Jump to content

Infected with Security Hijack


Recommended Posts

Hello,

Thank you so much for the help.

Here is the MBAM Log

Malwarebytes' Anti-Malware 1.51.0.1200

www.malwarebytes.org

Database version: 6864

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

6/14/2011 5:31:31 PM

mbam-log-2011-06-14 (17-31-31).txt

Scan type: Quick scan

Objects scanned: 215581

Time elapsed: 25 minute(s), 21 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Here is the DDS log:

.

DDS (Ver_2011-06-12.02) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by swright at 17:34:14 on 2011-06-14

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.375 [GMT -6:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

AV: Additional Guard *Enabled/Updated* {CAABD665-3451-4A84-AC2E-EFA27FA226C8}

FW: Additional Guard *Enabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Apoint\Apoint.exe

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\Program Files\Sony\VAIO Power Management\SPMgr.exe

C:\Program Files\Sony\ISB Utility\ISBMgr.exe

C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe

C:\WINDOWS\system32\ICO.EXE

C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe

C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe

C:\Program Files\DISC\DISCover.exe

C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe

C:\Program Files\Apoint\Apntex.exe

C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe

C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe

C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe

C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\Program Files\Belkin\F1U201.401\usbshare.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqimzone.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe

svchost.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Sony\VAIO Event Service\VESMgr.exe

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\DISC\DiscStreamHub.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uInternet Connection Wizard,ShellNext = hxxp://www.sony.com/vaiopeople

uInternet Settings,ProxyOverride = *.local

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll

BHO: AOLSearchHook Class: {54eb34ea-e6be-4cfd-9f4f-c4a0c2eafa22} - c:\program files\aol\aol search enhancement\AOLSearch.dll

BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll

BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [Apoint] c:\program files\apoint\Apoint.exe

mRun: [ehTray] c:\windows\ehome\ehtray.exe

mRun: [igfxtray] c:\windows\system32\igfxtray.exe

mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe

mRun: [igfxpers] c:\windows\system32\igfxpers.exe

mRun: [sunJavaUpdateSched] "c:\program files\java\jre1.6.0_05\bin\jusched.exe"

mRun: [sonyPowerCfg] "c:\program files\sony\vaio power management\SPMgr.exe"

mRun: [iSBMgr.exe] c:\program files\sony\isb utility\ISBMgr.exe

mRun: [VAIO Update 2] "c:\program files\sony\vaio update 2\VAIOUpdt.exe" /Stationary

mRun: [Mouse Suite 98 Daemon] ICO.EXE

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [<NO NAME>]

mRun: [switcher.exe] c:\program files\sony\wireless switch setting utility\Switcher.exe

mRun: [VAIOCameraUtility] "c:\program files\sony\vaio camera utility\VCUServe.exe"

mRun: [DISCover] c:\program files\disc\DISCover.exe

mRun: [VAIO Recovery] c:\windows\sonysys\vaio recovery\PartSeal.exe

mRun: [share-to-Web Namespace Daemon] c:\program files\hewlett-packard\photosmart\hp share-to-web\hpgs2wnd.exe

mRun: [CXMon] "c:\program files\hewlett-packard\photosmart\photo imaging\Hpi_Monitor.exe"

mRun: [HP Software Update] c:\program files\hewlett-packard\hp software update\HPWuSchd2.exe

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [blackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background

mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW

mRun: [DivX Download Manager] "c:\program files\divx\divx plus web player\DDmService.exe" start

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [HitmanPro35] "c:\program files\hitman pro 3.5\HitmanPro35[1].exe" /scan:boot

mRun: [cleanhdm] %APPDATA%\cleanhdm.exe

mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\f1u201~1.lnk - c:\program files\belkin\f1u201.401\usbshare.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpqtra08.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpphot~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpqthb08.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hppsc2~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpobnz08.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\office~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hposol08.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{5EC221C9-656E-4349-BB24-73C35FA1616B} : NameServer = 208.67.222.222,208.67.220.220

TCP: Interfaces\{B2A62745-B6B9-44A6-A58A-7A0B9608D263} : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{B4601F68-7B62-46DD-B197-56CED4ED4D71} : DhcpNameServer = 10.0.1.99

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: igfxcui - igfxdev.dll

Notify: VESWinlogon - VESWinlogon.dll

LSA: Authentication Packages = msv1_0 nwprovau

IFEO: image file execution options - svchost.exe

Hosts: 67.205.118.182 search.yahoo.com

Hosts: 67.205.118.182 www.bing.com

.

============= SERVICES / DRIVERS ===============

.

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]

R1 MpKsl570c3ca4;MpKsl570c3ca4;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a02dbeec-be57-4cf2-bd9c-f7d9e1b8532d}\MpKsl570c3ca4.sys [2011-6-14 28752]

R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]

R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlservr.exe -svaio_vedb --> c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlservr.exe -sVAIO_VEDB [?]

R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [2006-7-24 30080]

R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2006-7-24 226304]

S1 MpKsl4a51a6f8;MpKsl4a51a6f8;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e4c8c29b-f00d-4184-b2d9-2427421df1ce}\mpksl4a51a6f8.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e4c8c29b-f00d-4184-b2d9-2427421df1ce}\MpKsl4a51a6f8.sys [?]

S1 MpKsl71f83b7d;MpKsl71f83b7d;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{407ad400-6c46-4608-a885-aa3162dce3c0}\mpksl71f83b7d.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{407ad400-6c46-4608-a885-aa3162dce3c0}\MpKsl71f83b7d.sys [?]

S1 MpKslaed24289;MpKslaed24289;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2e4422a1-5256-4d72-b396-53672bc9f8c7}\mpkslaed24289.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2e4422a1-5256-4d72-b396-53672bc9f8c7}\MpKslaed24289.sys [?]

S1 MpKslc2094dca;MpKslc2094dca;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8331fee0-2722-42ea-8297-a0d716ce2cc1}\mpkslc2094dca.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8331fee0-2722-42ea-8297-a0d716ce2cc1}\MpKslc2094dca.sys [?]

S1 MpKslda870d8a;MpKslda870d8a;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8331fee0-2722-42ea-8297-a0d716ce2cc1}\mpkslda870d8a.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8331fee0-2722-42ea-8297-a0d716ce2cc1}\MpKslda870d8a.sys [?]

S1 MpKsldb21a473;MpKsldb21a473;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8331fee0-2722-42ea-8297-a0d716ce2cc1}\mpksldb21a473.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8331fee0-2722-42ea-8297-a0d716ce2cc1}\MpKsldb21a473.sys [?]

S1 MpKslfef7d794;MpKslfef7d794;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{19e16d12-3e53-4a8c-885f-e672770a83c6}\mpkslfef7d794.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{19e16d12-3e53-4a8c-885f-e672770a83c6}\MpKslfef7d794.sys [?]

S3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2009-12-10 30104]

S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2009-12-10 30104]

S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlagent.exe -i vaio_vedb --> c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlagent.EXE -i VAIO_VEDB [?]

.

=============== Created Last 30 ================

.

2011-06-14 23:13:55 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a02dbeec-be57-4cf2-bd9c-f7d9e1b8532d}\MpKsl570c3ca4.sys

2011-06-14 23:12:10 6962000 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a02dbeec-be57-4cf2-bd9c-f7d9e1b8532d}\mpengine.dll

2011-06-13 02:01:14 12872 ----a-w- c:\windows\system32\bootdelete.exe

2011-06-12 15:36:49 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-06-12 15:36:44 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-06-11 21:54:50 -------- d-----w- c:\windows\system32\wbem\repository\FS

2011-06-11 21:54:50 -------- d-----w- c:\windows\system32\wbem\Repository

2011-06-08 23:20:30 -------- d-----w- c:\documents and settings\swright\application data\Malwarebytes

2011-06-08 23:20:19 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2011-06-08 23:20:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

.

==================== Find3M ====================

.

2011-06-14 23:04:09 17480 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2006-03-15 12:00:00 94784 --sh--w- c:\windows\twain.dll

2008-04-14 00:12:07 50688 --sh--w- c:\windows\twain_32.dll

2011-02-08 13:33:55 978944 --sha-w- c:\windows\system32\mfc42.dll

2008-04-14 00:12:01 57344 --sha-w- c:\windows\system32\msvcirt.dll

2008-04-14 00:12:01 413696 --sha-w- c:\windows\system32\msvcp60.dll

2008-04-14 00:12:01 343040 --sha-w- c:\windows\system32\msvcrt.dll

2008-04-14 00:12:02 551936 --sh--w- c:\windows\system32\oleaut32.dll

2008-04-14 00:12:02 84992 --sha-w- c:\windows\system32\olepro32.dll

2008-04-14 00:12:32 11776 --sh--w- c:\windows\system32\regsvr32.exe

.

============= FINISH: 17:35:30.40 ===============

Here is attach

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-06-12.02)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume2

Install Date: 10/28/2006 2:32:03 PM

System Uptime: 6/14/2011 5:00:04 PM (0 hours ago)

.

Motherboard: Sony Corporation | | VAIO

Processor: Intel® Core2 CPU T5600 @ 1.83GHz | N/A | 1828/167mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 105 GiB total, 51.759 GiB free.

D: is Removable

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP501: 3/15/2011 10:07:32 AM - Software Distribution Service 3.0

RP502: 3/16/2011 10:49:33 AM - System Checkpoint

RP503: 3/17/2011 11:25:56 AM - System Checkpoint

RP504: 3/18/2011 5:36:28 PM - System Checkpoint

RP505: 3/19/2011 5:56:04 PM - System Checkpoint

RP506: 3/21/2011 11:56:30 AM - System Checkpoint

RP507: 3/22/2011 4:18:21 PM - System Checkpoint

RP508: 3/23/2011 8:28:38 AM - Software Distribution Service 3.0

RP509: 3/24/2011 8:33:53 AM - Software Distribution Service 3.0

RP510: 3/25/2011 7:35:47 AM - Software Distribution Service 3.0

RP511: 3/26/2011 2:31:40 PM - System Checkpoint

RP512: 3/26/2011 8:30:44 PM - Software Distribution Service 3.0

RP513: 3/28/2011 9:27:52 AM - System Checkpoint

RP514: 3/28/2011 2:13:18 PM - Software Distribution Service 3.0

RP515: 3/30/2011 4:58:40 PM - Software Distribution Service 3.0

RP516: 3/31/2011 6:29:25 PM - System Checkpoint

RP517: 4/1/2011 1:20:19 PM - Software Distribution Service 3.0

RP518: 4/2/2011 8:51:35 PM - System Checkpoint

RP519: 4/3/2011 8:10:53 AM - Software Distribution Service 3.0

RP520: 4/4/2011 5:11:14 PM - System Checkpoint

RP521: 4/6/2011 8:09:36 AM - Software Distribution Service 3.0

RP522: 4/7/2011 9:48:17 AM - System Checkpoint

RP523: 4/8/2011 2:46:50 PM - Software Distribution Service 3.0

RP524: 4/9/2011 3:26:58 PM - System Checkpoint

RP525: 4/10/2011 5:45:31 PM - Software Distribution Service 3.0

RP526: 4/11/2011 5:54:51 PM - System Checkpoint

RP527: 4/12/2011 4:56:27 PM - Software Distribution Service 3.0

RP528: 4/13/2011 5:28:14 PM - System Checkpoint

RP529: 4/14/2011 3:00:48 AM - Software Distribution Service 3.0

RP530: 4/15/2011 7:31:07 AM - Software Distribution Service 3.0

RP531: 4/16/2011 7:47:50 AM - System Checkpoint

RP532: 4/17/2011 5:47:52 AM - Software Distribution Service 3.0

RP533: 4/18/2011 5:50:24 PM - System Checkpoint

RP534: 4/19/2011 8:33:56 AM - Software Distribution Service 3.0

RP535: 4/20/2011 8:46:13 AM - System Checkpoint

RP536: 4/22/2011 7:58:46 AM - Software Distribution Service 3.0

RP537: 4/23/2011 8:25:27 AM - System Checkpoint

RP538: 4/23/2011 9:07:30 AM - Software Distribution Service 3.0

RP539: 4/24/2011 10:01:46 AM - System Checkpoint

RP540: 4/25/2011 5:50:11 PM - Software Distribution Service 3.0

RP541: 4/26/2011 3:00:17 AM - Software Distribution Service 3.0

RP542: 4/27/2011 2:43:07 PM - Software Distribution Service 3.0

RP543: 4/28/2011 3:50:29 PM - System Checkpoint

RP544: 4/29/2011 7:34:10 AM - Software Distribution Service 3.0

RP545: 4/29/2011 10:10:01 AM - Software Distribution Service 3.0

RP546: 4/30/2011 8:01:42 AM - Software Distribution Service 3.0

RP547: 5/2/2011 12:17:27 AM - Software Distribution Service 3.0

RP548: 5/2/2011 2:58:21 PM - Software Distribution Service 3.0

RP549: 5/3/2011 7:38:12 AM - Software Distribution Service 3.0

RP550: 5/4/2011 8:24:12 AM - Software Distribution Service 3.0

RP551: 5/7/2011 9:22:50 AM - Software Distribution Service 3.0

RP552: 5/8/2011 10:19:47 AM - System Checkpoint

RP553: 5/9/2011 8:13:06 AM - Software Distribution Service 3.0

RP554: 5/10/2011 10:03:36 AM - System Checkpoint

RP555: 5/11/2011 10:59:10 AM - Software Distribution Service 3.0

RP556: 5/11/2011 11:09:50 AM - Software Distribution Service 3.0

RP557: 5/12/2011 11:56:57 AM - System Checkpoint

RP558: 5/13/2011 6:29:51 AM - Software Distribution Service 3.0

RP559: 5/15/2011 7:20:27 PM - Software Distribution Service 3.0

RP560: 5/16/2011 9:33:04 AM - Software Distribution Service 3.0

RP561: 5/17/2011 11:41:48 AM - System Checkpoint

RP562: 5/18/2011 8:17:55 AM - Software Distribution Service 3.0

RP563: 5/20/2011 11:10:03 AM - Software Distribution Service 3.0

RP564: 5/21/2011 11:05:51 AM - Software Distribution Service 3.0

RP565: 5/22/2011 7:39:00 PM - System Checkpoint

RP566: 5/23/2011 6:53:43 AM - Software Distribution Service 3.0

RP567: 5/23/2011 5:37:19 PM - Software Distribution Service 3.0

RP568: 5/26/2011 10:40:41 AM - Software Distribution Service 3.0

RP569: 5/27/2011 10:41:30 AM - System Checkpoint

RP570: 5/28/2011 8:21:18 AM - Software Distribution Service 3.0

RP571: 5/28/2011 5:31:48 PM - Software Distribution Service 3.0

RP572: 5/29/2011 5:31:38 PM - Software Distribution Service 3.0

RP573: 5/30/2011 8:50:26 AM - Software Distribution Service 3.0

RP574: 5/30/2011 5:31:33 PM - Software Distribution Service 3.0

RP575: 6/1/2011 7:46:43 AM - System Checkpoint

RP576: 6/2/2011 8:29:05 AM - Software Distribution Service 3.0

RP577: 6/5/2011 12:16:43 PM - Software Distribution Service 3.0

RP578: 6/8/2011 8:22:04 AM - Software Distribution Service 3.0

RP579: 6/8/2011 4:41:42 PM - Software Distribution Service 3.0

RP580: 6/10/2011 12:17:19 PM - System Checkpoint

RP581: 6/11/2011 3:53:56 PM - Restore Operation

RP582: 6/12/2011 4:10:47 PM - Software Distribution Service 3.0

RP583: 6/14/2011 5:11:57 PM - Software Distribution Service 3.0

.

==== Installed Programs ======================

.

2x1/4x1 USB Peripheral Switch

Acrobat.com

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Flash Player 9 ActiveX

Adobe Reader 9.2

AiO_Scan_CDA

AiOSoftwareNPI

Apple Mobile Device Support

Apple Software Update

Bewitched (remove only)

BlackBerry Desktop Software 5.0.1

BlackBerry

Link to post
Share on other sites

Hello Chris,

Thank you again. Here are the log files.

ComboFix 11-06-19.0r1 - swright 06/20/2011 10:32:15.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.379 [GMT -6:00]

Running from: c:\documents and settings\swright\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\8ad542a

c:\documents and settings\All Users\Application Data\8ad542a\8412.mof

c:\documents and settings\All Users\Application Data\8ad542a\BackUp\F1U201.401.lnk

c:\documents and settings\All Users\Application Data\8ad542a\BackUp\HP Digital Imaging Monitor.lnk

c:\documents and settings\All Users\Application Data\8ad542a\BackUp\HP Photosmart Premier Fast Start.lnk

c:\documents and settings\All Users\Application Data\8ad542a\BackUp\hp psc 2000 Series.lnk

c:\documents and settings\All Users\Application Data\8ad542a\BackUp\officejet 6100.lnk

c:\documents and settings\All Users\Application Data\8ad542a\WINAG.ico

c:\documents and settings\swright\Application Data\Local

c:\documents and settings\swright\Application Data\Local\Temp\DDM\Settings\0.ddi

c:\documents and settings\swright\Application Data\Local\Temp\DDM\Settings\1.ddi

c:\documents and settings\swright\Application Data\Local\Temp\DDM\Settings\ehqpzyvmefbx.avi.ddr

c:\documents and settings\swright\Application Data\Local\Temp\DDM\Settings\mrwmiknpkbiu.avi.ddr

c:\documents and settings\swright\Application Data\Local\Temp\DDM\Settings\settings.ddi

c:\documents and settings\swright\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\ehqpzyvmefbx.avi

c:\documents and settings\swright\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\mrwmiknpkbiu.avi.ddp

c:\documents and settings\swright\Recent\cb.dll

c:\documents and settings\swright\Recent\cb.drv

c:\documents and settings\swright\Recent\cb.tmp

c:\documents and settings\swright\Recent\eb.tmp

c:\documents and settings\swright\Recent\energy.tmp

c:\documents and settings\swright\Recent\fix.sys

c:\documents and settings\swright\Recent\kernel32.exe

c:\documents and settings\swright\Recent\kernel32.tmp

c:\documents and settings\swright\Recent\PE.drv

c:\documents and settings\swright\Recent\PE.sys

c:\documents and settings\swright\Recent\ppal.dll

c:\documents and settings\swright\Recent\runddlkey.sys

c:\documents and settings\swright\Recent\sld.sys

c:\documents and settings\swright\Recent\SM.exe

c:\documents and settings\swright\Recent\SM.tmp

c:\documents and settings\swright\Recent\snl2w.drv

c:\documents and settings\swright\Recent\snl2w.sys

c:\documents and settings\swright\Recent\tjd.tmp

c:\windows\system32\Thumbs.db

.

.

((((((((((((((((((((((((( Files Created from 2011-05-20 to 2011-06-20 )))))))))))))))))))))))))))))))

.

.

2011-06-20 15:24 . 2011-05-09 20:46 6962000 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E5C683E7-8DFF-4274-A7A9-3636B3536B90}\mpengine.dll

2011-06-16 19:45 . 2011-06-16 21:42 -------- d-----w- c:\windows\SxsCaPendDel

2011-06-16 01:19 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys

2011-06-13 02:01 . 2011-06-13 02:01 12872 ----a-w- c:\windows\system32\bootdelete.exe

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-06-16 19:37 . 2011-04-03 18:00 17480 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2011-05-09 20:46 . 2011-03-23 14:30 6962000 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-05-02 15:31 . 2006-07-24 17:42 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-04-29 16:19 . 2006-07-24 17:27 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-04-25 16:11 . 2006-07-24 17:27 916480 ----a-w- c:\windows\system32\wininet.dll

2011-04-25 16:11 . 2006-07-24 17:27 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-04-25 16:11 . 2006-07-24 17:27 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2011-04-25 12:01 . 2006-07-24 17:27 385024 ----a-w- c:\windows\system32\html.iec

2011-04-21 13:37 . 2006-07-24 17:27 105472 ----a-w- c:\windows\system32\drivers\mup.sys

2006-03-15 12:00 94784 --sh--w- c:\windows\twain.dll

2008-04-14 00:12 50688 --sh--w- c:\windows\twain_32.dll

2011-02-08 13:33 978944 --sha-w- c:\windows\system32\mfc42.dll

2008-04-14 00:12 57344 --sha-w- c:\windows\system32\msvcirt.dll

2008-04-14 00:12 413696 --sha-w- c:\windows\system32\msvcp60.dll

2008-04-14 00:12 343040 --sha-w- c:\windows\system32\msvcrt.dll

2010-12-20 17:32 551936 --sh--w- c:\windows\system32\oleaut32.dll

2008-04-14 00:12 84992 --sha-w- c:\windows\system32\olepro32.dll

2008-04-14 00:12 11776 --sh--w- c:\windows\system32\regsvr32.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-11-18 118784]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-04-05 94208]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-04-05 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-04-05 118784]

"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]

"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2006-06-28 217088]

"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]

"VAIO Update 2"="c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-10-12 151552]

"Mouse Suite 98 Daemon"="ICO.EXE" [2002-03-14 45056]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-08 7561216]

"Switcher.exe"="c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2006-02-14 176128]

"VAIOCameraUtility"="c:\program files\Sony\VAIO Camera Utility\VCUServe.exe" [2005-12-27 69632]

"DISCover"="c:\program files\DISC\DISCover.exe" [2006-06-02 1077248]

"VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672]

"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 57344]

"CXMon"="c:\program files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe" [2001-08-27 45056]

"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]

"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2010-03-11 648536]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-12-09 1226608]

"DivX Download Manager"="c:\program files\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

F1U201.401.lnk - c:\program files\Belkin\F1U201.401\usbshare.exe [2006-10-28 135168]

HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]

HP Photosmart Premier Fast Start.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]

hp psc 2000 Series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2002-6-27 323646]

officejet 6100.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe [2002-6-27 147456]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]

2006-03-09 21:51 73728 ----a-w- c:\windows\system32\VESWinlogon.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\DISC\\DISCover.exe"=

"c:\\Program Files\\DISC\\DiscStreamHub.exe"=

"c:\\Program Files\\DISC\\myFTP.exe"=

"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqnrs08.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

"4457:TCP"= 4457:TCP:Application Sharing

"4458:TCP"= 4458:TCP:Application Sharing

"4459:TCP"= 4459:TCP:Application Sharing

"4460:TCP"= 4460:TCP:Application Sharing

.

R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB [?]

R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [7/24/2006 11:28 AM 30080]

R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [7/24/2006 11:28 AM 226304]

S1 MpKsl22e860de;MpKsl22e860de;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A02DBEEC-BE57-4CF2-BD9C-F7D9E1B8532D}\MpKsl22e860de.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A02DBEEC-BE57-4CF2-BD9C-F7D9E1B8532D}\MpKsl22e860de.sys [?]

S1 MpKsl4a51a6f8;MpKsl4a51a6f8;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E4C8C29B-F00D-4184-B2D9-2427421DF1CE}\MpKsl4a51a6f8.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E4C8C29B-F00D-4184-B2D9-2427421DF1CE}\MpKsl4a51a6f8.sys [?]

S1 MpKsl71f83b7d;MpKsl71f83b7d;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{407AD400-6C46-4608-A885-AA3162DCE3C0}\MpKsl71f83b7d.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{407AD400-6C46-4608-A885-AA3162DCE3C0}\MpKsl71f83b7d.sys [?]

S1 MpKslaed24289;MpKslaed24289;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2E4422A1-5256-4D72-B396-53672BC9F8C7}\MpKslaed24289.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2E4422A1-5256-4D72-B396-53672BC9F8C7}\MpKslaed24289.sys [?]

S1 MpKslc2094dca;MpKslc2094dca;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8331FEE0-2722-42EA-8297-A0D716CE2CC1}\MpKslc2094dca.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8331FEE0-2722-42EA-8297-A0D716CE2CC1}\MpKslc2094dca.sys [?]

S1 MpKslda870d8a;MpKslda870d8a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8331FEE0-2722-42EA-8297-A0D716CE2CC1}\MpKslda870d8a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8331FEE0-2722-42EA-8297-A0D716CE2CC1}\MpKslda870d8a.sys [?]

S1 MpKsldb21a473;MpKsldb21a473;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8331FEE0-2722-42EA-8297-A0D716CE2CC1}\MpKsldb21a473.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8331FEE0-2722-42EA-8297-A0D716CE2CC1}\MpKsldb21a473.sys [?]

S1 MpKslfcddf877;MpKslfcddf877;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A02DBEEC-BE57-4CF2-BD9C-F7D9E1B8532D}\MpKslfcddf877.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A02DBEEC-BE57-4CF2-BD9C-F7D9E1B8532D}\MpKslfcddf877.sys [?]

S1 MpKslfef7d794;MpKslfef7d794;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{19E16D12-3E53-4A8C-885F-E672770A83C6}\MpKslfef7d794.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{19E16D12-3E53-4A8C-885F-E672770A83C6}\MpKslfef7d794.sys [?]

S3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [12/10/2009 4:28 PM 30104]

S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [12/10/2009 4:28 PM 30104]

S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB [?]

.

Contents of the 'Scheduled Tasks' folder

.

2011-06-10 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

.

2007-03-04 c:\windows\Tasks\FRU Task 2002-06-27 08:46ewlett-Packard2002-06-27 08:46p psc 2200 seriesF56855811176EC24C9B302F94878AD886AF77CFF162261517.job

- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2002-06-27 07:46]

.

2011-06-20 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 18:26]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uInternet Connection Wizard,ShellNext = hxxp://www.sony.com/vaiopeople

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{5EC221C9-656E-4349-BB24-73C35FA1616B}: NameServer = 208.67.222.222,208.67.220.220

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

HKLM-Run-cleanhdm - c:\documents and settings\swright\Application Data\cleanhdm.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-06-20 10:58

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(872)

c:\windows\system32\VESWinlogon.dll

.

- - - - - - - > 'explorer.exe'(2144)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe

c:\program files\Intel\Wireless\Bin\EvtEng.exe

c:\program files\Intel\Wireless\Bin\S24EvMon.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\windows\eHome\ehRecvr.exe

c:\windows\eHome\ehSched.exe

c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe

c:\program files\Intel\Wireless\Bin\RegSrvc.exe

c:\program files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe

c:\program files\Sony\VAIO Event Service\VESMgr.exe

c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe

c:\windows\ehome\mcrdsvc.exe

c:\windows\system32\igfxext.exe

c:\windows\system32\igfxsrvc.exe

c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

c:\windows\system32\dllhost.exe

c:\windows\system32\wscntfy.exe

c:\windows\eHome\ehmsas.exe

c:\windows\system32\ICO.EXE

c:\progra~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe

c:\program files\Apoint\Apntex.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqimzone.exe

c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe

c:\program files\DISC\DiscStreamHub.exe

.

**************************************************************************

.

Completion time: 2011-06-20 11:08:04 - machine was rebooted

ComboFix-quarantined-files.txt 2011-06-20 17:07

.

Pre-Run: 55,331,201,024 bytes free

Post-Run: 57,881,649,152 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

.

- - End Of File - - B0CCE39E709804790CAF591374F35555

.

DDS (Ver_2011-06-12.02) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by swright at 11:11:47 on 2011-06-20

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.458 [GMT -6:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe

svchost.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Sony\VAIO Event Service\VESMgr.exe

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\Apoint\Apoint.exe

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\Program Files\Sony\VAIO Power Management\SPMgr.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\Sony\ISB Utility\ISBMgr.exe

C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe

C:\WINDOWS\system32\ICO.EXE

C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe

C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe

C:\Program Files\DISC\DISCover.exe

C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe

C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe

C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe

C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe

C:\Program Files\Apoint\Apntex.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqimzone.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\DISC\DiscStreamHub.exe

C:\WINDOWS\explorer.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uInternet Connection Wizard,ShellNext = hxxp://www.sony.com/vaiopeople

uInternet Settings,ProxyOverride = *.local

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll

BHO: AOLSearchHook Class: {54eb34ea-e6be-4cfd-9f4f-c4a0c2eafa22} - c:\program files\aol\aol search enhancement\AOLSearch.dll

BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll

BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

mRun: [Apoint] c:\program files\apoint\Apoint.exe

mRun: [ehTray] c:\windows\ehome\ehtray.exe

mRun: [igfxtray] c:\windows\system32\igfxtray.exe

mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe

mRun: [igfxpers] c:\windows\system32\igfxpers.exe

mRun: [sunJavaUpdateSched] "c:\program files\java\jre1.6.0_05\bin\jusched.exe"

mRun: [sonyPowerCfg] "c:\program files\sony\vaio power management\SPMgr.exe"

mRun: [iSBMgr.exe] c:\program files\sony\isb utility\ISBMgr.exe

mRun: [VAIO Update 2] "c:\program files\sony\vaio update 2\VAIOUpdt.exe" /Stationary

mRun: [Mouse Suite 98 Daemon] ICO.EXE

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [switcher.exe] c:\program files\sony\wireless switch setting utility\Switcher.exe

mRun: [VAIOCameraUtility] "c:\program files\sony\vaio camera utility\VCUServe.exe"

mRun: [DISCover] c:\program files\disc\DISCover.exe

mRun: [VAIO Recovery] c:\windows\sonysys\vaio recovery\PartSeal.exe

mRun: [share-to-Web Namespace Daemon] c:\program files\hewlett-packard\photosmart\hp share-to-web\hpgs2wnd.exe

mRun: [CXMon] "c:\program files\hewlett-packard\photosmart\photo imaging\Hpi_Monitor.exe"

mRun: [HP Software Update] c:\program files\hewlett-packard\hp software update\HPWuSchd2.exe

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [blackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background

mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW

mRun: [DivX Download Manager] "c:\program files\divx\divx plus web player\DDmService.exe" start

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [HitmanPro35] "c:\program files\hitman pro 3.5\HitmanPro35[1].exe" /scan:boot

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\f1u201~1.lnk - c:\program files\belkin\f1u201.401\usbshare.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpqtra08.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpphot~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpqthb08.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hppsc2~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpobnz08.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\office~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hposol08.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{5EC221C9-656E-4349-BB24-73C35FA1616B} : NameServer = 208.67.222.222,208.67.220.220

TCP: Interfaces\{B2A62745-B6B9-44A6-A58A-7A0B9608D263} : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{B4601F68-7B62-46DD-B197-56CED4ED4D71} : DhcpNameServer = 10.0.1.99

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: igfxcui - igfxdev.dll

Notify: VESWinlogon - VESWinlogon.dll

.

============= SERVICES / DRIVERS ===============

.

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]

R1 MpKsl7917e255;MpKsl7917e255;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{76139282-b5f6-43fe-94bb-51def7ee920c}\MpKsl7917e255.sys [2011-6-20 28752]

R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]

R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlservr.exe -svaio_vedb --> c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlservr.exe -sVAIO_VEDB [?]

R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [2006-7-24 30080]

R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2006-7-24 226304]

S1 MpKsl22e860de;MpKsl22e860de;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a02dbeec-be57-4cf2-bd9c-f7d9e1b8532d}\mpksl22e860de.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a02dbeec-be57-4cf2-bd9c-f7d9e1b8532d}\MpKsl22e860de.sys [?]

S1 MpKsl4a51a6f8;MpKsl4a51a6f8;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e4c8c29b-f00d-4184-b2d9-2427421df1ce}\mpksl4a51a6f8.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e4c8c29b-f00d-4184-b2d9-2427421df1ce}\MpKsl4a51a6f8.sys [?]

S1 MpKsl71f83b7d;MpKsl71f83b7d;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{407ad400-6c46-4608-a885-aa3162dce3c0}\mpksl71f83b7d.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{407ad400-6c46-4608-a885-aa3162dce3c0}\MpKsl71f83b7d.sys [?]

S1 MpKslaed24289;MpKslaed24289;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2e4422a1-5256-4d72-b396-53672bc9f8c7}\mpkslaed24289.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2e4422a1-5256-4d72-b396-53672bc9f8c7}\MpKslaed24289.sys [?]

S1 MpKslc2094dca;MpKslc2094dca;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8331fee0-2722-42ea-8297-a0d716ce2cc1}\mpkslc2094dca.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8331fee0-2722-42ea-8297-a0d716ce2cc1}\MpKslc2094dca.sys [?]

S1 MpKslda870d8a;MpKslda870d8a;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8331fee0-2722-42ea-8297-a0d716ce2cc1}\mpkslda870d8a.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8331fee0-2722-42ea-8297-a0d716ce2cc1}\MpKslda870d8a.sys [?]

S1 MpKsldb21a473;MpKsldb21a473;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8331fee0-2722-42ea-8297-a0d716ce2cc1}\mpksldb21a473.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8331fee0-2722-42ea-8297-a0d716ce2cc1}\MpKsldb21a473.sys [?]

S1 MpKslfcddf877;MpKslfcddf877;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a02dbeec-be57-4cf2-bd9c-f7d9e1b8532d}\mpkslfcddf877.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a02dbeec-be57-4cf2-bd9c-f7d9e1b8532d}\MpKslfcddf877.sys [?]

S1 MpKslfef7d794;MpKslfef7d794;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{19e16d12-3e53-4a8c-885f-e672770a83c6}\mpkslfef7d794.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{19e16d12-3e53-4a8c-885f-e672770a83c6}\MpKslfef7d794.sys [?]

S3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2009-12-10 30104]

S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2009-12-10 30104]

S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlagent.exe -i vaio_vedb --> c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlagent.EXE -i VAIO_VEDB [?]

.

=============== Created Last 30 ================

.

2011-06-20 17:11:30 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{76139282-b5f6-43fe-94bb-51def7ee920c}\MpKsl7917e255.sys

2011-06-20 17:11:01 6962000 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{76139282-b5f6-43fe-94bb-51def7ee920c}\mpengine.dll

2011-06-20 16:04:33 -------- d-sha-r- C:\cmdcons

2011-06-20 15:26:22 98816 ----a-w- c:\windows\sed.exe

2011-06-20 15:26:22 518144 ----a-w- c:\windows\SWREG.exe

2011-06-20 15:26:22 256512 ----a-w- c:\windows\PEV.exe

2011-06-20 15:26:22 208896 ----a-w- c:\windows\MBR.exe

2011-06-16 19:45:39 -------- d-----w- c:\windows\SxsCaPendDel

2011-06-16 01:19:02 105472 -c----w- c:\windows\system32\dllcache\mup.sys

2011-06-13 02:01:14 12872 ----a-w- c:\windows\system32\bootdelete.exe

2011-06-12 15:36:49 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-06-12 15:36:44 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-06-11 21:54:50 -------- d-----w- c:\windows\system32\wbem\repository\FS

2011-06-11 21:54:50 -------- d-----w- c:\windows\system32\wbem\Repository

2011-06-08 23:20:30 -------- d-----w- c:\documents and settings\swright\application data\Malwarebytes

2011-06-08 23:20:19 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2011-06-08 23:20:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

.

==================== Find3M ====================

.

2011-06-16 19:37:03 17480 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-04-25 16:11:12 916480 ----a-w- c:\windows\system32\wininet.dll

2011-04-25 16:11:11 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-04-25 16:11:11 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2011-04-25 12:01:22 385024 ----a-w- c:\windows\system32\html.iec

2011-04-21 13:37:43 105472 ----a-w- c:\windows\system32\drivers\mup.sys

2006-03-15 12:00:00 94784 --sh--w- c:\windows\twain.dll

2008-04-14 00:12:07 50688 --sh--w- c:\windows\twain_32.dll

2011-02-08 13:33:55 978944 --sha-w- c:\windows\system32\mfc42.dll

2008-04-14 00:12:01 57344 --sha-w- c:\windows\system32\msvcirt.dll

2008-04-14 00:12:01 413696 --sha-w- c:\windows\system32\msvcp60.dll

2010-12-20 17:32:15 551936 --sh--w- c:\windows\system32\oleaut32.dll

2008-04-14 00:12:32 11776 --sh--w- c:\windows\system32\regsvr32.exe

.

============= FINISH: 11:12:07.37 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-06-12.02)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume2

Install Date: 10/28/2006 2:32:03 PM

System Uptime: 6/20/2011 10:48:08 AM (1 hours ago)

.

Motherboard: Sony Corporation | | VAIO

Processor: Intel® Core2 CPU T5600 @ 1.83GHz | N/A | 1828/167mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 105 GiB total, 53.932 GiB free.

D: is Removable

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP506: 3/21/2011 11:56:30 AM - System Checkpoint

RP507: 3/22/2011 4:18:21 PM - System Checkpoint

RP508: 3/23/2011 8:28:38 AM - Software Distribution Service 3.0

RP509: 3/24/2011 8:33:53 AM - Software Distribution Service 3.0

RP510: 3/25/2011 7:35:47 AM - Software Distribution Service 3.0

RP511: 3/26/2011 2:31:40 PM - System Checkpoint

RP512: 3/26/2011 8:30:44 PM - Software Distribution Service 3.0

RP513: 3/28/2011 9:27:52 AM - System Checkpoint

RP514: 3/28/2011 2:13:18 PM - Software Distribution Service 3.0

RP515: 3/30/2011 4:58:40 PM - Software Distribution Service 3.0

RP516: 3/31/2011 6:29:25 PM - System Checkpoint

RP517: 4/1/2011 1:20:19 PM - Software Distribution Service 3.0

RP518: 4/2/2011 8:51:35 PM - System Checkpoint

RP519: 4/3/2011 8:10:53 AM - Software Distribution Service 3.0

RP520: 4/4/2011 5:11:14 PM - System Checkpoint

RP521: 4/6/2011 8:09:36 AM - Software Distribution Service 3.0

RP522: 4/7/2011 9:48:17 AM - System Checkpoint

RP523: 4/8/2011 2:46:50 PM - Software Distribution Service 3.0

RP524: 4/9/2011 3:26:58 PM - System Checkpoint

RP525: 4/10/2011 5:45:31 PM - Software Distribution Service 3.0

RP526: 4/11/2011 5:54:51 PM - System Checkpoint

RP527: 4/12/2011 4:56:27 PM - Software Distribution Service 3.0

RP528: 4/13/2011 5:28:14 PM - System Checkpoint

RP529: 4/14/2011 3:00:48 AM - Software Distribution Service 3.0

RP530: 4/15/2011 7:31:07 AM - Software Distribution Service 3.0

RP531: 4/16/2011 7:47:50 AM - System Checkpoint

RP532: 4/17/2011 5:47:52 AM - Software Distribution Service 3.0

RP533: 4/18/2011 5:50:24 PM - System Checkpoint

RP534: 4/19/2011 8:33:56 AM - Software Distribution Service 3.0

RP535: 4/20/2011 8:46:13 AM - System Checkpoint

RP536: 4/22/2011 7:58:46 AM - Software Distribution Service 3.0

RP537: 4/23/2011 8:25:27 AM - System Checkpoint

RP538: 4/23/2011 9:07:30 AM - Software Distribution Service 3.0

RP539: 4/24/2011 10:01:46 AM - System Checkpoint

RP540: 4/25/2011 5:50:11 PM - Software Distribution Service 3.0

RP541: 4/26/2011 3:00:17 AM - Software Distribution Service 3.0

RP542: 4/27/2011 2:43:07 PM - Software Distribution Service 3.0

RP543: 4/28/2011 3:50:29 PM - System Checkpoint

RP544: 4/29/2011 7:34:10 AM - Software Distribution Service 3.0

RP545: 4/29/2011 10:10:01 AM - Software Distribution Service 3.0

RP546: 4/30/2011 8:01:42 AM - Software Distribution Service 3.0

RP547: 5/2/2011 12:17:27 AM - Software Distribution Service 3.0

RP548: 5/2/2011 2:58:21 PM - Software Distribution Service 3.0

RP549: 5/3/2011 7:38:12 AM - Software Distribution Service 3.0

RP550: 5/4/2011 8:24:12 AM - Software Distribution Service 3.0

RP551: 5/7/2011 9:22:50 AM - Software Distribution Service 3.0

RP552: 5/8/2011 10:19:47 AM - System Checkpoint

RP553: 5/9/2011 8:13:06 AM - Software Distribution Service 3.0

RP554: 5/10/2011 10:03:36 AM - System Checkpoint

RP555: 5/11/2011 10:59:10 AM - Software Distribution Service 3.0

RP556: 5/11/2011 11:09:50 AM - Software Distribution Service 3.0

RP557: 5/12/2011 11:56:57 AM - System Checkpoint

RP558: 5/13/2011 6:29:51 AM - Software Distribution Service 3.0

RP559: 5/15/2011 7:20:27 PM - Software Distribution Service 3.0

RP560: 5/16/2011 9:33:04 AM - Software Distribution Service 3.0

RP561: 5/17/2011 11:41:48 AM - System Checkpoint

RP562: 5/18/2011 8:17:55 AM - Software Distribution Service 3.0

RP563: 5/20/2011 11:10:03 AM - Software Distribution Service 3.0

RP564: 5/21/2011 11:05:51 AM - Software Distribution Service 3.0

RP565: 5/22/2011 7:39:00 PM - System Checkpoint

RP566: 5/23/2011 6:53:43 AM - Software Distribution Service 3.0

RP567: 5/23/2011 5:37:19 PM - Software Distribution Service 3.0

RP568: 5/26/2011 10:40:41 AM - Software Distribution Service 3.0

RP569: 5/27/2011 10:41:30 AM - System Checkpoint

RP570: 5/28/2011 8:21:18 AM - Software Distribution Service 3.0

RP571: 5/28/2011 5:31:48 PM - Software Distribution Service 3.0

RP572: 5/29/2011 5:31:38 PM - Software Distribution Service 3.0

RP573: 5/30/2011 8:50:26 AM - Software Distribution Service 3.0

RP574: 5/30/2011 5:31:33 PM - Software Distribution Service 3.0

RP575: 6/1/2011 7:46:43 AM - System Checkpoint

RP576: 6/2/2011 8:29:05 AM - Software Distribution Service 3.0

RP577: 6/5/2011 12:16:43 PM - Software Distribution Service 3.0

RP578: 6/8/2011 8:22:04 AM - Software Distribution Service 3.0

RP579: 6/8/2011 4:41:42 PM - Software Distribution Service 3.0

RP580: 6/10/2011 12:17:19 PM - System Checkpoint

RP581: 6/11/2011 3:53:56 PM - Restore Operation

RP582: 6/12/2011 4:10:47 PM - Software Distribution Service 3.0

RP583: 6/14/2011 5:11:57 PM - Software Distribution Service 3.0

RP584: 6/15/2011 7:30:32 PM - System Checkpoint

RP585: 6/16/2011 1:35:59 PM - Software Distribution Service 3.0

RP586: 6/18/2011 8:50:36 AM - Software Distribution Service 3.0

RP587: 6/20/2011 9:24:39 AM - Software Distribution Service 3.0

.

==== Installed Programs ======================

.

2x1/4x1 USB Peripheral Switch

Acrobat.com

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Flash Player 9 ActiveX

Adobe Reader 9.2

AiO_Scan_CDA

AiOSoftwareNPI

Apple Mobile Device Support

Apple Software Update

Bewitched (remove only)

BlackBerry Desktop Software 5.0.1

BlackBerry

Link to post
Share on other sites

  • Staff

Hi,

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

  • 2 weeks later...

Hello Chris,

Sorry for the delay, I've been out on business travel. The PC is running much better.

Here are the logs.

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6427

# api_version=3.0.2

# EOSSerial=a124cb59382d964581558235bb3d9b33

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-07-05 06:43:36

# local_time=2011-07-05 12:43:36 (-0700, Mountain Daylight Time)

# country="United States"

# lang=9

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=512 16777215 100 0 149363480 149363480 0 0

# compatibility_mode=1024 16777215 100 0 0 0 0 0

# compatibility_mode=3584 16777215 100 0 0 0 0 0

# compatibility_mode=5891 16776533 42 87 0 20987754 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=118439

# found=2

# cleaned=2

# scan_time=4925

C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\8ad542a\8412.mof.vir Win32/RogueAV.A trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP587\A0306897.mof Win32/RogueAV.A trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Results of screen317's Security Check version 0.99.17

Windows XP Service Pack 3

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

ESET Online Scanner v3

SonicStage Mastering Studio Audio Filter Custom Preset

Microsoft Security Essentials

Antivirus up to date!

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

Java SE Runtime Environment 6 Update 1

Java 6 Update 5

Out of date Java installed!

Adobe Flash Player 9 (Out of date Flash Player installed!)

Adobe Flash Player

````````````````````````````````

Process Check:

objlist.exe by Laurent

Windows Defender MSMpEng.exe

Microsoft Security Essentials msseces.exe

Microsoft Security Client Antimalware MsMpEng.exe

``````````End of Log````````````

Link to post
Share on other sites

  • Staff

Hi,

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following programs (if present):

Java™ SE Runtime Environment 6 Update 1

Java™ 6 Update 5

ESET Online Scanner v3

Adobe Flash Player 9

Adobe Flash Player

Restart your computer.

Get the latest version of Java and Adobe Flash Player.

Let me know what issues remain.

-screen317

Link to post
Share on other sites

  • 4 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.