Jump to content

Yahoo search redirected to Google


Recommended Posts

When I try to log onto Internet Explorer I am always being ask if I want to go to my previous session or homepage. I usually choose my Yahoo homepage once there type in my topic I am interested in and I click on a site and I am redirected to google. Here is my Hijackthis log.

Logfile of Advanced SystemCare 3 Security Analyzer

Scan saved at 10:41:18 AM, on 6/22/2010

Platform: Windows XP (WinNT 5.1)

MSIE: Internet Explorer v8.0 (8.0.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

C:\Program Files\Sony\VAIO Event Service\VESMgr.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\Program Files\Sony\ISB Utility\ISBMgr.exe

C:\Program Files\Sony\VAIO Power Management\SPMgr.exe

C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe

C:\Program Files\Protector Suite QL\menusw.exe

C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)

O2 - BHO: (no name) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: JQSIEStartDetectorImpl - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - (no file)

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint2K\Apoint.exe"

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [iSBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"

O4 - HKLM\..\Run: [VAIO Recovery] "C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe"

O4 - HKLM\..\Run: [sonyPowerCfg] "C:\Program Files\Sony\VAIO Power Management\SPMgr.exe"

O4 - HKLM\..\Run: [VAIO Update 3] "C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe" /Stationary

O4 - HKLM\..\Run: [VAIOSecurity] "C:\Program Files\Sony\VAIO Security Center\VSC.exe" 1

O4 - HKLM\..\Run: [QuickBooks Simple Start] "C:\Program Files\Intuit\SimpleStartEntice\entice.exe"

O4 - HKLM\..\Run: [biomenu] "C:\Program Files\Protector Suite QL\menusw.exe"

O4 - HKLM\..\Run: [switcher.exe] "C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe"

O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire\Corel PhotoDownloader.exe

O4 - HKLM\..\Run: [PartSeal] "C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe"

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} -

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -

O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/3.../OGAControl.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_17) - http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab

O16 - DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} - http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab

O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab

O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} (Java Plug-in 1.6.0_17) - http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.6.0_17) - http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab

O23 - Service: (Ati HotKey Poller) - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe

O23 - Service: QuickBooks Database Manager Service (QBCFMonitorService) - Unknown owner - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe

O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

Link to post
Share on other sites

Hi,

Download DDS and save it to your desktop from here or here or here.

Disable any script blocker, and then double click dds.scr to run the tool.

  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt

    [*]Save both reports to your desktop. Post them back to your topic.

Download GMER here by clicking download exe -button and then saving it your desktop:

  • Double-click .exe that you downloaded
  • Click rootkit-tab, uncheck files option and then click scan.
  • Don't check
    Show All
    box while scanning in progress!
  • When scanning is ready, click Copy.
  • This copies log to clipboard
  • Post log (if the log is long, archive it into a zip file and attach instead of posting) in your reply.

Link to post
Share on other sites

I was unable to run the GMER. After it finished scanning a blue screen came up and said that there was some sort of problem with my computer and I was unable to do anything but shut down. Here is DDS and Attach.

DDS (Ver_10-03-17.01) - NTFSx86

Run by sony users at 15:52:35.18 on Wed 06/23/2010

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.171 [GMT -5:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

svchost.exe

svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

C:\Program Files\Sony\VAIO Event Service\VESMgr.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\Program Files\Sony\ISB Utility\ISBMgr.exe

C:\Program Files\Sony\VAIO Power Management\SPMgr.exe

C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe

C:\Program Files\Protector Suite QL\menusw.exe

C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\sony users\Local Settings\Temporary Internet Files\Content.IE5\WWX2SB7X\dds[1].com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/

uSearch Page =

uSearch Bar =

uInternet Connection Wizard,ShellNext = hxxp://www.sony.com/vaiopeople

mSearchAssistant =

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - No File

TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

uRun: [Advanced SystemCare 3] "c:\program files\iobit\advanced systemcare 3\AWC.exe" /startup

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [Apoint] "c:\program files\apoint2k\Apoint.exe"

mRun: [Alcmtr] ALCMTR.EXE

mRun: [intelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"

mRun: [intelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

mRun: [iSBMgr.exe] "c:\program files\sony\isb utility\ISBMgr.exe"

mRun: [VAIO Recovery] "c:\windows\sonysys\vaio recovery\PartSeal.exe"

mRun: [sonyPowerCfg] "c:\program files\sony\vaio power management\SPMgr.exe"

mRun: [VAIO Update 3] "c:\program files\sony\vaio update 3\VAIOUpdt.exe" /Stationary

mRun: [VAIOSecurity] "c:\program files\sony\vaio security center\VSC.exe" 1

mRun: [QuickBooks Simple Start] "c:\program files\intuit\simplestartentice\entice.exe"

mRun: [biomenu] "c:\program files\protector suite ql\menusw.exe"

mRun: [switcher.exe] "c:\program files\sony\wireless switch setting utility\Switcher.exe"

mRun: [Corel Photo Downloader] c:\program files\corel\corel snapfire\Corel PhotoDownloader.exe

mRun: [PartSeal] "c:\windows\sonysys\vaio recovery\PartSeal.exe"

mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

StartupFolder: c:\docume~1\sonyus~1\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll

DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/E/3/9/E39C664F-A8E3-4F69-A109-1AE9849204EE/OGAControl.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

Notify: AtiExtEvent - Ati2evxx.dll

Notify: igfxcui - igfxdev.dll

Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

Notify: psfus - fusstub.dll

Notify: VESWinlogon - VESWinlogon.dll

Notify: WRNotifier - WRLogonNTF.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

LSA: Notification Packages = scecli fusstub

Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-3-28 64160]

R0 shpf;Sony HDD Protection Filter Driver;c:\windows\system32\drivers\shpf.sys [2007-4-17 14720]

R2 FdRedir;FdRedir;c:\program files\common files\protector suite ql\drivers\FdRedir.sys [2006-2-22 13440]

R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\common files\protector suite ql\drivers\filedisk.sys [2006-2-22 33024]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1029456]

R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2007-4-17 36352]

R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2007-4-17 808448]

S2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\spy sweeper\SpySweeper.exe [2008-3-7 3379264]

S3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [2007-4-17 31104]

=============== Created Last 30 ================

2010-06-12 17:34:04 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

2010-06-05 03:44:16 0 d-sh--w- c:\documents and settings\sony users\IECompatCache

2010-06-05 03:41:29 0 d-sh--w- c:\documents and settings\sony users\PrivacIE

2010-06-05 03:38:23 0 d-sh--w- c:\documents and settings\sony users\IETldCache

2010-06-05 03:34:11 0 d-----w- c:\windows\ie8updates

2010-06-05 03:26:44 0 dc-h--w- c:\windows\ie8

2010-06-05 03:23:37 41984 -c----w- c:\windows\system32\dllcache\iecompat.dll

2010-06-05 03:23:12 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll

2010-06-05 03:23:12 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2010-06-05 02:37:01 0 d-----w- c:\program files\IObit

2010-06-05 02:37:01 0 d-----w- c:\docume~1\sonyus~1\applic~1\IObit

==================== Find3M ====================

2010-05-06 10:41:53 916480 ----a-w- c:\windows\system32\wininet.dll

2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys

2010-04-29 20:39:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-04-29 20:39:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll

2009-05-03 00:49:06 88 --sh--r- c:\windows\system32\5B76FB3787.sys

2009-05-17 21:38:32 3766 --sha-w- c:\windows\system32\KGyGaAvL.sys

2007-04-18 17:44:34 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\application data\microsoft\feeds cache\index.dat

2009-04-16 00:44:35 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009041520090416\index.dat

============= FINISH: 15:53:41.59 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume2

Install Date: 5/8/2008 7:21:45 PM

System Uptime: 6/23/2010 3:20:08 PM (0 hours ago)

Motherboard: Sony Corporation | | VAIO

Processor: Intel® Core2 Duo CPU T7300 @ 2.00GHz | N/A | 1995/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 86 GiB total, 68.201 GiB free.

D: is Removable

E: is Removable

G: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: Bluetooth Personal Area Network

Device ID: BLUETOOTH\0004&0007\0000

Manufacturer: Toshiba

Name: Bluetooth Personal Area Network

PNP Device ID: BLUETOOTH\0004&0007\0000

Service: tosrfnds

==== System Restore Points ===================

RP220: 2/15/2010 11:02:24 AM - System Checkpoint

RP221: 2/16/2010 3:24:28 PM - Software Distribution Service 3.0

RP222: 2/18/2010 4:24:07 PM - Software Distribution Service 3.0

RP223: 2/20/2010 11:54:01 AM - Software Distribution Service 3.0

RP224: 2/22/2010 6:24:33 PM - Restore Operation

RP225: 2/23/2010 6:40:30 PM - Software Distribution Service 3.0

RP226: 2/23/2010 7:39:56 PM - Software Distribution Service 3.0

RP227: 2/27/2010 11:55:37 AM - System Checkpoint

RP228: 3/2/2010 2:00:40 PM - Restore Operation

RP229: 3/2/2010 2:22:36 PM - Software Distribution Service 3.0

RP230: 3/16/2010 4:02:37 PM - System Checkpoint

RP231: 3/21/2010 9:16:02 AM - Software Distribution Service 3.0

RP232: 3/30/2010 4:34:33 PM - Software Distribution Service 3.0

RP233: 4/3/2010 11:56:24 AM - Software Distribution Service 3.0

RP234: 4/10/2010 6:57:41 PM - System Checkpoint

RP235: 4/18/2010 3:01:44 PM - Software Distribution Service 3.0

RP236: 5/3/2010 4:14:09 PM - System Checkpoint

RP237: 5/13/2010 7:38:50 PM - Software Distribution Service 3.0

RP238: 5/28/2010 5:59:12 PM - Software Distribution Service 3.0

RP239: 5/31/2010 8:42:03 PM - System Checkpoint

RP240: 6/4/2010 9:38:03 PM - Advanced SystemCare RestorePoint

RP241: 6/4/2010 10:29:48 PM - Installed Windows Internet Explorer 8.

RP242: 6/4/2010 10:33:00 PM - Software Distribution Service 3.0

RP243: 6/12/2010 9:04:21 PM - Software Distribution Service 3.0

RP244: 6/17/2010 7:18:22 PM - System Checkpoint

RP245: 6/22/2010 12:59:04 PM - System Checkpoint

==== Installed Programs ======================

2007 Microsoft Office system

Activation Assistant for the 2007 Microsoft Office suites

Ad-Aware

Adobe Flash Player 10 ActiveX

Adobe Reader 8.1.4

Advanced SystemCare 3

AFT 2.53.0.0

ATI Display Driver

Bluetooth Stack for Windows by Toshiba

Business Contact Manager for Outlook 2007

CDDRV_Installer

Corel Paint Shop Pro Photo XI

Corel Snapfire

Critical Update for Windows Media Player 11 (KB959772)

erLT

Family Tree Maker 7.0

HDAUDIO SoftV92 Data Fax Modem with SmartCP

High Definition Audio Driver Package - KB835221

HijackThis 2.0.2

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

Intel® Graphics Media Accelerator Driver

Intel® PROSet/Wireless Software

InterVideo WinDVD for VAIO

ISScript

J2SE Runtime Environment 5.0 Update 7

Java 6 Update 17

Java 6 Update 5

Java 6 Update 7

KhalInstallWrapper

LAN Setting Utility

Legacy 7.0

Legacy Charting 7.0

Logitech Desktop Messenger

Logitech SetPoint

Malwarebytes' Anti-Malware

mCore

mDriver

mDrWiFi

Memory Stick Formatter

mHelp

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Data Access Components KB870669

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

Microsoft National Language Support Downlevel APIs

Microsoft Office 2003 Web Components

Microsoft Office 2007 Primary Interop Assemblies

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office Home and Student 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Professional Hybrid 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Publisher 2007

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Small Business Connectivity Components

Microsoft Office Word MUI (English) 2007

Microsoft Software Update for Web Folders (English) 12

Microsoft SQL Server 2005

Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)

Microsoft SQL Server Native Client

Microsoft SQL Server Setup Support Files (English)

Microsoft SQL Server VSS Writer

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 Redistributable

mIWA

mLogView

mMHouse

mPfMgr

mPfWiz

mProSafe

mSCfg

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 Parser and SDK

MSXML 6 Service Pack 2 (KB954459)

mWlsSafe

mZConfig

Napster

Napster Burn Engine

Photo Story 3 for Windows

PowerTeacher Gradebook

Protector Suite QL 5.3

QuickBooks Product Listing Service

QuickBooks Simple Start Free Starter Edition

RealPlayer

Realtek High Definition Audio Driver

Roxio Easy Media Creator Home

Security Update for Step By Step Interactive Training (KB923723)

Security Update for Windows Internet Explorer 7 (KB938127)

Security Update for Windows Internet Explorer 7 (KB950759)

Security Update for Windows Internet Explorer 7 (KB953838)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB958215)

Security Update for Windows Internet Explorer 7 (KB960714)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Internet Explorer 7 (KB969897)

Security Update for Windows Internet Explorer 7 (KB972260)

Security Update for Windows Internet Explorer 7 (KB974455)

Security Update for Windows Internet Explorer 7 (KB976325)

Security Update for Windows Internet Explorer 7 (KB978207)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB938464-v2)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953839)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165-v2)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB981349)

Setting Utility Series

Simple Start Entice

Sony Certificate PCH

Sony Utilities DLL

Spiderman 3 XXXX

Spy Sweeper

Spybot - Search & Destroy

SpywareBlaster 4.3

SupportSoft Assisted Service

TablEdit 2.65

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows Internet Explorer 7 (KB976749)

Update for Windows Internet Explorer 7 (KB980182)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows Internet Explorer 8 (KB980182)

Update for Windows Internet Explorer 8 (KB982632)

Update for Windows XP (KB942763)

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

VAIO Central

VAIO Event Service

VAIO Hardware Diagnostics

VAIO HDD Protection

VAIO Light Flo Wallpaper

VAIO Long Battery Life Wallpaper

VAIO Power Management

VAIO Registration

VAIO Security Center

VAIO Support Central

VAIO Update 3

VAIO Wireless LAN Setup Utility

Visual C++ 2008 x86 Runtime - (v9.0.30729)

Visual C++ 2008 x86 Runtime - v9.0.30729.01

WebFldrs XP

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage Validation Tool

Windows Internet Explorer 7

Windows Internet Explorer 7 Multilingual User Interface (MUI)

Windows Internet Explorer 8

Windows Media Connect

Windows Media Format 11 runtime

Windows Media Player 11

Windows XP Service Pack 3

Wireless Switch Setting Utility

==== Event Viewer Messages From Past Week ========

6/22/2010 12:12:47 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the AudioSrv service.

6/22/2010 12:12:47 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Webroot Spy Sweeper Engine service to connect.

6/22/2010 12:12:47 PM, error: Service Control Manager [7000] - The Webroot Spy Sweeper Engine service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

6/17/2010 4:52:51 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Schedule service.

==== End Of File ===========================

Link to post
Share on other sites

Here is the GMER file. I ended up having to do it in safe mode. I dont have the zip file program.

GMER 1.0.15.15281 - http://www.gmer.net

Rootkit scan 2010-06-24 18:41:00

Windows 5.1.2600 Service Pack 3

Running: 0v52rr02[1].exe; Driver: C:\DOCUME~1\SONYUS~1\LOCALS~1\Temp\kfrirpog.sys

---- System - GMER 1.0.15 ----

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xF761B87E]

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xF761BBFE]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[612] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00E028F5

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[612] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00E02781

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[612] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00E02873

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[612] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00E027B9

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[612] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00E027F1

.text C:\WINDOWS\Explorer.EXE[676] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00FB28F5

.text C:\WINDOWS\Explorer.EXE[676] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00FB2781

.text C:\WINDOWS\Explorer.EXE[676] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00FB2873

.text C:\WINDOWS\Explorer.EXE[676] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00FB27B9

.text C:\WINDOWS\Explorer.EXE[676] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00FB27F1

.text C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe[1664] kernel32.dll!CreateThread + 1A 7C8106F1 4 Bytes CALL 00450101 C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe (Spy Sweeper Engine/Webroot Software, Inc.)

.text C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe[1664] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 013A28F5

.text C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe[1664] WS2_32.dll!send 71AB4C27 5 Bytes JMP 013A2781

.text C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe[1664] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 013A2873

.text C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe[1664] WS2_32.dll!recv 71AB676F 5 Bytes JMP 013A27B9

.text C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe[1664] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 013A27F1

.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1832] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00E528F5

.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1832] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00E52781

.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1832] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00E52873

.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1832] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00E527B9

.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1832] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00E527F1

.text C:\Program Files\Internet Explorer\iexplore.exe[2044] ADVAPI32.dll!CryptDestroyKey 77DE9EBC 7 Bytes JMP 0157299D

.text C:\Program Files\Internet Explorer\iexplore.exe[2044] ADVAPI32.dll!CryptDecrypt 77DEA129 7 Bytes JMP 0157294D

.text C:\Program Files\Internet Explorer\iexplore.exe[2044] ADVAPI32.dll!CryptEncrypt 77DEE360 7 Bytes JMP 01572911

.text C:\Program Files\Internet Explorer\iexplore.exe[2044] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2044] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB1C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2044] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E480F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2044] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4741 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2044] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E47AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2044] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4612 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2044] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4674 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2044] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E4872 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2044] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E46D6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2044] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 01572EA5

.text C:\Program Files\Internet Explorer\iexplore.exe[2044] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 01572F01

.text C:\Program Files\Internet Explorer\iexplore.exe[2044] WININET.dll!HttpOpenRequestA 3D94D508 5 Bytes JMP 01572BF3

.text C:\Program Files\Internet Explorer\iexplore.exe[2044] WININET.dll!InternetConnectA 3D94DEAE 5 Bytes JMP 015729B9

.text C:\Program Files\Internet Explorer\iexplore.exe[2044] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 0157370F

.text C:\Program Files\Internet Explorer\iexplore.exe[2044] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 01572D5B

.text C:\Program Files\Internet Explorer\iexplore.exe[2044] CRYPT32.dll!CertGetCertificateChain 77A92F67 5 Bytes JMP 015732E9

.text C:\Program Files\Internet Explorer\iexplore.exe[2044] CRYPT32.dll!CertVerifyCertificateChainPolicy 77A9B76F 5 Bytes JMP 015732F2

.text C:\Program Files\Internet Explorer\iexplore.exe[2172] ADVAPI32.dll!CryptDestroyKey 77DE9EBC 7 Bytes JMP 019C299D

.text C:\Program Files\Internet Explorer\iexplore.exe[2172] ADVAPI32.dll!CryptDecrypt 77DEA129 7 Bytes JMP 019C294D

.text C:\Program Files\Internet Explorer\iexplore.exe[2172] ADVAPI32.dll!CryptEncrypt 77DEE360 7 Bytes JMP 019C2911

.text C:\Program Files\Internet Explorer\iexplore.exe[2172] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2172] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AC9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2172] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD0ED C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2172] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB1C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2172] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25467C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2172] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E480F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2172] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4741 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2172] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E47AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2172] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4612 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2172] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4674 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2172] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E4872 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2172] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E46D6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2172] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2EDB78 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2172] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E3E4B77 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2172] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 019C2EA5

.text C:\Program Files\Internet Explorer\iexplore.exe[2172] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 019C2F01

.text C:\Program Files\Internet Explorer\iexplore.exe[2172] WININET.dll!HttpOpenRequestA 3D94D508 5 Bytes JMP 019C2BF3

.text C:\Program Files\Internet Explorer\iexplore.exe[2172] WININET.dll!InternetConnectA 3D94DEAE 5 Bytes JMP 019C29B9

.text C:\Program Files\Internet Explorer\iexplore.exe[2172] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 019C370F

.text C:\Program Files\Internet Explorer\iexplore.exe[2172] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 019C2D5B

.text C:\Program Files\Internet Explorer\iexplore.exe[2172] CRYPT32.dll!CertGetCertificateChain 77A92F67 5 Bytes JMP 019C32E9

.text C:\Program Files\Internet Explorer\iexplore.exe[2172] CRYPT32.dll!CertVerifyCertificateChainPolicy 77A9B76F 5 Bytes JMP 019C32F2

.text C:\Program Files\Internet Explorer\iexplore.exe[3356] ADVAPI32.dll!CryptDestroyKey 77DE9EBC 7 Bytes JMP 027A299D

.text C:\Program Files\Internet Explorer\iexplore.exe[3356] ADVAPI32.dll!CryptDecrypt 77DEA129 7 Bytes JMP 027A294D

.text C:\Program Files\Internet Explorer\iexplore.exe[3356] ADVAPI32.dll!CryptEncrypt 77DEE360 7 Bytes JMP 027A2911

.text C:\Program Files\Internet Explorer\iexplore.exe[3356] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3356] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AC9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3356] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD0ED C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3356] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB1C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3356] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25467C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3356] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E480F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3356] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4741 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3356] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E47AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3356] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4612 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3356] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4674 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3356] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E4872 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3356] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E46D6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3356] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2EDB78 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3356] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E3E4B77 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3356] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 027A2EA5

.text C:\Program Files\Internet Explorer\iexplore.exe[3356] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 027A2F01

.text C:\Program Files\Internet Explorer\iexplore.exe[3356] WININET.dll!HttpOpenRequestA 3D94D508 5 Bytes JMP 027A2BF3

.text C:\Program Files\Internet Explorer\iexplore.exe[3356] WININET.dll!InternetConnectA 3D94DEAE 5 Bytes JMP 027A29B9

.text C:\Program Files\Internet Explorer\iexplore.exe[3356] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 027A370F

.text C:\Program Files\Internet Explorer\iexplore.exe[3356] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 027A2D5B

.text C:\Program Files\Internet Explorer\iexplore.exe[3356] CRYPT32.dll!CertGetCertificateChain 77A92F67 5 Bytes JMP 027A32E9

.text C:\Program Files\Internet Explorer\iexplore.exe[3356] CRYPT32.dll!CertVerifyCertificateChainPolicy 77A9B76F 5 Bytes JMP 027A32F2

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Internet Explorer\iexplore.exe[2172] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[3356] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \Driver\ACPI \Device\0000008f 842958E0

Device \Driver\ACPI \Device\00000044 842958E0

Device \Driver\ACPI \Device\00000054 842958E0

Device \Driver\ACPI \Device\00000047 842958E0

Device \Driver\ACPI \Device\00000055 842958E0

Device \Driver\ACPI \Device\00000048 842958E0

Device \Driver\ACPI \Device\00000062 842958E0

Device \Driver\ACPI \Device\00000056 842958E0

Device \Driver\ACPI \Device\00000070 842958E0

Device \Driver\ACPI \Device\00000063 842958E0

Device \Driver\ACPI \Device\00000057 842958E0

Device \Driver\ACPI \Device\00000071 842958E0

Device \Driver\ACPI \Device\00000058 842958E0

Device \Driver\ACPI \Device\00000072 842958E0

Device \Driver\ACPI \Device\00000059 842958E0

Device \Driver\ACPI \Device\00000073 842958E0

Device \Driver\ACPI \Device\00000066 842958E0

Device \Driver\ACPI \Device\00000074 842958E0

Device \Driver\ACPI \Device\00000075 842958E0

Device \Driver\ACPI \Device\00000076 842958E0

Device \Driver\ACPI \Device\0000004a 842958E0

Device \Driver\ACPI \Device\00000093 842958E0

Device \Driver\ACPI \Device\0000005a 842958E0

Device \Driver\ACPI \Device\00000094 842958E0

Device \Driver\ACPI \Device\00000087 842958E0

Device \Driver\ACPI \Device\0000004e 842958E0

Device \Driver\ACPI \Device\0000005c 842958E0

Device \Driver\ACPI \Device\0000005f 842958E0

Device \Driver\ACPI \Device\0000006d 842958E0

Device \Driver\ACPI \Device\0000006f 842958E0

Device \Driver\ACPI \Device\0000008a 842958E0

---- EOF - GMER 1.0.15 ----

Link to post
Share on other sites

Hi again,

Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully first.

Please continue as follows:

  1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
    Remember to re-enable them afterwards.
  2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt

New dds log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

Link to post
Share on other sites

COMBOFIX Log

ComboFix 10-06-25.01 - sony users 06/25/2010 15:27:46.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.453 [GMT -5:00]

Running from: c:\documents and settings\sony users\Desktop\ComboFix.exe

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\program files\Common Files\System\Uninstall

c:\windows\setup.exe

c:\windows\Sonysys\VAIO Recovery\PartSeal.exe

c:\windows\system32\Thumbs.db

.

original MBR restored successfully !

.

((((((((((((((((((((((((( Files Created from 2010-05-25 to 2010-06-25 )))))))))))))))))))))))))))))))

.

2010-06-24 23:32 . 2010-06-24 23:32 -------- d-----w- c:\documents and settings\LocalService\Application Data\Webroot

2010-06-22 18:45 . 2010-06-22 18:45 503808 ----a-w- c:\documents and settings\sony users\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-241545df-n\msvcp71.dll

2010-06-22 18:45 . 2010-06-22 18:45 499712 ----a-w- c:\documents and settings\sony users\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-241545df-n\jmc.dll

2010-06-22 18:45 . 2010-06-22 18:45 348160 ----a-w- c:\documents and settings\sony users\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-241545df-n\msvcr71.dll

2010-06-12 17:34 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

2010-06-08 18:32 . 2010-06-12 17:32 -------- d-----w- c:\documents and settings\HelpAssistant.VALUED-0243CCA1\PrivacIE

2010-06-08 18:30 . 2010-06-08 18:30 -------- d-----w- c:\documents and settings\HelpAssistant.VALUED-0243CCA1\IETldCache

2010-06-08 18:30 . 2010-06-17 21:20 -------- d-----w- c:\documents and settings\HelpAssistant.VALUED-0243CCA1\IECompatCache

2010-06-05 03:44 . 2010-06-05 03:44 -------- d-sh--w- c:\documents and settings\sony users\IECompatCache

2010-06-05 03:41 . 2010-06-05 03:41 -------- d-sh--w- c:\documents and settings\sony users\PrivacIE

2010-06-05 03:38 . 2010-06-05 03:38 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

2010-06-05 03:38 . 2010-06-05 03:38 -------- d-sh--w- c:\documents and settings\sony users\IETldCache

2010-06-05 03:34 . 2010-06-05 03:34 -------- d-----w- c:\windows\ie8updates

2010-06-05 03:26 . 2010-06-05 03:30 -------- dc-h--w- c:\windows\ie8

2010-06-05 03:23 . 2010-04-16 11:43 41984 -c----w- c:\windows\system32\dllcache\iecompat.dll

2010-06-05 03:23 . 2010-05-06 10:41 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2010-06-05 03:23 . 2010-05-06 10:41 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll

2010-06-05 02:37 . 2010-06-05 02:37 -------- d-----w- c:\program files\IObit

2010-06-05 02:37 . 2010-06-05 02:37 -------- d-----w- c:\documents and settings\sony users\Application Data\IObit

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-06-25 20:04 . 2010-05-13 22:37 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2010-06-22 17:22 . 2010-04-19 22:00 439816 ----a-w- c:\documents and settings\sony users\Application Data\Real\Update\setup3.10\setup.exe

2010-06-05 02:18 . 2008-08-10 16:48 -------- d-----w- c:\documents and settings\sony users\Application Data\U3

2010-05-13 22:39 . 2010-05-13 22:37 -------- d-----w- c:\program files\SpywareBlaster

2010-05-09 21:40 . 2010-01-18 02:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-05-06 10:41 . 2007-04-17 20:24 916480 ----a-w- c:\windows\system32\wininet.dll

2010-05-02 05:22 . 2007-04-17 20:24 1851264 ----a-w- c:\windows\system32\win32k.sys

2010-04-29 20:39 . 2010-04-18 20:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-04-29 20:39 . 2010-04-18 20:19 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-04-20 05:30 . 2007-04-17 20:24 285696 ----a-w- c:\windows\system32\atmfd.dll

2010-03-31 05:16 . 2010-03-31 05:16 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll

2010-03-31 05:10 . 2010-03-31 05:10 295264 ----a-w- c:\windows\system32\PresentationHost.exe

2009-05-03 00:49 . 2008-06-06 22:22 88 --sh--r- c:\windows\system32\5B76FB3787.sys

2009-05-17 21:38 . 2008-06-06 22:22 3766 --sha-w- c:\windows\system32\KGyGaAvL.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2010-05-26 2346192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-04-05 138008]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-05 162584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-05 138008]

"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-03-09 172032]

"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 819200]

"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 970752]

"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]

"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2007-03-26 217088]

"VAIO Update 3"="c:\program files\Sony\VAIO Update 3\VAIOUpdt.exe" [2007-02-05 546936]

"VAIOSecurity"="c:\program files\Sony\VAIO Security Center\VSC.exe" [2007-04-17 2322432]

"QuickBooks Simple Start"="c:\program files\Intuit\SimpleStartEntice\entice.exe" [2007-01-31 371712]

"Biomenu"="c:\program files\Protector Suite QL\menusw.exe" [2006-02-23 1354240]

"Switcher.exe"="c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2007-01-24 176128]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-11-29 55824]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-10-26 185872]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-03-07 524632]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

c:\documents and settings\sony users\Start Menu\Programs\Startup\

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-2-3 2756608]

Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-6-10 789008]

QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2006-11-29 968224]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2008-01-09 19:30 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]

2006-02-23 02:11 39936 ----a-w- c:\windows\system32\fusstub.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]

2006-12-28 23:54 73728 ----a-w- c:\windows\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ scecli fusstub

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Intuit\\QuickBooks 2007\\QBDBMgrN.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\Photo Story 3 for Windows\\PhotoStory3.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"65533:TCP"= 65533:TCP:Services

"52344:TCP"= 52344:TCP:Services

"2479:TCP"= 2479:TCP:Services

"2061:TCP"= 2061:TCP:Services

"3389:TCP"= 3389:TCP:Remote Desktop

"3246:TCP"= 3246:TCP:Services

"8444:TCP"= 8444:TCP:Services

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [3/28/2009 10:07 PM 64160]

R0 shpf;Sony HDD Protection Filter Driver;c:\windows\system32\drivers\shpf.sys [4/17/2007 3:25 PM 14720]

R2 FdRedir;FdRedir;c:\program files\Common Files\Protector Suite QL\Drivers\FdRedir.sys [2/22/2006 9:13 PM 13440]

R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\Common Files\Protector Suite QL\Drivers\filedisk.sys [2/22/2006 9:13 PM 33024]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 2:06 PM 1029456]

R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [4/17/2007 3:24 PM 36352]

R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [4/17/2007 3:24 PM 808448]

S3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [4/17/2007 3:25 PM 31104]

.

Contents of the 'Scheduled Tasks' folder

2010-06-01 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 02:11]

2008-05-09 c:\windows\Tasks\Registration reminder 2.job

- c:\windows\system32\OOBE\oobebaln.exe [2007-04-17 00:12]

2008-05-09 c:\windows\Tasks\Registration reminder 3.job

- c:\windows\system32\OOBE\oobebaln.exe [2007-04-17 00:12]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yahoo.com/

uInternet Connection Wizard,ShellNext = hxxp://www.sony.com/vaiopeople

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

.

- - - - ORPHANS REMOVED - - - -

HKLM-Run-VAIO Recovery - c:\windows\Sonysys\VAIO Recovery\PartSeal.exe

HKLM-Run-Corel Photo Downloader - c:\program files\Corel\Corel Snapfire\Corel PhotoDownloader.exe

HKLM-Run-PartSeal - c:\windows\Sonysys\VAIO Recovery\PartSeal.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-06-25 15:36

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2356904018-509843733-3334359763-1008\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-2356904018-509843733-3334359763-1008\Software\Policies\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (S-1-5-21-2356904018-509843733-3334359763-1008)

@Allowed: (Read) (S-1-5-21-2356904018-509843733-3334359763-1008)

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1060)

c:\windows\system32\Ati2evxx.dll

c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

c:\windows\system32\fusstub.dll

c:\program files\Protector Suite QL\infra.dll

c:\program files\common files\logishrd\bluetooth\LBTServ.dll

c:\program files\Protector Suite QL\homefus.dll

c:\windows\system32\biologon.dll

c:\program files\Protector Suite QL\homepass.dll

c:\program files\Protector Suite QL\passport.dll

c:\program files\Protector Suite QL\BhTcAll.dll

c:\program files\Protector Suite QL\BhDevTfm.dll

c:\program files\Protector Suite QL\AlgVer.dll

c:\program files\Protector Suite QL\TCBioLib.dll

c:\program files\Protector Suite QL\remote.dll

c:\windows\system32\VESWinlogon.dll

c:\windows\system32\WRLogonNTF.dll

c:\program files\Protector Suite QL\config.dll

- - - - - - - > 'lsass.exe'(1116)

c:\windows\system32\fusstub.dll

c:\program files\Protector Suite QL\infra.dll

c:\program files\Protector Suite QL\homefus.dll

.

Completion time: 2010-06-25 15:40:08

ComboFix-quarantined-files.txt 2010-06-25 20:40

Pre-Run: 72,846,848,000 bytes free

Post-Run: 72,906,731,520 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 785F1BE042B13DFE3264F7098F72E6DB

Link to post
Share on other sites

COMBOFIX Log

ComboFix 10-06-25.01 - sony users 06/25/2010 15:27:46.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.453 [GMT -5:00]

Running from: c:\documents and settings\sony users\Desktop\ComboFix.exe

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\program files\Common Files\System\Uninstall

c:\windows\setup.exe

c:\windows\Sonysys\VAIO Recovery\PartSeal.exe

c:\windows\system32\Thumbs.db

.

original MBR restored successfully !

.

((((((((((((((((((((((((( Files Created from 2010-05-25 to 2010-06-25 )))))))))))))))))))))))))))))))

.

2010-06-24 23:32 . 2010-06-24 23:32 -------- d-----w- c:\documents and settings\LocalService\Application Data\Webroot

2010-06-22 18:45 . 2010-06-22 18:45 503808 ----a-w- c:\documents and settings\sony users\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-241545df-n\msvcp71.dll

2010-06-22 18:45 . 2010-06-22 18:45 499712 ----a-w- c:\documents and settings\sony users\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-241545df-n\jmc.dll

2010-06-22 18:45 . 2010-06-22 18:45 348160 ----a-w- c:\documents and settings\sony users\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-241545df-n\msvcr71.dll

2010-06-12 17:34 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

2010-06-08 18:32 . 2010-06-12 17:32 -------- d-----w- c:\documents and settings\HelpAssistant.VALUED-0243CCA1\PrivacIE

2010-06-08 18:30 . 2010-06-08 18:30 -------- d-----w- c:\documents and settings\HelpAssistant.VALUED-0243CCA1\IETldCache

2010-06-08 18:30 . 2010-06-17 21:20 -------- d-----w- c:\documents and settings\HelpAssistant.VALUED-0243CCA1\IECompatCache

2010-06-05 03:44 . 2010-06-05 03:44 -------- d-sh--w- c:\documents and settings\sony users\IECompatCache

2010-06-05 03:41 . 2010-06-05 03:41 -------- d-sh--w- c:\documents and settings\sony users\PrivacIE

2010-06-05 03:38 . 2010-06-05 03:38 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

2010-06-05 03:38 . 2010-06-05 03:38 -------- d-sh--w- c:\documents and settings\sony users\IETldCache

2010-06-05 03:34 . 2010-06-05 03:34 -------- d-----w- c:\windows\ie8updates

2010-06-05 03:26 . 2010-06-05 03:30 -------- dc-h--w- c:\windows\ie8

2010-06-05 03:23 . 2010-04-16 11:43 41984 -c----w- c:\windows\system32\dllcache\iecompat.dll

2010-06-05 03:23 . 2010-05-06 10:41 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2010-06-05 03:23 . 2010-05-06 10:41 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll

2010-06-05 02:37 . 2010-06-05 02:37 -------- d-----w- c:\program files\IObit

2010-06-05 02:37 . 2010-06-05 02:37 -------- d-----w- c:\documents and settings\sony users\Application Data\IObit

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-06-25 20:04 . 2010-05-13 22:37 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2010-06-22 17:22 . 2010-04-19 22:00 439816 ----a-w- c:\documents and settings\sony users\Application Data\Real\Update\setup3.10\setup.exe

2010-06-05 02:18 . 2008-08-10 16:48 -------- d-----w- c:\documents and settings\sony users\Application Data\U3

2010-05-13 22:39 . 2010-05-13 22:37 -------- d-----w- c:\program files\SpywareBlaster

2010-05-09 21:40 . 2010-01-18 02:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-05-06 10:41 . 2007-04-17 20:24 916480 ----a-w- c:\windows\system32\wininet.dll

2010-05-02 05:22 . 2007-04-17 20:24 1851264 ----a-w- c:\windows\system32\win32k.sys

2010-04-29 20:39 . 2010-04-18 20:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-04-29 20:39 . 2010-04-18 20:19 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-04-20 05:30 . 2007-04-17 20:24 285696 ----a-w- c:\windows\system32\atmfd.dll

2010-03-31 05:16 . 2010-03-31 05:16 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll

2010-03-31 05:10 . 2010-03-31 05:10 295264 ----a-w- c:\windows\system32\PresentationHost.exe

2009-05-03 00:49 . 2008-06-06 22:22 88 --sh--r- c:\windows\system32\5B76FB3787.sys

2009-05-17 21:38 . 2008-06-06 22:22 3766 --sha-w- c:\windows\system32\KGyGaAvL.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2010-05-26 2346192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-04-05 138008]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-05 162584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-05 138008]

"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-03-09 172032]

"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 819200]

"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 970752]

"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]

"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2007-03-26 217088]

"VAIO Update 3"="c:\program files\Sony\VAIO Update 3\VAIOUpdt.exe" [2007-02-05 546936]

"VAIOSecurity"="c:\program files\Sony\VAIO Security Center\VSC.exe" [2007-04-17 2322432]

"QuickBooks Simple Start"="c:\program files\Intuit\SimpleStartEntice\entice.exe" [2007-01-31 371712]

"Biomenu"="c:\program files\Protector Suite QL\menusw.exe" [2006-02-23 1354240]

"Switcher.exe"="c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2007-01-24 176128]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-11-29 55824]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-10-26 185872]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-03-07 524632]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

c:\documents and settings\sony users\Start Menu\Programs\Startup\

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-2-3 2756608]

Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-6-10 789008]

QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2006-11-29 968224]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2008-01-09 19:30 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]

2006-02-23 02:11 39936 ----a-w- c:\windows\system32\fusstub.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]

2006-12-28 23:54 73728 ----a-w- c:\windows\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ scecli fusstub

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Intuit\\QuickBooks 2007\\QBDBMgrN.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\Photo Story 3 for Windows\\PhotoStory3.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"65533:TCP"= 65533:TCP:Services

"52344:TCP"= 52344:TCP:Services

"2479:TCP"= 2479:TCP:Services

"2061:TCP"= 2061:TCP:Services

"3389:TCP"= 3389:TCP:Remote Desktop

"3246:TCP"= 3246:TCP:Services

"8444:TCP"= 8444:TCP:Services

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [3/28/2009 10:07 PM 64160]

R0 shpf;Sony HDD Protection Filter Driver;c:\windows\system32\drivers\shpf.sys [4/17/2007 3:25 PM 14720]

R2 FdRedir;FdRedir;c:\program files\Common Files\Protector Suite QL\Drivers\FdRedir.sys [2/22/2006 9:13 PM 13440]

R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\Common Files\Protector Suite QL\Drivers\filedisk.sys [2/22/2006 9:13 PM 33024]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 2:06 PM 1029456]

R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [4/17/2007 3:24 PM 36352]

R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [4/17/2007 3:24 PM 808448]

S3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [4/17/2007 3:25 PM 31104]

.

Contents of the 'Scheduled Tasks' folder

2010-06-01 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 02:11]

2008-05-09 c:\windows\Tasks\Registration reminder 2.job

- c:\windows\system32\OOBE\oobebaln.exe [2007-04-17 00:12]

2008-05-09 c:\windows\Tasks\Registration reminder 3.job

- c:\windows\system32\OOBE\oobebaln.exe [2007-04-17 00:12]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yahoo.com/

uInternet Connection Wizard,ShellNext = hxxp://www.sony.com/vaiopeople

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

.

- - - - ORPHANS REMOVED - - - -

HKLM-Run-VAIO Recovery - c:\windows\Sonysys\VAIO Recovery\PartSeal.exe

HKLM-Run-Corel Photo Downloader - c:\program files\Corel\Corel Snapfire\Corel PhotoDownloader.exe

HKLM-Run-PartSeal - c:\windows\Sonysys\VAIO Recovery\PartSeal.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-06-25 15:36

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2356904018-509843733-3334359763-1008\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-2356904018-509843733-3334359763-1008\Software\Policies\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (S-1-5-21-2356904018-509843733-3334359763-1008)

@Allowed: (Read) (S-1-5-21-2356904018-509843733-3334359763-1008)

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1060)

c:\windows\system32\Ati2evxx.dll

c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

c:\windows\system32\fusstub.dll

c:\program files\Protector Suite QL\infra.dll

c:\program files\common files\logishrd\bluetooth\LBTServ.dll

c:\program files\Protector Suite QL\homefus.dll

c:\windows\system32\biologon.dll

c:\program files\Protector Suite QL\homepass.dll

c:\program files\Protector Suite QL\passport.dll

c:\program files\Protector Suite QL\BhTcAll.dll

c:\program files\Protector Suite QL\BhDevTfm.dll

c:\program files\Protector Suite QL\AlgVer.dll

c:\program files\Protector Suite QL\TCBioLib.dll

c:\program files\Protector Suite QL\remote.dll

c:\windows\system32\VESWinlogon.dll

c:\windows\system32\WRLogonNTF.dll

c:\program files\Protector Suite QL\config.dll

- - - - - - - > 'lsass.exe'(1116)

c:\windows\system32\fusstub.dll

c:\program files\Protector Suite QL\infra.dll

c:\program files\Protector Suite QL\homefus.dll

.

Completion time: 2010-06-25 15:40:08

ComboFix-quarantined-files.txt 2010-06-25 20:40

Pre-Run: 72,846,848,000 bytes free

Post-Run: 72,906,731,520 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 785F1BE042B13DFE3264F7098F72E6DB

DDS and ATTACH File

DDS (Ver_10-03-17.01) - NTFSx86

Run by sony users at 15:48:39.50 on Fri 06/25/2010

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.288 [GMT -5:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

svchost.exe

svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

C:\Program Files\Sony\VAIO Event Service\VESMgr.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\Program Files\Sony\ISB Utility\ISBMgr.exe

C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe

C:\Program Files\Protector Suite QL\menusw.exe

C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe

C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Documents and Settings\sony users\Local Settings\Temporary Internet Files\Content.IE5\NDJP1XZS\dds[1].com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/

uInternet Connection Wizard,ShellNext = hxxp://www.sony.com/vaiopeople

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - No File

TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

uRun: [Advanced SystemCare 3] "c:\program files\iobit\advanced systemcare 3\AWC.exe" /startup

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [Apoint] "c:\program files\apoint2k\Apoint.exe"

mRun: [intelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"

mRun: [intelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

mRun: [iSBMgr.exe] "c:\program files\sony\isb utility\ISBMgr.exe"

mRun: [sonyPowerCfg] "c:\program files\sony\vaio power management\SPMgr.exe"

mRun: [VAIO Update 3] "c:\program files\sony\vaio update 3\VAIOUpdt.exe" /Stationary

mRun: [VAIOSecurity] "c:\program files\sony\vaio security center\VSC.exe" 1

mRun: [QuickBooks Simple Start] "c:\program files\intuit\simplestartentice\entice.exe"

mRun: [biomenu] "c:\program files\protector suite ql\menusw.exe"

mRun: [switcher.exe] "c:\program files\sony\wireless switch setting utility\Switcher.exe"

mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

StartupFolder: c:\docume~1\sonyus~1\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll

DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/E/3/9/E39C664F-A8E3-4F69-A109-1AE9849204EE/OGAControl.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

Notify: AtiExtEvent - Ati2evxx.dll

Notify: igfxcui - igfxdev.dll

Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

Notify: psfus - fusstub.dll

Notify: VESWinlogon - VESWinlogon.dll

Notify: WRNotifier - WRLogonNTF.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

LSA: Notification Packages = scecli fusstub

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-3-28 64160]

R0 shpf;Sony HDD Protection Filter Driver;c:\windows\system32\drivers\shpf.sys [2007-4-17 14720]

R2 FdRedir;FdRedir;c:\program files\common files\protector suite ql\drivers\FdRedir.sys [2006-2-22 13440]

R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\common files\protector suite ql\drivers\filedisk.sys [2006-2-22 33024]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1029456]

R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\spy sweeper\SpySweeper.exe [2008-3-7 3379264]

R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2007-4-17 36352]

R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2007-4-17 808448]

S3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [2007-4-17 31104]

=============== Created Last 30 ================

2010-06-25 20:23:01 0 d-sha-r- C:\cmdcons

2010-06-25 20:17:24 98816 ----a-w- c:\windows\sed.exe

2010-06-25 20:17:24 77312 ----a-w- c:\windows\MBR.exe

2010-06-25 20:17:24 256512 ----a-w- c:\windows\PEV.exe

2010-06-25 20:17:24 161792 ----a-w- c:\windows\SWREG.exe

2010-06-12 17:34:04 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

2010-06-05 03:44:16 0 d-sh--w- c:\documents and settings\sony users\IECompatCache

2010-06-05 03:41:29 0 d-sh--w- c:\documents and settings\sony users\PrivacIE

2010-06-05 03:38:23 0 d-sh--w- c:\documents and settings\sony users\IETldCache

2010-06-05 03:34:11 0 d-----w- c:\windows\ie8updates

2010-06-05 03:26:44 0 dc-h--w- c:\windows\ie8

2010-06-05 03:23:37 41984 -c----w- c:\windows\system32\dllcache\iecompat.dll

2010-06-05 03:23:12 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll

2010-06-05 03:23:12 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2010-06-05 02:37:01 0 d-----w- c:\program files\IObit

2010-06-05 02:37:01 0 d-----w- c:\docume~1\sonyus~1\applic~1\IObit

==================== Find3M ====================

2010-05-06 10:41:53 916480 ----a-w- c:\windows\system32\wininet.dll

2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys

2010-04-29 20:39:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-04-29 20:39:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll

2010-03-31 05:16:34 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll

2010-03-31 05:10:40 295264 ----a-w- c:\windows\system32\PresentationHost.exe

2009-05-03 00:49:06 88 --sh--r- c:\windows\system32\5B76FB3787.sys

2009-05-17 21:38:32 3766 --sha-w- c:\windows\system32\KGyGaAvL.sys

2007-04-18 17:44:34 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\application data\microsoft\feeds cache\index.dat

2009-04-16 00:44:35 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009041520090416\index.dat

============= FINISH: 15:49:29.79 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume2

Install Date: 5/8/2008 7:21:45 PM

System Uptime: 6/25/2010 3:44:10 PM (0 hours ago)

Motherboard: Sony Corporation | | VAIO

Processor: Intel® Core2 Duo CPU T7300 @ 2.00GHz | N/A | 1995/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 86 GiB total, 67.933 GiB free.

D: is Removable

E: is Removable

G: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: Bluetooth Personal Area Network

Device ID: BLUETOOTH\0004&0007\0000

Manufacturer: Toshiba

Name: Bluetooth Personal Area Network

PNP Device ID: BLUETOOTH\0004&0007\0000

Service: tosrfnds

==== System Restore Points ===================

RP220: 2/15/2010 11:02:24 AM - System Checkpoint

RP221: 2/16/2010 3:24:28 PM - Software Distribution Service 3.0

RP222: 2/18/2010 4:24:07 PM - Software Distribution Service 3.0

RP223: 2/20/2010 11:54:01 AM - Software Distribution Service 3.0

RP224: 2/22/2010 6:24:33 PM - Restore Operation

RP225: 2/23/2010 6:40:30 PM - Software Distribution Service 3.0

RP226: 2/23/2010 7:39:56 PM - Software Distribution Service 3.0

RP227: 2/27/2010 11:55:37 AM - System Checkpoint

RP228: 3/2/2010 2:00:40 PM - Restore Operation

RP229: 3/2/2010 2:22:36 PM - Software Distribution Service 3.0

RP230: 3/16/2010 4:02:37 PM - System Checkpoint

RP231: 3/21/2010 9:16:02 AM - Software Distribution Service 3.0

RP232: 3/30/2010 4:34:33 PM - Software Distribution Service 3.0

RP233: 4/3/2010 11:56:24 AM - Software Distribution Service 3.0

RP234: 4/10/2010 6:57:41 PM - System Checkpoint

RP235: 4/18/2010 3:01:44 PM - Software Distribution Service 3.0

RP236: 5/3/2010 4:14:09 PM - System Checkpoint

RP237: 5/13/2010 7:38:50 PM - Software Distribution Service 3.0

RP238: 5/28/2010 5:59:12 PM - Software Distribution Service 3.0

RP239: 5/31/2010 8:42:03 PM - System Checkpoint

RP240: 6/4/2010 9:38:03 PM - Advanced SystemCare RestorePoint

RP241: 6/4/2010 10:29:48 PM - Installed Windows Internet Explorer 8.

RP242: 6/4/2010 10:33:00 PM - Software Distribution Service 3.0

RP243: 6/12/2010 9:04:21 PM - Software Distribution Service 3.0

RP244: 6/17/2010 7:18:22 PM - System Checkpoint

RP245: 6/22/2010 12:59:04 PM - System Checkpoint

RP246: 6/23/2010 7:26:47 PM - Software Distribution Service 3.0

==== Installed Programs ======================

2007 Microsoft Office system

Activation Assistant for the 2007 Microsoft Office suites

Ad-Aware

Adobe Flash Player 10 ActiveX

Adobe Reader 8.1.4

Advanced SystemCare 3

AFT 2.53.0.0

ATI Display Driver

Bluetooth Stack for Windows by Toshiba

Business Contact Manager for Outlook 2007

CDDRV_Installer

Corel Paint Shop Pro Photo XI

Corel Snapfire

Critical Update for Windows Media Player 11 (KB959772)

erLT

Family Tree Maker 7.0

HDAUDIO SoftV92 Data Fax Modem with SmartCP

High Definition Audio Driver Package - KB835221

HijackThis 2.0.2

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

Intel® Graphics Media Accelerator Driver

Intel® PROSet/Wireless Software

InterVideo WinDVD for VAIO

ISScript

J2SE Runtime Environment 5.0 Update 7

Java 6 Update 17

Java 6 Update 5

Java 6 Update 7

KhalInstallWrapper

LAN Setting Utility

Legacy 7.0

Legacy Charting 7.0

Logitech Desktop Messenger

Logitech SetPoint

Malwarebytes' Anti-Malware

mCore

mDriver

mDrWiFi

Memory Stick Formatter

mHelp

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Data Access Components KB870669

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

Microsoft National Language Support Downlevel APIs

Microsoft Office 2003 Web Components

Microsoft Office 2007 Primary Interop Assemblies

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office Home and Student 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Professional Hybrid 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Publisher 2007

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Small Business Connectivity Components

Microsoft Office Word MUI (English) 2007

Microsoft Software Update for Web Folders (English) 12

Microsoft SQL Server 2005

Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)

Microsoft SQL Server Native Client

Microsoft SQL Server Setup Support Files (English)

Microsoft SQL Server VSS Writer

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 Redistributable

mIWA

mLogView

mMHouse

mPfMgr

mPfWiz

mProSafe

mSCfg

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 Parser and SDK

MSXML 6 Service Pack 2 (KB954459)

mWlsSafe

mZConfig

Napster

Napster Burn Engine

Photo Story 3 for Windows

PowerTeacher Gradebook

Protector Suite QL 5.3

QuickBooks Product Listing Service

QuickBooks Simple Start Free Starter Edition

RealPlayer

Realtek High Definition Audio Driver

Roxio Easy Media Creator Home

Security Update for Step By Step Interactive Training (KB923723)

Security Update for Windows Internet Explorer 7 (KB938127)

Security Update for Windows Internet Explorer 7 (KB950759)

Security Update for Windows Internet Explorer 7 (KB953838)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB958215)

Security Update for Windows Internet Explorer 7 (KB960714)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Internet Explorer 7 (KB969897)

Security Update for Windows Internet Explorer 7 (KB972260)

Security Update for Windows Internet Explorer 7 (KB974455)

Security Update for Windows Internet Explorer 7 (KB976325)

Security Update for Windows Internet Explorer 7 (KB978207)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB938464-v2)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953839)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165-v2)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB981349)

Setting Utility Series

Simple Start Entice

Sony Certificate PCH

Sony Utilities DLL

Spiderman 3 XXXX

Spy Sweeper

Spybot - Search & Destroy

SpywareBlaster 4.3

SupportSoft Assisted Service

TablEdit 2.65

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows Internet Explorer 7 (KB976749)

Update for Windows Internet Explorer 7 (KB980182)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows Internet Explorer 8 (KB980182)

Update for Windows Internet Explorer 8 (KB982632)

Update for Windows XP (KB942763)

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

VAIO Central

VAIO Event Service

VAIO Hardware Diagnostics

VAIO HDD Protection

VAIO Light Flo Wallpaper

VAIO Long Battery Life Wallpaper

VAIO Power Management

VAIO Registration

VAIO Security Center

VAIO Support Central

VAIO Update 3

VAIO Wireless LAN Setup Utility

Visual C++ 2008 x86 Runtime - (v9.0.30729)

Visual C++ 2008 x86 Runtime - v9.0.30729.01

WebFldrs XP

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage Validation Tool

Windows Internet Explorer 7

Windows Internet Explorer 7 Multilingual User Interface (MUI)

Windows Internet Explorer 8

Windows Media Connect

Windows Media Format 11 runtime

Windows Media Player 11

Windows XP Service Pack 3

Wireless Switch Setting Utility

==== Event Viewer Messages From Past Week ========

6/24/2010 6:40:40 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

6/24/2010 6:32:42 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: DMICall Fips intelppm Tosrfcom

6/24/2010 6:25:11 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

6/24/2010 6:25:02 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

6/24/2010 6:24:08 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DMICall Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip Tosrfcom

6/24/2010 6:24:08 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.

6/24/2010 6:24:08 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.

6/24/2010 6:24:08 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

6/24/2010 6:24:08 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.

6/23/2010 3:21:12 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Webroot Spy Sweeper Engine service to connect.

6/23/2010 3:21:12 PM, error: Service Control Manager [7000] - The Webroot Spy Sweeper Engine service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

6/22/2010 12:12:47 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the AudioSrv service.

==== End Of File ===========================

Link to post
Share on other sites

Hi,

Please download HelpAsst_mebroot_fix.exe and save it to your desktop.

Close out all other open programs and windows.

Double click the file to run it and follow any prompts.

If the tool detects an mbr infection, please allow it to run mbr -f and shutdown your computer.

Upon restarting, please wait about 5 minutes, click Start>Run and type the following bolded command, then hit Enter.

helpasst -mbrt

Make sure you leave a space between helpasst and -mbrt !

When it completes, a log will open.

Please post the contents of that log.

*In the event the tool does not detect an mbr infection and completes, click Start>Run and type the following bolded command, then hit Enter.

mbr -f

Now, please do the Start>Run>mbr -f command a second time.

Now shut down the computer (do not restart, but shut it down), wait a few minutes then start it back up.

Give it about 5 minutes, then click Start>Run and type the following bolded command, then hit Enter.

helpasst -mbrt

Make sure you leave a space between helpasst and -mbrt !

When it completes, a log will open.

Please post the contents of that log.

**Important note to Dell users - fixing the mbr may prevent access the the Dell Restore Utility, which allows you to press a key on startup and revert your computer to a factory delivered state. There are a couple of known fixes for said condition, though the methods are somewhat advanced. If you are unwilling to take such a risk, you should not allow the tool to execute mbr -f nor execute the command manually, and you will either need to restore your computer to a factory state or allow your computer to remain having an infected mbr (the latter not recommended).

Link to post
Share on other sites

C:\Documents and Settings\sony users\Desktop\HelpAsst_mebroot_fix.exe

Sat 06/26/2010 at 19:21:19.07

HelpAssistant account is Active ~ attempting to de-activate

Account active Yes

Local Group Memberships *Administrators

HelpAssistant successfully set Inactive

~~ Checking for termsrv32.dll ~~

termsrv32.dll present! ~ attempting to remove

termsrv32.dll successfully removed

~~ Checking firewall ports ~~

backing up DomainProfile\GloballyOpenPorts\List registry key

closing rogue ports

HKLM\~\services\sharedaccess\parameters\firewallpolicy\domainprofile\globallyopenports\list

"65533:TCP"=-

"52344:TCP"=-

"2479:TCP"=-

"2061:TCP"=-

"3389:TCP"=-

"3246:TCP"=-

"8444:TCP"=-

backing up StandardProfile\GloballyOpenPorts\List registry key

closing rogue ports

HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\globallyopenports\list

"65533:TCP"=-

"52344:TCP"=-

"2479:TCP"=-

"2061:TCP"=-

"3389:TCP"=-

"3246:TCP"=-

"8444:TCP"=-

~~ Checking profile list ~~

HelpAssistant profile found in registry ~ backing up and removing S-1-5-21-2356904018-509843733-3334359763-1007

HelpAssistant profile directory exists at C:\Documents and Settings\HelpAssistant.VALUED-0243CCA1 ~ attempting to remove

~ All C:\Documents and Settings\HelpAssistant.VALUED-0243CCA1 files successfully removed ~

~~ Checking mbr ~~

user & kernel MBR OK

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Status check on Sat 06/26/2010 at 19:50:29.73

Account active No

Local Group Memberships

~~ Checking mbr ~~

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully

user: MBR read successfully

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS

kernel: MBR read successfully

user & kernel MBR OK

copy of MBR has been found in sector 0x0BA51A30

malicious code @ sector 0x0BA51A33 !

PE file found in sector at 0x0BA51A49 !

~~ Checking for termsrv32.dll ~~

termsrv32.dll not found

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\termservice\parameters

ServiceDll REG_EXPAND_SZ %systemroot%\System32\termsrv.dll

~~ Checking profile list ~~

No HelpAssistant profile in registry

~~ Checking for HelpAssistant directories ~~

HelpAssistant

~~ Checking firewall ports ~~

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\domainprofile\GloballyOpenPorts\List]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

~~ EOF ~~

Link to post
Share on other sites

Hi,

Open notepad and then copy and paste the bolded lines below into it. Go to File > save as and name the file fixes.bat, change the Save as type to all files and save it to your desktop.

@ECHO OFF

dir /s/a C:\QooBox\Quarantine\Registry_Backups >"%userprofile%\desktop\regbackups.txt"

DEL %0

Double-click on fixes.bat file to execute it. Command prompt window will open and close. This is normal. After the operation regbackups.txt file should exist on your desktop. Attach it to your post.

Then continue with the steps here:

1. Restart your computer

2. Before Windows loads, you will be prompted to choose which Operating System to start

3. Use the up and down arrow key to select Microsoft Windows Recovery Console

4. You must enter which Windows installation to log onto. Type 1 and press enter.

5. At the C:\Windows prompt, type the following bolded text, and press Enter (let it proceed):

fixmbr

6. At the next prompt, type the following bolded text, and press Enter:

exit

Windows will now begin loading. After that, repeat the steps in my previous post.

Link to post
Share on other sites

Hi,

I just wanted to thank you for all your help so far. It is greatly appreciated. I needed to let you know that when I turn on my computer and Windows has loaded I get a small gray screen that says SPM Module has encountered a problem and needs to close.

Here is the regbackups.txt:

Volume in drive C has no label.

Volume Serial Number is 1830-F681

Directory of C:\QooBox\Quarantine\Registry_Backups

06/25/2010 03:39 PM <DIR> .

06/25/2010 03:39 PM <DIR> ..

06/25/2010 03:39 PM 176 HKLM-Run-Corel Photo Downloader.reg.dat

06/25/2010 03:39 PM 148 HKLM-Run-PartSeal.reg.dat

06/25/2010 03:39 PM 321 HKLM-Run-VAIO Recovery.reg.dat

06/25/2010 03:34 PM 10,778 tcpip.reg

4 File(s) 11,423 bytes

Total Files Listed:

4 File(s) 11,423 bytes

2 Dir(s) 72,819,900,416 bytes free

Link to post
Share on other sites

Hi again,

Is the screen that ask me to make a choice of Microsoft Windows Recovery Consoles or Microsoft Windows XP Professional going to always come up?

Here is the helpasst log:

C:\Documents and Settings\sony users\Desktop\HelpAsst_mebroot_fix.exe

Sat 06/26/2010 at 19:21:19.07

HelpAssistant account is Active ~ attempting to de-activate

Account active Yes

Local Group Memberships *Administrators

HelpAssistant successfully set Inactive

~~ Checking for termsrv32.dll ~~

termsrv32.dll present! ~ attempting to remove

termsrv32.dll successfully removed

~~ Checking firewall ports ~~

backing up DomainProfile\GloballyOpenPorts\List registry key

closing rogue ports

HKLM\~\services\sharedaccess\parameters\firewallpolicy\domainprofile\globallyopenports\list

"65533:TCP"=-

"52344:TCP"=-

"2479:TCP"=-

"2061:TCP"=-

"3389:TCP"=-

"3246:TCP"=-

"8444:TCP"=-

backing up StandardProfile\GloballyOpenPorts\List registry key

closing rogue ports

HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\globallyopenports\list

"65533:TCP"=-

"52344:TCP"=-

"2479:TCP"=-

"2061:TCP"=-

"3389:TCP"=-

"3246:TCP"=-

"8444:TCP"=-

~~ Checking profile list ~~

HelpAssistant profile found in registry ~ backing up and removing S-1-5-21-2356904018-509843733-3334359763-1007

HelpAssistant profile directory exists at C:\Documents and Settings\HelpAssistant.VALUED-0243CCA1 ~ attempting to remove

~ All C:\Documents and Settings\HelpAssistant.VALUED-0243CCA1 files successfully removed ~

~~ Checking mbr ~~

user & kernel MBR OK

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Status check on Sat 06/26/2010 at 19:50:29.73

Account active No

Local Group Memberships

~~ Checking mbr ~~

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully

user: MBR read successfully

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS

kernel: MBR read successfully

user & kernel MBR OK

copy of MBR has been found in sector 0x0BA51A30

malicious code @ sector 0x0BA51A33 !

PE file found in sector at 0x0BA51A49 !

~~ Checking for termsrv32.dll ~~

termsrv32.dll not found

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\termservice\parameters

ServiceDll REG_EXPAND_SZ %systemroot%\System32\termsrv.dll

~~ Checking profile list ~~

No HelpAssistant profile in registry

~~ Checking for HelpAssistant directories ~~

HelpAssistant

~~ Checking firewall ports ~~

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\domainprofile\GloballyOpenPorts\List]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

~~ EOF ~~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Status check on Sun 06/27/2010 at 21:29:09.45

Account active No

Local Group Memberships

~~ Checking mbr ~~

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully

user: MBR read successfully

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS

kernel: MBR read successfully

user & kernel MBR OK

copy of MBR has been found in sector 0x0BA51A30

malicious code @ sector 0x0BA51A33 !

PE file found in sector at 0x0BA51A49 !

~~ Checking for termsrv32.dll ~~

termsrv32.dll not found

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\termservice\parameters

ServiceDll REG_EXPAND_SZ %systemroot%\System32\termsrv.dll

~~ Checking profile list ~~

No HelpAssistant profile in registry

~~ Checking for HelpAssistant directories ~~

HelpAssistant

~~ Checking firewall ports ~~

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\domainprofile\GloballyOpenPorts\List]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

~~ EOF ~~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Status check on Sun 06/27/2010 at 21:44:20.40

Account active No

Local Group Memberships

~~ Checking mbr ~~

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully

user: MBR read successfully

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS

kernel: MBR read successfully

user & kernel MBR OK

copy of MBR has been found in sector 0x0BA51A30

malicious code @ sector 0x0BA51A33 !

PE file found in sector at 0x0BA51A49 !

~~ Checking for termsrv32.dll ~~

termsrv32.dll not found

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\termservice\parameters

ServiceDll REG_EXPAND_SZ %systemroot%\System32\termsrv.dll

~~ Checking profile list ~~

No HelpAssistant profile in registry

~~ Checking for HelpAssistant directories ~~

HelpAssistant

~~ Checking firewall ports ~~

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\domainprofile\GloballyOpenPorts\List]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

~~ EOF ~~

Link to post
Share on other sites

Hi again,

Is the screen that ask me to make a choice of Microsoft Windows Recovery Consoles or Microsoft Windows XP Professional going to always come up?

Recovery console was installed there by ComboFix. There may be a situation the system goes unbootable. Then recovery console may help fix the problem. It's strongly recommended to have it installed.

Click Start>Run and type helpasst -folder then hit Enter.

The tool will run and prompt for confirmation to remove any HelpAssistant folders found.

If prompted, restart your computer.

When complete, click Start>Run and type helpasst -mbrt then hit Enter.

Post the new log that opens when it finishes.

Link to post
Share on other sites

Hi,

Ok thank you and I will be sure to leave it alone. Here is the log:

C:\Documents and Settings\sony users\Desktop\HelpAsst_mebroot_fix.exe

Sat 06/26/2010 at 19:21:19.07

HelpAssistant account is Active ~ attempting to de-activate

Account active Yes

Local Group Memberships *Administrators

HelpAssistant successfully set Inactive

~~ Checking for termsrv32.dll ~~

termsrv32.dll present! ~ attempting to remove

termsrv32.dll successfully removed

~~ Checking firewall ports ~~

backing up DomainProfile\GloballyOpenPorts\List registry key

closing rogue ports

HKLM\~\services\sharedaccess\parameters\firewallpolicy\domainprofile\globallyopenports\list

"65533:TCP"=-

"52344:TCP"=-

"2479:TCP"=-

"2061:TCP"=-

"3389:TCP"=-

"3246:TCP"=-

"8444:TCP"=-

backing up StandardProfile\GloballyOpenPorts\List registry key

closing rogue ports

HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\globallyopenports\list

"65533:TCP"=-

"52344:TCP"=-

"2479:TCP"=-

"2061:TCP"=-

"3389:TCP"=-

"3246:TCP"=-

"8444:TCP"=-

~~ Checking profile list ~~

HelpAssistant profile found in registry ~ backing up and removing S-1-5-21-2356904018-509843733-3334359763-1007

HelpAssistant profile directory exists at C:\Documents and Settings\HelpAssistant.VALUED-0243CCA1 ~ attempting to remove

~ All C:\Documents and Settings\HelpAssistant.VALUED-0243CCA1 files successfully removed ~

~~ Checking mbr ~~

user & kernel MBR OK

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Status check on Sat 06/26/2010 at 19:50:29.73

Account active No

Local Group Memberships

~~ Checking mbr ~~

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully

user: MBR read successfully

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS

kernel: MBR read successfully

user & kernel MBR OK

copy of MBR has been found in sector 0x0BA51A30

malicious code @ sector 0x0BA51A33 !

PE file found in sector at 0x0BA51A49 !

~~ Checking for termsrv32.dll ~~

termsrv32.dll not found

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\termservice\parameters

ServiceDll REG_EXPAND_SZ %systemroot%\System32\termsrv.dll

~~ Checking profile list ~~

No HelpAssistant profile in registry

~~ Checking for HelpAssistant directories ~~

HelpAssistant

~~ Checking firewall ports ~~

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\domainprofile\GloballyOpenPorts\List]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

~~ EOF ~~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Status check on Sun 06/27/2010 at 21:29:09.45

Account active No

Local Group Memberships

~~ Checking mbr ~~

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully

user: MBR read successfully

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS

kernel: MBR read successfully

user & kernel MBR OK

copy of MBR has been found in sector 0x0BA51A30

malicious code @ sector 0x0BA51A33 !

PE file found in sector at 0x0BA51A49 !

~~ Checking for termsrv32.dll ~~

termsrv32.dll not found

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\termservice\parameters

ServiceDll REG_EXPAND_SZ %systemroot%\System32\termsrv.dll

~~ Checking profile list ~~

No HelpAssistant profile in registry

~~ Checking for HelpAssistant directories ~~

HelpAssistant

~~ Checking firewall ports ~~

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\domainprofile\GloballyOpenPorts\List]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

~~ EOF ~~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Status check on Sun 06/27/2010 at 21:44:20.40

Account active No

Local Group Memberships

~~ Checking mbr ~~

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully

user: MBR read successfully

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS

kernel: MBR read successfully

user & kernel MBR OK

copy of MBR has been found in sector 0x0BA51A30

malicious code @ sector 0x0BA51A33 !

PE file found in sector at 0x0BA51A49 !

~~ Checking for termsrv32.dll ~~

termsrv32.dll not found

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\termservice\parameters

ServiceDll REG_EXPAND_SZ %systemroot%\System32\termsrv.dll

~~ Checking profile list ~~

No HelpAssistant profile in registry

~~ Checking for HelpAssistant directories ~~

HelpAssistant

~~ Checking firewall ports ~~

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\domainprofile\GloballyOpenPorts\List]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

~~ EOF ~~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Folder removal routine ~ Mon 06/28/2010 at 20:08:32.87

~~ Checking for termsrv32.dll ~~

termsrv32.dll not found

~~ Checking for HelpAssistant directories ~~

C:\DOCUME~1\HelpAssistant found

backing up C:\DOCUME~1\HelpAssistant

C:\DOCUME~1\HelpAssistant removed

~~ EOF ~~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Status check on Mon 06/28/2010 at 20:18:57.26

Account active No

Local Group Memberships

~~ Checking mbr ~~

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully

user: MBR read successfully

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS

kernel: MBR read successfully

user & kernel MBR OK

copy of MBR has been found in sector 0x0BA51A30

malicious code @ sector 0x0BA51A33 !

PE file found in sector at 0x0BA51A49 !

~~ Checking for termsrv32.dll ~~

termsrv32.dll not found

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\termservice\parameters

ServiceDll REG_EXPAND_SZ %systemroot%\System32\termsrv.dll

~~ Checking profile list ~~

No HelpAssistant profile in registry

~~ Checking for HelpAssistant directories ~~

none found

~~ Checking firewall ports ~~

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\domainprofile\GloballyOpenPorts\List]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

~~ EOF ~~

Link to post
Share on other sites

Hi,

Click start->run->type cmd.exe. Highlight following code box contents->right-click it and select copy. Then right click opened black command prompt window and select paste. Press enter and allow modification:

Regedit "C:\QooBox\Quarantine\Registry_Backups\HKLM-Run-PartSeal.reg.dat"

Repeat with the following code box content:

Regedit "C:\QooBox\Quarantine\Registry_Backups\HKLM-Run-VAIO Recovery.reg.dat"

After that, open notepad and copy/paste the text in the quotebox below into it:

DeQuarantine::
c:\qoobox\quarantine\c\windows\Sonysys\VAIO Recovery\PartSeal.exe.vir
Ignore::
c:\windows\Sonysys\VAIO Recovery\PartSeal.exe

Save this as

CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

CFScriptB-4.gif

Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe (let ComboFix update itself).

Then post the resultant log.

Uninstall old Adobe Reader versions and get the latest one (both 9.3 and update 9.3.2) here or get Foxit Reader here. Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here.

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

Updating Java:

  • Download the latest version of Java Runtime Environment (JRE) 6 Update 20.
  • Click the
    Download
    button to the right.
  • Select Windows on platform combobox and check the box that says:
    Accept License Agreement. Click continue.
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u20-windows-i586-p.exe to install the newest version. Uncheck Carbonite online backup trial if it's offered there.

Please run an online scan with Kaspersky Online Scanner as instructed in the screenshot here.

Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.

Link to post
Share on other sites

Hi,

Here is the new combofix log:

ComboFix 10-06-29.02 - sony users 06/29/2010 20:32:47.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.402 [GMT -5:00]

Running from: c:\documents and settings\sony users\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\sony users\Desktop\CFScript.txt

.

((((((((((((((((((((((((( Files Created from 2010-05-28 to 2010-06-30 )))))))))))))))))))))))))))))))

.

2010-06-27 00:21 . 2010-06-27 00:21 -------- d-----w- C:\HelpAsst_backup

2010-06-24 23:32 . 2010-06-24 23:32 -------- d-----w- c:\documents and settings\LocalService\Application Data\Webroot

2010-06-22 18:45 . 2010-06-22 18:45 503808 ----a-w- c:\documents and settings\sony users\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-241545df-n\msvcp71.dll

2010-06-22 18:45 . 2010-06-22 18:45 499712 ----a-w- c:\documents and settings\sony users\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-241545df-n\jmc.dll

2010-06-22 18:45 . 2010-06-22 18:45 348160 ----a-w- c:\documents and settings\sony users\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-241545df-n\msvcr71.dll

2010-06-12 17:34 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

2010-06-05 03:44 . 2010-06-05 03:44 -------- d-sh--w- c:\documents and settings\sony users\IECompatCache

2010-06-05 03:41 . 2010-06-05 03:41 -------- d-sh--w- c:\documents and settings\sony users\PrivacIE

2010-06-05 03:38 . 2010-06-05 03:38 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

2010-06-05 03:38 . 2010-06-05 03:38 -------- d-sh--w- c:\documents and settings\sony users\IETldCache

2010-06-05 03:34 . 2010-06-05 03:34 -------- d-----w- c:\windows\ie8updates

2010-06-05 03:26 . 2010-06-05 03:30 -------- dc-h--w- c:\windows\ie8

2010-06-05 03:23 . 2010-04-16 11:43 41984 -c----w- c:\windows\system32\dllcache\iecompat.dll

2010-06-05 03:23 . 2010-05-06 10:41 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2010-06-05 03:23 . 2010-05-06 10:41 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll

2010-06-05 02:37 . 2010-06-05 02:37 -------- d-----w- c:\program files\IObit

2010-06-05 02:37 . 2010-06-05 02:37 -------- d-----w- c:\documents and settings\sony users\Application Data\IObit

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-06-30 00:29 . 2010-04-19 22:00 439816 ----a-w- c:\documents and settings\sony users\Application Data\Real\Update\setup3.10\setup.exe

2010-06-25 20:04 . 2010-05-13 22:37 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2010-06-05 02:18 . 2008-08-10 16:48 -------- d-----w- c:\documents and settings\sony users\Application Data\U3

2010-05-13 22:39 . 2010-05-13 22:37 -------- d-----w- c:\program files\SpywareBlaster

2010-05-09 21:40 . 2010-01-18 02:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-05-06 10:41 . 2007-04-17 20:24 916480 ----a-w- c:\windows\system32\wininet.dll

2010-05-02 05:22 . 2007-04-17 20:24 1851264 ----a-w- c:\windows\system32\win32k.sys

2010-04-29 20:39 . 2010-04-18 20:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-04-29 20:39 . 2010-04-18 20:19 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-04-20 05:30 . 2007-04-17 20:24 285696 ----a-w- c:\windows\system32\atmfd.dll

2009-05-03 00:49 . 2008-06-06 22:22 88 --sh--r- c:\windows\system32\5B76FB3787.sys

2009-05-17 21:38 . 2008-06-06 22:22 3766 --sha-w- c:\windows\system32\KGyGaAvL.sys

.

((((((((((((((((((((((((((((( SnapShot@2010-06-25_20.36.34 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-06-30 00:28 . 2010-06-30 00:28 16384 c:\windows\Temp\Perflib_Perfdata_1a8.dat

+ 2010-06-30 01:32 . 2010-06-30 01:32 28672 c:\windows\SONYSYS\VAIO Recovery\PartSeal.exe

+ 2010-06-25 20:39 . 2010-06-25 20:39 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\f46915dfc57bc7e49c5402e9b8f7ec18\System.Windows.Presentation.ni.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2010-05-26 2346192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-04-05 138008]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-05 162584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-05 138008]

"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-03-09 172032]

"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 819200]

"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 970752]

"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]

"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2007-03-26 217088]

"VAIO Update 3"="c:\program files\Sony\VAIO Update 3\VAIOUpdt.exe" [2007-02-05 546936]

"VAIOSecurity"="c:\program files\Sony\VAIO Security Center\VSC.exe" [2007-04-17 2322432]

"QuickBooks Simple Start"="c:\program files\Intuit\SimpleStartEntice\entice.exe" [2007-01-31 371712]

"Biomenu"="c:\program files\Protector Suite QL\menusw.exe" [2006-02-23 1354240]

"Switcher.exe"="c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2007-01-24 176128]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-11-29 55824]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-10-26 185872]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-03-07 524632]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

"PartSeal"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2010-06-30 28672]

"VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2010-06-30 28672]

c:\documents and settings\sony users\Start Menu\Programs\Startup\

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-2-3 2756608]

Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-6-10 789008]

QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2006-11-29 968224]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2008-01-09 19:30 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]

2006-02-23 02:11 39936 ----a-w- c:\windows\system32\fusstub.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]

2006-12-28 23:54 73728 ----a-w- c:\windows\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ scecli fusstub

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Intuit\\QuickBooks 2007\\QBDBMgrN.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\Photo Story 3 for Windows\\PhotoStory3.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [3/28/2009 10:07 PM 64160]

R0 shpf;Sony HDD Protection Filter Driver;c:\windows\system32\drivers\shpf.sys [4/17/2007 3:25 PM 14720]

R2 FdRedir;FdRedir;c:\program files\Common Files\Protector Suite QL\Drivers\FdRedir.sys [2/22/2006 9:13 PM 13440]

R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\Common Files\Protector Suite QL\Drivers\filedisk.sys [2/22/2006 9:13 PM 33024]

R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [4/17/2007 3:24 PM 36352]

R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [4/17/2007 3:24 PM 808448]

S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 2:06 PM 1029456]

S3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [4/17/2007 3:25 PM 31104]

.

Contents of the 'Scheduled Tasks' folder

2010-06-29 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 02:11]

2008-05-09 c:\windows\Tasks\Registration reminder 2.job

- c:\windows\system32\OOBE\oobebaln.exe [2007-04-17 00:12]

2008-05-09 c:\windows\Tasks\Registration reminder 3.job

- c:\windows\system32\OOBE\oobebaln.exe [2007-04-17 00:12]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yahoo.com/

uInternet Connection Wizard,ShellNext = hxxp://www.sony.com/vaiopeople

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-06-29 20:39

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2356904018-509843733-3334359763-1008\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-2356904018-509843733-3334359763-1008\Software\Policies\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (S-1-5-21-2356904018-509843733-3334359763-1008)

@Allowed: (Read) (S-1-5-21-2356904018-509843733-3334359763-1008)

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1056)

c:\windows\system32\Ati2evxx.dll

c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

c:\windows\system32\fusstub.dll

c:\program files\Protector Suite QL\infra.dll

c:\program files\common files\logishrd\bluetooth\LBTServ.dll

c:\program files\Protector Suite QL\homefus.dll

c:\windows\system32\biologon.dll

c:\program files\Protector Suite QL\homepass.dll

c:\program files\Protector Suite QL\passport.dll

c:\program files\Protector Suite QL\BhTcAll.dll

c:\program files\Protector Suite QL\BhDevTfm.dll

c:\program files\Protector Suite QL\AlgVer.dll

c:\program files\Protector Suite QL\TCBioLib.dll

c:\program files\Protector Suite QL\remote.dll

c:\windows\system32\VESWinlogon.dll

c:\windows\system32\WRLogonNTF.dll

c:\program files\Protector Suite QL\mysafe.dll

c:\program files\Protector Suite QL\config.dll

- - - - - - - > 'lsass.exe'(1112)

c:\windows\system32\fusstub.dll

c:\program files\Protector Suite QL\infra.dll

c:\program files\Protector Suite QL\homefus.dll

- - - - - - - > 'explorer.exe'(5988)

c:\windows\system32\WININET.dll

c:\program files\Logitech\SetPoint\lgscroll.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2010-06-29 20:42:39

ComboFix-quarantined-files.txt 2010-06-30 01:42

ComboFix2.txt 2010-06-25 20:40

C:\DeQuarantine.txt

Pre-Run: 72,669,626,368 bytes free

Post-Run: 72,700,252,160 bytes free

- - End Of File - - AEEBCE6133CCE998898DD479A14295AE

Link to post
Share on other sites

Hi here are the scans you were waiting for.

Wednesday, June 30, 2010

Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)

Kaspersky Online Scanner version: 7.0.26.13

Last database update: Wednesday, June 30, 2010 09:46:21

Records in database: 4265765

Scan settings

scan using the following database extended

Scan archives yes

Scan e-mail databases yes

Scan area File

Scan statistics

Objects scanned 169658

Threats found 6

Infected objects found 7

Suspicious objects found 0

Scan duration 02:24:02

File name Threat Threats count

C:\HelpAsst_backup\C\DOCUME~1\HELPAS~1.VAL\Local Settings\Temporary Internet Files\Content.IE5\2EUPCCRR\text_constants_en[1].js Infected: Trojan.JS.Fraud.i 1

C:\HelpAsst_backup\C\DOCUME~1\HELPAS~1.VAL\Local Settings\Temporary Internet Files\Content.IE5\6A8IUB65\oHf88ff92fV0100f070006Raf0e576d102Tb3f28049201l0409Kfadfa295317[1].pdf Infected: Exploit.JS.Pdfka.bpw 1

C:\HelpAsst_backup\C\DOCUME~1\HELPAS~1.VAL\Local Settings\Temporary Internet Files\Content.IE5\9XR6UV1W\unic_scripts[1].js Infected: Hoax.HTML.FakeAntivirus.a 1

C:\HelpAsst_backup\C\DOCUME~1\HELPAS~1.VAL\Local Settings\Temporary Internet Files\Content.IE5\J36YXW1L\22[1].htm Infected: Hoax.HTML.FakeAntivirus.b 1

C:\HelpAsst_backup\C\DOCUME~1\HELPAS~1.VAL\Local Settings\Temporary Internet Files\Content.IE5\OHNFIK6N\brand_constants[1].js Infected: Hoax.HTML.FakeAntivirus.a 1

C:\HelpAsst_backup\C\DOCUME~1\HELPAS~1.VAL\Local Settings\Temporary Internet Files\Content.IE5\OHNFIK6N\takest_info[1].htm Infected: Trojan.HTML.Fraud.s 1

C:\HelpAsst_backup\C\DOCUME~1\HELPAS~1.VAL\Local Settings\Temporary Internet Files\Content.IE5\YQ9J2KCY\KAV2[1].htm Infected: Packed.JS.Agent.bv 1

Selected area has been scanned.

Link to post
Share on other sites

DDS (Ver_10-03-17.01) - NTFSx86

Run by sony users at 15:52:01.20 on Wed 06/30/2010

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.631 [GMT -5:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

C:\Program Files\Sony\VAIO Event Service\VESMgr.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\Program Files\Sony\ISB Utility\ISBMgr.exe

C:\Program Files\Sony\VAIO Power Management\SPMgr.exe

C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe

C:\Program Files\Protector Suite QL\menusw.exe

C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Documents and Settings\sony users\Local Settings\Temporary Internet Files\Content.IE5\7WYY4YM0\dds[1].com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/

uInternet Connection Wizard,ShellNext = hxxp://www.sony.com/vaiopeople

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - No File

TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

uRun: [Advanced SystemCare 3] "c:\program files\iobit\advanced systemcare 3\AWC.exe" /startup

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [Apoint] "c:\program files\apoint2k\Apoint.exe"

mRun: [intelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"

mRun: [intelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

mRun: [iSBMgr.exe] "c:\program files\sony\isb utility\ISBMgr.exe"

mRun: [sonyPowerCfg] "c:\program files\sony\vaio power management\SPMgr.exe"

mRun: [VAIO Update 3] "c:\program files\sony\vaio update 3\VAIOUpdt.exe" /Stationary

mRun: [VAIOSecurity] "c:\program files\sony\vaio security center\VSC.exe" 1

mRun: [QuickBooks Simple Start] "c:\program files\intuit\simplestartentice\entice.exe"

mRun: [biomenu] "c:\program files\protector suite ql\menusw.exe"

mRun: [switcher.exe] "c:\program files\sony\wireless switch setting utility\Switcher.exe"

mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe

mRun: [PartSeal] "c:\windows\sonysys\vaio recovery\PartSeal.exe"

mRun: [VAIO Recovery] "c:\windows\sonysys\vaio recovery\PartSeal.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

StartupFolder: c:\docume~1\sonyus~1\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll

DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/E/3/9/E39C664F-A8E3-4F69-A109-1AE9849204EE/OGAControl.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

Notify: AtiExtEvent - Ati2evxx.dll

Notify: igfxcui - igfxdev.dll

Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

Notify: psfus - fusstub.dll

Notify: VESWinlogon - VESWinlogon.dll

Notify: WRNotifier - WRLogonNTF.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

LSA: Notification Packages = scecli fusstub

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-3-28 64160]

R0 shpf;Sony HDD Protection Filter Driver;c:\windows\system32\drivers\shpf.sys [2007-4-17 14720]

R2 FdRedir;FdRedir;c:\program files\common files\protector suite ql\drivers\FdRedir.sys [2006-2-22 13440]

R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\common files\protector suite ql\drivers\filedisk.sys [2006-2-22 33024]

R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\spy sweeper\SpySweeper.exe [2008-3-7 3379264]

R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2007-4-17 36352]

R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2007-4-17 808448]

S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1029456]

S3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [2007-4-17 31104]

=============== Created Last 30 ================

2010-06-30 02:45:30 73728 ----a-w- c:\windows\system32\javacpl.cpl

2010-06-30 02:45:30 411368 ----a-w- c:\windows\system32\deployJava1.dll

2010-06-27 00:21:20 0 d-----w- C:\HelpAsst_backup

2010-06-25 20:23:01 0 d-sha-r- C:\cmdcons

2010-06-25 20:17:24 98816 ----a-w- c:\windows\sed.exe

2010-06-25 20:17:24 77312 ----a-w- c:\windows\MBR.exe

2010-06-25 20:17:24 256512 ----a-w- c:\windows\PEV.exe

2010-06-25 20:17:24 161792 ----a-w- c:\windows\SWREG.exe

2010-06-12 17:34:04 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

2010-06-05 03:44:16 0 d-sh--w- c:\documents and settings\sony users\IECompatCache

2010-06-05 03:41:29 0 d-sh--w- c:\documents and settings\sony users\PrivacIE

2010-06-05 03:38:23 0 d-sh--w- c:\documents and settings\sony users\IETldCache

2010-06-05 03:34:11 0 d-----w- c:\windows\ie8updates

2010-06-05 03:26:44 0 dc-h--w- c:\windows\ie8

2010-06-05 03:23:37 41984 -c----w- c:\windows\system32\dllcache\iecompat.dll

2010-06-05 03:23:12 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll

2010-06-05 03:23:12 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2010-06-05 02:37:01 0 d-----w- c:\program files\IObit

2010-06-05 02:37:01 0 d-----w- c:\docume~1\sonyus~1\applic~1\IObit

==================== Find3M ====================

2010-05-06 10:41:53 916480 ----a-w- c:\windows\system32\wininet.dll

2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys

2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll

2009-05-03 00:49:06 88 --sh--r- c:\windows\system32\5B76FB3787.sys

2009-05-17 21:38:32 3766 --sha-w- c:\windows\system32\KGyGaAvL.sys

2007-04-18 17:44:34 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\application data\microsoft\feeds cache\index.dat

2009-04-16 00:44:35 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009041520090416\index.dat

============= FINISH: 15:52:57.34 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume2

Install Date: 5/8/2008 7:21:45 PM

System Uptime: 6/30/2010 8:43:48 AM (7 hours ago)

Motherboard: Sony Corporation | | VAIO

Processor: Intel® Core2 Duo CPU T7300 @ 2.00GHz | N/A | 1995/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 86 GiB total, 67.1 GiB free.

D: is Removable

E: is Removable

G: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: Bluetooth Personal Area Network

Device ID: BLUETOOTH\0004&0007\0000

Manufacturer: Toshiba

Name: Bluetooth Personal Area Network

PNP Device ID: BLUETOOTH\0004&0007\0000

Service: tosrfnds

==== System Restore Points ===================

RP220: 2/15/2010 11:02:24 AM - System Checkpoint

RP221: 2/16/2010 3:24:28 PM - Software Distribution Service 3.0

RP222: 2/18/2010 4:24:07 PM - Software Distribution Service 3.0

RP223: 2/20/2010 11:54:01 AM - Software Distribution Service 3.0

RP224: 2/22/2010 6:24:33 PM - Restore Operation

RP225: 2/23/2010 6:40:30 PM - Software Distribution Service 3.0

RP226: 2/23/2010 7:39:56 PM - Software Distribution Service 3.0

RP227: 2/27/2010 11:55:37 AM - System Checkpoint

RP228: 3/2/2010 2:00:40 PM - Restore Operation

RP229: 3/2/2010 2:22:36 PM - Software Distribution Service 3.0

RP230: 3/16/2010 4:02:37 PM - System Checkpoint

RP231: 3/21/2010 9:16:02 AM - Software Distribution Service 3.0

RP232: 3/30/2010 4:34:33 PM - Software Distribution Service 3.0

RP233: 4/3/2010 11:56:24 AM - Software Distribution Service 3.0

RP234: 4/10/2010 6:57:41 PM - System Checkpoint

RP235: 4/18/2010 3:01:44 PM - Software Distribution Service 3.0

RP236: 5/3/2010 4:14:09 PM - System Checkpoint

RP237: 5/13/2010 7:38:50 PM - Software Distribution Service 3.0

RP238: 5/28/2010 5:59:12 PM - Software Distribution Service 3.0

RP239: 5/31/2010 8:42:03 PM - System Checkpoint

RP240: 6/4/2010 9:38:03 PM - Advanced SystemCare RestorePoint

RP241: 6/4/2010 10:29:48 PM - Installed Windows Internet Explorer 8.

RP242: 6/4/2010 10:33:00 PM - Software Distribution Service 3.0

RP243: 6/12/2010 9:04:21 PM - Software Distribution Service 3.0

RP244: 6/17/2010 7:18:22 PM - System Checkpoint

RP245: 6/22/2010 12:59:04 PM - System Checkpoint

RP246: 6/23/2010 7:26:47 PM - Software Distribution Service 3.0

RP247: 6/28/2010 7:15:50 PM - System Checkpoint

RP248: 6/29/2010 8:10:16 PM - System Checkpoint

RP249: 6/29/2010 8:49:28 PM - Removed Adobe Reader 8.1.4

RP250: 6/29/2010 9:15:08 PM - Installed Adobe Reader 9.3.

RP251: 6/29/2010 9:29:31 PM - Removed Java 6 Update 11

RP252: 6/29/2010 9:30:06 PM - Removed Java 6 Update 5

RP253: 6/29/2010 9:30:45 PM - Removed Java 6 Update 7

RP254: 6/29/2010 9:31:31 PM - Removed J2SE Runtime Environment 5.0 Update 7

RP255: 6/29/2010 9:45:03 PM - Installed Java 6 Update 20

==== Installed Programs ======================

2007 Microsoft Office system

Activation Assistant for the 2007 Microsoft Office suites

Ad-Aware

Adobe Flash Player 10 ActiveX

Adobe Reader 9.3.2

Advanced SystemCare 3

AFT 2.53.0.0

ATI Display Driver

Bluetooth Stack for Windows by Toshiba

Business Contact Manager for Outlook 2007

CDDRV_Installer

Corel Paint Shop Pro Photo XI

Corel Snapfire

Critical Update for Windows Media Player 11 (KB959772)

erLT

Family Tree Maker 7.0

HDAUDIO SoftV92 Data Fax Modem with SmartCP

High Definition Audio Driver Package - KB835221

HijackThis 2.0.2

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

Intel® Graphics Media Accelerator Driver

Intel® PROSet/Wireless Software

InterVideo WinDVD for VAIO

ISScript

Java Auto Updater

Java 6 Update 20

KhalInstallWrapper

LAN Setting Utility

Logitech Desktop Messenger

Logitech SetPoint

Malwarebytes' Anti-Malware

mCore

mDriver

mDrWiFi

Memory Stick Formatter

mHelp

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Data Access Components KB870669

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

Microsoft National Language Support Downlevel APIs

Microsoft Office 2003 Web Components

Microsoft Office 2007 Primary Interop Assemblies

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office Home and Student 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Professional Hybrid 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Publisher 2007

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Small Business Connectivity Components

Microsoft Office Word MUI (English) 2007

Microsoft Software Update for Web Folders (English) 12

Microsoft SQL Server 2005

Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)

Microsoft SQL Server Native Client

Microsoft SQL Server Setup Support Files (English)

Microsoft SQL Server VSS Writer

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 Redistributable

mIWA

mLogView

mMHouse

mPfMgr

mPfWiz

mProSafe

mSCfg

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 Parser and SDK

MSXML 6 Service Pack 2 (KB954459)

mWlsSafe

mZConfig

Napster

Napster Burn Engine

Photo Story 3 for Windows

PowerTeacher Gradebook

Protector Suite QL 5.3

QuickBooks Product Listing Service

QuickBooks Simple Start Free Starter Edition

RealPlayer

Realtek High Definition Audio Driver

Roxio Easy Media Creator Home

Security Update for Step By Step Interactive Training (KB923723)

Security Update for Windows Internet Explorer 7 (KB938127)

Security Update for Windows Internet Explorer 7 (KB950759)

Security Update for Windows Internet Explorer 7 (KB953838)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB958215)

Security Update for Windows Internet Explorer 7 (KB960714)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Internet Explorer 7 (KB969897)

Security Update for Windows Internet Explorer 7 (KB972260)

Security Update for Windows Internet Explorer 7 (KB974455)

Security Update for Windows Internet Explorer 7 (KB976325)

Security Update for Windows Internet Explorer 7 (KB978207)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB938464-v2)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953839)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165-v2)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB981349)

Setting Utility Series

Simple Start Entice

Sony Certificate PCH

Sony Utilities DLL

Spiderman 3 XXXX

Spy Sweeper

Spybot - Search & Destroy

SpywareBlaster 4.3

SupportSoft Assisted Service

TablEdit 2.65

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows Internet Explorer 7 (KB976749)

Update for Windows Internet Explorer 7 (KB980182)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows Internet Explorer 8 (KB980182)

Update for Windows Internet Explorer 8 (KB982632)

Update for Windows XP (KB942763)

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

VAIO Central

VAIO Event Service

VAIO Hardware Diagnostics

VAIO HDD Protection

VAIO Light Flo Wallpaper

VAIO Long Battery Life Wallpaper

VAIO Power Management

VAIO Registration

VAIO Security Center

VAIO Support Central

VAIO Update 3

VAIO Wireless LAN Setup Utility

Visual C++ 2008 x86 Runtime - (v9.0.30729)

Visual C++ 2008 x86 Runtime - v9.0.30729.01

WebFldrs XP

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage Validation Tool

Windows Internet Explorer 7

Windows Internet Explorer 7 Multilingual User Interface (MUI)

Windows Internet Explorer 8

Windows Media Connect

Windows Media Format 11 runtime

Windows Media Player 11

Windows XP Service Pack 3

Wireless Switch Setting Utility

==== Event Viewer Messages From Past Week ========

6/24/2010 6:40:40 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

6/24/2010 6:32:42 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: DMICall Fips intelppm Tosrfcom

6/24/2010 6:25:11 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

6/24/2010 6:25:02 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

6/24/2010 6:24:08 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DMICall Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip Tosrfcom

6/24/2010 6:24:08 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.

6/24/2010 6:24:08 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.

6/24/2010 6:24:08 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

6/24/2010 6:24:08 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.

6/23/2010 3:21:12 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Webroot Spy Sweeper Engine service to connect.

6/23/2010 3:21:12 PM, error: Service Control Manager [7000] - The Webroot Spy Sweeper Engine service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

==== End Of File ===========================

Link to post
Share on other sites

Hi,

Have your protection disabled while doing the following:

Open notepad and copy/paste the text in the codebox below into it:

@echo off
for %%g in (
C:\HelpAsst_backup\C\DOCUME~1\HELPAS~1.VAL\Local Settings\Temporary Internet Files\Content.IE5\2EUPCCRR\text_constants_en[1].js
C:\HelpAsst_backup\C\DOCUME~1\HELPAS~1.VAL\Local Settings\Temporary Internet Files\Content.IE5\6A8IUB65\oHf88ff92fV0100f070006Raf0e576d102Tb3f28049201l0409Kfadfa295317[1].pdf
C:\HelpAsst_backup\C\DOCUME~1\HELPAS~1.VAL\Local Settings\Temporary Internet Files\Content.IE5\9XR6UV1W\unic_scripts[1].js
C:\HelpAsst_backup\C\DOCUME~1\HELPAS~1.VAL\Local Settings\Temporary Internet Files\Content.IE5\J36YXW1L\22[1].htm
C:\HelpAsst_backup\C\DOCUME~1\HELPAS~1.VAL\Local Settings\Temporary Internet Files\Content.IE5\OHNFIK6N\brand_constants[1].js
C:\HelpAsst_backup\C\DOCUME~1\HELPAS~1.VAL\Local Settings\Temporary Internet Files\Content.IE5\OHNFIK6N\takest_info[1].htm
C:\HelpAsst_backup\C\DOCUME~1\HELPAS~1.VAL\Local Settings\Temporary Internet Files\Content.IE5\YQ9J2KCY\KAV2[1].htm
) do zip Files_for_submission %%g
del %0

Save this as grab.bat

Choose to Save type as - All Files

Save it on your desktop.

Double click on grab.bat & allow it to run

A file, Files_for_submission.zip will be created on your desktop. Please upload it to this website. Kindly include a link to this topic in the message.

Link to post
Share on other sites

Hi,

I am not sure what I did wrong but it did not put a Files_for_Submission.zip on my desktop. The grab.bat ran fast but then nothing. I tried it twice and I did close out all of my protections. Can you explain how to upload t this website and wht do you mean by include a link to this topic in the message.

Thanks

Link to post
Share on other sites

Hi,

Could you check if these files still exist:

C:\HelpAsst_backup\C\DOCUME~1\HELPAS~1.VAL\Local Settings\Temporary Internet Files\Content.IE5\2EUPCCRR\text_constants_en[1].js

C:\HelpAsst_backup\C\DOCUME~1\HELPAS~1.VAL\Local Settings\Temporary Internet Files\Content.IE5\6A8IUB65\oHf88ff92fV0100f070006Raf0e576d102Tb3f28049201l0409Kfadfa295317[1].pdf

C:\HelpAsst_backup\C\DOCUME~1\HELPAS~1.VAL\Local Settings\Temporary Internet Files\Content.IE5\9XR6UV1W\unic_scripts[1].js

C:\HelpAsst_backup\C\DOCUME~1\HELPAS~1.VAL\Local Settings\Temporary Internet Files\Content.IE5\J36YXW1L\22[1].htm

C:\HelpAsst_backup\C\DOCUME~1\HELPAS~1.VAL\Local Settings\Temporary Internet Files\Content.IE5\OHNFIK6N\brand_constants[1].js

C:\HelpAsst_backup\C\DOCUME~1\HELPAS~1.VAL\Local Settings\Temporary Internet Files\Content.IE5\OHNFIK6N\takest_info[1].htm

C:\HelpAsst_backup\C\DOCUME~1\HELPAS~1.VAL\Local Settings\Temporary Internet Files\Content.IE5\YQ9J2KCY\KAV2[1].htm

If those don't exist then there's nothing to create a zip file of.

Link to post
Share on other sites

Ok. Then it's no wonder the zip file wasn't created. You can ignore that step :)

Are you still noticing any problems? If not, it's time to secure your system to prevent against further intrusions.

THESE STEPS ARE VERY IMPORTANT

Let's reset system restore

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.

1. Turn off System Restore.

On the Desktop, right-click My Computer.

Click Properties.

Click the System Restore tab.

Check Turn off System Restore.

Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.

On the Desktop, right-click My Computer.

Click Properties.

Click the System Restore tab.

UN-Check *Turn off System Restore*.

Click Apply, and then click OK.

NOTE: only do this ONCE,NOT on a regular basis

Now lets uninstall ComboFix:

  • Click START then RUN
  • Now copy-paste Combofix /uninstall in the runbox and click OK

Please download OTC and save it to desktop.

  • Double-click OTC.exe.
  • Click the CleanUp! button.
  • Select Yes when the
    Begin cleanup Process?
    prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.

Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.

UPDATING WINDOWS AND INTERNET EXPLORER

IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site to get the critical updates.

If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.

Make your Internet Explorer more secure

This can be done by following these simple instructions:

From within Internet Explorer click on the Tools menu and then click on Options.

Click once on the Security tab

Click once on the Internet icon so it becomes highlighted.

Click once on the Custom Level button.

Change the Download signed ActiveX controls to Prompt

Change the Download unsigned ActiveX controls to Disable

Change the Initialize and script ActiveX controls not marked as safe to Disable

Change the Installation of desktop items to Prompt

Change the Launching programs and files in an IFRAME to Prompt

Change the Navigate sub-frames across different domains to Prompt

When all these settings have been made, click on the OK button.

If it prompts you as to whether or not you want to save the settings, press the Yes button.

Next press the Apply button and then the OK to exit the Internet Properties page.

The following are recommended third party programs that are designed to keep your computer clean. A link as well as a brief description is included with each item.

  • hosts file:
    • Every version of windows has a hosts file as part of them.
    • In a very basic sense, they are used to locate webpages.
    • We can customize a hosts file so that it blocks certain webpages.
    • However, it can slow down certain computers.
    • This is why using a hosts file is optional!!

    Download it here. Make sure you read the instructions on how to install the hosts file. There is a good tutorial here

    If you decide to download the hosts file, the slowdown problems can usually be avoided by following these steps:



    1. Click the start button (at the lower left hand corner of your screen)
    2. Click run
    3. In the dialog box, type services.msc
    4. hit enter, then locate dns client
    5. Highlight it, then double-click it.
    6. On the dropdown box, change the setting from automatic to manual.
    7. Click ok

    [*]Run Secunia vulnerability check here and fix its findings.

    [*]Get Anti Virus Software and keep it updated - Most AVs will update automatically, but if not I would recommend making updating the AV the first job every time the PC is connected to the internet. An AV that is using defs that are seven days old is not going to be much protection. If you do not update your anti virus software then it will not be able to catch any of the new variants that may come out. Good free antivirus programs are:

    Antivir

    Avast!

    Good commercial ones are from:

    Kaspersky and

    ESET

    [*]Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. For more info, check this webpage out.

    If you don't have a 3rd party firewall or a router behind NAT then I recommend getting one. I recommend either Online Armor Free or Comodo Firewall Pro (If you choose Comodo: Uncheck during installation Install Comodo HopSurf.., Make Comodo my default search provider and Make Comodo Search my homepage and install firewall ONLY!). Both providers have support forums that help with configuration related questions.

Just a final reminder for you. I am trying to stress these two points.

UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.

Make sure all of your security programs are up to date.

Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

Once again, please post and tell me how things are going with your system... problems etc.

Have a great day,

Blade :)

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.