Tech Support Forum - View Single Post

AkiraBenito · 01-16-2008, 03:54 AM

thanks Pancake

here is the Combofix log

((((((((((((((((((((((((( Files Created from 2007-12-16 to 2008-01-16 )))))))))))))))))))))))))))))))
.

2008-01-16 01:27 . 2000-08-31 08:00 51,200 --a------ C:\Windows\NirCmd.exe
2008-01-14 00:57 . 2008-01-16 01:09 <DIR> d-------- C:\Users\All Users\Kaspersky Lab
2008-01-14 00:57 . 2008-01-14 00:57 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-01-14 00:57 . 2008-01-16 01:09 <DIR> d-------- C:\PROGRA~2\Kaspersky Lab
2008-01-14 00:54 . 2008-01-14 00:54 <DIR> d-------- C:\KAV
2008-01-13 04:41 . 2008-01-13 05:00 <DIR> d-------- C:\Users\All Users\WLInstaller
2008-01-13 04:41 . 2008-01-13 05:00 <DIR> d-------- C:\PROGRA~2\WLInstaller
2008-01-12 10:09 . 2007-08-29 12:04 <DIR> d-------- C:\Program Files\group
2008-01-10 11:04 . 2008-01-10 11:04 <DIR> d-------- C:\Users\benny\AppData\Roaming\vlc
2008-01-10 08:29 . 2008-01-10 08:31 398 --a------ C:\Windows\NJCOM.INI
2008-01-10 08:28 . 2008-01-10 08:28 <DIR> d-------- C:\Users\benny\AppData\Roaming\NJStar
2008-01-10 08:27 . 2008-01-10 08:28 <DIR> d-------- C:\Program Files\NJStar Communicator
2008-01-10 06:05 . 2008-01-16 01:59 <DIR> d-------- C:\Users\benny\AppData\Roaming\uTorrent
2008-01-10 01:52 . 2008-01-10 01:52 <DIR> d-------- C:\Users\benny\AppData\Roaming\Nero
2008-01-10 01:51 . 2008-01-10 01:51 <DIR> dr------- C:\Users\benny\Videos
2008-01-10 01:51 . 2008-01-10 01:51 <DIR> dr------- C:\Users\benny\Searches
2008-01-10 01:51 . 2008-01-10 01:51 <DIR> dr------- C:\Users\benny\Saved Games
2008-01-10 01:51 . 2008-01-10 01:51 <DIR> dr------- C:\Users\benny\Pictures
2008-01-10 01:51 . 2008-01-10 09:15 <DIR> dr------- C:\Users\benny\Music
2008-01-10 01:51 . 2008-01-10 01:51 <DIR> dr------- C:\Users\benny\Links
2008-01-10 01:51 . 2008-01-16 01:50 <DIR> dr------- C:\Users\benny\Downloads
2008-01-10 01:51 . 2008-01-12 19:17 <DIR> dr------- C:\Users\benny\Documents
2008-01-10 01:51 . 2008-01-10 01:51 <DIR> dr------- C:\Users\benny\Contacts
2008-01-10 01:51 . 2008-01-12 04:28 <DIR> d-------- C:\Users\benny\AppData\Roaming\Sony Corporation
2008-01-10 01:51 . 2006-11-02 04:37 <DIR> d-------- C:\Users\benny\AppData\Roaming\Media Center Programs
2008-01-10 01:51 . 2008-01-05 14:52 <DIR> d-------- C:\Users\benny\AppData\Roaming\Apple Computer
2008-01-10 01:51 . 2008-01-10 01:51 <DIR> d--h----- C:\Users\benny\AppData
2008-01-09 23:26 . 2008-01-09 23:26 802,816 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-01-09 23:26 . 2008-01-09 23:26 216,760 --a------ C:\Windows\System32\drivers\netio.sys
2008-01-09 23:26 . 2008-01-09 23:26 167,424 --a------ C:\Windows\System32\tcpipcfg.dll
2008-01-09 23:26 . 2008-01-09 23:26 24,064 --a------ C:\Windows\System32\netcfg.exe
2008-01-09 23:26 . 2008-01-09 23:26 22,016 --a------ C:\Windows\System32\netiougc.exe
2008-01-09 23:22 . 2008-01-09 23:22 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-01-09 23:22 . 2008-01-09 23:22 1,686,016 --a------ C:\Windows\System32\gameux.dll
2008-01-09 23:21 . 2008-01-09 23:21 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys
2008-01-09 23:21 . 2008-01-09 23:21 211,000 --a------ C:\Windows\System32\drivers\volsnap.sys
2008-01-09 23:21 . 2008-01-09 23:21 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-01-09 23:21 . 2008-01-09 23:21 109,624 --a------ C:\Windows\System32\drivers\ataport.sys
2008-01-09 23:21 . 2008-01-09 23:21 45,112 --a------ C:\Windows\System32\drivers\pciidex.sys
2008-01-09 23:21 . 2008-01-09 23:21 25,656 --a------ C:\Windows\System32\drivers\msahci.sys
2008-01-09 23:21 . 2008-01-09 23:21 21,560 --a------ C:\Windows\System32\drivers\atapi.sys
2008-01-09 23:21 . 2008-01-09 23:21 17,464 --a------ C:\Windows\System32\drivers\intelide.sys
2008-01-09 23:20 . 2008-01-09 23:20 11,776 --a------ C:\Windows\System32\sbunattend.exe
2008-01-09 23:13 . 2008-01-09 23:13 <DIR> d-------- C:\Users\Guest\AppData\Roaming\Nero
2008-01-09 23:12 . 2008-01-09 23:12 <DIR> dr------- C:\Users\Guest\Searches
2008-01-09 23:11 . 2008-01-09 23:12 <DIR> dr------- C:\Users\Guest\Videos
2008-01-09 23:11 . 2008-01-09 23:12 <DIR> dr------- C:\Users\Guest\Saved Games
2008-01-09 23:11 . 2008-01-09 23:12 <DIR> dr------- C:\Users\Guest\Pictures
2008-01-09 23:11 . 2008-01-09 23:12 <DIR> dr------- C:\Users\Guest\Music
2008-01-09 23:11 . 2008-01-09 23:12 <DIR> dr------- C:\Users\Guest\Links
2008-01-09 23:11 . 2008-01-09 23:12 <DIR> dr------- C:\Users\Guest\Downloads
2008-01-09 23:11 . 2008-01-09 23:12 <DIR> dr------- C:\Users\Guest\Documents
2008-01-09 23:11 . 2008-01-09 23:11 <DIR> dr------- C:\Users\Guest\Contacts
2008-01-09 23:11 . 2008-01-09 23:13 <DIR> d-------- C:\Users\Guest\AppData\Roaming\Sony Corporation
2008-01-09 23:11 . 2006-11-02 04:37 <DIR> d-------- C:\Users\Guest\AppData\Roaming\Media Center Programs
2008-01-09 23:11 . 2008-01-05 14:52 <DIR> d-------- C:\Users\Guest\AppData\Roaming\Apple Computer
2008-01-09 23:11 . 2008-01-09 23:12 <DIR> d--h----- C:\Users\Guest\AppData
2008-01-08 03:17 . 2008-01-08 03:17 <DIR> d-------- C:\Program Files\VideoLAN
2008-01-05 14:52 . 2008-01-05 14:53 54,156 --ah----- C:\Windows\QTFont.qfn
2008-01-05 14:52 . 2008-01-05 14:53 1,409 --a------ C:\Windows\QTFont.for
2008-01-04 20:22 . 2008-01-04 20:22 <DIR> d-------- C:\Users\All Users\Nero
2008-01-04 20:22 . 2008-01-04 20:22 <DIR> d-------- C:\Program Files\Nero
2008-01-04 20:22 . 2008-01-04 20:25 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-01-04 20:22 . 2008-01-04 20:22 <DIR> d-------- C:\PROGRA~2\Nero
2008-01-04 19:26 . 2008-01-04 19:26 <DIR> d-------- C:\Program Files\uTorrent
2008-01-04 18:55 . 2008-01-04 18:55 <DIR> d-------- C:\Program Files\iPod
2008-01-04 18:54 . 2008-01-04 18:55 <DIR> d-------- C:\Program Files\iTunes
2008-01-04 18:51 . 2008-01-04 18:54 <DIR> d-------- C:\Users\All Users\Apple Computer
2008-01-04 18:51 . 2008-01-04 18:52 <DIR> d-------- C:\Program Files\QuickTime
2008-01-04 18:51 . 2008-01-04 18:54 <DIR> d-------- C:\PROGRA~2\Apple Computer
2008-01-04 18:49 . 2008-01-04 18:49 <DIR> d-------- C:\Program Files\Apple Software Update
2008-01-04 18:43 . 2008-01-04 18:43 <DIR> d-------- C:\Users\All Users\Apple
2008-01-04 18:43 . 2008-01-04 18:43 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-01-04 18:43 . 2008-01-04 18:43 <DIR> d-------- C:\PROGRA~2\Apple
2008-01-04 17:44 . 2008-01-12 02:34 16 --a------ C:\Windows\System32\coh.cache
2007-12-28 01:13 . 2007-12-28 01:16 <DIR> d-------- C:\Users\l\AppData\Roaming\Corel
2007-12-27 21:35 . 2007-12-27 21:35 <DIR> d-------- C:\Users\l\AppData\Roaming\InterVideo
2007-12-26 22:14 . 2007-12-26 22:14 38,400 --a------ C:\Windows\System32\kmddsp.tsp
2007-12-26 22:14 . 2007-12-26 22:14 8,192 --a------ C:\Windows\System32\riched32.dll
2007-12-26 22:12 . 2007-12-26 22:12 2,923,520 --a------ C:\Windows\explorer.exe
2007-12-26 22:09 . 2007-12-26 22:09 8,147,968 --a------ C:\Windows\System32\wmploc.DLL
2007-12-26 22:09 . 2007-12-26 22:09 356,864 --a------ C:\Windows\System32\MediaMetadataHandler.dll
2007-12-26 22:09 . 2007-12-26 22:09 7,680 --a------ C:\Windows\System32\spwmp.dll
2007-12-26 22:09 . 2007-12-26 22:09 4,096 --a------ C:\Windows\System32\msdxm.ocx
2007-12-26 22:09 . 2007-12-26 22:09 4,096 --a------ C:\Windows\System32\dxmasf.dll
2007-12-26 22:07 . 2007-12-26 22:07 1,191,936 --a------ C:\Windows\System32\msxml3.dll
2007-12-26 22:07 . 2007-12-26 22:07 2,048 --a------ C:\Windows\System32\msxml3r.dll
2007-12-26 22:05 . 2007-12-26 22:05 1,327,104 --a------ C:\Windows\System32\quartz.dll
2007-12-26 22:05 . 2007-12-26 22:05 223,232 --a------ C:\Windows\System32\WMASF.DLL
2007-12-26 22:05 . 2007-12-26 22:05 9,728 --a------ C:\Windows\System32\LAPRXY.DLL
2007-12-26 22:05 . 2007-12-26 22:05 2,048 --a------ C:\Windows\System32\asferror.dll
2007-12-26 22:04 . 2007-12-26 22:04 1,244,672 --a------ C:\Windows\System32\mcmde.dll
2007-12-26 22:03 . 2007-12-26 22:03 1,335,296 --a------ C:\Windows\System32\msxml6.dll
2007-12-26 22:03 . 2007-12-26 22:03 2,048 --a------ C:\Windows\System32\msxml6r.dll
2007-12-26 21:59 . 2007-12-26 21:59 737,792 --a------ C:\Windows\System32\inetcomm.dll
2007-12-26 21:59 . 2007-12-26 21:59 84,480 --a------ C:\Windows\System32\INETRES.dll
2007-12-26 21:54 . 2007-12-26 21:54 130,048 --a------ C:\Windows\System32\drivers\srv2.sys
2007-12-26 21:54 . 2007-12-26 21:54 101,888 --a------ C:\Windows\System32\drivers\mrxsmb.sys
2007-12-26 21:54 . 2007-12-26 21:54 84,992 --a------ C:\Windows\System32\drivers\srvnet.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-14 09:14 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-14 09:12 --------- d-----w C:\PROGRA~2\Symantec
2008-01-12 12:21 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF
2008-01-12 12:21 10,740 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT
2008-01-12 09:55 8,427,087 ----a-w C:\Program Files\group.rar
2008-01-10 07:34 --------- d-----w C:\Program Files\Windows Sidebar
2008-01-10 07:34 --------- d-----w C:\Program Files\Windows Mail
2008-01-10 07:22 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-01-10 07:22 449,024 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-01-10 07:22 2,143,744 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-01-10 07:22 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-01-05 13:24 --------- d-----w C:\PROGRA~2\Sony Corporation
2007-12-28 01:11 174 --sha-w C:\Program Files\desktop.ini
2007-12-28 01:04 --------- d-----w C:\Program Files\Windows Calendar
2007-12-27 06:13 77,824 ----a-w C:\Windows\System32\rascfg.dll
2007-12-27 06:13 70,144 ----a-w C:\Windows\system32\drivers\pacer.sys
2007-12-27 06:13 694,784 ----a-w C:\Windows\System32\localspl.dll
2007-12-27 06:13 619,008 ----a-w C:\Windows\system32\drivers\dxgkrnl.sys
2007-12-27 06:13 61,952 ----a-w C:\Windows\system32\drivers\wanarp.sys
2007-12-27 06:13 52,736 ----a-w C:\Windows\System32\rasdiag.dll
2007-12-27 06:13 48,640 ----a-w C:\Windows\system32\drivers\ndproxy.sys
2007-12-27 06:13 384,000 ----a-w C:\Windows\System32\netcfgx.dll
2007-12-27 06:13 36,864 ----a-w C:\Windows\System32\cdd.dll
2007-12-27 06:13 33,280 ----a-w C:\Windows\System32\traffic.dll
2007-12-27 06:13 32,768 ----a-w C:\Windows\System32\rasmxs.dll
2007-12-27 06:13 286,208 ----a-w C:\Windows\System32\ipnathlp.dll
2007-12-27 06:13 22,016 ----a-w C:\Windows\System32\rasser.dll
2007-12-27 06:13 20,480 ----a-w C:\Windows\system32\drivers\ndistapi.sys
2007-12-27 06:13 15,360 ----a-w C:\Windows\System32\pacerprf.dll
2007-12-27 06:13 134,656 ----a-w C:\Windows\System32\dps.dll
2007-12-27 06:13 13,824 ----a-w C:\Windows\System32\wshqos.dll
2007-12-27 06:13 13,824 ----a-w C:\Windows\System32\icsunattend.exe
2007-12-27 06:12 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2007-12-27 06:12 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2007-12-27 06:12 542,720 ----a-w C:\Windows\System32\sysmain.dll
2007-12-27 06:12 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2007-12-27 06:12 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2007-12-27 06:12 297,984 ----a-w C:\Windows\System32\wlansec.dll
2007-12-27 06:12 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2007-12-27 06:12 28,344 ----a-w C:\Windows\system32\drivers\battc.sys
2007-12-27 06:12 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2007-12-27 06:12 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2007-12-27 06:12 20,920 ----a-w C:\Windows\system32\drivers\compbatt.sys
2007-12-27 06:12 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2007-12-27 06:12 14,208 ----a-w C:\Windows\system32\drivers\CmBatt.sys
2007-12-27 06:00 88,576 ----a-w C:\Windows\System32\avifil32.dll
2007-12-27 06:00 82,944 ----a-w C:\Windows\System32\mciavi32.dll
2007-12-27 06:00 8,138,240 ----a-w C:\Windows\System32\ssBranded.scr
2007-12-27 06:00 712,192 ----a-w C:\Windows\System32\WindowsCodecs.dll
2007-12-27 06:00 69,632 ----a-w C:\Windows\System32\sendmail.dll
2007-12-27 06:00 65,024 ----a-w C:\Windows\System32\avicap32.dll
2007-12-27 06:00 61,440 ----a-w C:\Windows\System32\ntprint.exe
2007-12-27 06:00 31,232 ----a-w C:\Windows\System32\msvidc32.dll
2007-12-27 06:00 269,824 ----a-w C:\Windows\System32\schannel.dll
2007-12-27 06:00 220,160 ----a-w C:\Windows\System32\ntprint.dll
2007-12-27 06:00 123,904 ----a-w C:\Windows\System32\msvfw32.dll
2007-12-27 06:00 120,320 ----a-w C:\Windows\System32\dhcpcsvc6.dll
2007-12-27 06:00 12,800 ----a-w C:\Windows\System32\msrle32.dll
2007-12-27 06:00 10,240 ----a-w C:\Windows\System32\dhcpcmonitor.dll
2007-12-27 06:00 1,984,512 ----a-w C:\Windows\System32\authui.dll
2007-12-27 05:56 824,832 ----a-w C:\Windows\System32\wininet.dll
2007-12-27 05:56 56,320 ----a-w C:\Windows\System32\iesetup.dll
2007-12-27 05:56 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2007-12-27 05:56 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2007-12-27 05:15 --------- d-sh--w C:\PROGRA~2\Templates
2007-12-27 05:15 --------- d-sh--w C:\PROGRA~2\Start Menu
2007-12-27 05:15 --------- d-sh--w C:\PROGRA~2\Favorites
2007-12-27 05:15 --------- d-sh--w C:\PROGRA~2\Documents
2007-12-27 05:15 --------- d-sh--w C:\PROGRA~2\Desktop
2007-12-27 05:15 --------- d-sh--w C:\PROGRA~2\Application Data
2007-12-14 03:09 972,072 ----a-w C:\Windows\UNNeroMediaHome.exe
2007-12-04 17:59 972,072 ----a-w C:\Windows\UNRecode.exe
2007-12-04 02:04 95,600 ----a-w C:\Windows\System32\NeroCo.dll
2007-08-27 06:53 1,132,112 ----a-w C:\Users\All Users\pswi_preloaded.exe
2007-08-27 06:53 1,132,112 ----a-w C:\PROGRA~2\pswi_preloaded.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AOLOverlayIcon]
@={AB0C8BE3-041C-47d6-8195-E089D32B38DD}

[HKEY_CLASSES_ROOT\CLSID\{AB0C8BE3-041C-47d6-8195-E089D32B38DD}]
2007-08-15 08:42 303104 --a------ C:\DDI\overicon.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 23:20 1232896]
"NSUFloatingUI"="C:\Program Files\Sony\Network Utility\LANUtil.exe" [2007-06-29 12:38 258048]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 19:10 1688872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-08-26 13:23 1006264]
"RtHDVCpl"="RtHDVCpl.exe" [2007-06-25 13:41 4489216 C:\Windows\RtHDVCpl.exe]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-06-29 05:45 137752]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-06-29 05:44 154136]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2007-06-29 05:45 133656]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2007-06-08 04:35 118784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06 40048]
"ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [2007-06-11 17:27 317560]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2007-08-26 13:43 77824]
"VAIO Center Access Bar"="c:\program files\sony\VAIO Center Access Bar\VCAB.exe" [2007-06-21 15:54 53248]
"VWLASU"="C:\Program Files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe" [2007-07-12 10:31 45056]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 22:24 620152]
"Corel Photo Downloader"="C:\Program Files\Corel\Corel Snapfire\Corel PhotoDownloader.exe" [ ]
"VAIOSurvey"="C:\Program Files\Sony\VAIO Survey\Vista VAIO Survey.exe" [2007-07-20 14:30 577536]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 10:56 286720]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 14:21 2213160]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-11 12:10 267048]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\avp.exe" [2007-11-19 14:40 231952]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\Windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe [2007-08-26 22:30:26]
Adobe Acrobat Synchronizer.lnk - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-22 23:01:50]
AOL DDI.lnk - C:\DDI\AOLICON.exe [2007-08-26 13:14:13]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2007-03-01 02:55:18]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
VESWinlogon.dll 2007-07-24 18:26 98304 C:\Windows\System32\VESWinlogon.dll

R2 NSUService;NSUService;"C:\Program Files\Sony\Network Utility\NSUService.exe" [2007-06-29 12:38]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-05-01 05:16]
R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2007-06-13 05:05]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-06-29 05:45]
R3 ti21sony;ti21sony;C:\Windows\system32\drivers\ti21sony.sys [2007-06-05 04:17]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-07-24 04:53]
S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe [2007-01-10 15:51]
S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);"C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-UCLS-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" []
S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-06-20 14:34]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;"C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe" [2007-07-13 09:55]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;"C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe" [2007-07-05 16:43]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted REG_MULTI_SZ hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum

*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
"2008-01-05 01:15:05 C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - benny.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-16 02:02:02
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-16 2:03:45
ComboFix2.txt 2008-01-16 09:37:31
.
2008-01-10 07:27:17 --- E O F ---

01-16-2008, 03:54 AM	#5 (permalink)
AkiraBenito Registered User Join Date: Jan 2008 Posts: 7 OS: Windows Vista	Re: W32.HLLW.Gaobot.gen thanks Pancake here is the Combofix log ((((((((((((((((((((((((( Files Created from 2007-12-16 to 2008-01-16 ))))))))))))))))))))))))))))))) . 2008-01-16 01:27 . 2000-08-31 08:00 51,200 --a------ C:\Windows\NirCmd.exe 2008-01-14 00:57 . 2008-01-16 01:09 <DIR> d-------- C:\Users\All Users\Kaspersky Lab 2008-01-14 00:57 . 2008-01-14 00:57 <DIR> d-------- C:\Program Files\Kaspersky Lab 2008-01-14 00:57 . 2008-01-16 01:09 <DIR> d-------- C:\PROGRA~2\Kaspersky Lab 2008-01-14 00:54 . 2008-01-14 00:54 <DIR> d-------- C:\KAV 2008-01-13 04:41 . 2008-01-13 05:00 <DIR> d-------- C:\Users\All Users\WLInstaller 2008-01-13 04:41 . 2008-01-13 05:00 <DIR> d-------- C:\PROGRA~2\WLInstaller 2008-01-12 10:09 . 2007-08-29 12:04 <DIR> d-------- C:\Program Files\group 2008-01-10 11:04 . 2008-01-10 11:04 <DIR> d-------- C:\Users\benny\AppData\Roaming\vlc 2008-01-10 08:29 . 2008-01-10 08:31 398 --a------ C:\Windows\NJCOM.INI 2008-01-10 08:28 . 2008-01-10 08:28 <DIR> d-------- C:\Users\benny\AppData\Roaming\NJStar 2008-01-10 08:27 . 2008-01-10 08:28 <DIR> d-------- C:\Program Files\NJStar Communicator 2008-01-10 06:05 . 2008-01-16 01:59 <DIR> d-------- C:\Users\benny\AppData\Roaming\uTorrent 2008-01-10 01:52 . 2008-01-10 01:52 <DIR> d-------- C:\Users\benny\AppData\Roaming\Nero 2008-01-10 01:51 . 2008-01-10 01:51 <DIR> dr------- C:\Users\benny\Videos 2008-01-10 01:51 . 2008-01-10 01:51 <DIR> dr------- C:\Users\benny\Searches 2008-01-10 01:51 . 2008-01-10 01:51 <DIR> dr------- C:\Users\benny\Saved Games 2008-01-10 01:51 . 2008-01-10 01:51 <DIR> dr------- C:\Users\benny\Pictures 2008-01-10 01:51 . 2008-01-10 09:15 <DIR> dr------- C:\Users\benny\Music 2008-01-10 01:51 . 2008-01-10 01:51 <DIR> dr------- C:\Users\benny\Links 2008-01-10 01:51 . 2008-01-16 01:50 <DIR> dr------- C:\Users\benny\Downloads 2008-01-10 01:51 . 2008-01-12 19:17 <DIR> dr------- C:\Users\benny\Documents 2008-01-10 01:51 . 2008-01-10 01:51 <DIR> dr------- C:\Users\benny\Contacts 2008-01-10 01:51 . 2008-01-12 04:28 <DIR> d-------- C:\Users\benny\AppData\Roaming\Sony Corporation 2008-01-10 01:51 . 2006-11-02 04:37 <DIR> d-------- C:\Users\benny\AppData\Roaming\Media Center Programs 2008-01-10 01:51 . 2008-01-05 14:52 <DIR> d-------- C:\Users\benny\AppData\Roaming\Apple Computer 2008-01-10 01:51 . 2008-01-10 01:51 <DIR> d--h----- C:\Users\benny\AppData 2008-01-09 23:26 . 2008-01-09 23:26 802,816 --a------ C:\Windows\System32\drivers\tcpip.sys 2008-01-09 23:26 . 2008-01-09 23:26 216,760 --a------ C:\Windows\System32\drivers\netio.sys 2008-01-09 23:26 . 2008-01-09 23:26 167,424 --a------ C:\Windows\System32\tcpipcfg.dll 2008-01-09 23:26 . 2008-01-09 23:26 24,064 --a------ C:\Windows\System32\netcfg.exe 2008-01-09 23:26 . 2008-01-09 23:26 22,016 --a------ C:\Windows\System32\netiougc.exe 2008-01-09 23:22 . 2008-01-09 23:22 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll 2008-01-09 23:22 . 2008-01-09 23:22 1,686,016 --a------ C:\Windows\System32\gameux.dll 2008-01-09 23:21 . 2008-01-09 23:21 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys 2008-01-09 23:21 . 2008-01-09 23:21 211,000 --a------ C:\Windows\System32\drivers\volsnap.sys 2008-01-09 23:21 . 2008-01-09 23:21 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys 2008-01-09 23:21 . 2008-01-09 23:21 109,624 --a------ C:\Windows\System32\drivers\ataport.sys 2008-01-09 23:21 . 2008-01-09 23:21 45,112 --a------ C:\Windows\System32\drivers\pciidex.sys 2008-01-09 23:21 . 2008-01-09 23:21 25,656 --a------ C:\Windows\System32\drivers\msahci.sys 2008-01-09 23:21 . 2008-01-09 23:21 21,560 --a------ C:\Windows\System32\drivers\atapi.sys 2008-01-09 23:21 . 2008-01-09 23:21 17,464 --a------ C:\Windows\System32\drivers\intelide.sys 2008-01-09 23:20 . 2008-01-09 23:20 11,776 --a------ C:\Windows\System32\sbunattend.exe 2008-01-09 23:13 . 2008-01-09 23:13 <DIR> d-------- C:\Users\Guest\AppData\Roaming\Nero 2008-01-09 23:12 . 2008-01-09 23:12 <DIR> dr------- C:\Users\Guest\Searches 2008-01-09 23:11 . 2008-01-09 23:12 <DIR> dr------- C:\Users\Guest\Videos 2008-01-09 23:11 . 2008-01-09 23:12 <DIR> dr------- C:\Users\Guest\Saved Games 2008-01-09 23:11 . 2008-01-09 23:12 <DIR> dr------- C:\Users\Guest\Pictures 2008-01-09 23:11 . 2008-01-09 23:12 <DIR> dr------- C:\Users\Guest\Music 2008-01-09 23:11 . 2008-01-09 23:12 <DIR> dr------- C:\Users\Guest\Links 2008-01-09 23:11 . 2008-01-09 23:12 <DIR> dr------- C:\Users\Guest\Downloads 2008-01-09 23:11 . 2008-01-09 23:12 <DIR> dr------- C:\Users\Guest\Documents 2008-01-09 23:11 . 2008-01-09 23:11 <DIR> dr------- C:\Users\Guest\Contacts 2008-01-09 23:11 . 2008-01-09 23:13 <DIR> d-------- C:\Users\Guest\AppData\Roaming\Sony Corporation 2008-01-09 23:11 . 2006-11-02 04:37 <DIR> d-------- C:\Users\Guest\AppData\Roaming\Media Center Programs 2008-01-09 23:11 . 2008-01-05 14:52 <DIR> d-------- C:\Users\Guest\AppData\Roaming\Apple Computer 2008-01-09 23:11 . 2008-01-09 23:12 <DIR> d--h----- C:\Users\Guest\AppData 2008-01-08 03:17 . 2008-01-08 03:17 <DIR> d-------- C:\Program Files\VideoLAN 2008-01-05 14:52 . 2008-01-05 14:53 54,156 --ah----- C:\Windows\QTFont.qfn 2008-01-05 14:52 . 2008-01-05 14:53 1,409 --a------ C:\Windows\QTFont.for 2008-01-04 20:22 . 2008-01-04 20:22 <DIR> d-------- C:\Users\All Users\Nero 2008-01-04 20:22 . 2008-01-04 20:22 <DIR> d-------- C:\Program Files\Nero 2008-01-04 20:22 . 2008-01-04 20:25 <DIR> d-------- C:\Program Files\Common Files\Nero 2008-01-04 20:22 . 2008-01-04 20:22 <DIR> d-------- C:\PROGRA~2\Nero 2008-01-04 19:26 . 2008-01-04 19:26 <DIR> d-------- C:\Program Files\uTorrent 2008-01-04 18:55 . 2008-01-04 18:55 <DIR> d-------- C:\Program Files\iPod 2008-01-04 18:54 . 2008-01-04 18:55 <DIR> d-------- C:\Program Files\iTunes 2008-01-04 18:51 . 2008-01-04 18:54 <DIR> d-------- C:\Users\All Users\Apple Computer 2008-01-04 18:51 . 2008-01-04 18:52 <DIR> d-------- C:\Program Files\QuickTime 2008-01-04 18:51 . 2008-01-04 18:54 <DIR> d-------- C:\PROGRA~2\Apple Computer 2008-01-04 18:49 . 2008-01-04 18:49 <DIR> d-------- C:\Program Files\Apple Software Update 2008-01-04 18:43 . 2008-01-04 18:43 <DIR> d-------- C:\Users\All Users\Apple 2008-01-04 18:43 . 2008-01-04 18:43 <DIR> d-------- C:\Program Files\Common Files\Apple 2008-01-04 18:43 . 2008-01-04 18:43 <DIR> d-------- C:\PROGRA~2\Apple 2008-01-04 17:44 . 2008-01-12 02:34 16 --a------ C:\Windows\System32\coh.cache 2007-12-28 01:13 . 2007-12-28 01:16 <DIR> d-------- C:\Users\l\AppData\Roaming\Corel 2007-12-27 21:35 . 2007-12-27 21:35 <DIR> d-------- C:\Users\l\AppData\Roaming\InterVideo 2007-12-26 22:14 . 2007-12-26 22:14 38,400 --a------ C:\Windows\System32\kmddsp.tsp 2007-12-26 22:14 . 2007-12-26 22:14 8,192 --a------ C:\Windows\System32\riched32.dll 2007-12-26 22:12 . 2007-12-26 22:12 2,923,520 --a------ C:\Windows\explorer.exe 2007-12-26 22:09 . 2007-12-26 22:09 8,147,968 --a------ C:\Windows\System32\wmploc.DLL 2007-12-26 22:09 . 2007-12-26 22:09 356,864 --a------ C:\Windows\System32\MediaMetadataHandler.dll 2007-12-26 22:09 . 2007-12-26 22:09 7,680 --a------ C:\Windows\System32\spwmp.dll 2007-12-26 22:09 . 2007-12-26 22:09 4,096 --a------ C:\Windows\System32\msdxm.ocx 2007-12-26 22:09 . 2007-12-26 22:09 4,096 --a------ C:\Windows\System32\dxmasf.dll 2007-12-26 22:07 . 2007-12-26 22:07 1,191,936 --a------ C:\Windows\System32\msxml3.dll 2007-12-26 22:07 . 2007-12-26 22:07 2,048 --a------ C:\Windows\System32\msxml3r.dll 2007-12-26 22:05 . 2007-12-26 22:05 1,327,104 --a------ C:\Windows\System32\quartz.dll 2007-12-26 22:05 . 2007-12-26 22:05 223,232 --a------ C:\Windows\System32\WMASF.DLL 2007-12-26 22:05 . 2007-12-26 22:05 9,728 --a------ C:\Windows\System32\LAPRXY.DLL 2007-12-26 22:05 . 2007-12-26 22:05 2,048 --a------ C:\Windows\System32\asferror.dll 2007-12-26 22:04 . 2007-12-26 22:04 1,244,672 --a------ C:\Windows\System32\mcmde.dll 2007-12-26 22:03 . 2007-12-26 22:03 1,335,296 --a------ C:\Windows\System32\msxml6.dll 2007-12-26 22:03 . 2007-12-26 22:03 2,048 --a------ C:\Windows\System32\msxml6r.dll 2007-12-26 21:59 . 2007-12-26 21:59 737,792 --a------ C:\Windows\System32\inetcomm.dll 2007-12-26 21:59 . 2007-12-26 21:59 84,480 --a------ C:\Windows\System32\INETRES.dll 2007-12-26 21:54 . 2007-12-26 21:54 130,048 --a------ C:\Windows\System32\drivers\srv2.sys 2007-12-26 21:54 . 2007-12-26 21:54 101,888 --a------ C:\Windows\System32\drivers\mrxsmb.sys 2007-12-26 21:54 . 2007-12-26 21:54 84,992 --a------ C:\Windows\System32\drivers\srvnet.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-14 09:14 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-01-14 09:12 --------- d-----w C:\PROGRA~2\Symantec 2008-01-12 12:21 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF 2008-01-12 12:21 10,740 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT 2008-01-12 09:55 8,427,087 ----a-w C:\Program Files\group.rar 2008-01-10 07:34 --------- d-----w C:\Program Files\Windows Sidebar 2008-01-10 07:34 --------- d-----w C:\Program Files\Windows Mail 2008-01-10 07:22 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll 2008-01-10 07:22 449,024 ----a-w C:\Windows\AppPatch\AcSpecfc.dll 2008-01-10 07:22 2,143,744 ----a-w C:\Windows\AppPatch\AcGenral.dll 2008-01-10 07:22 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll 2008-01-05 13:24 --------- d-----w C:\PROGRA~2\Sony Corporation 2007-12-28 01:11 174 --sha-w C:\Program Files\desktop.ini 2007-12-28 01:04 --------- d-----w C:\Program Files\Windows Calendar 2007-12-27 06:13 77,824 ----a-w C:\Windows\System32\rascfg.dll 2007-12-27 06:13 70,144 ----a-w C:\Windows\system32\drivers\pacer.sys 2007-12-27 06:13 694,784 ----a-w C:\Windows\System32\localspl.dll 2007-12-27 06:13 619,008 ----a-w C:\Windows\system32\drivers\dxgkrnl.sys 2007-12-27 06:13 61,952 ----a-w C:\Windows\system32\drivers\wanarp.sys 2007-12-27 06:13 52,736 ----a-w C:\Windows\System32\rasdiag.dll 2007-12-27 06:13 48,640 ----a-w C:\Windows\system32\drivers\ndproxy.sys 2007-12-27 06:13 384,000 ----a-w C:\Windows\System32\netcfgx.dll 2007-12-27 06:13 36,864 ----a-w C:\Windows\System32\cdd.dll 2007-12-27 06:13 33,280 ----a-w C:\Windows\System32\traffic.dll 2007-12-27 06:13 32,768 ----a-w C:\Windows\System32\rasmxs.dll 2007-12-27 06:13 286,208 ----a-w C:\Windows\System32\ipnathlp.dll 2007-12-27 06:13 22,016 ----a-w C:\Windows\System32\rasser.dll 2007-12-27 06:13 20,480 ----a-w C:\Windows\system32\drivers\ndistapi.sys 2007-12-27 06:13 15,360 ----a-w C:\Windows\System32\pacerprf.dll 2007-12-27 06:13 134,656 ----a-w C:\Windows\System32\dps.dll 2007-12-27 06:13 13,824 ----a-w C:\Windows\System32\wshqos.dll 2007-12-27 06:13 13,824 ----a-w C:\Windows\System32\icsunattend.exe 2007-12-27 06:12 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr 2007-12-27 06:12 67,584 ----a-w C:\Windows\System32\wlanhlp.dll 2007-12-27 06:12 542,720 ----a-w C:\Windows\System32\sysmain.dll 2007-12-27 06:12 502,784 ----a-w C:\Windows\System32\wlansvc.dll 2007-12-27 06:12 47,104 ----a-w C:\Windows\System32\wlanapi.dll 2007-12-27 06:12 297,984 ----a-w C:\Windows\System32\wlansec.dll 2007-12-27 06:12 290,816 ----a-w C:\Windows\System32\wlanmsm.dll 2007-12-27 06:12 28,344 ----a-w C:\Windows\system32\drivers\battc.sys 2007-12-27 06:12 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys 2007-12-27 06:12 24,064 ----a-w C:\Windows\System32\wtsapi32.dll 2007-12-27 06:12 20,920 ----a-w C:\Windows\system32\drivers\compbatt.sys 2007-12-27 06:12 2,027,008 ----a-w C:\Windows\System32\win32k.sys 2007-12-27 06:12 14,208 ----a-w C:\Windows\system32\drivers\CmBatt.sys 2007-12-27 06:00 88,576 ----a-w C:\Windows\System32\avifil32.dll 2007-12-27 06:00 82,944 ----a-w C:\Windows\System32\mciavi32.dll 2007-12-27 06:00 8,138,240 ----a-w C:\Windows\System32\ssBranded.scr 2007-12-27 06:00 712,192 ----a-w C:\Windows\System32\WindowsCodecs.dll 2007-12-27 06:00 69,632 ----a-w C:\Windows\System32\sendmail.dll 2007-12-27 06:00 65,024 ----a-w C:\Windows\System32\avicap32.dll 2007-12-27 06:00 61,440 ----a-w C:\Windows\System32\ntprint.exe 2007-12-27 06:00 31,232 ----a-w C:\Windows\System32\msvidc32.dll 2007-12-27 06:00 269,824 ----a-w C:\Windows\System32\schannel.dll 2007-12-27 06:00 220,160 ----a-w C:\Windows\System32\ntprint.dll 2007-12-27 06:00 123,904 ----a-w C:\Windows\System32\msvfw32.dll 2007-12-27 06:00 120,320 ----a-w C:\Windows\System32\dhcpcsvc6.dll 2007-12-27 06:00 12,800 ----a-w C:\Windows\System32\msrle32.dll 2007-12-27 06:00 10,240 ----a-w C:\Windows\System32\dhcpcmonitor.dll 2007-12-27 06:00 1,984,512 ----a-w C:\Windows\System32\authui.dll 2007-12-27 05:56 824,832 ----a-w C:\Windows\System32\wininet.dll 2007-12-27 05:56 56,320 ----a-w C:\Windows\System32\iesetup.dll 2007-12-27 05:56 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll 2007-12-27 05:56 26,624 ----a-w C:\Windows\System32\ieUnatt.exe 2007-12-27 05:15 --------- d-sh--w C:\PROGRA~2\Templates 2007-12-27 05:15 --------- d-sh--w C:\PROGRA~2\Start Menu 2007-12-27 05:15 --------- d-sh--w C:\PROGRA~2\Favorites 2007-12-27 05:15 --------- d-sh--w C:\PROGRA~2\Documents 2007-12-27 05:15 --------- d-sh--w C:\PROGRA~2\Desktop 2007-12-27 05:15 --------- d-sh--w C:\PROGRA~2\Application Data 2007-12-14 03:09 972,072 ----a-w C:\Windows\UNNeroMediaHome.exe 2007-12-04 17:59 972,072 ----a-w C:\Windows\UNRecode.exe 2007-12-04 02:04 95,600 ----a-w C:\Windows\System32\NeroCo.dll 2007-08-27 06:53 1,132,112 ----a-w C:\Users\All Users\pswi_preloaded.exe 2007-08-27 06:53 1,132,112 ----a-w C:\PROGRA~2\pswi_preloaded.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AOLOverlayIcon] @={AB0C8BE3-041C-47d6-8195-E089D32B38DD} [HKEY_CLASSES_ROOT\CLSID\{AB0C8BE3-041C-47d6-8195-E089D32B38DD}] 2007-08-15 08:42 303104 --a------ C:\DDI\overicon.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 23:20 1232896] "NSUFloatingUI"="C:\Program Files\Sony\Network Utility\LANUtil.exe" [2007-06-29 12:38 258048] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 19:10 1688872] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-08-26 13:23 1006264] "RtHDVCpl"="RtHDVCpl.exe" [2007-06-25 13:41 4489216 C:\Windows\RtHDVCpl.exe] "IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-06-29 05:45 137752] "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-06-29 05:44 154136] "Persistence"="C:\Windows\system32\igfxpers.exe" [2007-06-29 05:45 133656] "Apoint"="C:\Program Files\Apoint\Apoint.exe" [2007-06-08 04:35 118784] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06 40048] "ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [2007-06-11 17:27 317560] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2007-08-26 13:43 77824] "VAIO Center Access Bar"="c:\program files\sony\VAIO Center Access Bar\VCAB.exe" [2007-06-21 15:54 53248] "VWLASU"="C:\Program Files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe" [2007-07-12 10:31 45056] "Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 22:24 620152] "Corel Photo Downloader"="C:\Program Files\Corel\Corel Snapfire\Corel PhotoDownloader.exe" [ ] "VAIOSurvey"="C:\Program Files\Sony\VAIO Survey\Vista VAIO Survey.exe" [2007-07-20 14:30 577536] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 10:56 286720] "NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136] "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 14:21 2213160] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-11 12:10 267048] "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\avp.exe" [2007-11-19 14:40 231952] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Acrobat Speed Launcher.lnk - C:\Windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe [2007-08-26 22:30:26] Adobe Acrobat Synchronizer.lnk - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-22 23:01:50] AOL DDI.lnk - C:\DDI\AOLICON.exe [2007-08-26 13:14:13] QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2007-03-01 02:55:18] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon] VESWinlogon.dll 2007-07-24 18:26 98304 C:\Windows\System32\VESWinlogon.dll R2 NSUService;NSUService;"C:\Program Files\Sony\Network Utility\NSUService.exe" [2007-06-29 12:38] R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-05-01 05:16] R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2007-06-13 05:05] R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-06-29 05:45] R3 ti21sony;ti21sony;C:\Windows\system32\drivers\ti21sony.sys [2007-06-05 04:17] R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-07-24 04:53] S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe [2007-01-10 15:51] S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);"C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-UCLS-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" [] S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-06-20 14:34] S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;"C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe" [2007-07-13 09:55] S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;"C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe" [2007-07-05 16:43] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalSystemNetworkRestricted REG_MULTI_SZ hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum Newly Created Service - PROCEXP90 . Contents of the 'Scheduled Tasks' folder "2008-01-05 01:15:05 C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - benny.job" - C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exe . ************************************************************************ catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-16 02:02:02 Windows 6.0.6000 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2008-01-16 2:03:45 ComboFix2.txt 2008-01-16 09:37:31 . 2008-01-10 07:27:17 --- E O F --- Last edited by AkiraBenito; 01-16-2008 at 04:09 AM.