Jump to content


Ridcully

Member Since 16 May 2009
Offline Last Active May 18 2009 12:08 AM
-----

Topics I've Started

requested post from "unable to update multiple anti-virus packages or access mcafee...

17 May 2009 - 02:08 PM

comments/responses inline
Hi,

Go to this part of the forum: http://www.malwareby...hp?showforum=55
Start a new thread there, because I need a file from your computer which you have to attach there.

-> done, here we are

Browse to the following file:

C:\WINDOWS\tiyshc.vot

Rightclick and select to zip it. This should create a tiyshc.zip folder.
Upload/attach that folder in the thread you started in that other forumpart.

-> done

Once you've uploaded that file, * Open hijackthis, click 'config' (bottom right)
Choose the tab 'misc Tools' on top.
Choose 'delete a file on reboot'
In the field, copy and paste next:

C:\WINDOWS\tiyshc.vot

Click open.
Hijackthis will tell you that this file will be deleted on next reboot and if you want to reboot now. Click Yes/ok
Your system should reboot now.

Then, Open notepad and copy and paste next present in the quotebox below in it:
(don't forget to copy and paste REGEDIT4)

QUOTE
REGEDIT4

[KEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"aux"="wdmaud.drv"

Save this as fix.reg Choose to save as *all files and place it on your desktop.
It should look like this:
Doubleclick on it and when it asks you if you want to merge the contents to the registry, click yes/ok.

-> done

Above steps should resolve your problems, so let me know in your next reply. You'll also be able to update malwarebytes then smile.gif

-> update processed successfully!!

Thanks a million! Off to scan. Any idea how/where I got this thing? Or why norton/webroot didn't see it?

also, I assume that I should delete the zipped file?
--------------------
Mieke Verburgh
Malwarebytes Researcher

multiple issues, it was suggested I post logs here.

17 May 2009 - 01:28 AM

Here is my post from the earlier forum, reposted -- the original issues continue, along with the first redirection of a website (as opposed to blocking).

I am rerunning avira, as the log says it was cancelled -- I don't think I cancelled it, but I did click on the 'virus information' button when it saw something, and that attempt to get to the website was blocked. That might have caused the 'cancelled' message.

Thanks for any help you can provide ...

Howdy -- thanks for the help, results inline, below, please bear with all of the long pasted inclusions. I'm not comfortable uploading files for others, given the state of my computer, and I'm not literate enough about this stuff to think I wouldn't leave out something important.

Greetings and Welcome :P .

If you're having trouble getting Malwarebytes' and other tools to update or run please review the following tutorials and see if they are helpful:

  • Total-Security (FakeAlert)
    -> this doesn't look like what I have
  • av360 (Fakealert)
    -> this doesn't look like what I have
  • CLB Rootkit driver=TDSS/Seneka/GAOPDX/UAC/ovfst
    -> I ran this, and got the following results
    ROOTREPEAL © AD, 2007-2008
    ==================================================
    Scan Time: 2009/05/16 22:23
    Program Version: Version 1.2.3.0
    Windows Version: Windows XP SP3
    ==================================================

    Hidden/Locked Files
    -------------------
    Path: C:\hiberfil.sys
    Status: Locked to the Windows API!

    Path: C:\WINDOWS\tiyshc.vot
    Status: Allocation size mismatch (API: 20480, Raw: 24576)

    Path: C:\Documents and Settings\Keith\Local Settings\Temp\etilqs_1DCSyPioaWwrZYavBfwc
    Status: Allocation size mismatch (API: 65536, Raw: 0)

    Path: C:\Documents and Settings\Keith\Application Data\SecuROM\UserData\ЃϵϳЅЂϿϽϯІχϯπρϴϱЄϱЃϵϳЅ
    Status: Locked to the Windows API!

    Path: C:\Documents and Settings\Keith\Application Data\SecuROM\UserData\ЃϵϳЅЂϿϽϯІχϯπρЂϻϵЉЃϵϳЅ
    Status: Locked to the Windows API!

    Ok, per google searching ...
    hiberfil.sys is for hibernation
    tiyshc.vot -- the only .vot extension I could find was for recorded video, which doesn't really make sense for me. When I googled for .vot, one of the links somehow got hijacked to zerocleaner.com, a "virus-cleaner" site which symantec notes as putting viruses ONTO computers rather than removing them.
    etilqs_blahblah -- related to firefox, which I run
    SecuROM -- evil copy protection for a couple of games I have. The funky filenames are so you can't delete the DRMware.

If you aren't able to use those instructions or there are other issues then please follow the instructions here:
I'm infected - What do I do now?

-> I was able to d/l and run the MBAM program last night. The update was blocked. Tonight, it got partway through the run and stopped (4% complete with files, had completed the first couple of categories, finding nothing.)
-> avira d/l and installation successful, update failed -- logfile of attempted update:
Avira AntiVir Personal - Free Antivirus Updater

Creation time: Sat May 16 22:38:29 2009


Operating system:
Windows XP (Service Pack 3) [5.1.2600]

Product information:
Product version: 9.0.0.394
Updater: C:\Program Files\Avira\AntiVir Desktop\update.exe 9.0.0.46
Plugin: C:\Program Files\Avira\AntiVir Desktop\updext.dll 9.0.0.6

Temp Directory: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\
Backup folder: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\BACKUP\
Installation Directory: C:\Program Files\Avira\AntiVir Desktop\
Updater folder: C:\Program Files\Avira\AntiVir Desktop\
AppData folder: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\


[UPD] [INFO] Checking whether newer files are available.
[UPD] [INFO] Select update server 'http://62.146.66.178/update'.
[UPD] [INFO] Downloading of 'http://62.146.66.178.../idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager:HTTP status code 403 was obtained when downloading file 'http://62.146.66.178.../idx/master.idx'
[UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.
[UPD] [INFO] Downloading of 'http://62.146.66.178.../idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager:HTTP status code 403 was obtained when downloading file 'http://62.146.66.178.../idx/master.idx'
[UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.
[UPD] [INFO] Downloading of 'http://62.146.66.178.../idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager:HTTP status code 403 was obtained when downloading file 'http://62.146.66.178.../idx/master.idx'
[UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.
[UPD] [INFO] Select update server 'http://62.146.66.183/update'.
[UPD] [INFO] Downloading of 'http://62.146.66.183.../idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager:HTTP status code 403 was obtained when downloading file 'http://62.146.66.183.../idx/master.idx'
[UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.
[UPD] [INFO] Downloading of 'http://62.146.66.183.../idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager:HTTP status code 403 was obtained when downloading file 'http://62.146.66.183.../idx/master.idx'
[UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.
[UPD] [INFO] Downloading of 'http://62.146.66.183.../idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager:HTTP status code 403 was obtained when downloading file 'http://62.146.66.183.../idx/master.idx'
[UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.
[UPD] [INFO] Select update server 'http://80.190.143.239/update'.
[UPD] [INFO] Downloading of 'http://80.190.143.23.../idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager:HTTP status code 403 was obtained when downloading file 'http://80.190.143.23.../idx/master.idx'
[UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.
[UPD] [INFO] Downloading of 'http://80.190.143.23.../idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager:HTTP status code 403 was obtained when downloading file 'http://80.190.143.23.../idx/master.idx'
[UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.
[UPD] [INFO] Downloading of 'http://80.190.143.23.../idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager:HTTP status code 403 was obtained when downloading file 'http://80.190.143.23.../idx/master.idx'
[UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.
[UPD] [INFO] Select update server 'http://62.146.66.179/update'.
[UPD] [INFO] Downloading of 'http://62.146.66.179.../idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager:HTTP status code 403 was obtained when downloading file 'http://62.146.66.179.../idx/master.idx'
[UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.
[UPD] [INFO] Downloading of 'http://62.146.66.179.../idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager:HTTP status code 403 was obtained when downloading file 'http://62.146.66.179.../idx/master.idx'
[UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.
[UPD] [INFO] Downloading of 'http://62.146.66.179.../idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager:HTTP status code 403 was obtained when downloading file 'http://62.146.66.179.../idx/master.idx'
[UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.
[UPD] [INFO] Select update server 'http://62.146.66.181/update'.
[UPD] [INFO] Downloading of 'http://62.146.66.181.../idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager:HTTP status code 403 was obtained when downloading file 'http://62.146.66.181.../idx/master.idx'
[UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.
[UPD] [INFO] Downloading of 'http://62.146.66.181.../idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager:HTTP status code 403 was obtained when downloading file 'http://62.146.66.181.../idx/master.idx'
[UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.
[UPD] [INFO] Downloading of 'http://62.146.66.181.../idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager:HTTP status code 403 was obtained when downloading file 'http://62.146.66.181.../idx/master.idx'
[UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.
[UPD] [INFO] Select update server 'http://80.190.143.236/update'.
[UPD] [INFO] Downloading of 'http://80.190.143.23.../idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager:HTTP status code 403 was obtained when downloading file 'http://80.190.143.23.../idx/master.idx'
[UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.
[UPD] [INFO] Downloading of 'http://80.190.143.23.../idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager:HTTP status code 403 was obtained when downloading file 'http://80.190.143.23.../idx/master.idx'
[UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.
[UPD] [INFO] Downloading of 'http://80.190.143.23.../idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager:HTTP status code 403 was obtained when downloading file 'http://80.190.143.23.../idx/master.idx'
[UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.
[UPD] [INFO] Select update server 'http://62.146.66.184/update'.
[UPD] [INFO] Downloading of 'http://62.146.66.184.../idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager:HTTP status code 403 was obtained when downloading file 'http://62.146.66.184.../idx/master.idx'
[UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.
[UPD] [INFO] Downloading of 'http://62.146.66.184.../idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager:HTTP status code 403 was obtained when downloading file 'http://62.146.66.184.../idx/master.idx'
[UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.
[UPD] [INFO] Downloading of 'http://62.146.66.184.../idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager:HTTP status code 403 was obtained when downloading file 'http://62.146.66.184.../idx/master.idx'
[UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.
[UPD] [INFO] Select update server 'http://62.146.66.182/update'.
[UPD] [INFO] Downloading of 'http://62.146.66.182.../idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager:HTTP status code 403 was obtained when downloading file 'http://62.146.66.182.../idx/master.idx'
[UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.
[UPD] [INFO] Downloading of 'http://62.146.66.182.../idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager:HTTP status code 403 was obtained when downloading file 'http://62.146.66.182.../idx/master.idx'
[UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.
[UPD] [INFO] Downloading of 'http://62.146.66.182.../idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager:HTTP status code 403 was obtained when downloading file 'http://62.146.66.182.../idx/master.idx'
[UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.
[UPD] [INFO] Select update server 'http://80.190.143.235/update'.
[UPD] [INFO] Downloading of 'http://80.190.143.23.../idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager:HTTP status code 403 was obtained when downloading file 'http://80.190.143.23.../idx/master.idx'
[UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.
[UPD] [INFO] Downloading of 'http://80.190.143.23.../idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager:HTTP status code 403 was obtained when downloading file 'http://80.190.143.23.../idx/master.idx'
[UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.
[UPD] [INFO] Downloading of 'http://80.190.143.23.../idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager:HTTP status code 403 was obtained when downloading file 'http://80.190.143.23.../idx/master.idx'
[UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.
[UPD] [INFO] Select update server 'http://80.190.143.230/update'.
[UPD] [INFO] Downloading of 'http://80.190.143.23.../idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager:HTTP status code 403 was obtained when downloading file 'http://80.190.143.23.../idx/master.idx'
[UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.
[UPD] [INFO] Downloading of 'http://80.190.143.23.../idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager:HTTP status code 403 was obtained when downloading file 'http://80.190.143.23.../idx/master.idx'
[UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.
[UPD] [INFO] Downloading of 'http://80.190.143.23.../idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager:HTTP status code 403 was obtained when downloading file 'http://80.190.143.23.../idx/master.idx'
[UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.
[UPD] [INFO] Select update server 'http://62.146.66.181/update'.
[UPD] [INFO] Downloading of 'http://62.146.66.181.../idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager:HTTP status code 403 was obtained when downloading file 'http://62.146.66.181.../idx/master.idx'
[UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.
[UPD] [INFO] Downloading of 'http://62.146.66.181.../idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager:HTTP status code 403 was obtained when downloading file 'http://62.146.66.181.../idx/master.idx'
[UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.
[UPD] [INFO] Downloading of 'http://62.146.66.181.../idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager:HTTP status code 403 was obtained when downloading file 'http://62.146.66.181.../idx/master.idx'
[UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.
[UPD] [INFO] Select update server 'http://62.146.66.183/update'.
[UPD] [INFO] Downloading of 'http://62.146.66.183.../idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager:HTTP status code 403 was obtained when downloading file 'http://62.146.66.183.../idx/master.idx'
[UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.
[UPD] [INFO] Downloading of 'http://62.146.66.183.../idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager:HTTP status code 403 was obtained when downloading file 'http://62.146.66.183.../idx/master.idx'
[UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.
[UPD] [INFO] Downloading of 'http://62.146.66.183.../idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager:HTTP status code 403 was obtained when downloading file 'http://62.146.66.183.../idx/master.idx'
[UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.
[UPD] [INFO] Select update server 'http://80.190.143.236/update'.
[UPD] [INFO] Downloading of 'http://80.190.143.23.../idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager:HTTP status code 403 was obtained when downloading file 'http://80.190.143.23.../idx/master.idx'
[UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.
[UPD] [INFO] Downloading of 'http://80.190.143.23.../idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager:HTTP status code 403 was obtained when downloading file 'http://80.190.143.23.../idx/master.idx'
[UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.
[UPD] [INFO] Downloading of 'http://80.190.143.23.../idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager:HTTP status code 403 was obtained when downloading file 'http://80.190.143.23.../idx/master.idx'
[UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.
[UPD] [INFO] Select update server 'http://80.190.143.235/update'.
[UPD] [INFO] Downloading of 'http://80.190.143.23.../idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager:HTTP status code 403 was obtained when downloading file 'http://80.190.143.23.../idx/master.idx'
[UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.
[UPD] [INFO] Downloading of 'http://80.190.143.23.../idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager:HTTP status code 403 was obtained when downloading file 'http://80.190.143.23.../idx/master.idx'
[UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.
[UPD] [INFO] Downloading of 'http://80.190.143.23.../idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager:HTTP status code 403 was obtained when downloading file 'http://80.190.143.23.../idx/master.idx'
[UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.
[UPD] [INFO] Select update server 'http://80.190.143.230/update'.
[UPD] [INFO] Downloading of 'http://80.190.143.23.../idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager:HTTP status code 403 was obtained when downloading file 'http://80.190.143.23.../idx/master.idx'
[UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.
[UPD] [INFO] Downloading of 'http://80.190.143.23.../idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager:HTTP status code 403 was obtained when downloading file 'http://80.190.143.23.../idx/master.idx'
[UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.
[UPD] [INFO] Downloading of 'http://80.190.143.23.../idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager:HTTP status code 403 was obtained when downloading file 'http://80.190.143.23.../idx/master.idx'
[UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.
[UPD] [INFO] Select update server 'http://62.146.66.184/update'.
[UPD] [INFO] Downloading of 'http://62.146.66.184.../idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager:HTTP status code 403 was obtained when downloading file 'http://62.146.66.184.../idx/master.idx'
[UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.
[UPD] [INFO] Downloading of 'http://62.146.66.184.../idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager:HTTP status code 403 was obtained when downloading file 'http://62.146.66.184.../idx/master.idx'
[UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.
[UPD] [INFO] Downloading of 'http://62.146.66.184.../idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager:HTTP status code 403 was obtained when downloading file 'http://62.146.66.184.../idx/master.idx'
[UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.
[UPD] [INFO] Select update server 'http://62.146.66.179/update'.
[UPD] [INFO] Downloading of 'http://62.146.66.179.../idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager:HTTP status code 403 was obtained when downloading file 'http://62.146.66.179.../idx/master.idx'
[UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.
[UPD] [INFO] Downloading of 'http://62.146.66.179.../idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager:HTTP status code 403 was obtained when downloading file 'http://62.146.66.179.../idx/master.idx'
[UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.
[UPD] [INFO] Downloading of 'http://62.146.66.179.../idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager:HTTP status code 403 was obtained when downloading file 'http://62.146.66.179.../idx/master.idx'
[UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.
[UPD] [INFO] Select update server 'http://80.190.143.239/update'.
[UPD] [INFO] Downloading of 'http://80.190.143.23.../idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager:HTTP status code 403 was obtained when downloading file 'http://80.190.143.23.../idx/master.idx'
[UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.
[UPD] [INFO] Downloading of 'http://80.190.143.23.../idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager:HTTP status code 403 was obtained when downloading file 'http://80.190.143.23.../idx/master.idx'
[UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.
[UPD] [INFO] Downloading of 'http://80.190.143.23.../idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager:HTTP status code 403 was obtained when downloading file 'http://80.190.143.23.../idx/master.idx'
[UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.
[UPD] [INFO] Select update server 'http://62.146.66.178/update'.
[UPD] [INFO] Downloading of 'http://62.146.66.178.../idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager:HTTP status code 403 was obtained when downloading file 'http://62.146.66.178.../idx/master.idx'
[UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.
[UPD] [INFO] Downloading of 'http://62.146.66.178.../idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager:HTTP status code 403 was obtained when downloading file 'http://62.146.66.178.../idx/master.idx'
[UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.
[UPD] [INFO] Downloading of 'http://62.146.66.178.../idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager:HTTP status code 403 was obtained when downloading file 'http://62.146.66.178.../idx/master.idx'
[UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.
[UPD] [INFO] Select update server 'http://62.146.66.182/update'.
[UPD] [INFO] Downloading of 'http://62.146.66.182.../idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager:HTTP status code 403 was obtained when downloading file 'http://62.146.66.182.../idx/master.idx'
[UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.
[UPD] [INFO] Downloading of 'http://62.146.66.182.../idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager:HTTP status code 403 was obtained when downloading file 'http://62.146.66.182.../idx/master.idx'
[UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.
[UPD] [INFO] Downloading of 'http://62.146.66.182.../idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager:HTTP status code 403 was obtained when downloading file 'http://62.146.66.182.../idx/master.idx'
[UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.
[UPD] [INFO] Select update server 'http://62.146.66.184/update'.
[UPD] [INFO] Downloading of 'http://62.146.66.184.../idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager:HTTP status code 403 was obtained when downloading file 'http://62.146.66.184.../idx/master.idx'
[UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.
[UPD] [INFO] Downloading of 'http://62.146.66.184.../idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager:HTTP status code 403 was obtained when downloading file 'http://62.146.66.184.../idx/master.idx'
[UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.
[UPD] [INFO] Downloading of 'http://62.146.66.184.../idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager:HTTP status code 403 was obtained when downloading file 'http://62.146.66.184.../idx/master.idx'
[UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.
[UPD] [INFO] Select update server 'http://perspeak.avira-update.com/update'.
[UPD] [INFO] Downloading of 'http://perspeak.avir.../idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager: The function WinINet::InternetOpenUrl() 'http://perspeak.avir.../idx/master.idx' failed. Error: The server name or address could not be resolved
[UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.
[UPD] [INFO] Downloading of 'http://perspeak.avir.../idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager: The function WinINet::InternetOpenUrl() 'http://perspeak.avir.../idx/master.idx' failed. Error: The server name or address could not be resolved
[UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.
[UPD] [INFO] Downloading of 'http://perspeak.avir.../idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager: The function WinINet::InternetOpenUrl() 'http://perspeak.avir.../idx/master.idx' failed. Error: The server name or address could not be resolved
[UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.
[UPDLIB] [ERROR] No other server available.
[UPD] [ERROR] Generation of update structure failed. UpdateLib delivers error 8.

Summary:
********
0 Files downloaded
0 Files installed

22:38:45 The update failed!



Avira AntiVir Personal
Report file date: Saturday, May 16, 2009 22:40

Scanning for 1284893 virus strains and unwanted programs.

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : VAIO

Version information:
BUILD.DAT : 9.0.0.394 17962 Bytes 4/17/2009 11:20:00
AVSCAN.EXE : 9.0.3.5 466689 Bytes 4/17/2009 16:57:30
AVSCAN.DLL : 9.0.3.0 40705 Bytes 2/27/2009 18:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 2/20/2009 19:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 2/27/2009 18:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/2008 20:30:36
ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 2/11/2009 04:33:26
ANTIVIR2.VDF : 7.1.2.105 513536 Bytes 3/3/2009 15:41:14
ANTIVIR3.VDF : 7.1.2.127 110592 Bytes 3/5/2009 22:58:20
Engineversion : 8.2.0.100
AEVDF.DLL : 8.1.1.0 106868 Bytes 1/28/2009 01:36:42
AESCRIPT.DLL : 8.1.1.56 352634 Bytes 2/27/2009 04:01:56
AESCN.DLL : 8.1.1.7 127347 Bytes 2/12/2009 19:44:25
AERDL.DLL : 8.1.1.3 438645 Bytes 10/30/2008 02:24:41
AEPACK.DLL : 8.1.3.10 397686 Bytes 3/4/2009 21:06:10
AEOFFICE.DLL : 8.1.0.36 196987 Bytes 2/27/2009 04:01:56
AEHEUR.DLL : 8.1.0.100 1618295 Bytes 2/25/2009 23:49:16
AEHELP.DLL : 8.1.2.2 119158 Bytes 2/27/2009 04:01:56
AEGEN.DLL : 8.1.1.24 336244 Bytes 3/4/2009 21:06:10
AEEMU.DLL : 8.1.0.9 393588 Bytes 10/9/2008 22:32:40
AECORE.DLL : 8.1.6.6 176501 Bytes 2/17/2009 22:22:44
AEBB.DLL : 8.1.0.3 53618 Bytes 10/9/2008 22:32:40
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 16:47:59
AVPREF.DLL : 9.0.0.1 43777 Bytes 12/5/2008 18:32:15
AVREP.DLL : 8.0.0.3 155905 Bytes 1/20/2009 22:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 12/5/2008 18:32:09
AVARKT.DLL : 9.0.0.3 292609 Bytes 3/24/2009 23:05:41
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 1/30/2009 18:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 1/28/2009 23:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/2009 16:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 12/5/2008 18:32:10
RCIMAGE.DLL : 9.0.0.21 2438401 Bytes 2/9/2009 19:45:45
RCTEXT.DLL : 9.0.37.0 86785 Bytes 4/17/2009 18:19:48

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Deviating risk categories...........: +APPL,+GAME,+JOKE,+PCK,+SPR,

Start of the scan: Saturday, May 16, 2009 22:40

Starting search for hidden objects.
'115250' objects were checked, '0' hidden objects were found.

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'notepad.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'WINWORD.EXE' - '1' Module(s) have been scanned
Scan process 'taskmgr.exe' - '1' Module(s) have been scanned
Scan process 'AAWTray.exe' - '1' Module(s) have been scanned
Scan process 'unsecapp.exe' - '1' Module(s) have been scanned
Scan process 'AAWService.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'regsvr32.exe' - '1' Module(s) have been scanned
Scan process 'regsvr32.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'ApntEx.exe' - '1' Module(s) have been scanned
Scan process 'Apoint.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'VzFw.exe' - '1' Module(s) have been scanned
Scan process 'VzCdbSvc.exe' - '1' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned
Scan process 'SpySweeper.exe' - '1' Module(s) have been scanned
Scan process 'VCSW.exe' - '1' Module(s) have been scanned
Scan process 'VESMgr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'RegSrvc.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'sqlservr.exe' - '1' Module(s) have been scanned
Scan process 'MDM.EXE' - '1' Module(s) have been scanned
Scan process 'PIFSvc.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'cvpnd.exe' - '1' Module(s) have been scanned
Scan process 'CTSVCCDA.EXE' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'a2service.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'S24EvMon.exe' - '1' Module(s) have been scanned
Scan process 'EvtEng.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'WRConsumerService.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
54 processes with 54 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '79' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\Documents and Settings\Keith\Local Settings\Temp\is-QI5CJ.tmp\askBarSetup.exe
[DETECTION] Contains recognition pattern of the APPL/AdInstaller.E application

Beginning disinfection:
C:\Documents and Settings\Keith\Local Settings\Temp\is-QI5CJ.tmp\askBarSetup.exe
[DETECTION] Contains recognition pattern of the APPL/AdInstaller.E application
[NOTE] The file was moved to '4a7aa965.qua'!


End of the scan: Saturday, May 16, 2009 23:04
Used time: 24:14 Minute(s)

The scan has been canceled!

5649 Scanned directories
70304 Files were scanned
1 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
1 Files were moved to quarantine
0 Files were renamed
2 Files cannot be scanned
70301 Files not concerned
1241 Archives were scanned
2 Warnings
3 Notes
115250 Objects were scanned with rootkit scan
0 Hidden objects were found


-> one thing, though -- even though it says that it finished, it only scanned 41.8%, 70304 files, and I know that there are a -lot- more files than that on my C drive....


And post your logs in a new topic here:
Malware Removal - HijackThis Logs

-> Hijack this log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:09:47 PM, on 5/16/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Avira\AntiVir Desktop\avcenter.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://www.anderson....proxy/proxy.pac
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint\Apoint.exe"
O4 - HKLM\..\Run: [igfxtray] "C:\WINDOWS\system32\igfxtray.exe"
O4 - HKLM\..\Run: [igfxhkcmd] "C:\WINDOWS\system32\hkcmd.exe"
O4 - HKLM\..\Run: [igfxpers] "C:\WINDOWS\system32\igfxpers.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [SonyPowerCfg] "C:\Program Files\Sony\VAIO Power Management\SPMgr.exe"
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [Biomenu] "C:\Program Files\Protector Suite QL\menusw.exe"
O4 - HKLM\..\Run: [Switcher.exe] "C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe"
O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe"
O4 - HKLM\..\Run: [VAIO Recovery] "C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [SsAAD.exe] "C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] "C:\WINDOWS\system32\dumprep.exe" 0 -k
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Ad-Watch] "C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe"
O4 - HKLM\..\Run: [SetDefPrt] "C:\Program Files\Brother\Brmfl06c\BrStDvPt.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1152933854\ee\AOLHostManager.exe"
O4 - HKLM\..\Run: [BrMfcWnd] "C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" /AUTORUN
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat\AdobeUpdateManager.exe" AcStd7_0_9 -reboot 1
O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [IETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [IETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'Default user')
O4 - Startup: World Community Grid - BOINC Manager.lnk = C:\Program Files\BOINC\boincmgr.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: UCLA Cisco VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Transfer by Image Converter 2 Plus - C:\Program Files\Sony\Image Converter 2\menu.htm
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/...UI.cab55579.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.co...GenXInstall.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games Buddy Invite) - http://zone.msn.com/...dy.cab55579.cab
O16 - DPF: {3D15E6EB-2050-4800-B012-AA9E06A21D05} (Pearson Finance Player Control) - http://asp.mathxl.co...nancePlayer.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - http://www.symantec....abs/tgctlsr.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/...at.cab55579.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase5483.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemreq.../sysreqlab2.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symant...ex/symdlmgr.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/...mjolauncher.cab
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.co...nstallAsst2.cab
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (MSN Games Texas Holdem Poker) - http://zone.msn.com/...he.cab60231.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemreq...m/sysreqlab.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games Game Communicator) - http://zone.msn.com/...xy.cab55579.cab
O16 - DPF: {FC4CAF5F-91BD-4DD9-ADC1-F3C737E37BC4} (CPlayFirstSweetopiaControl Object) - http://zone.msn.com/...ia.1.0.0.46.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: McAfee Application Installer Cleanup (0063931242496632) (0063931242496632mcinstcleanup) - McAfee, Inc. - C:\DOCUME~1\Keith\LOCALS~1\Temp\006393~1.EXE
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe

--
End of file - 19644 bytes

Please be sure not to install any software or use any removal/scanning tools exept those that you are
instructed to by the expert who will be assisting you as doing so can make their job much more difficult.


note: if for some reason you are unable to run some or any of the tools in the first link, then skip that step and move on to the next one. If you can't even run HijackThis, then just post here: Malware Removal - HijackThis Logs describing your issues and an expert will reply with further instructions.

I hope I was helpful. Good luck and safe surfing. ;)


unable to update multiple anti-virus packages or access mcafee.com, msconfig updates no...

16 May 2009 - 02:42 AM

Hi,

Lavasoft Ad-aware, Norton antivirus, webroot antivirus, and malwarebyte's anti-malware have all pronounced my computer clean. However, I am unable to update any of them, cannot access mcafee.com, cannot access regedit, and cannot get the programs that should be starting automatically (like virus scanners) to start automatically.

A couple of days ago, ad-aware caught (and removed) a trojan package of some sort. Unfortunately, I didn't think to write down the name of it.

Here is the log from malwarebyte's anti-malware, run a little while ago:
Malwarebytes' Anti-Malware 1.36
Database version: 1945
Windows 5.1.2600 Service Pack 3

5/15/2009 11:27:44 PM
mbam-log-2009-05-15 (23-27-44).txt

Scan type: Full Scan (C:\|)
Objects scanned: 287803
Time elapsed: 2 hour(s), 37 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Any suggestions as to what I should be doing to fix this?

Thanks!