrew\AppData\Local\Temp\catchme.dll 53248 bytes executable

        scan completed successfully
        hidden files: 1

        **************************************************************************

        [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\msiserver]
        "ImagePath"="%systemroot%\system32\msiexec /V"
        .
        --------------------- LOCKED REGISTRY KEYS ---------------------

        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
        @Denied: (A 2) (Everyone)
        @="FlashBroker"
        "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
        "Enabled"=dword:00000001

        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
        @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
        @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
        @Denied: (A 2) (Everyone)
        @="IFlashBroker3"

        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
        @="{00020424-0000-0000-C000-000000000046}"

        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
        @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
        "Version"="1.0"

        [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
        @Denied: (A) (Users)
        @Denied: (A) (Everyone)
        @Allowed: (B 1 2 3 4 5) (S-1-5-20)
        "BlindDial"=dword:00000000
        "MSCurrentCountry"=dword:000000b4
        .
        --------------------- DLLs Loaded Under Running Processes ---------------------

        - - - - - - - > 'Explorer.exe'(3240)
        c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
        .
        Completion time: 2009-09-20 15:06
        ComboFix-quarantined-files.txt  2009-09-20 14:06

        Pre-Run: 174,304,403,456 bytes free
        Post-Run: 174,297,751,552 bytes free

        308   --- E O F ---   2009-09-17 10:54


        ===================

        Hijackthis log:

        Logfile of Trend Micro HijackThis v2.0.2
        Scan saved at 15:38:34, on 20/09/2009
        Platform: Windows Vista SP1 (WinNT 6.00.1905)
        MSIE: Internet Explorer v7.00 (7.00.6001.18294)
        Boot mode: Normal

        Running processes:
        C:\Windows\system32\Dwm.exe
        C:\Windows\Explorer.EXE
        C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
        C:\Windows\system32\taskeng.exe
        C:\Program Files\Windows Defender\MSASCui.exe
        C:\Windows\System32\mobsync.exe
        C:\Program Files\Apoint\Apoint.exe
        C:\Program Files\Sony\ISB Utility\ISBMgr.exe
        C:\Program Files\Sony\Marketing Tools\MarketingTools.exe
        C:\Program Files\iTunes\iTunesHelper.exe
        C:\Program Files\Apoint\ApMsgFwd.exe
        C:\Program Files\Alwil Software\Avast4\ashDisp.exe
        C:\Program Files\Java\jre6\bin\jusched.exe
        C:\Program Files\Sony\Network Utility\LANUtil.exe
        C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
        C:\Program Files\Apoint\Apntex.exe
        C:\Program Files\Apoint\Apvfb.exe
        C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
        C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe
        C:\Program Files\Windows Live\Messenger\msnmsgr.exe
        C:\Program Files\Sandboxie\SbieCtrl.exe
        C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
        C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
        C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
        C:\Program Files\Sony\VAIO Reminder\VAIOReminder.exe
        C:\Windows\system32\wuauclt.exe
        C:\Program Files\Trend Micro\HijackThis\Sniper.exe

        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
        R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
        O1 - Hosts: ::1 localhost
        O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
        O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
        O2 - BHO: Partner BHO Class - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\partner.dll
        O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
        O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
        O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
        O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
        O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
        O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
        O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
        O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
        O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
        O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
        O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
        O4 - HKLM\..\Run: [MarketingTools] C:\Program Files\Sony\Marketing Tools\MarketingTools.exe
        O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
        O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
        O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
        O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
        O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
        O4 - HKLM\..\Run: [OutpostMonitor] C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe /tray /noservice
        O4 - HKLM\..\Run: [OutpostFeedBack] "C:\Program Files\Agnitum\Outpost Firewall\feedback.exe" /dump:os_startup
        O4 - HKCU\..\Run: [NSUFloatingUI] "C:\Program Files\Sony\Network Utility\LANUtil.exe"
        O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
        O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
        O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
        O4 - Global Startup: Bluetooth.lnk = ?
        O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
        O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
        O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
        O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
        O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
        O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
        O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
        O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
        O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
        O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
        O20 - AppInit_DLLs: c:\PROGRA~1\Agnitum\OUTPOS~1\wl_hook.dll
        O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
        O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
        O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
        O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
        O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
        O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
        O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
        O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
        O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
        O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
        O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
        O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
        O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
        O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
        O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
        O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
        O23 - Service: NSUService - Sony Corporation - C:\Program Files\Sony\Network Utility\NSUService.exe
        O23 - Service: Partner Service - Google Inc. - C:\ProgramData\Partner\partner.exe
        O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
        O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe
        O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe
        O23 - Service: VAIO Media plus Content Importer (SOHCImp) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\SOHLib\SOHCImp.exe
        O23 - Service: VAIO Media plus Database Manager (SOHDBSvr) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe
        O23 - Service: VAIO Media plus Digital Media Server (SOHDms) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDms.exe
        O23 - Service: VAIO Media plus Device Searcher (SOHDs) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDs.exe
        O23 - Service: VAIO Media plus Playlist Manager (SOHPlMgr) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe
        O23 - Service: TWAP - Unknown owner - C:\Users\Andrew\AppData\Local\Temp\TWAP.exe (file missing)
        O23 - Service: CamMonitor (uCamMonitor) - ArcSoft, Inc. - C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
        O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe
        O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
        O23 - Service: VAIO Power Management - Sony Corporation - C:\Program Files\Sony\VAIO Power Management\SPMService.exe
        O23 - Service: VAIO Content Folder Watcher (VCFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
        O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
        O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
        O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
        O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
        O23 - Service: WPLJQNI - Unknown owner - C:\Users\Andrew\AppData\Local\Temp\WPLJQNI.exe (file missing)

        --
        End of file - 10895 bytes


        Logged

        CBMatt

        • Mod & Malware Specialist


          • Prodigy

        • Sad and lonely...and loving every minute of it.
          • Thanked: 167
          • Yes
        • Experience: Experienced
        • OS: Windows 7
        Re: Laptop still running slowly - rootkit?
        « Reply #5 on: September 21, 2009, 01:09:49 AM »
        For the most part, your logs look clean.  The only issue I see is with this Partner software from Google.  Many people consider it to be spyware and they typically want to remove it.  If you would like to do so, open HijackThis and place checkmarks next to the following entries:
        O2 - BHO: Partner BHO Class - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\partner.dll
        O23 - Service: Partner Service - Google Inc. - C:\ProgramData\Partner\partner.exe

        Close all other windows (except for HijackThis) and click on Fix Checked.  That should take care of that.  You can then delete the folder C:\ProgramData\Partner if you wish.

        Other than that, not much is going on.  Are you still having the same problems?  It appears that the TDSServ infection is gone, but it can be hard to kill sometimes, so I'd like to know if things are getting any better or not.
        Logged
        Quote
        An undefined problem has an infinite number of solutions.
        —Robert A. Humphrey
        Pages: [1]   Go Up
        « previous next »