Windows BBS The Place for Microsoft Windows Support! Windows, Support, Help Site

Go Back   Windows BBS > Security > Malware and Virus Removal
Reload this Page

[Active] I'm next...VIRTUMONDE has me at wits end.

Register FAQDonate Mark Forums Read

Malware and Virus Removal Problems removing malware/viruses? Get help from our Malware removal experts.

Register your FREE account to unlock additional features at WindowsBBS.com
Register
Welcome to WindowsBBS.com
Microsoft Windows Support

Mission Statement

WindowsBBS is an online community dedicated to easily accessible technical support for those using Microsoft operating systems and other Windows software.

Our goal is to become the leading resource for computer users that require assistance with their day-to-day computer usage, including full support for networking PC's, virus & malware removal, system upgrades and general support questions.

Discussion Forums
Operating Systems
Windows 7 Windows 7
Windows Vista Windows Vista
Windows XP Windows XP
Windows Server System Windows Server System
Windows 2000 Windows 2000
Windows 95/98/Me/NT Windows 95/98/Me/NT
Internet & Networking
Networking
Internet Explorer
Microsoft Mail
Firefox, Thunderbird
      & SeaMonkey
General Internet
Security
General Security
Malware and Virus
     Removal
Other
Other Software
Hardware
Test Posts
Community
Introductions
General Discussions
Comments
      & Suggestions
News @ WindowsBBS

Forum Sponsor
Image

Reply
 
LinkBack Thread Tools
Old 16th January 2009   #1
Member
 
Profile:
Join Date: Jan 2009
Posts: 4
Computer Experience:
intermediate
Alohakid Reputation Level
[Active] I'm next...VIRTUMONDE has me at wits end.
Greetings and HELP!

First the rant...been at this for the past three days....finally reloaded my machine and thought all was fines unitl I used IE and, "its back!"...battling this issue along with a horrible cold...I'm mad/tired (been at this since 0600)/and at wits end....was on hold with Web Root for over an hour with no help so here I am.

Before I post the log, any and all help will be greatly appreciative!

After reading some of the threads, went ahead and ran ComboFix...here's the log:

ComboFix 09-01-16.02 - Marc 2009-01-16 16:53:48.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.425 [GMT -5:00]
Running from: c:\documents and settings\Marc\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: McAfee Personal Firewall *disabled*
FW: Webroot Internet Security Essentials *disabled*
.

((((((((((((((((((((((((( Files Created from 2008-12-16 to 2009-01-16 )))))))))))))))))))))))))))))))
.

2009-01-16 15:36 . 2009-01-16 15:36 23,392 --a------ c:\windows\system32\nscompat.tlb
2009-01-16 15:36 . 2009-01-16 15:36 16,832 --a------ c:\windows\system32\amcompat.tlb
2009-01-16 09:34 . 2009-01-16 10:20 664 --a------ c:\windows\system32\d3d9caps.dat
2009-01-16 08:57 . 2009-01-16 08:57 <DIR> d-------- c:\program files\Windows Media Connect 2
2009-01-16 08:57 . 2006-10-04 09:06 1,197,294 -----c--- c:\windows\system32\dllcache\sysmain.sdb
2009-01-16 08:57 . 2006-10-04 09:06 764,868 -----c--- c:\windows\system32\dllcache\apph_sp.sdb
2009-01-16 08:57 . 2006-10-04 09:06 217,118 -----c--- c:\windows\system32\dllcache\apphelp.sdb
2009-01-16 08:54 . 2009-01-16 08:55 <DIR> d-------- c:\windows\system32\drivers\UMDF
2009-01-16 08:28 . 2005-06-28 18:43 46,592 --------- c:\windows\system32\drivers\irbus.sys
2009-01-16 08:28 . 2005-06-28 18:43 19,200 --------- c:\windows\system32\drivers\hidir.sys
2009-01-15 21:45 . 2009-01-15 21:45 22,528 --a------ c:\documents and settings\Marc\d.exe
2009-01-15 03:02 . 2009-01-15 03:02 <DIR> d-------- c:\program files\MSXML 4.0
2009-01-15 02:53 . 2009-01-15 02:53 <DIR> d-------- c:\program files\Boilsoft Video Joiner
2009-01-15 02:53 . 2009-01-15 02:55 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2009-01-15 02:47 . 2009-01-15 02:47 <DIR> d-------- c:\program files\DivX
2009-01-15 02:47 . 2009-01-15 02:47 <DIR> d-------- c:\documents and settings\Marc\Application Data\vlc
2009-01-15 02:46 . 2009-01-15 02:46 <DIR> d-------- c:\program files\VideoLAN
2009-01-15 02:28 . 2009-01-15 02:28 0 --a------ c:\windows\nsreg.dat
2009-01-15 01:38 . 2009-01-15 01:51 <DIR> d-------- c:\documents and settings\Marc\Application Data\U3
2009-01-15 01:30 . 2009-01-15 01:30 0 --a------ c:\windows\ativpsrm.bin
2009-01-15 01:27 . 2009-01-15 01:27 <DIR> d-------- C:\ATI
2009-01-15 01:27 . 2008-02-25 21:05 593,920 --a------ c:\windows\system32\ati2sgag.exe
2009-01-15 01:20 . 2009-01-15 01:20 <DIR> d-------- c:\documents and settings\Marc\WINDOWS
2009-01-15 01:19 . 2009-01-15 01:20 <DIR> d-------- c:\program files\viewsonic
2009-01-15 01:19 . 2009-01-15 01:19 <DIR> d-------- c:\documents and settings\Marc\Application Data\Leadertech
2009-01-15 01:18 . 2009-01-15 01:22 102 --a------ c:\windows\VSWizard.ini
2009-01-15 01:12 . 2009-01-16 08:54 <DIR> d-------- c:\windows\system32\LogFiles
2009-01-15 01:12 . 2009-01-16 16:58 10,105 --a------ c:\windows\system32\Config.MPF
2009-01-15 01:11 . 2006-03-03 08:07 143,360 --a------ c:\windows\system32\dunzip32.dll
2009-01-15 01:09 . 2007-11-22 06:44 201,320 --a------ c:\windows\system32\drivers\mfehidk.sys
2009-01-15 01:09 . 2007-11-22 06:44 79,304 --a------ c:\windows\system32\drivers\mfeavfk.sys
2009-01-15 01:09 . 2007-12-02 12:51 40,488 --a------ c:\windows\system32\drivers\mfesmfk.sys
2009-01-15 01:09 . 2007-11-22 06:44 35,240 --a------ c:\windows\system32\drivers\mfebopk.sys
2009-01-15 01:09 . 2007-11-22 06:44 33,832 --a------ c:\windows\system32\drivers\mferkdk.sys
2009-01-15 01:08 . 2009-01-15 01:08 <DIR> d-------- c:\program files\McAfee.com
2009-01-15 01:08 . 2009-01-15 03:18 <DIR> d-------- c:\program files\McAfee
2009-01-15 01:08 . 2009-01-15 01:09 <DIR> d-------- c:\program files\Common Files\McAfee
2009-01-15 01:08 . 2007-07-13 06:20 113,952 --a------ c:\windows\system32\drivers\Mpfp.sys
2009-01-15 01:05 . 2009-01-15 01:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\McAfee
2009-01-15 00:35 . 2009-01-15 00:35 <DIR> d---s---- c:\documents and settings\Marc\UserData
2009-01-15 00:26 . 2009-01-15 00:26 <DIR> d-------- c:\program files\Webroot
2009-01-15 00:26 . 2009-01-15 00:26 <DIR> d-------- c:\documents and settings\Marc\Application Data\Webroot
2009-01-15 00:26 . 2009-01-15 00:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\Webroot
2009-01-15 00:26 . 2009-01-15 00:26 <DIR> d-------- C:\Binaries
2009-01-15 00:26 . 2008-11-13 17:11 1,553,272 --a------ c:\windows\WRSetup.dll
2009-01-15 00:26 . 2009-01-15 00:26 164 --a------ C:\install.dat
2009-01-15 00:08 . 2009-01-15 00:08 <DIR> d-------- c:\program files\Common Files\Ahead
2009-01-15 00:08 . 2009-01-15 00:09 <DIR> d-------- c:\program files\Ahead
2009-01-15 00:08 . 2001-07-06 08:41 569,344 -ra------ c:\windows\system32\imagr5.dll
2009-01-15 00:08 . 2001-07-06 06:44 544,768 -ra------ c:\windows\system32\imagx5.dll
2009-01-15 00:08 . 2001-07-06 12:24 283,920 -ra------ c:\windows\system32\ImagXpr5.dll
2009-01-15 00:08 . 2001-07-09 05:50 155,648 -ra------ c:\windows\system32\NeroCheck.exe
2009-01-15 00:08 . 2001-06-26 02:15 38,912 -ra------ c:\windows\system32\picn20.dll
2009-01-14 23:55 . 2009-01-14 23:55 <DIR> d-------- c:\program files\APC
2009-01-14 23:55 . 2004-08-10 15:35 4,142,592 --a------ c:\windows\system32\qtintf.dll
2009-01-14 23:49 . 2009-01-14 23:49 <DIR> d-------- c:\documents and settings\All Users\Application Data\HP
2009-01-14 23:47 . 2009-01-14 23:48 <DIR> d-------- c:\program files\Common Files\HP
2009-01-14 23:45 . 2009-01-14 23:46 <DIR> d-------- c:\program files\Hewlett-Packard
2009-01-14 23:45 . 2009-01-14 23:45 <DIR> d-------- c:\program files\Common Files\Hewlett-Packard
2009-01-14 23:43 . 2004-09-29 12:12 278,584 --a------ c:\windows\system32\HPZidr12.dll
2009-01-14 23:43 . 2004-09-29 12:15 204,800 --a------ c:\windows\system32\HPZipr12.dll
2009-01-14 23:43 . 2004-09-29 12:09 94,208 --a------ c:\windows\system32\HPZipt12.dll
2009-01-14 23:43 . 2004-09-29 12:14 69,632 --a------ c:\windows\system32\HPZipm12.exe
2009-01-14 23:43 . 2004-09-29 12:08 61,440 --a------ c:\windows\system32\HPZinw12.exe
2009-01-14 23:43 . 2004-09-29 12:09 57,344 --a------ c:\windows\system32\HPZisn12.dll
2009-01-14 23:41 . 2009-01-14 23:46 <DIR> d-------- c:\program files\HP
2009-01-14 23:40 . 2004-12-14 11:07 51,120 -ra------ c:\windows\system32\drivers\HPZid412.sys
2009-01-14 23:40 . 2004-12-14 11:07 16,496 -ra------ c:\windows\system32\drivers\HPZipr12.sys
2009-01-14 23:39 . 2004-12-14 11:07 21,744 -ra------ c:\windows\system32\drivers\HPZius12.sys
2009-01-14 23:27 . 2008-09-04 11:42 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2009-01-14 23:27 . 2008-10-15 11:57 332,800 -----c--- c:\windows\system32\dllcache\netapi32.dll
2009-01-14 23:27 . 2008-10-03 05:15 247,326 -----c--- c:\windows\system32\dllcache\strmdll.dll
2009-01-14 23:25 . 2004-12-14 11:07 581,632 -ra------ c:\windows\system32\hpotscl.dll
2009-01-14 23:25 . 2004-12-14 11:07 278,528 -ra------ c:\windows\system32\hpgwiamd.dll
2009-01-14 23:25 . 2004-12-14 11:07 274,432 -ra------ c:\windows\system32\HPZc3212.dll
2009-01-14 23:25 . 2004-12-14 11:07 229,376 -ra------ c:\windows\system32\hpovst08.dll
2009-01-14 23:25 . 2009-01-14 23:49 68,939 --a------ c:\windows\hpoins05.dat
2009-01-14 23:25 . 2004-12-14 11:07 19,696 --------- c:\windows\hpomdl05.dat
2009-01-14 23:25 . 2004-08-03 22:58 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2009-01-14 23:25 . 2004-08-03 22:58 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys
2009-01-14 23:22 . 2009-01-14 23:22 <DIR> d-------- c:\documents and settings\Marc\Application Data\InterMute
2009-01-14 23:21 . 2009-01-14 16:48 <DIR> d-------- c:\documents and settings\Marc\Application Data\Symantec
2009-01-14 23:21 . 2009-01-14 16:30 <DIR> d-------- c:\documents and settings\Marc\Application Data\Sony Corporation
2009-01-14 23:21 . 2009-01-14 16:42 <DIR> d-------- c:\documents and settings\Marc\Application Data\Intuit
2009-01-14 23:21 . 2009-01-15 21:45 <DIR> d-------- c:\documents and settings\Marc
2009-01-14 23:20 . 2009-01-14 16:48 <DIR> d-------- c:\windows\system32\config\systemprofile\Application Data\Symantec
2009-01-14 23:20 . 2009-01-14 16:30 <DIR> d-------- c:\windows\system32\config\systemprofile\Application Data\Sony Corporation
2009-01-14 23:20 . 2009-01-14 16:42 <DIR> d-------- c:\windows\system32\config\systemprofile\Application Data\Intuit
2009-01-14 23:20 . 2009-01-14 23:20 0 -rah----- c:\windows\system32\drivers\Sony_VGC-RA840G.mrk
2009-01-14 23:15 . 2009-01-14 23:15 8,192 --a------ c:\windows\REGLOCS.OLD
2009-01-14 18:25 . 2004-08-04 03:56 21,504 --a------ c:\windows\system32\hidserv.dll
2009-01-14 18:25 . 2004-08-04 01:58 14,848 --a------ c:\windows\system32\drivers\kbdhid.sys
2009-01-14 18:24 . 2004-08-04 02:01 25,856 --a------ c:\windows\system32\drivers\usbprint.sys
2009-01-14 18:24 . 2001-08-17 16:58 19,200 --a------ c:\windows\system32\drivers\hidbatt.sys
2009-01-14 18:24 . 2001-08-17 16:57 14,080 --a------ c:\windows\system32\drivers\battc.sys
2009-01-14 18:24 . 2001-08-17 16:48 12,160 --a------ c:\windows\system32\drivers\mouhid.sys
2009-01-14 18:24 . 2001-08-17 17:02 9,600 --a------ c:\windows\system32\drivers\hidusb.sys
2009-01-14 18:24 . 2001-08-17 16:58 9,344 --a------ c:\windows\system32\drivers\compbatt.sys
2009-01-14 18:23 . 2004-08-04 02:08 31,616 --a------ c:\windows\system32\drivers\usbccgp.sys
2009-01-14 16:48 . 2009-01-14 16:48 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Symantec
2009-01-14 16:47 . 2009-01-14 16:47 <DIR> d-------- c:\documents and settings\All Users\ImageConverter2
2009-01-14 16:47 . 2009-01-15 00:50 <DIR> d-------- c:\documents and settings\All Users\Application Data\Symantec
2009-01-14 16:46 . 2009-01-15 00:41 <DIR> d-------- c:\program files\MoodLogic
2009-01-14 16:46 . 2009-01-14 16:46 <DIR> d-------- c:\program files\InterMute
2009-01-14 16:46 . 2009-01-14 23:22 2,158 --a------ c:\windows\system32\ssmute.ini
2009-01-14 16:44 . 2009-01-14 16:44 <DIR> d-------- c:\documents and settings\All Users\Application Data\VAIO Media Platform
2009-01-14 16:43 . 2009-01-14 16:43 <DIR> d-------- c:\documents and settings\All Users\Application Data\Intuit
2009-01-14 16:42 . 2009-01-14 16:42 <DIR> d-------- c:\program files\InterVideo
2009-01-14 16:42 . 2009-01-14 16:42 <DIR> d-------- c:\program files\Common Files\InterVideo
2009-01-14 16:42 . 2002-11-21 13:57 204,800 --a------ c:\windows\system32\IVIresizeW7.dll
2009-01-14 16:42 . 2002-11-21 13:57 200,704 --a------ c:\windows\system32\IVIresizeA6.dll
2009-01-14 16:42 . 2002-11-21 13:57 192,512 --a------ c:\windows\system32\IVIresizeP6.dll
2009-01-14 16:42 . 2002-11-21 13:57 192,512 --a------ c:\windows\system32\IVIresizeM6.dll
2009-01-14 16:42 . 2002-11-21 13:57 188,416 --a------ c:\windows\system32\IVIresizePX.dll
2009-01-14 16:42 . 2002-11-21 13:57 20,480 --a------ c:\windows\system32\IVIresize.dll
2009-01-14 16:41 . 2003-06-18 20:31 17,920 --a------ c:\windows\system32\mdimon.dll
2009-01-14 16:41 . 2009-01-15 00:16 376 --a------ c:\windows\ODBC.INI
2009-01-14 16:40 . 2009-01-15 00:40 <DIR> d-------- c:\windows\SHELLNEW
2009-01-14 16:40 . 2009-01-15 00:15 <DIR> d-------- c:\program files\Microsoft ActiveSync
2009-01-14 16:38 . 2009-01-15 00:59 <DIR> d-------- c:\program files\Microsoft Works
2009-01-14 16:35 . 2009-01-14 16:35 <DIR> d-------- c:\program files\Sonic
2009-01-14 16:35 . 2004-11-19 19:31 61,440 --a------ c:\windows\system32\SonyAIwo.dll
2009-01-14 16:35 . 2004-11-09 14:21 52,736 --a------ c:\windows\system32\SonyAIds.dll
2009-01-14 16:35 . 2004-10-26 17:29 42,496 --a------ c:\windows\system32\SonyAIwd.dll
2009-01-14 16:34 . 2003-10-07 22:55 2,981,888 --a------ c:\windows\system32\iplw7.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-16 11:19 --------- d-----w c:\documents and settings\All Users\Application Data\Sony Corporation
2009-01-15 06:21 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-15 05:57 --------- d-----w c:\program files\Common Files\Adobe
2009-01-15 05:53 --------- d-----w c:\program files\Sony
2009-01-14 21:33 --------- d-----w c:\program files\Common Files\Sony Shared
2008-12-11 11:57 333,184 ----a-w c:\windows\system32\drivers\srv.sys
.

((((((((((((((((((((((((((((( snapshot@2009-01-16_16.45.27.62 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-01-16 20:36:25 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-01-16 21:39:08 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-01-16 20:36:25 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-01-16 21:39:08 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-01-16 20:36:25 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-16 21:39:08 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-16 21:58:10 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_2e8.dat
- 2009-01-16 21:40:34 3,926 ----a-w c:\windows\Temp\wrstemp\S-1-5-18.dat
+ 2009-01-16 21:59:20 3,926 ----a-w c:\windows\Temp\wrstemp\S-1-5-18.dat
- 2009-01-16 21:40:34 4,182 ----a-w c:\windows\Temp\wrstemp\S-1-5-19.dat
+ 2009-01-16 21:59:20 4,182 ----a-w c:\windows\Temp\wrstemp\S-1-5-19.dat
- 2009-01-16 21:40:34 4,250 ----a-w c:\windows\Temp\wrstemp\S-1-5-20.dat
+ 2009-01-16 21:59:20 4,250 ----a-w c:\windows\Temp\wrstemp\S-1-5-20.dat
- 2009-01-16 21:40:34 4,922 ----a-w c:\windows\Temp\wrstemp\S-1-5-21-4243002081-4232962244-1316491021-1005.dat
+ 2009-01-16 21:59:20 4,922 ----a-w c:\windows\Temp\wrstemp\S-1-5-21-4243002081-4232962244-1316491021-1005.dat
- 2009-01-16 21:40:34 4,762 ----a-w c:\windows\Temp\wrstemp\S-1-5-21-4243002081-4232962244-1316491021-500.dat
+ 2009-01-16 21:59:20 4,762 ----a-w c:\windows\Temp\wrstemp\S-1-5-21-4243002081-4232962244-1316491021-500.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\BackupIconOverlayId]
@="{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}"
[HKEY_CLASSES_ROOT\CLSID\{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}]
2008-11-13 17:04 238968 --a------ c:\program files\Webroot\WebrootSecurity\Backup\CtxMenu_1_0_0_10.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"High Definition Audio Property Page Shortcut"="c:\windows\system32\HDAudPropShortcut.exe" [2004-08-12 61952]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-03-09 139264]
"SoundMan"="c:\windows\SOUNDMAN.EXE" [2005-04-06 90112]
"AlcWzrd"="c:\windows\ALCWZRD.EXE" [2005-04-06 2805248]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-22 339968]
"ExecAfterFirstBoot"="c:\windows\SONYSYS\EFlyer\ExecAfterFirstBoot.exe" [2005-03-16 204800]
"VAIO Update 2"="c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-01-14 151552]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-11-23 5406720]
"VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-19 28672]
"VAIOSurvey"="c:\program files\sony\vaio survey\surveysa.exe" [2004-08-19 331776]
"PartSeal"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-19 28672]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 49152]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]
"SpySweeper"="c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe" [2008-11-13 6273400]

c:\documents and settings\Marc\Start Menu\Programs\Startup\
PowerReg Scheduler.exe [2009-01-15 225280]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2009-01-14 221247]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 258048]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 53248]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-12 83360]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wxwzxd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= c:\progra~1\COMMON~1\SONYSH~1\VideoLib\sonydv.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRCons umerService]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2008-11-12 29808]
R4 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB [?]
R4 WRConsumerService;Webroot Client Service;c:\program files\Webroot\WebrootSecurity\WRConsumerService.exe [2009-01-15 1086840]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB [?]
.
Contents of the 'Scheduled Tasks' folder

2009-01-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

2009-01-15 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

2009-01-15 c:\windows\Tasks\Registration reminder 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-10 07:00]

2009-01-15 c:\windows\Tasks\Registration reminder 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-10 07:00]

2009-01-15 c:\windows\Tasks\Registration reminder 3.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-10 07:00]

2009-01-16 c:\windows\Tasks\wrSpySweeper_L117242DCBD7D47168118F4BF21BE3DD4.job
- c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2008-11-13 17:11]

2009-01-16 c:\windows\Tasks\wrSpySweeper_L117242DCBD7D47168118F4BF21BE3DD4.job
- c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2008-11-13 17:11]

2009-01-16 c:\windows\Tasks\wrSpySweeper_L117242DCBD7D47168118F4BF21BE3DD4.job
- a:\","c:\","d:\","e:\","f:\","g:\","h:\","i:\","j:\","k:\","l:\","m:\" []
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://cm.my.yahoo.com/?.src=fp
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://www.sony.com/vaiopeople
uInternet Connection Wizard,ShellNext = hxxp://www.sony.com/vaiopeople
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
FF - ProfilePath - c:\documents and settings\Marc\Application Data\Mozilla\Firefox\Profiles\3ag859jv.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.gatorsports.com/apps/pbcs.dll/frontpage
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJPI150.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPOJI610.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-16 16:59:18
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\docume~1\Marc\LOCALS~1\Temp\pon991gl.0.cs 80582 bytes
c:\docume~1\Marc\LOCALS~1\Temp\pon991gl.cmdline 295 bytes
c:\docume~1\Marc\LOCALS~1\Temp\pon991gl.dll 36864 bytes executable
c:\docume~1\Marc\LOCALS~1\Temp\pon991gl.err 0 bytes

scan completed successfully
hidden files: 4

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(792)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\APC\APC PowerChute Personal Edition\mainserv.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
c:\program files\Sony\Sony TV Tuner Library\SMceMan.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\program files\Webroot\WebrootSecurity\SpySweeper.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
c:\windows\system32\dllhost.exe
c:\program files\Sony\Sony TV Tuner Library\RM_SV.exe
c:\windows\ehome\ehmsas.exe
c:\program files\HP\Digital Imaging\bin\hpqgalry.exe
c:\program files\APC\APC PowerChute Personal Edition\apcsystray.exe
c:\progra~1\McAfee\MSC\mcuimgr.exe
c:\program files\Webroot\WebrootSecurity\SSU.exe
c:\progra~1\McAfee\MSC\mcupdmgr.exe
.
**************************************************************************
.
Completion time: 2009-01-16 17:03:40 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-16 22:03:32
ComboFix2.txt 2009-01-16 21:47:43

Pre-Run: 230,998,601,728 bytes free
Post-Run: 230,985,539,584 bytes free

324 --- E O F --- 2009-01-15 08:10:36
Alohakid is offline   Reply With Quote
Didn't find the information you thought to find?
Check out these Similar Threads
Old 17th January 2009   #2
Staff
 
noahdfear's Avatar
 
Profile:
Join Date: Apr 2003
Location: New Bremen, Ohio U.S.A.
Posts: 12,524
Computer Experience:
~@<*+
noahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Level

My System

Hi Alohakid,

Any relief since running ComboFix? Before doing anything else, please post the contents of C:\Qoobox\ComboFix2.txt here.

Then, disable any realtime protection applications. Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)

Code:

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=-
Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button. Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

**NOTE - Allow ComboFix to update if prompted.


Please download DDS from one of the 3 mirrors and save it to your desktop.

Mirror 1 Mirror 2 Mirror 3
  • Disable any script blocking protection
  • Double click the dds icon to run the tool.
  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt
  • Save both reports to your desktop.
Please include the contents of the following in your next reply:

DDS.txt

I may ask for the Attach.txt log later, so keep it handy.
noahdfear is offline   Reply With Quote
Reply

« [Active] Generic Host process for win32 error | [Resolved] Another Browser Hijack/ AV won't update. »
Thread Tools


Similar Threads
Thread Thread Starter Forum Replies Last Post
[Active] Virtumonde Virus RobertUddin Malware and Virus Removal 9 9th January 2009 23:41
[Active] virtumonde adware/spyware virus Hezron7 Malware and Virus Removal 5 16th November 2008 06:51
[InActive] Cleaned Virtumonde but Can't run Blacklight davekeys Malware and Virus Removal 10 30th September 2008 05:20
How do I get rid of Infostealer.Gampass & Downloader?? dmcmillen Malware and Virus Removal 15 18th May 2008 02:27
Slow system: am at wit's end. Boppy Windows 2000 1 3rd January 2005 05:49


All times are GMT +1. The time now is 15:13.




Advertise - Contact Us - Windows BBS - Archive - Privacy Statement - Top

Advertisements do not imply our endorsement of the product or service advertised.
Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.3.2
Copyright © 2002 - 2009 WindowsBBS.com. All rights reserved.
Terms of Use, Legal Information & Privacy Policy
[]

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32