1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Inactive [InActive] I'm next...VIRTUMONDE has me at wits end.

Discussion in 'Malware and Virus Removal Archive' started by Alohakid, 2009/01/16.

  1. 2009/01/16
    Alohakid

    Alohakid Inactive Thread Starter

    Joined:
    2009/01/07
    Messages:
    4
    Likes Received:
    0
    Greetings and HELP!

    First the rant...been at this for the past three days....finally reloaded my machine and thought all was fines unitl I used IE and, "its back! "...battling this issue along with a horrible cold...I'm mad/tired (been at this since 0600)/and at wits end....was on hold with Web Root for over an hour with no help so here I am.

    Before I post the log, any and all help will be greatly appreciative!

    After reading some of the threads, went ahead and ran ComboFix...here's the log:

    ComboFix 09-01-16.02 - Marc 2009-01-16 16:53:48.2 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.425 [GMT -5:00]
    Running from: c:\documents and settings\Marc\Desktop\ComboFix.exe
    AV: McAfee VirusScan *On-access scanning disabled* (Updated)
    FW: McAfee Personal Firewall *disabled*
    FW: Webroot Internet Security Essentials *disabled*
    .

    ((((((((((((((((((((((((( Files Created from 2008-12-16 to 2009-01-16 )))))))))))))))))))))))))))))))
    .

    2009-01-16 15:36 . 2009-01-16 15:36 23,392 --a------ c:\windows\system32\nscompat.tlb
    2009-01-16 15:36 . 2009-01-16 15:36 16,832 --a------ c:\windows\system32\amcompat.tlb
    2009-01-16 09:34 . 2009-01-16 10:20 664 --a------ c:\windows\system32\d3d9caps.dat
    2009-01-16 08:57 . 2009-01-16 08:57 <DIR> d-------- c:\program files\Windows Media Connect 2
    2009-01-16 08:57 . 2006-10-04 09:06 1,197,294 -----c--- c:\windows\system32\dllcache\sysmain.sdb
    2009-01-16 08:57 . 2006-10-04 09:06 764,868 -----c--- c:\windows\system32\dllcache\apph_sp.sdb
    2009-01-16 08:57 . 2006-10-04 09:06 217,118 -----c--- c:\windows\system32\dllcache\apphelp.sdb
    2009-01-16 08:54 . 2009-01-16 08:55 <DIR> d-------- c:\windows\system32\drivers\UMDF
    2009-01-16 08:28 . 2005-06-28 18:43 46,592 --------- c:\windows\system32\drivers\irbus.sys
    2009-01-16 08:28 . 2005-06-28 18:43 19,200 --------- c:\windows\system32\drivers\hidir.sys
    2009-01-15 21:45 . 2009-01-15 21:45 22,528 --a------ c:\documents and settings\Marc\d.exe
    2009-01-15 03:02 . 2009-01-15 03:02 <DIR> d-------- c:\program files\MSXML 4.0
    2009-01-15 02:53 . 2009-01-15 02:53 <DIR> d-------- c:\program files\Boilsoft Video Joiner
    2009-01-15 02:53 . 2009-01-15 02:55 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
    2009-01-15 02:47 . 2009-01-15 02:47 <DIR> d-------- c:\program files\DivX
    2009-01-15 02:47 . 2009-01-15 02:47 <DIR> d-------- c:\documents and settings\Marc\Application Data\vlc
    2009-01-15 02:46 . 2009-01-15 02:46 <DIR> d-------- c:\program files\VideoLAN
    2009-01-15 02:28 . 2009-01-15 02:28 0 --a------ c:\windows\nsreg.dat
    2009-01-15 01:38 . 2009-01-15 01:51 <DIR> d-------- c:\documents and settings\Marc\Application Data\U3
    2009-01-15 01:30 . 2009-01-15 01:30 0 --a------ c:\windows\ativpsrm.bin
    2009-01-15 01:27 . 2009-01-15 01:27 <DIR> d-------- C:\ATI
    2009-01-15 01:27 . 2008-02-25 21:05 593,920 --a------ c:\windows\system32\ati2sgag.exe
    2009-01-15 01:20 . 2009-01-15 01:20 <DIR> d-------- c:\documents and settings\Marc\WINDOWS
    2009-01-15 01:19 . 2009-01-15 01:20 <DIR> d-------- c:\program files\viewsonic
    2009-01-15 01:19 . 2009-01-15 01:19 <DIR> d-------- c:\documents and settings\Marc\Application Data\Leadertech
    2009-01-15 01:18 . 2009-01-15 01:22 102 --a------ c:\windows\VSWizard.ini
    2009-01-15 01:12 . 2009-01-16 08:54 <DIR> d-------- c:\windows\system32\LogFiles
    2009-01-15 01:12 . 2009-01-16 16:58 10,105 --a------ c:\windows\system32\Config.MPF
    2009-01-15 01:11 . 2006-03-03 08:07 143,360 --a------ c:\windows\system32\dunzip32.dll
    2009-01-15 01:09 . 2007-11-22 06:44 201,320 --a------ c:\windows\system32\drivers\mfehidk.sys
    2009-01-15 01:09 . 2007-11-22 06:44 79,304 --a------ c:\windows\system32\drivers\mfeavfk.sys
    2009-01-15 01:09 . 2007-12-02 12:51 40,488 --a------ c:\windows\system32\drivers\mfesmfk.sys
    2009-01-15 01:09 . 2007-11-22 06:44 35,240 --a------ c:\windows\system32\drivers\mfebopk.sys
    2009-01-15 01:09 . 2007-11-22 06:44 33,832 --a------ c:\windows\system32\drivers\mferkdk.sys
    2009-01-15 01:08 . 2009-01-15 01:08 <DIR> d-------- c:\program files\McAfee.com
    2009-01-15 01:08 . 2009-01-15 03:18 <DIR> d-------- c:\program files\McAfee
    2009-01-15 01:08 . 2009-01-15 01:09 <DIR> d-------- c:\program files\Common Files\McAfee
    2009-01-15 01:08 . 2007-07-13 06:20 113,952 --a------ c:\windows\system32\drivers\Mpfp.sys
    2009-01-15 01:05 . 2009-01-15 01:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\McAfee
    2009-01-15 00:35 . 2009-01-15 00:35 <DIR> d---s---- c:\documents and settings\Marc\UserData
    2009-01-15 00:26 . 2009-01-15 00:26 <DIR> d-------- c:\program files\Webroot
    2009-01-15 00:26 . 2009-01-15 00:26 <DIR> d-------- c:\documents and settings\Marc\Application Data\Webroot
    2009-01-15 00:26 . 2009-01-15 00:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\Webroot
    2009-01-15 00:26 . 2009-01-15 00:26 <DIR> d-------- C:\Binaries
    2009-01-15 00:26 . 2008-11-13 17:11 1,553,272 --a------ c:\windows\WRSetup.dll
    2009-01-15 00:26 . 2009-01-15 00:26 164 --a------ C:\install.dat
    2009-01-15 00:08 . 2009-01-15 00:08 <DIR> d-------- c:\program files\Common Files\Ahead
    2009-01-15 00:08 . 2009-01-15 00:09 <DIR> d-------- c:\program files\Ahead
    2009-01-15 00:08 . 2001-07-06 08:41 569,344 -ra------ c:\windows\system32\imagr5.dll
    2009-01-15 00:08 . 2001-07-06 06:44 544,768 -ra------ c:\windows\system32\imagx5.dll
    2009-01-15 00:08 . 2001-07-06 12:24 283,920 -ra------ c:\windows\system32\ImagXpr5.dll
    2009-01-15 00:08 . 2001-07-09 05:50 155,648 -ra------ c:\windows\system32\NeroCheck.exe
    2009-01-15 00:08 . 2001-06-26 02:15 38,912 -ra------ c:\windows\system32\picn20.dll
    2009-01-14 23:55 . 2009-01-14 23:55 <DIR> d-------- c:\program files\APC
    2009-01-14 23:55 . 2004-08-10 15:35 4,142,592 --a------ c:\windows\system32\qtintf.dll
    2009-01-14 23:49 . 2009-01-14 23:49 <DIR> d-------- c:\documents and settings\All Users\Application Data\HP
    2009-01-14 23:47 . 2009-01-14 23:48 <DIR> d-------- c:\program files\Common Files\HP
    2009-01-14 23:45 . 2009-01-14 23:46 <DIR> d-------- c:\program files\Hewlett-Packard
    2009-01-14 23:45 . 2009-01-14 23:45 <DIR> d-------- c:\program files\Common Files\Hewlett-Packard
    2009-01-14 23:43 . 2004-09-29 12:12 278,584 --a------ c:\windows\system32\HPZidr12.dll
    2009-01-14 23:43 . 2004-09-29 12:15 204,800 --a------ c:\windows\system32\HPZipr12.dll
    2009-01-14 23:43 . 2004-09-29 12:09 94,208 --a------ c:\windows\system32\HPZipt12.dll
    2009-01-14 23:43 . 2004-09-29 12:14 69,632 --a------ c:\windows\system32\HPZipm12.exe
    2009-01-14 23:43 . 2004-09-29 12:08 61,440 --a------ c:\windows\system32\HPZinw12.exe
    2009-01-14 23:43 . 2004-09-29 12:09 57,344 --a------ c:\windows\system32\HPZisn12.dll
    2009-01-14 23:41 . 2009-01-14 23:46 <DIR> d-------- c:\program files\HP
    2009-01-14 23:40 . 2004-12-14 11:07 51,120 -ra------ c:\windows\system32\drivers\HPZid412.sys
    2009-01-14 23:40 . 2004-12-14 11:07 16,496 -ra------ c:\windows\system32\drivers\HPZipr12.sys
    2009-01-14 23:39 . 2004-12-14 11:07 21,744 -ra------ c:\windows\system32\drivers\HPZius12.sys
    2009-01-14 23:27 . 2008-09-04 11:42 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
    2009-01-14 23:27 . 2008-10-15 11:57 332,800 -----c--- c:\windows\system32\dllcache\netapi32.dll
    2009-01-14 23:27 . 2008-10-03 05:15 247,326 -----c--- c:\windows\system32\dllcache\strmdll.dll
    2009-01-14 23:25 . 2004-12-14 11:07 581,632 -ra------ c:\windows\system32\hpotscl.dll
    2009-01-14 23:25 . 2004-12-14 11:07 278,528 -ra------ c:\windows\system32\hpgwiamd.dll
    2009-01-14 23:25 . 2004-12-14 11:07 274,432 -ra------ c:\windows\system32\HPZc3212.dll
    2009-01-14 23:25 . 2004-12-14 11:07 229,376 -ra------ c:\windows\system32\hpovst08.dll
    2009-01-14 23:25 . 2009-01-14 23:49 68,939 --a------ c:\windows\hpoins05.dat
    2009-01-14 23:25 . 2004-12-14 11:07 19,696 --------- c:\windows\hpomdl05.dat
    2009-01-14 23:25 . 2004-08-03 22:58 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
    2009-01-14 23:25 . 2004-08-03 22:58 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys
    2009-01-14 23:22 . 2009-01-14 23:22 <DIR> d-------- c:\documents and settings\Marc\Application Data\InterMute
    2009-01-14 23:21 . 2009-01-14 16:48 <DIR> d-------- c:\documents and settings\Marc\Application Data\Symantec
    2009-01-14 23:21 . 2009-01-14 16:30 <DIR> d-------- c:\documents and settings\Marc\Application Data\Sony Corporation
    2009-01-14 23:21 . 2009-01-14 16:42 <DIR> d-------- c:\documents and settings\Marc\Application Data\Intuit
    2009-01-14 23:21 . 2009-01-15 21:45 <DIR> d-------- c:\documents and settings\Marc
    2009-01-14 23:20 . 2009-01-14 16:48 <DIR> d-------- c:\windows\system32\config\systemprofile\Application Data\Symantec
    2009-01-14 23:20 . 2009-01-14 16:30 <DIR> d-------- c:\windows\system32\config\systemprofile\Application Data\Sony Corporation
    2009-01-14 23:20 . 2009-01-14 16:42 <DIR> d-------- c:\windows\system32\config\systemprofile\Application Data\Intuit
    2009-01-14 23:20 . 2009-01-14 23:20 0 -rah----- c:\windows\system32\drivers\Sony_VGC-RA840G.mrk
    2009-01-14 23:15 . 2009-01-14 23:15 8,192 --a------ c:\windows\REGLOCS.OLD
    2009-01-14 18:25 . 2004-08-04 03:56 21,504 --a------ c:\windows\system32\hidserv.dll
    2009-01-14 18:25 . 2004-08-04 01:58 14,848 --a------ c:\windows\system32\drivers\kbdhid.sys
    2009-01-14 18:24 . 2004-08-04 02:01 25,856 --a------ c:\windows\system32\drivers\usbprint.sys
    2009-01-14 18:24 . 2001-08-17 16:58 19,200 --a------ c:\windows\system32\drivers\hidbatt.sys
    2009-01-14 18:24 . 2001-08-17 16:57 14,080 --a------ c:\windows\system32\drivers\battc.sys
    2009-01-14 18:24 . 2001-08-17 16:48 12,160 --a------ c:\windows\system32\drivers\mouhid.sys
    2009-01-14 18:24 . 2001-08-17 17:02 9,600 --a------ c:\windows\system32\drivers\hidusb.sys
    2009-01-14 18:24 . 2001-08-17 16:58 9,344 --a------ c:\windows\system32\drivers\compbatt.sys
    2009-01-14 18:23 . 2004-08-04 02:08 31,616 --a------ c:\windows\system32\drivers\usbccgp.sys
    2009-01-14 16:48 . 2009-01-14 16:48 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Symantec
    2009-01-14 16:47 . 2009-01-14 16:47 <DIR> d-------- c:\documents and settings\All Users\ImageConverter2
    2009-01-14 16:47 . 2009-01-15 00:50 <DIR> d-------- c:\documents and settings\All Users\Application Data\Symantec
    2009-01-14 16:46 . 2009-01-15 00:41 <DIR> d-------- c:\program files\MoodLogic
    2009-01-14 16:46 . 2009-01-14 16:46 <DIR> d-------- c:\program files\InterMute
    2009-01-14 16:46 . 2009-01-14 23:22 2,158 --a------ c:\windows\system32\ssmute.ini
    2009-01-14 16:44 . 2009-01-14 16:44 <DIR> d-------- c:\documents and settings\All Users\Application Data\VAIO Media Platform
    2009-01-14 16:43 . 2009-01-14 16:43 <DIR> d-------- c:\documents and settings\All Users\Application Data\Intuit
    2009-01-14 16:42 . 2009-01-14 16:42 <DIR> d-------- c:\program files\InterVideo
    2009-01-14 16:42 . 2009-01-14 16:42 <DIR> d-------- c:\program files\Common Files\InterVideo
    2009-01-14 16:42 . 2002-11-21 13:57 204,800 --a------ c:\windows\system32\IVIresizeW7.dll
    2009-01-14 16:42 . 2002-11-21 13:57 200,704 --a------ c:\windows\system32\IVIresizeA6.dll
    2009-01-14 16:42 . 2002-11-21 13:57 192,512 --a------ c:\windows\system32\IVIresizeP6.dll
    2009-01-14 16:42 . 2002-11-21 13:57 192,512 --a------ c:\windows\system32\IVIresizeM6.dll
    2009-01-14 16:42 . 2002-11-21 13:57 188,416 --a------ c:\windows\system32\IVIresizePX.dll
    2009-01-14 16:42 . 2002-11-21 13:57 20,480 --a------ c:\windows\system32\IVIresize.dll
    2009-01-14 16:41 . 2003-06-18 20:31 17,920 --a------ c:\windows\system32\mdimon.dll
    2009-01-14 16:41 . 2009-01-15 00:16 376 --a------ c:\windows\ODBC.INI
    2009-01-14 16:40 . 2009-01-15 00:40 <DIR> d-------- c:\windows\SHELLNEW
    2009-01-14 16:40 . 2009-01-15 00:15 <DIR> d-------- c:\program files\Microsoft ActiveSync
    2009-01-14 16:38 . 2009-01-15 00:59 <DIR> d-------- c:\program files\Microsoft Works
    2009-01-14 16:35 . 2009-01-14 16:35 <DIR> d-------- c:\program files\Sonic
    2009-01-14 16:35 . 2004-11-19 19:31 61,440 --a------ c:\windows\system32\SonyAIwo.dll
    2009-01-14 16:35 . 2004-11-09 14:21 52,736 --a------ c:\windows\system32\SonyAIds.dll
    2009-01-14 16:35 . 2004-10-26 17:29 42,496 --a------ c:\windows\system32\SonyAIwd.dll
    2009-01-14 16:34 . 2003-10-07 22:55 2,981,888 --a------ c:\windows\system32\iplw7.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-01-16 11:19 --------- d-----w c:\documents and settings\All Users\Application Data\Sony Corporation
    2009-01-15 06:21 --------- d--h--w c:\program files\InstallShield Installation Information
    2009-01-15 05:57 --------- d-----w c:\program files\Common Files\Adobe
    2009-01-15 05:53 --------- d-----w c:\program files\Sony
    2009-01-14 21:33 --------- d-----w c:\program files\Common Files\Sony Shared
    2008-12-11 11:57 333,184 ----a-w c:\windows\system32\drivers\srv.sys
    .

    ((((((((((((((((((((((((((((( snapshot@2009-01-16_16.45.27.62 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2009-01-16 20:36:25 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
    + 2009-01-16 21:39:08 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
    - 2009-01-16 20:36:25 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    + 2009-01-16 21:39:08 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    - 2009-01-16 20:36:25 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    + 2009-01-16 21:39:08 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    + 2009-01-16 21:58:10 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_2e8.dat
    - 2009-01-16 21:40:34 3,926 ----a-w c:\windows\Temp\wrstemp\S-1-5-18.dat
    + 2009-01-16 21:59:20 3,926 ----a-w c:\windows\Temp\wrstemp\S-1-5-18.dat
    - 2009-01-16 21:40:34 4,182 ----a-w c:\windows\Temp\wrstemp\S-1-5-19.dat
    + 2009-01-16 21:59:20 4,182 ----a-w c:\windows\Temp\wrstemp\S-1-5-19.dat
    - 2009-01-16 21:40:34 4,250 ----a-w c:\windows\Temp\wrstemp\S-1-5-20.dat
    + 2009-01-16 21:59:20 4,250 ----a-w c:\windows\Temp\wrstemp\S-1-5-20.dat
    - 2009-01-16 21:40:34 4,922 ----a-w c:\windows\Temp\wrstemp\S-1-5-21-4243002081-4232962244-1316491021-1005.dat
    + 2009-01-16 21:59:20 4,922 ----a-w c:\windows\Temp\wrstemp\S-1-5-21-4243002081-4232962244-1316491021-1005.dat
    - 2009-01-16 21:40:34 4,762 ----a-w c:\windows\Temp\wrstemp\S-1-5-21-4243002081-4232962244-1316491021-500.dat
    + 2009-01-16 21:59:20 4,762 ----a-w c:\windows\Temp\wrstemp\S-1-5-21-4243002081-4232962244-1316491021-500.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupIconOverlayId]
    @= "{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD} "
    [HKEY_CLASSES_ROOT\CLSID\{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}]
    2008-11-13 17:04 238968 --a------ c:\program files\Webroot\WebrootSecurity\Backup\CtxMenu_1_0_0_10.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSMSGS "= "c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray "= "c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
    "High Definition Audio Property Page Shortcut "= "c:\windows\system32\HDAudPropShortcut.exe" [2004-08-12 61952]
    "IAAnotif "= "c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-03-09 139264]
    "SoundMan "= "c:\windows\SOUNDMAN.EXE" [2005-04-06 90112]
    "AlcWzrd "= "c:\windows\ALCWZRD.EXE" [2005-04-06 2805248]
    "ATIPTA "= "c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-22 339968]
    "ExecAfterFirstBoot "= "c:\windows\SONYSYS\EFlyer\ExecAfterFirstBoot.exe" [2005-03-16 204800]
    "VAIO Update 2 "= "c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-01-14 151552]
    "NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2004-11-23 5406720]
    "VAIO Recovery "= "c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-19 28672]
    "VAIOSurvey "= "c:\program files\sony\vaio survey\surveysa.exe" [2004-08-19 331776]
    "PartSeal "= "c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-19 28672]
    "HP Software Update "= "c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 49152]
    "NeroFilterCheck "= "c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
    "mcagent_exe "= "c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]
    "SpySweeper "= "c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe" [2008-11-13 6273400]

    c:\documents and settings\Marc\Start Menu\Programs\Startup\
    PowerReg Scheduler.exe [2009-01-15 225280]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
    APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2009-01-14 221247]
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 258048]
    HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 53248]
    Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-12 83360]
    Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs "=wxwzxd.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.dvsd "= c:\progra~1\COMMON~1\SONYSH~1\VideoLib\sonydv.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
    @= "Service "

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify "=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring "=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring "=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall "= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe "=
    "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe "=

    R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2008-11-12 29808]
    R4 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB [?]
    R4 WRConsumerService;Webroot Client Service;c:\program files\Webroot\WebrootSecurity\WRConsumerService.exe [2009-01-15 1086840]
    S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB [?]
    .
    Contents of the 'Scheduled Tasks' folder

    2009-01-15 c:\windows\Tasks\McDefragTask.job
    - c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

    2009-01-15 c:\windows\Tasks\McQcTask.job
    - c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

    2009-01-15 c:\windows\Tasks\Registration reminder 1.job
    - c:\windows\system32\OOBE\oobebaln.exe [2004-08-10 07:00]

    2009-01-15 c:\windows\Tasks\Registration reminder 2.job
    - c:\windows\system32\OOBE\oobebaln.exe [2004-08-10 07:00]

    2009-01-15 c:\windows\Tasks\Registration reminder 3.job
    - c:\windows\system32\OOBE\oobebaln.exe [2004-08-10 07:00]

    2009-01-16 c:\windows\Tasks\wrSpySweeper_L117242DCBD7D47168118F4BF21BE3DD4.job
    - c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2008-11-13 17:11]

    2009-01-16 c:\windows\Tasks\wrSpySweeper_L117242DCBD7D47168118F4BF21BE3DD4.job
    - c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2008-11-13 17:11]

    2009-01-16 c:\windows\Tasks\wrSpySweeper_L117242DCBD7D47168118F4BF21BE3DD4.job
    - a:\ ", "c:\ ", "d:\ ", "e:\ ", "f:\ ", "g:\ ", "h:\ ", "i:\ ", "j:\ ", "k:\ ", "l:\ ", "m:\" []
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://cm.my.yahoo.com/?.src=fp
    uSearch Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com/ie
    mDefault_Page_URL = hxxp://www.sony.com/vaiopeople
    uInternet Connection Wizard,ShellNext = hxxp://www.sony.com/vaiopeople
    uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
    mSearchAssistant = hxxp://www.google.com/ie
    IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
    IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
    IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
    IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
    IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
    FF - ProfilePath - c:\documents and settings\Marc\Application Data\Mozilla\Firefox\Profiles\3ag859jv.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.gatorsports.com/apps/pbcs.dll/frontpage
    FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava11.dll
    FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava12.dll
    FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava13.dll
    FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava14.dll
    FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava32.dll
    FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJPI150.dll
    FF - plugin: c:\program files\Java\jre1.5.0\bin\NPOJI610.dll
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-01-16 16:59:18
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...


    c:\docume~1\Marc\LOCALS~1\Temp\pon991gl.0.cs 80582 bytes
    c:\docume~1\Marc\LOCALS~1\Temp\pon991gl.cmdline 295 bytes
    c:\docume~1\Marc\LOCALS~1\Temp\pon991gl.dll 36864 bytes executable
    c:\docume~1\Marc\LOCALS~1\Temp\pon991gl.err 0 bytes

    scan completed successfully
    hidden files: 4

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(792)
    c:\windows\system32\Ati2evxx.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\ati2evxx.exe
    c:\windows\system32\ati2evxx.exe
    c:\program files\APC\APC PowerChute Personal Edition\mainserv.exe
    c:\windows\ehome\ehrecvr.exe
    c:\windows\ehome\ehSched.exe
    c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    c:\progra~1\McAfee\MSC\mcmscsvc.exe
    c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
    c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
    c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
    c:\program files\McAfee\MPF\MpfSrv.exe
    c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
    c:\windows\system32\HPZipm12.exe
    c:\program files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
    c:\program files\Sony\Sony TV Tuner Library\SMceMan.exe
    c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
    c:\program files\Webroot\WebrootSecurity\SpySweeper.exe
    c:\windows\ehome\mcrdsvc.exe
    c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
    c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
    c:\windows\system32\dllhost.exe
    c:\program files\Sony\Sony TV Tuner Library\RM_SV.exe
    c:\windows\ehome\ehmsas.exe
    c:\program files\HP\Digital Imaging\bin\hpqgalry.exe
    c:\program files\APC\APC PowerChute Personal Edition\apcsystray.exe
    c:\progra~1\McAfee\MSC\mcuimgr.exe
    c:\program files\Webroot\WebrootSecurity\SSU.exe
    c:\progra~1\McAfee\MSC\mcupdmgr.exe
    .
    **************************************************************************
    .
    Completion time: 2009-01-16 17:03:40 - machine was rebooted
    ComboFix-quarantined-files.txt 2009-01-16 22:03:32
    ComboFix2.txt 2009-01-16 21:47:43

    Pre-Run: 230,998,601,728 bytes free
    Post-Run: 230,985,539,584 bytes free

    324 --- E O F --- 2009-01-15 08:10:36
     
  2. 2009/01/17
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Hi Alohakid,

    Any relief since running ComboFix? Before doing anything else, please post the contents of C:\Qoobox\ComboFix2.txt here.

    Then, disable any realtime protection applications. Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

    Filename: CFScript.txt
    Save As Type: All Files (*.*)

    Code:
    
    Registry::
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
     "AppInit_DLLs "=-
    
    Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button. Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log.

    Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

    **NOTE - Allow ComboFix to update if prompted.


    Please download DDS from one of the 3 mirrors and save it to your desktop.

    Mirror 1 Mirror 2 Mirror 3

    • Disable any script blocking protection
    • Double click the dds icon to run the tool.
    • When done, DDS will open two (2) logs:
      1. DDS.txt
      2. Attach.txt
    • Save both reports to your desktop.
    Please include the contents of the following in your next reply:

    DDS.txt

    I may ask for the Attach.txt log later, so keep it handy.
     

  3. to hide this advert.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.