Inactive [InActive] I'm next...VIRTUMONDE has me at wits end.

Alohakid · 2009/01/16

Greetings and HELP!

First the rant...been at this for the past three days....finally reloaded my machine and thought all was fines unitl I used IE and, "its back! "...battling this issue along with a horrible cold...I'm mad/tired (been at this since 0600)/and at wits end....was on hold with Web Root for over an hour with no help so here I am.

Before I post the log, any and all help will be greatly appreciative!

After reading some of the threads, went ahead and ran ComboFix...here's the log:

ComboFix 09-01-16.02 - Marc 2009-01-16 16:53:48.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.425 [GMT -5:00]
Running from: c:\documents and settings\Marc\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: McAfee Personal Firewall *disabled*
FW: Webroot Internet Security Essentials *disabled*
.

((((((((((((((((((((((((( Files Created from 2008-12-16 to 2009-01-16 )))))))))))))))))))))))))))))))
.

2009-01-16 15:36 . 2009-01-16 15:36 23,392 --a------ c:\windows\system32\nscompat.tlb
2009-01-16 15:36 . 2009-01-16 15:36 16,832 --a------ c:\windows\system32\amcompat.tlb
2009-01-16 09:34 . 2009-01-16 10:20 664 --a------ c:\windows\system32\d3d9caps.dat
2009-01-16 08:57 . 2009-01-16 08:57 <DIR> d-------- c:\program files\Windows Media Connect 2
2009-01-16 08:57 . 2006-10-04 09:06 1,197,294 -----c--- c:\windows\system32\dllcache\sysmain.sdb
2009-01-16 08:57 . 2006-10-04 09:06 764,868 -----c--- c:\windows\system32\dllcache\apph_sp.sdb
2009-01-16 08:57 . 2006-10-04 09:06 217,118 -----c--- c:\windows\system32\dllcache\apphelp.sdb
2009-01-16 08:54 . 2009-01-16 08:55 <DIR> d-------- c:\windows\system32\drivers\UMDF
2009-01-16 08:28 . 2005-06-28 18:43 46,592 --------- c:\windows\system32\drivers\irbus.sys
2009-01-16 08:28 . 2005-06-28 18:43 19,200 --------- c:\windows\system32\drivers\hidir.sys
2009-01-15 21:45 . 2009-01-15 21:45 22,528 --a------ c:\documents and settings\Marc\d.exe
2009-01-15 03:02 . 2009-01-15 03:02 <DIR> d-------- c:\program files\MSXML 4.0
2009-01-15 02:53 . 2009-01-15 02:53 <DIR> d-------- c:\program files\Boilsoft Video Joiner
2009-01-15 02:53 . 2009-01-15 02:55 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2009-01-15 02:47 . 2009-01-15 02:47 <DIR> d-------- c:\program files\DivX
2009-01-15 02:47 . 2009-01-15 02:47 <DIR> d-------- c:\documents and settings\Marc\Application Data\vlc
2009-01-15 02:46 . 2009-01-15 02:46 <DIR> d-------- c:\program files\VideoLAN
2009-01-15 02:28 . 2009-01-15 02:28 0 --a------ c:\windows\nsreg.dat
2009-01-15 01:38 . 2009-01-15 01:51 <DIR> d-------- c:\documents and settings\Marc\Application Data\U3
2009-01-15 01:30 . 2009-01-15 01:30 0 --a------ c:\windows\ativpsrm.bin
2009-01-15 01:27 . 2009-01-15 01:27 <DIR> d-------- C:\ATI
2009-01-15 01:27 . 2008-02-25 21:05 593,920 --a------ c:\windows\system32\ati2sgag.exe
2009-01-15 01:20 . 2009-01-15 01:20 <DIR> d-------- c:\documents and settings\Marc\WINDOWS
2009-01-15 01:19 . 2009-01-15 01:20 <DIR> d-------- c:\program files\viewsonic
2009-01-15 01:19 . 2009-01-15 01:19 <DIR> d-------- c:\documents and settings\Marc\Application Data\Leadertech
2009-01-15 01:18 . 2009-01-15 01:22 102 --a------ c:\windows\VSWizard.ini
2009-01-15 01:12 . 2009-01-16 08:54 <DIR> d-------- c:\windows\system32\LogFiles
2009-01-15 01:12 . 2009-01-16 16:58 10,105 --a------ c:\windows\system32\Config.MPF
2009-01-15 01:11 . 2006-03-03 08:07 143,360 --a------ c:\windows\system32\dunzip32.dll
2009-01-15 01:09 . 2007-11-22 06:44 201,320 --a------ c:\windows\system32\drivers\mfehidk.sys
2009-01-15 01:09 . 2007-11-22 06:44 79,304 --a------ c:\windows\system32\drivers\mfeavfk.sys
2009-01-15 01:09 . 2007-12-02 12:51 40,488 --a------ c:\windows\system32\drivers\mfesmfk.sys
2009-01-15 01:09 . 2007-11-22 06:44 35,240 --a------ c:\windows\system32\drivers\mfebopk.sys
2009-01-15 01:09 . 2007-11-22 06:44 33,832 --a------ c:\windows\system32\drivers\mferkdk.sys
2009-01-15 01:08 . 2009-01-15 01:08 <DIR> d-------- c:\program files\McAfee.com
2009-01-15 01:08 . 2009-01-15 03:18 <DIR> d-------- c:\program files\McAfee
2009-01-15 01:08 . 2009-01-15 01:09 <DIR> d-------- c:\program files\Common Files\McAfee
2009-01-15 01:08 . 2007-07-13 06:20 113,952 --a------ c:\windows\system32\drivers\Mpfp.sys
2009-01-15 01:05 . 2009-01-15 01:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\McAfee
2009-01-15 00:35 . 2009-01-15 00:35 <DIR> d---s---- c:\documents and settings\Marc\UserData
2009-01-15 00:26 . 2009-01-15 00:26 <DIR> d-------- c:\program files\Webroot
2009-01-15 00:26 . 2009-01-15 00:26 <DIR> d-------- c:\documents and settings\Marc\Application Data\Webroot
2009-01-15 00:26 . 2009-01-15 00:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\Webroot
2009-01-15 00:26 . 2009-01-15 00:26 <DIR> d-------- C:\Binaries
2009-01-15 00:26 . 2008-11-13 17:11 1,553,272 --a------ c:\windows\WRSetup.dll
2009-01-15 00:26 . 2009-01-15 00:26 164 --a------ C:\install.dat
2009-01-15 00:08 . 2009-01-15 00:08 <DIR> d-------- c:\program files\Common Files\Ahead
2009-01-15 00:08 . 2009-01-15 00:09 <DIR> d-------- c:\program files\Ahead
2009-01-15 00:08 . 2001-07-06 08:41 569,344 -ra------ c:\windows\system32\imagr5.dll
2009-01-15 00:08 . 2001-07-06 06:44 544,768 -ra------ c:\windows\system32\imagx5.dll
2009-01-15 00:08 . 2001-07-06 12:24 283,920 -ra------ c:\windows\system32\ImagXpr5.dll
2009-01-15 00:08 . 2001-07-09 05:50 155,648 -ra------ c:\windows\system32\NeroCheck.exe
2009-01-15 00:08 . 2001-06-26 02:15 38,912 -ra------ c:\windows\system32\picn20.dll
2009-01-14 23:55 . 2009-01-14 23:55 <DIR> d-------- c:\program files\APC
2009-01-14 23:55 . 2004-08-10 15:35 4,142,592 --a------ c:\windows\system32\qtintf.dll
2009-01-14 23:49 . 2009-01-14 23:49 <DIR> d-------- c:\documents and settings\All Users\Application Data\HP
2009-01-14 23:47 . 2009-01-14 23:48 <DIR> d-------- c:\program files\Common Files\HP
2009-01-14 23:45 . 2009-01-14 23:46 <DIR> d-------- c:\program files\Hewlett-Packard
2009-01-14 23:45 . 2009-01-14 23:45 <DIR> d-------- c:\program files\Common Files\Hewlett-Packard
2009-01-14 23:43 . 2004-09-29 12:12 278,584 --a------ c:\windows\system32\HPZidr12.dll
2009-01-14 23:43 . 2004-09-29 12:15 204,800 --a------ c:\windows\system32\HPZipr12.dll
2009-01-14 23:43 . 2004-09-29 12:09 94,208 --a------ c:\windows\system32\HPZipt12.dll
2009-01-14 23:43 . 2004-09-29 12:14 69,632 --a------ c:\windows\system32\HPZipm12.exe
2009-01-14 23:43 . 2004-09-29 12:08 61,440 --a------ c:\windows\system32\HPZinw12.exe
2009-01-14 23:43 . 2004-09-29 12:09 57,344 --a------ c:\windows\system32\HPZisn12.dll
2009-01-14 23:41 . 2009-01-14 23:46 <DIR> d-------- c:\program files\HP
2009-01-14 23:40 . 2004-12-14 11:07 51,120 -ra------ c:\windows\system32\drivers\HPZid412.sys
2009-01-14 23:40 . 2004-12-14 11:07 16,496 -ra------ c:\windows\system32\drivers\HPZipr12.sys
2009-01-14 23:39 . 2004-12-14 11:07 21,744 -ra------ c:\windows\system32\drivers\HPZius12.sys
2009-01-14 23:27 . 2008-09-04 11:42 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2009-01-14 23:27 . 2008-10-15 11:57 332,800 -----c--- c:\windows\system32\dllcache\netapi32.dll
2009-01-14 23:27 . 2008-10-03 05:15 247,326 -----c--- c:\windows\system32\dllcache\strmdll.dll
2009-01-14 23:25 . 2004-12-14 11:07 581,632 -ra------ c:\windows\system32\hpotscl.dll
2009-01-14 23:25 . 2004-12-14 11:07 278,528 -ra------ c:\windows\system32\hpgwiamd.dll
2009-01-14 23:25 . 2004-12-14 11:07 274,432 -ra------ c:\windows\system32\HPZc3212.dll
2009-01-14 23:25 . 2004-12-14 11:07 229,376 -ra------ c:\windows\system32\hpovst08.dll
2009-01-14 23:25 . 2009-01-14 23:49 68,939 --a------ c:\windows\hpoins05.dat
2009-01-14 23:25 . 2004-12-14 11:07 19,696 --------- c:\windows\hpomdl05.dat
2009-01-14 23:25 . 2004-08-03 22:58 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2009-01-14 23:25 . 2004-08-03 22:58 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys
2009-01-14 23:22 . 2009-01-14 23:22 <DIR> d-------- c:\documents and settings\Marc\Application Data\InterMute
2009-01-14 23:21 . 2009-01-14 16:48 <DIR> d-------- c:\documents and settings\Marc\Application Data\Symantec
2009-01-14 23:21 . 2009-01-14 16:30 <DIR> d-------- c:\documents and settings\Marc\Application Data\Sony Corporation
2009-01-14 23:21 . 2009-01-14 16:42 <DIR> d-------- c:\documents and settings\Marc\Application Data\Intuit
2009-01-14 23:21 . 2009-01-15 21:45 <DIR> d-------- c:\documents and settings\Marc
2009-01-14 23:20 . 2009-01-14 16:48 <DIR> d-------- c:\windows\system32\config\systemprofile\Application Data\Symantec
2009-01-14 23:20 . 2009-01-14 16:30 <DIR> d-------- c:\windows\system32\config\systemprofile\Application Data\Sony Corporation
2009-01-14 23:20 . 2009-01-14 16:42 <DIR> d-------- c:\windows\system32\config\systemprofile\Application Data\Intuit
2009-01-14 23:20 . 2009-01-14 23:20 0 -rah----- c:\windows\system32\drivers\Sony_VGC-RA840G.mrk
2009-01-14 23:15 . 2009-01-14 23:15 8,192 --a------ c:\windows\REGLOCS.OLD
2009-01-14 18:25 . 2004-08-04 03:56 21,504 --a------ c:\windows\system32\hidserv.dll
2009-01-14 18:25 . 2004-08-04 01:58 14,848 --a------ c:\windows\system32\drivers\kbdhid.sys
2009-01-14 18:24 . 2004-08-04 02:01 25,856 --a------ c:\windows\system32\drivers\usbprint.sys
2009-01-14 18:24 . 2001-08-17 16:58 19,200 --a------ c:\windows\system32\drivers\hidbatt.sys
2009-01-14 18:24 . 2001-08-17 16:57 14,080 --a------ c:\windows\system32\drivers\battc.sys
2009-01-14 18:24 . 2001-08-17 16:48 12,160 --a------ c:\windows\system32\drivers\mouhid.sys
2009-01-14 18:24 . 2001-08-17 17:02 9,600 --a------ c:\windows\system32\drivers\hidusb.sys
2009-01-14 18:24 . 2001-08-17 16:58 9,344 --a------ c:\windows\system32\drivers\compbatt.sys
2009-01-14 18:23 . 2004-08-04 02:08 31,616 --a------ c:\windows\system32\drivers\usbccgp.sys
2009-01-14 16:48 . 2009-01-14 16:48 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Symantec
2009-01-14 16:47 . 2009-01-14 16:47 <DIR> d-------- c:\documents and settings\All Users\ImageConverter2
2009-01-14 16:47 . 2009-01-15 00:50 <DIR> d-------- c:\documents and settings\All Users\Application Data\Symantec
2009-01-14 16:46 . 2009-01-15 00:41 <DIR> d-------- c:\program files\MoodLogic
2009-01-14 16:46 . 2009-01-14 16:46 <DIR> d-------- c:\program files\InterMute
2009-01-14 16:46 . 2009-01-14 23:22 2,158 --a------ c:\windows\system32\ssmute.ini
2009-01-14 16:44 . 2009-01-14 16:44 <DIR> d-------- c:\documents and settings\All Users\Application Data\VAIO Media Platform
2009-01-14 16:43 . 2009-01-14 16:43 <DIR> d-------- c:\documents and settings\All Users\Application Data\Intuit
2009-01-14 16:42 . 2009-01-14 16:42 <DIR> d-------- c:\program files\InterVideo
2009-01-14 16:42 . 2009-01-14 16:42 <DIR> d-------- c:\program files\Common Files\InterVideo
2009-01-14 16:42 . 2002-11-21 13:57 204,800 --a------ c:\windows\system32\IVIresizeW7.dll
2009-01-14 16:42 . 2002-11-21 13:57 200,704 --a------ c:\windows\system32\IVIresizeA6.dll
2009-01-14 16:42 . 2002-11-21 13:57 192,512 --a------ c:\windows\system32\IVIresizeP6.dll
2009-01-14 16:42 . 2002-11-21 13:57 192,512 --a------ c:\windows\system32\IVIresizeM6.dll
2009-01-14 16:42 . 2002-11-21 13:57 188,416 --a------ c:\windows\system32\IVIresizePX.dll
2009-01-14 16:42 . 2002-11-21 13:57 20,480 --a------ c:\windows\system32\IVIresize.dll
2009-01-14 16:41 . 2003-06-18 20:31 17,920 --a------ c:\windows\system32\mdimon.dll
2009-01-14 16:41 . 2009-01-15 00:16 376 --a------ c:\windows\ODBC.INI
2009-01-14 16:40 . 2009-01-15 00:40 <DIR> d-------- c:\windows\SHELLNEW
2009-01-14 16:40 . 2009-01-15 00:15 <DIR> d-------- c:\program files\Microsoft ActiveSync
2009-01-14 16:38 . 2009-01-15 00:59 <DIR> d-------- c:\program files\Microsoft Works
2009-01-14 16:35 . 2009-01-14 16:35 <DIR> d-------- c:\program files\Sonic
2009-01-14 16:35 . 2004-11-19 19:31 61,440 --a------ c:\windows\system32\SonyAIwo.dll
2009-01-14 16:35 . 2004-11-09 14:21 52,736 --a------ c:\windows\system32\SonyAIds.dll
2009-01-14 16:35 . 2004-10-26 17:29 42,496 --a------ c:\windows\system32\SonyAIwd.dll
2009-01-14 16:34 . 2003-10-07 22:55 2,981,888 --a------ c:\windows\system32\iplw7.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-16 11:19 --------- d-----w c:\documents and settings\All Users\Application Data\Sony Corporation
2009-01-15 06:21 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-15 05:57 --------- d-----w c:\program files\Common Files\Adobe
2009-01-15 05:53 --------- d-----w c:\program files\Sony
2009-01-14 21:33 --------- d-----w c:\program files\Common Files\Sony Shared
2008-12-11 11:57 333,184 ----a-w c:\windows\system32\drivers\srv.sys
.

((((((((((((((((((((((((((((( snapshot@2009-01-16_16.45.27.62 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-01-16 20:36:25 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-01-16 21:39:08 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-01-16 20:36:25 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-01-16 21:39:08 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-01-16 20:36:25 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-16 21:39:08 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-16 21:58:10 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_2e8.dat
- 2009-01-16 21:40:34 3,926 ----a-w c:\windows\Temp\wrstemp\S-1-5-18.dat
+ 2009-01-16 21:59:20 3,926 ----a-w c:\windows\Temp\wrstemp\S-1-5-18.dat
- 2009-01-16 21:40:34 4,182 ----a-w c:\windows\Temp\wrstemp\S-1-5-19.dat
+ 2009-01-16 21:59:20 4,182 ----a-w c:\windows\Temp\wrstemp\S-1-5-19.dat
- 2009-01-16 21:40:34 4,250 ----a-w c:\windows\Temp\wrstemp\S-1-5-20.dat
+ 2009-01-16 21:59:20 4,250 ----a-w c:\windows\Temp\wrstemp\S-1-5-20.dat
- 2009-01-16 21:40:34 4,922 ----a-w c:\windows\Temp\wrstemp\S-1-5-21-4243002081-4232962244-1316491021-1005.dat
+ 2009-01-16 21:59:20 4,922 ----a-w c:\windows\Temp\wrstemp\S-1-5-21-4243002081-4232962244-1316491021-1005.dat
- 2009-01-16 21:40:34 4,762 ----a-w c:\windows\Temp\wrstemp\S-1-5-21-4243002081-4232962244-1316491021-500.dat
+ 2009-01-16 21:59:20 4,762 ----a-w c:\windows\Temp\wrstemp\S-1-5-21-4243002081-4232962244-1316491021-500.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupIconOverlayId]
@= "{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD} "
[HKEY_CLASSES_ROOT\CLSID\{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}]
2008-11-13 17:04 238968 --a------ c:\program files\Webroot\WebrootSecurity\Backup\CtxMenu_1_0_0_10.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS "= "c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray "= "c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"High Definition Audio Property Page Shortcut "= "c:\windows\system32\HDAudPropShortcut.exe" [2004-08-12 61952]
"IAAnotif "= "c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-03-09 139264]
"SoundMan "= "c:\windows\SOUNDMAN.EXE" [2005-04-06 90112]
"AlcWzrd "= "c:\windows\ALCWZRD.EXE" [2005-04-06 2805248]
"ATIPTA "= "c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-22 339968]
"ExecAfterFirstBoot "= "c:\windows\SONYSYS\EFlyer\ExecAfterFirstBoot.exe" [2005-03-16 204800]
"VAIO Update 2 "= "c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-01-14 151552]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2004-11-23 5406720]
"VAIO Recovery "= "c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-19 28672]
"VAIOSurvey "= "c:\program files\sony\vaio survey\surveysa.exe" [2004-08-19 331776]
"PartSeal "= "c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-19 28672]
"HP Software Update "= "c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 49152]
"NeroFilterCheck "= "c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"mcagent_exe "= "c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]
"SpySweeper "= "c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe" [2008-11-13 6273400]

c:\documents and settings\Marc\Start Menu\Programs\Startup\
PowerReg Scheduler.exe [2009-01-15 225280]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2009-01-14 221247]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 258048]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 53248]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-12 83360]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs "=wxwzxd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd "= c:\progra~1\COMMON~1\SONYSH~1\VideoLib\sonydv.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@= "Service "

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe "=

R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2008-11-12 29808]
R4 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB [?]
R4 WRConsumerService;Webroot Client Service;c:\program files\Webroot\WebrootSecurity\WRConsumerService.exe [2009-01-15 1086840]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB [?]
.
Contents of the 'Scheduled Tasks' folder

2009-01-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

2009-01-15 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

2009-01-15 c:\windows\Tasks\Registration reminder 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-10 07:00]

2009-01-15 c:\windows\Tasks\Registration reminder 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-10 07:00]

2009-01-15 c:\windows\Tasks\Registration reminder 3.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-10 07:00]

2009-01-16 c:\windows\Tasks\wrSpySweeper_L117242DCBD7D47168118F4BF21BE3DD4.job
- c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2008-11-13 17:11]

2009-01-16 c:\windows\Tasks\wrSpySweeper_L117242DCBD7D47168118F4BF21BE3DD4.job
- c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2008-11-13 17:11]

2009-01-16 c:\windows\Tasks\wrSpySweeper_L117242DCBD7D47168118F4BF21BE3DD4.job
- a:\ ", "c:\ ", "d:\ ", "e:\ ", "f:\ ", "g:\ ", "h:\ ", "i:\ ", "j:\ ", "k:\ ", "l:\ ", "m:\" []
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://cm.my.yahoo.com/?.src=fp
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://www.sony.com/vaiopeople
uInternet Connection Wizard,ShellNext = hxxp://www.sony.com/vaiopeople
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
FF - ProfilePath - c:\documents and settings\Marc\Application Data\Mozilla\Firefox\Profiles\3ag859jv.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.gatorsports.com/apps/pbcs.dll/frontpage
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJPI150.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPOJI610.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-16 16:59:18
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

c:\docume~1\Marc\LOCALS~1\Temp\pon991gl.0.cs 80582 bytes
c:\docume~1\Marc\LOCALS~1\Temp\pon991gl.cmdline 295 bytes
c:\docume~1\Marc\LOCALS~1\Temp\pon991gl.dll 36864 bytes executable
c:\docume~1\Marc\LOCALS~1\Temp\pon991gl.err 0 bytes

scan completed successfully
hidden files: 4

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(792)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\APC\APC PowerChute Personal Edition\mainserv.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
c:\program files\Sony\Sony TV Tuner Library\SMceMan.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\program files\Webroot\WebrootSecurity\SpySweeper.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
c:\windows\system32\dllhost.exe
c:\program files\Sony\Sony TV Tuner Library\RM_SV.exe
c:\windows\ehome\ehmsas.exe
c:\program files\HP\Digital Imaging\bin\hpqgalry.exe
c:\program files\APC\APC PowerChute Personal Edition\apcsystray.exe
c:\progra~1\McAfee\MSC\mcuimgr.exe
c:\program files\Webroot\WebrootSecurity\SSU.exe
c:\progra~1\McAfee\MSC\mcupdmgr.exe
.
**************************************************************************
.
Completion time: 2009-01-16 17:03:40 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-16 22:03:32
ComboFix2.txt 2009-01-16 21:47:43

Pre-Run: 230,998,601,728 bytes free
Post-Run: 230,985,539,584 bytes free

324 --- E O F --- 2009-01-15 08:10:36

noahdfear · 2009/01/17

Hi Alohakid,

Any relief since running ComboFix? Before doing anything else, please post the contents of C:\Qoobox\ComboFix2.txt here.

Then, disable any realtime protection applications. Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)
Code:
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
 "AppInit_DLLs "=-
Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button. Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

**NOTE - Allow ComboFix to update if prompted.

Please download DDS from one of the 3 mirrors and save it to your desktop.

Mirror 1 Mirror 2 Mirror 3

Disable any script blocking protection

Double click the dds icon to run the tool.

When done, DDS will open two (2) logs:

DDS.txt

Attach.txt

Save both reports to your desktop.

Please include the contents of the following in your next reply:

DDS.txt

I may ask for the Attach.txt log later, so keep it handy.

Log in or Sign up

Inactive [InActive] I'm next...VIRTUMONDE has me at wits end.

Alohakid Inactive Thread Starter

noahdfear Inactive

Share This Page

Log in or Sign up

Inactive [InActive] I'm next...VIRTUMONDE has me at wits end.

Alohakid Inactive Thread Starter

noahdfear Inactive

Share This Page

Useful Searches