Go Back   Cyber Tech Help Support Forums > Software > Malware Removal Forum


Topic Tools
Old August 2nd, 2010, 02:44 AM
lumpy's Avatar
lumpy lumpy is offline
Senior Member
Join Date: Dec 2006
O/S: Windows Vista 32-bit
Location: My Desk
Posts: 262
Several viruses + not allowing to connect to internet

Friend's puter all of a sudden showed up with viruses.

The following msgs popped up upon startup:
spfservice.exe is infected
skypepm.exe is infected
rundll32.exe is infected
skypenames2.exe is infected
googletoolbaruser_32.exe is infected

There were several others that disappeared before I could write em down.

I do not have internet access on this system, for some reason the virus is blocking me. I did start in safe mode with networking and still was unable to connect.

This is a Sony Vaio with windows 7 home edition.
Reply With Quote

Old August 3rd, 2010, 05:05 AM
touch's Avatar
touch touch is offline
Malware Removal Team
Join Date: Jan 2007
O/S: Windows XP Pro
Posts: 3,595
Hello again lumpy

Just curious, are you interested fixing computers, or do your friends know nothing about safe surfing ?

I have some suspicions that this could be pretty bad, but let's run a scan to see what we're dealing with.
Download CureIt to the desktop:

Click on CureIt Download - button.

Doubleclick the drweb-cureit.exe file and Allow to run the express scan
This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
Once the short scan has finished, mark the drives that you want to scan.
Move dot to Complete scan
Click the green arrow at the right, and the scan will start.
Click 'Yes to all' if it asks if you want to cure/move the file.
When the scan has finished, in the menu, click file and choose save report list
Save the report to your desktop. The report will be called DrWeb.csv
Close Dr.Web Cureit.

Please post the Dr.Web report in your next reply.

You´ll have download and transfer it from a working computer, via USB stick or Cd.

Last edited by touch; August 3rd, 2010 at 05:09 AM.
Reply With Quote
Old August 3rd, 2010, 04:33 PM
lumpy's Avatar
lumpy lumpy is offline
Senior Member
Join Date: Dec 2006
O/S: Windows Vista 32-bit
Location: My Desk
Posts: 262
I like fixing computers AND yes my friends DO NOT know safe surfing. Both systems had an expired copy of norton.

I can not get online with this system. Any suggestions on doing that, or should I try to put cureit on a USB drive?
Reply With Quote
Old August 3rd, 2010, 05:16 PM
lumpy's Avatar
lumpy lumpy is offline
Senior Member
Join Date: Dec 2006
O/S: Windows Vista 32-bit
Location: My Desk
Posts: 262
Yeah I've got a real big problem not reading everything all the way thru lol

I'll get working on the scan lol
Reply With Quote
Old August 3rd, 2010, 05:49 PM
lumpy's Avatar
lumpy lumpy is offline
Senior Member
Join Date: Dec 2006
O/S: Windows Vista 32-bit
Location: My Desk
Posts: 262
Reply With Quote
Old August 4th, 2010, 03:21 PM
lumpy's Avatar
lumpy lumpy is offline
Senior Member
Join Date: Dec 2006
O/S: Windows Vista 32-bit
Location: My Desk
Posts: 262
What I've downloaded is yhv3t4h.exe from the Dr Web website.
It starts the express scan, no viruses have been found.
When I selected complete scan, there was no option to click yes to all.
I did not find a "menu" or an option to save a report list.

I am doing the scan again and following your directions. Maybe I missed something.
Reply With Quote
Old August 4th, 2010, 09:39 PM
lumpy's Avatar
lumpy lumpy is offline
Senior Member
Join Date: Dec 2006
O/S: Windows Vista 32-bit
Location: My Desk
Posts: 262
OK I did the express scan then complete scan and it says no viruses. In Menu/file/ I can not select save report.

What now?

can I remove Dr Web from this system or will we possibly be using it again?
Reply With Quote
Old August 4th, 2010, 10:19 PM
lumpy's Avatar
lumpy lumpy is offline
Senior Member
Join Date: Dec 2006
O/S: Windows Vista 32-bit
Location: My Desk
Posts: 262
OK I've been sitting here just playing with this computer, I can not get to any website via ie or google browsers however I was able to launch limewire and download a song. I could not log into msn messenger, and not able to log into skype. I show I have a good connection to my wireless network.
Reply With Quote
Old August 4th, 2010, 10:59 PM
lumpy's Avatar
lumpy lumpy is offline
Senior Member
Join Date: Dec 2006
O/S: Windows Vista 32-bit
Location: My Desk
Posts: 262
I did a restore back to 7/30 (I knew she didn't have a problem on that date). When I restarted I set up my network again and was able to surf the web with no trouble. I found Microsoft Security Essentials and looked at the history and found that there was 4 viruses removed on 8/3, and 6 removed or quarantined on 8/1. I preformed another scan I found no threats.

At this time the system is running perfectly and I have no complaints however is there a scan that I can preform per your suggestion that can make 100% sure this system is ok?
Reply With Quote
Old August 5th, 2010, 06:57 AM
touch's Avatar
touch touch is offline
Malware Removal Team
Join Date: Jan 2007
O/S: Windows XP Pro
Posts: 3,595
At this time the system is running perfectly and I have no complaints however is there a scan that I can preform per your suggestion that can make 100% sure this system is ok?


Yes, I´ll suggest you run malwarebyte and DDS ->

Download Ccleaner:
Click on ->
Latest Version”

Once installed, run CCleaner click the Windows tab
Select the following:
Internet Explorer:
Temp Internet
Recently Typed URLs
Delete Index.dat files

Empty Recycle Bin
Temporary Files
Memory Dumps
Chkdsk File Fragments
Old Prefetch Data

Then click Run Cleaner (bottom right) then Exit

Please download Malwarebytes' Anti-Malware:

to your desktop.

Double-click mbam-setup and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform full scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Please save it to a convenient location.

NB. If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Please download DDS:

to your Desktop and doubleclick on DDs.scr to run it.
If your security software includes script blocking features, please disable these before you run this utility.

When the scan has finished, two logs will open.
Copy and paste both reports in this topic, along with malwarebyte log

The logs will be reasonably large so you may have to divide them into sections and make several posts to post them.
Reply With Quote
Old August 5th, 2010, 06:52 PM
lumpy's Avatar
lumpy lumpy is offline
Senior Member
Join Date: Dec 2006
O/S: Windows Vista 32-bit
Location: My Desk
Posts: 262
malwarebyte log

Malwarebytes' Anti-Malware 1.46

Database version: 4394

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

8/5/2010 12:45:19 PM
mbam-log-2010-08-05 (12-45-19).txt

Scan type: Quick scan
Objects scanned: 131779
Time elapsed: 5 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
Reply With Quote
Old August 5th, 2010, 07:00 PM
lumpy's Avatar
lumpy lumpy is offline
Senior Member
Join Date: Dec 2006
O/S: Windows Vista 32-bit
Location: My Desk
Posts: 262
DDS (Ver_10-03-17.01) - NTFSX64
Run by Millie at 12:57:27.68 on Thu 08/05/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3835.2078 [GMT -5:00]

============== Running Processes ===============

C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Norton Internet Security\Engine\\ccSvcHst.exe
C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService.exe
C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe
C:\Program Files\Sony\VAIO Care\VCSpt.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files (x86)\Sony\Media Gallery\ElbServer.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Apoint\Apvfb.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\LimeWire\LimeWire.exe
C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Sony\VAIO Care\VCsystray.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe
C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\sqlservr.exe
C:\Program Files\Sony\VAIO Update 5\VUAgent.exe
C:\Program Files\Sony\VAIO Personalization Manager\VpmIfPav.exe
C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\DDNi\Oasis\VAIO Messenger.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\Pres entationFontCache.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

============== Pseudo HJT Report ===============

uSearch Page = ${URL_SEARCHPAGE}
uStart Page = hxxp://www.facebook.com/
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
mLocal Page = c:\windows\syswow64\blank.htm
mSearch Page = ${URL_SEARCHPAGE}
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files (x86)\norton internet security\engine\\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files (x86)\norton internet security\engine\\IPSBHO.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files (x86)\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files (x86)\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files (x86)\google\googletoolbarnotifier\5.5.5126.1836\s wg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files (x86)\norton internet security\engine\\coIEPlg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files (x86)\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files (x86)\google\googletoolbarnotifier\GoogleToolbarNo tifier.exe"
uRun: [msnmsgr] "c:\program files (x86)\windows live\messenger\msnmsgr.exe" /background
uRun: [Elbserver] c:\program files (x86)\sony\media gallery\ElbServer.exe /Stay
uRun: [RESTART_STICKY_NOTES] c:\windows\system32\StikyNot.exe
uRun: [Skype] "c:\program files (x86)\skype\phone\Skype.exe" /nosplash /minimized
mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SmartWiHelper] "c:\program files (x86)\sony\smartwi connection utility\SmartWiHelper.exe" /WindowsStartup
mRun: [PMBVolumeWatcher] c:\program files (x86)\sony\pmb\PMBVolumeWatcher.exe
mRun: [SHTtray.exe] c:\program files (x86)\common files\sony shared\sohlib\SHTtray.exe
mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files (x86)\itunes\iTunesHelper.exe"
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files (x86)\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\users\millie\appdata\roaming\micros~1\windows\s tartm~1\programs\startup\limewi~1.lnk - c:\program files (x86)\limewire\LimeWire.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\sta rtup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\sta rtup\vaiome~1.lnk - c:\program files (x86)\ddni\oasis\Delay.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Google Sidewiki... - c:\program files (x86)\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8 574934B26AC4.dll/cmsidewiki.html
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files (x86)\windows live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files (x86)\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - c:\program files (x86)\evernote\evernote3.5\enbar.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files (x86)\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~2\common~1\skype\SKYPE4~1.DLL
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files (x86)\google\google toolbar\GoogleToolbar_64.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\s wg64.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files (x86)\google\google toolbar\GoogleToolbar_64.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
mRun-x64: [RtHDVCpl] c:\program files\realtek\audio\hda\RAVCpl64.exe -s
mRun-x64: [Apoint] %ProgramFiles%\Apoint\Apoint.exe
mRun-x64: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

============= SERVICES / DRIVERS ===============

R0 PxHlpa64;PxHlpa64;c:\windows\system32\drivers\PxHl pa64.sys [2010-5-10 55280]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nisx64\1107000.0 0c\symds64.sys [2010-6-13 433200]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nisx64\1107 000.00c\symefa64.sys [2010-6-13 221232]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nisx64\110700 0.00c\cchpx64.sys [2010-6-13 615040]
R1 IDSVia64;IDSVia64;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.5.0.127\definitions\ipsdefs\2 0100709.001\IDSviA64.sys [2010-7-9 463408]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 173984]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\nisx64\1107000. 00c\symtdiv.sys [2010-6-13 451120]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 59904]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-4-7 202752]
R2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2010-2-28 821664]
R2 MSSQL$DDNI;SQL Server (DDNI);c:\program files (x86)\microsoft sql server\mssql10.ddni\mssql\binn\sqlservr.exe [2009-3-30 43010392]
R2 NIS;Norton Internet Security;c:\program files (x86)\norton internet security\engine\\ccsvchst.exe [2010-6-13 126392]
R2 Oasis2Service;Oasis2Service;c:\program files (x86)\ddni\oasis2service 1.0\Oasis2Service.exe [2010-1-27 45568]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\pro gram files (x86)\sony\pmb\PMBDeviceInfoProvider.exe [2009-10-24 360224]
R2 sftlist;Application Virtualization Client;c:\program files (x86)\microsoft application virtualization client\sftlist.exe [2010-4-24 483688]
R2 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\common files\sony shared\sohlib\SOHCImp.exe [2010-5-10 108400]
R2 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\common files\sony shared\sohlib\SOHDms.exe [2010-5-10 422768]
R2 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\common files\sony shared\sohlib\SOHDs.exe [2010-5-10 67952]
R2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\common files\sony shared\vaio content folder watcher\VCFw.exe [2010-3-18 852336]
R2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\sony\vcm intelligent analyzing manager\VcmIAlzMgr.exe [2010-2-19 529776]
R2 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\sony\vcm intelligent network service manager\VcmINSMgr.exe [2010-2-19 386416]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atip mdag.sys [2010-4-7 6402560]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atik mpag.sys [2010-4-7 188928]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-3-25 40832]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2010-5-10 242720]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt64win7.sys [2010-4-7 346144]
R3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2010-4-8 12032]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sy s [2010-4-24 721768]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftpla ylh.sys [2010-4-24 269672]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftr edirlh.sys [2010-4-24 25960]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh .sys [2010-4-24 22376]
R3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\microsoft application virtualization client\sftvsa.exe [2010-4-24 209768]
R3 SpfService;VAIO Entertainment Common Service;c:\program files\common files\sony shared\vaio entertainment platform\spf\SpfService.exe [2010-2-8 302448]
R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2010-5-10 38456]
R3 VUAgent;VUAgent;c:\program files\sony\vaio update 5\VUAgent.exe [2010-5-10 1203568]
S1 BHDrvx64;BHDrvx64;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.5.0.127\definitions\bashdefs\ 20100619.001\BHDrvx64.sys [2010-6-22 942640]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nisx64\1107000. 00c\ironx64.sys [2010-6-13 150064]
S2 gupdate;Google Update Service (gupdate);c:\program files (x86)\google\update\GoogleUpdate.exe [2010-5-10 135664]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EX E [2010-1-9 4925184]
S3 SampleCollector;Intel(R) Sample Collector;c:\program files\sony\vaio care\collsvc.exe [2010-5-10 168448]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl64.sys [2010-4-19 50688]
S3 VAIO Power Management;VAIO Power Management;c:\program files\sony\vaio power management\SPMService.exe [2010-5-10 574320]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\common files\sony shared\vcmxml\VcmXmlIfHelper64.exe [2010-2-19 115568]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-7-7 1255736]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files (x86)\microsoft sql server\100\shared\sqladhlp.exe [2009-3-30 47128]
S4 SQLAgent$DDNI;SQL Server Agent (DDNI);c:\program files (x86)\microsoft sql server\mssql10.ddni\mssql\binn\SQLAGENT.EXE [2009-3-30 366936]
Reply With Quote
Old August 5th, 2010, 07:01 PM
lumpy's Avatar
lumpy lumpy is offline
Senior Member
Join Date: Dec 2006
O/S: Windows Vista 32-bit
Location: My Desk
Posts: 262
=============== Created Last 30 ================

2010-08-05 17:38:20 0 d-----w- c:\users\millie\appdata\roaming\Malwarebytes
2010-08-05 17:38:10 24664 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-05 17:38:10 0 d-----w- c:\programdata\Malwarebytes
2010-08-05 17:38:10 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2010-08-05 17:29:40 0 d-----w- c:\program files (x86)\CCleaner
2010-08-04 21:27:05 12867584 ----a-w- c:\windows\syswow64\shell32.dll
2010-08-04 21:11:02 65536 --sha-w- c:\users\millie\NTUSER.DAT{28b40426-a009-11df-be91-0024bef8e077}.TM.blf
2010-08-04 21:11:02 524288 --sha-w- c:\users\millie\NTUSER.DAT{28b40426-a009-11df-be91-0024bef8e077}.TMContainer00000000000000000002.regt rans-ms
2010-08-04 21:11:02 524288 --sha-w- c:\users\millie\NTUSER.DAT{28b40426-a009-11df-be91-0024bef8e077}.TMContainer00000000000000000001.regt rans-ms
2010-08-03 16:52:09 0 d-----w- c:\users\millie\DoctorWeb
2010-08-02 01:07:15 0 d-----w- c:\users\millie\appdata\roaming\Auslogics
2010-08-02 01:04:58 152125 ----a-w- C:\test.xml
2010-07-21 05:39:16 0 d-----w- c:\program files\iPod
2010-07-21 05:39:12 0 d-----w- c:\program files\iTunes
2010-07-21 05:39:12 0 d-----w- c:\program files (x86)\iTunes
2010-07-21 05:33:59 0 d-----w- c:\program files\Bonjour
2010-07-21 05:33:59 0 d-----w- c:\program files (x86)\Bonjour
2010-07-14 15:55:31 144384 ----a-w- c:\windows\system32\cdd.dll
2010-07-07 15:23:00 0 d-----w- c:\windows\syswow64\Wat
2010-07-07 15:23:00 0 d-----w- c:\windows\system32\Wat
2010-07-07 14:41:38 0 d-----w- c:\program files (x86)\MSXML 4.0
2010-07-07 14:40:40 99176 ----a-w- c:\windows\syswow64\PresentationHostProxy.dll
2010-07-07 14:40:40 295264 ----a-w- c:\windows\syswow64\PresentationHost.exe
2010-07-07 14:40:39 49472 ----a-w- c:\windows\syswow64\netfxperf.dll
2010-07-07 14:40:39 48960 ----a-w- c:\windows\system32\netfxperf.dll
2010-07-07 14:40:39 444752 ----a-w- c:\windows\system32\mscoree.dll
2010-07-07 14:40:39 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2010-07-07 14:40:39 297808 ----a-w- c:\windows\syswow64\mscoree.dll
2010-07-07 14:40:39 1942856 ----a-w- c:\windows\system32\dfshim.dll
2010-07-07 14:40:39 1130824 ----a-w- c:\windows\syswow64\dfshim.dll
2010-07-07 14:40:39 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-07-07 13:17:58 96768 ----a-w- c:\windows\syswow64\sspicli.dll

==================== Find3M ====================

2010-06-16 04:41:03 56 ---ha-w- c:\programdata\ezsidmv.dat
2010-06-13 06:25:02 854 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.INF
2010-06-13 06:25:02 7440 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.CAT
2010-06-13 06:25:02 173104 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2010-06-13 06:24:09 0 ---ha-r- c:\windows\system32\drivers\104D_Sony_VPCEE23FX.mr k
2010-06-01 17:37:48 270208 ----a-w- c:\windows\system32\MpSigStub.exe
2010-05-27 07:24:13 34304 ----a-w- c:\windows\syswow64\atmlib.dll
2010-05-27 06:34:09 46080 ----a-w- c:\windows\system32\atmlib.dll
2010-05-27 04:11:32 366080 ----a-w- c:\windows\system32\atmfd.dll
2010-05-27 03:49:37 293888 ----a-w- c:\windows\syswow64\atmfd.dll
2010-05-21 05:52:30 1192960 ----a-w- c:\windows\system32\wininet.dll
2010-05-21 05:18:06 977920 ----a-w- c:\windows\syswow64\wininet.dll
2010-05-21 05:14:50 48128 ----a-w- c:\windows\syswow64\jsproxy.dll
2010-05-18 21:55:18 95520 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 21:55:18 119584 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-18 21:35:16 91424 ----a-w- c:\windows\syswow64\dnssd.dll
2010-05-18 21:35:16 107808 ----a-w- c:\windows\syswow64\dns-sd.exe
2010-05-11 02:20:23 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2010-05-11 02:20:23 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2010-05-11 02:20:23 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2010-05-11 02:20:23 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2010-05-11 02:05:58 411368 ----a-w- c:\windows\syswow64\deploytk.dll
2010-05-11 02:05:58 153376 ----a-w- c:\windows\syswow64\javaws.exe
2010-05-11 02:05:58 145184 ----a-w- c:\windows\syswow64\javaw.exe
2010-05-11 02:05:58 145184 ----a-w- c:\windows\syswow64\java.exe
2010-05-11 02:05:19 455680 ----a-w- c:\windows\system32\deploytk.dll
2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini
2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f6 96639a2\WinMail.exe
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb 108c86c\WinMail.exe

============= FINISH: 12:58:13.35 ===============
Reply With Quote
Old August 5th, 2010, 07:02 PM
lumpy's Avatar
lumpy lumpy is offline
Senior Member
Join Date: Dec 2006
O/S: Windows Vista 32-bit
Location: My Desk
Posts: 262

DDS (Ver_10-03-17.01)

Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 6/13/2010 1:21:31 AM
System Uptime: 8/5/2010 12:23:03 PM (0 hours ago)

Motherboard: Sony Corporation | | VAIO
Processor: AMD Athlon(tm) II P320 Dual-Core Processor | N/A | 2100/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 289 GiB total, 245.092 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: BHDrvx64
Name: BHDrvx64
Service: BHDrvx64

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Symantec Iron Driver
Name: Symantec Iron Driver
Service: SymIRON

==== System Restore Points ===================

RP21: 7/24/2010 12:38:58 PM - Windows Update
RP22: 7/25/2010 12:27:19 AM - Windows Update
RP23: 7/25/2010 5:00:31 PM - Windows Update
RP24: 7/26/2010 6:55:15 PM - Windows Update
RP25: 7/27/2010 6:13:12 PM - Installed Connect Service
RP26: 7/27/2010 7:30:28 PM - Windows Update
RP27: 7/28/2010 8:24:01 PM - Windows Update
RP28: 7/29/2010 9:02:37 PM - Windows Update
RP29: 7/30/2010 9:50:03 PM - Windows Update
RP30: 8/1/2010 8:02:45 AM - Windows Update
RP31: 8/1/2010 6:54:26 PM - VAIO Care Automatic Restore Point
RP32: 8/1/2010 6:56:00 PM - Windows Update
RP33: 8/1/2010 8:06:01 PM - VAIO Care Automatic Restore Point
RP34: 8/1/2010 8:11:08 PM - Windows Update
RP35: 8/3/2010 11:29:50 AM - Windows Update
RP36: 8/4/2010 12:06:02 AM - Windows Update
RP37: 8/4/2010 3:55:53 PM - Windows Update
RP38: 8/4/2010 4:02:42 PM - Restore Operation
RP39: 8/4/2010 4:31:03 PM - Windows Update

==== Installed Programs ======================

AccuWeather.com Cirrus
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1.2
AMD USB Filter Driver
Apple Application Support
Apple Software Update
Application Manager for VAIO
ArcSoft WebCam Companion 3
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Java Auto Updater
Java(TM) 6 Update 18
Junk Mail filter update
LimeWire 5.5.9
Malwarebytes' Anti-Malware
Media Gallery
Microsoft Choice Guard
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Norton Internet Security
Oasis2Service 1.0
PMB VAIO Edition Guide
PMB VAIO Edition plug-in (Click to Disc)
PMB VAIO Edition plug-in (VAIO Image Optimizer)
PMB VAIO Edition plug-in (VAIO Movie Story)
Realtek HDMI Audio Driver for ATI
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Service Pack 1 for SQL Server 2008 (KB968369)
Setting Utility Series
Skype Toolbars
Skype™ 4.2
SmartWi Connection Utility
Sony Home Network Library
Sql Server Customer Experience Improvement Program
VAIO Content Monitoring Settings
VAIO Control Center
VAIO Data Restore Tool
VAIO DVD Menu Data
VAIO Entertainment Platform
VAIO Event Service
VAIO Gate Default
VAIO Hardware Diagnostics
VAIO Help and Support
VAIO Help and Support Update
VAIO Manual
VAIO Media plus
VAIO Media plus Opening Movie
VAIO Messenger
VAIO Movie Story Template Data
VAIO Original Function Settings
VAIO Power Management
VAIO Sample Contents
VAIO Survey
VAIO Transfer Support
VAIO Update 5
VAIO Wallpaper Contents
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer

==== Event Viewer Messages From Past Week ========

8/5/2010 12:23:56 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64 SymIRON
8/4/2010 4:21:11 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.87.1125.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6004.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
8/3/2010 11:34:56 AM, Error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?link...tid=2147620018 User: NT AUTHORITY\SYSTEM Name: Trojan:Win32/FakeSpypro ID: 2147620018 Severity: High Category: Trojan Path: Action: Quarantine Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.87.1125.0, AS: 1.87.1125.0 Engine Version: 1.1.6004.0
8/1/2010 8:26:39 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
8/1/2010 8:26:39 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
8/1/2010 8:26:37 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
8/1/2010 8:26:32 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
8/1/2010 8:26:03 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64 ccHP discache eeCtrl IDSVia64 MpFilter spldr SRTSPX SymIRON SYMTDIv Wanarpv6
8/1/2010 8:25:58 PM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.

==== End Of File ===========================
Reply With Quote
Old August 6th, 2010, 06:28 AM
touch's Avatar
touch touch is offline
Malware Removal Team
Join Date: Jan 2007
O/S: Windows XP Pro
Posts: 3,595
No suspicious files or folders there.

If Norton/Symanted are outdated I´ll suggest you remove it, as it is useless.

Microsoft Security Essentials are installed and take care of the protection.

You can tell the computer owner we do not like filesharing programs
C:\Program Files (x86)\LimeWire\LimeWire.exe

Otherwise, it looks to me you are good to go.
Reply With Quote


Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

All times are GMT +1. The time now is 02:20 PM.