Tech Support Forum - View Single Post

minaccia · 11-13-2008, 11:08 AM

Hi sjb007, thanks for your effort again.
Again I followed your instructions and below you may find the reports:

Combofix

ComboFix 08-11-11.01 - Owner 2008-11-12 19:29:13.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.997 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active

FILE ::
c:\windows\system32\epoPGPsdk.dll
c:\windows\system32\epoPGPsdk.dll.sig
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\epoPGPsdk.dll
c:\windows\system32\epoPGPsdk.dll.sig

.
((((((((((((((((((((((((( Files Created from 2008-10-13 to 2008-11-13 )))))))))))))))))))))))))))))))
.

2008-11-11 18:44 . 2008-10-24 06:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-11 18:43 . 2008-09-04 12:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-11 14:05 . 2008-11-11 14:06 <DIR> d-------- c:\program files\McAfee
2008-11-11 14:05 . 2008-11-11 14:05 <DIR> d-------- c:\program files\Common Files\McAfee
2008-11-11 14:05 . 2008-01-24 20:50 171,400 --a------ c:\windows\system32\drivers\mfehidk.sys
2008-11-11 14:05 . 2008-01-24 20:50 72,936 --a------ c:\windows\system32\drivers\mfeavfk.sys
2008-11-11 14:05 . 2008-01-24 20:50 64,232 --a------ c:\windows\system32\drivers\mfeapfk.sys
2008-11-11 14:05 . 2008-01-24 20:50 52,104 --a------ c:\windows\system32\drivers\mfetdik.sys
2008-11-11 14:05 . 2008-01-24 20:50 33,960 --a------ c:\windows\system32\drivers\mfebopk.sys
2008-11-09 13:20 . 2008-11-12 10:57 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-11-09 13:20 . 2008-11-12 10:56 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-08 17:58 . 2008-11-08 17:58 <DIR> d-------- C:\rsit
2008-11-08 17:37 . 2008-11-08 17:40 250 --a------ c:\windows\gmer.ini
2008-11-08 16:35 . 2008-11-08 16:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\NVIDIA
2008-11-08 14:30 . 2008-11-08 14:30 <DIR> d-------- c:\documents and settings\Owner\Application Data\McAfee
2008-11-08 13:09 . 2008-11-12 12:05 <DIR> d-------- C:\Temp
2008-11-08 13:09 . 2008-11-12 19:29 <DIR> d-------- C:\QUARANTINE
2008-11-08 12:49 . 2008-11-08 12:49 107,888 --a------ c:\windows\system32\CmdLineExt.dll
2008-11-08 12:22 . 2006-11-29 13:06 3,426,072 --a------ c:\windows\system32\d3dx9_32.dll
2008-11-08 12:22 . 2006-09-28 16:05 2,414,360 --a------ c:\windows\system32\d3dx9_31.dll
2008-11-08 12:22 . 2006-12-08 12:02 251,672 --a------ c:\windows\system32\xactengine2_5.dll
2008-11-08 12:22 . 2006-09-28 16:05 237,848 --a------ c:\windows\system32\xactengine2_4.dll
2008-11-08 12:22 . 2006-07-28 09:30 236,824 --a------ c:\windows\system32\xactengine2_3.dll
2008-11-08 12:22 . 2006-09-28 16:04 68,888 --a------ c:\windows\system32\xinput1_3.dll
2008-11-08 12:22 . 2006-07-28 09:30 62,744 --a------ c:\windows\system32\xinput1_2.dll
2008-11-08 12:22 . 2006-11-15 11:38 15,128 --a------ c:\windows\system32\x3daudio1_1.dll
2008-11-08 12:21 . 2005-05-26 15:34 2,297,552 --a------ c:\windows\system32\d3dx9_26.dll
2008-11-08 11:58 . 2008-11-08 11:58 <DIR> d-------- c:\documents and settings\Owner\Application Data\Sonic
2008-11-08 11:58 . 2008-11-08 11:58 <DIR> d-------- c:\documents and settings\Owner\Application Data\Leadertech
2008-11-08 11:58 . 2008-11-08 11:58 <DIR> d-------- c:\documents and settings\Owner\Application Data\DAEMON Tools
2008-11-07 17:17 . 2008-06-10 02:32 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-11-05 14:25 . 2008-11-05 14:25 <DIR> d-------- c:\windows\Applian FLV Player
2008-11-05 14:25 . 2008-11-05 14:25 <DIR> d-------- c:\program files\FLV Player
2008-11-05 13:30 . 2008-11-05 13:30 <DIR> d-------- c:\program files\SopCast
2008-11-01 16:45 . 2008-11-01 16:45 <DIR> d-------- c:\program files\Microsoft CAPICOM 2.1.0.2
2008-10-31 14:32 . 2008-10-31 14:32 <DIR> d-------- c:\windows\Sun
2008-10-31 10:15 . 2008-10-31 10:15 <DIR> d-------- c:\documents and settings\Owner\Application Data\Windows Search
2008-10-30 17:33 . 2008-10-31 22:34 <DIR> d-------- c:\documents and settings\Owner\Application Data\Apple Computer
2008-10-30 17:33 . 2008-04-17 12:12 107,368 --a------ c:\windows\system32\GEARAspi.dll
2008-10-30 17:33 . 2008-04-17 12:12 15,464 --a------ c:\windows\system32\drivers\GEARAspiWDM.sys
2008-10-30 17:32 . 2008-10-30 17:33 <DIR> d-------- c:\program files\iTunes
2008-10-30 17:32 . 2008-10-30 17:32 <DIR> d-------- c:\program files\iPod
2008-10-30 17:32 . 2008-10-30 17:33 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-30 17:31 . 2008-10-30 17:32 <DIR> d-------- c:\program files\QuickTime
2008-10-30 17:31 . 2008-10-30 17:32 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple Computer
2008-10-30 17:30 . 2008-10-30 17:30 <DIR> d-------- c:\program files\Apple Software Update
2008-10-30 17:30 . 2008-10-01 12:01 32,000 --a------ c:\windows\system32\drivers\usbaapl.sys
2008-10-30 17:29 . 2008-10-30 17:31 <DIR> d-------- c:\program files\Common Files\Apple
2008-10-30 17:29 . 2008-10-30 17:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple
2008-10-30 17:16 . 2008-04-13 16:12 159,232 --a------ c:\windows\system32\ptpusd.dll
2008-10-30 17:16 . 2008-04-13 10:45 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2008-10-30 17:16 . 2008-04-13 10:45 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys
2008-10-30 17:16 . 2001-08-17 21:36 5,632 --a------ c:\windows\system32\ptpusb.dll
2008-10-29 17:40 . 2008-10-29 17:40 <DIR> d-------- c:\documents and settings\Owner\Application Data\vlc
2008-10-29 17:28 . 2008-10-29 17:28 <DIR> d-------- c:\program files\VideoLAN
2008-10-29 17:28 . 2008-10-29 17:28 <DIR> d-------- c:\program files\StreamerOne
2008-10-29 13:54 . 2008-11-12 19:35 <DIR> d-------- c:\program files\DNA
2008-10-29 13:54 . 2008-11-12 19:35 <DIR> d-------- c:\documents and settings\Owner\Application Data\DNA
2008-10-27 18:27 . 2008-10-27 18:27 <DIR> d-------- c:\program files\WinSCP
2008-10-27 18:15 . 2008-10-27 18:15 <DIR> d-------- c:\program files\cygwin
2008-10-27 18:15 . 2008-10-27 19:39 <DIR> d-------- C:\cygwin
2008-10-27 13:44 . 2008-11-12 19:36 <DIR> d-------- c:\documents and settings\Owner\Application Data\skypePM
2008-10-27 13:44 . 2008-10-27 13:44 56 --ah----- c:\windows\system32\ezsidmv.dat
2008-10-27 13:43 . 2008-10-27 13:43 <DIR> d-------- c:\program files\Skype
2008-10-27 13:43 . 2008-10-27 13:43 <DIR> d-------- c:\program files\Common Files\Skype
2008-10-27 13:43 . 2008-11-12 19:36 <DIR> d-------- c:\documents and settings\Owner\Application Data\Skype
2008-10-27 13:43 . 2008-10-27 13:43 <DIR> d-------- c:\documents and settings\All Users\Application Data\Skype
2008-10-27 13:28 . 2005-06-18 17:57 25,088 --a------ c:\windows\system32\spdifcp.dll
2008-10-27 13:22 . 2008-10-27 13:22 <DIR> d-------- c:\documents and settings\Owner\Application Data\Windows Desktop Search
2008-10-27 13:21 . 2008-10-27 13:21 <DIR> d-------- c:\windows\system32\GroupPolicy
2008-10-27 13:21 . 2008-10-27 13:21 <DIR> d-------- c:\program files\Windows Desktop Search
2008-10-27 13:19 . 2008-03-07 12:02 192,000 -----c--- c:\windows\system32\dllcache\offfilt.dll
2008-10-27 13:19 . 2008-03-07 12:02 98,304 -----c--- c:\windows\system32\dllcache\nlhtml.dll
2008-10-27 13:19 . 2008-03-07 12:02 29,696 -----c--- c:\windows\system32\dllcache\mimefilt.dll
2008-10-27 13:18 . 2007-07-30 18:19 271,224 --a------ c:\windows\system32\mucltui.dll
2008-10-27 13:18 . 2007-07-30 18:19 207,736 --a------ c:\windows\system32\muweb.dll
2008-10-27 13:18 . 2007-07-30 18:19 30,072 --a------ c:\windows\system32\mucltui.dll.mui
2008-10-27 12:57 . 2008-10-27 12:57 <DIR> d-------- c:\documents and settings\Owner\Application Data\MathWorks
2008-10-27 12:34 . 2008-10-27 12:34 <DIR> d-------- c:\program files\MATLAB
2008-10-27 09:36 . 2008-10-31 17:45 <DIR> d-------- c:\documents and settings\Owner\Application Data\AdobeUM
2008-10-27 09:20 . 2008-11-11 09:58 <DIR> d-------- C:\swp55
2008-10-27 09:08 . 2006-10-26 18:56 32,592 --a------ c:\windows\system32\msonpmon.dll
2008-10-27 08:58 . 2008-11-11 09:51 <DIR> d-------- c:\documents and settings\All Users\Application Data\Microsoft Help
2008-10-27 08:31 . 2008-11-08 16:50 229,376 --a------ c:\documents and settings\Owner\cwshredder.dll
2008-10-27 00:15 . 2008-10-27 00:15 <DIR> d-------- C:\research2
2008-10-26 17:13 . 2008-10-26 17:13 <DIR> d-------- c:\documents and settings\Owner\Application Data\Roxio
2008-10-26 12:54 . 2008-10-26 12:54 <DIR> d-------- c:\program files\Common Files\Cisco Systems
2008-10-26 12:54 . 2008-11-11 14:06 <DIR> d-------- c:\documents and settings\All Users\Application Data\McAfee
2008-10-26 12:41 . 2008-10-26 12:41 0 --a------ c:\windows\nsreg.dat
2008-10-25 18:54 . 2008-10-25 18:54 <DIR> d-------- c:\program files\MSXML 4.0
2008-10-25 18:52 . 2008-10-03 12:41 6,066,176 -----c--- c:\windows\system32\dllcache\ieframe.dll
2008-10-25 18:52 . 2007-04-17 04:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat
2008-10-25 18:52 . 2007-03-08 00:10 991,232 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui
2008-10-25 18:52 . 2008-08-26 02:24 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll
2008-10-25 18:52 . 2008-08-26 02:24 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll
2008-10-25 18:52 . 2008-08-26 02:24 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll
2008-10-25 18:52 . 2008-08-26 02:24 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll
2008-10-25 18:52 . 2008-08-26 02:24 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll
2008-10-25 18:52 . 2008-08-25 03:38 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe
2008-10-25 18:46 . 2008-10-25 18:46 <DIR> d-------- c:\program files\Windows Media Connect 2
2008-10-25 18:44 . 2008-10-25 18:44 <DIR> d-------- c:\windows\system32\LogFiles
2008-10-25 18:44 . 2008-10-25 18:45 <DIR> d-------- c:\windows\system32\drivers\UMDF
2008-10-25 18:40 . 2008-09-08 05:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys
2008-10-25 18:40 . 2008-06-13 06:05 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys
2008-10-25 18:40 . 2008-07-07 15:26 253,952 -----c--- c:\windows\system32\dllcache\es.dll
2008-10-25 18:40 . 2008-05-08 09:02 203,136 -----c--- c:\windows\system32\dllcache\rmcast.sys
2008-10-25 18:40 . 2008-05-09 05:53 180,224 -----c--- c:\windows\system32\dllcache\scrobj.dll
2008-10-25 18:40 . 2008-05-09 05:53 172,032 -----c--- c:\windows\system32\dllcache\scrrun.dll
2008-10-25 18:40 . 2008-05-08 06:24 155,648 -----c--- c:\windows\system32\dllcache\wscript.exe
2008-10-25 18:40 . 2008-05-09 03:45 135,168 -----c--- c:\windows\system32\dllcache\cscript.exe
2008-10-25 18:40 . 2008-05-09 05:53 90,112 -----c--- c:\windows\system32\dllcache\wshext.dll
2008-10-25 18:40 . 2008-06-24 11:43 74,240 -----c--- c:\windows\system32\dllcache\mscms.dll
2008-10-25 18:39 . 2008-09-15 07:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys
2008-10-25 18:39 . 2008-05-07 00:12 1,288,192 -----c--- c:\windows\system32\dllcache\quartz.dll
2008-10-25 18:38 . 2008-08-14 05:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-25 18:38 . 2008-08-14 05:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-25 18:38 . 2008-08-14 04:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-25 18:38 . 2008-08-14 04:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-10-25 18:35 . 2008-04-11 14:04 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll
2008-10-25 18:35 . 2008-05-01 09:33 331,776 -----c--- c:\windows\system32\dllcache\msadce.dll
2008-10-25 18:34 . 2008-10-15 11:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2008-10-25 18:30 . 2008-10-25 18:30 0 --a------ c:\windows\tosOBEX.INI
2008-10-25 18:24 . 2008-10-25 18:24 <DIR> d-------- c:\windows\system32\scripting
2008-10-25 18:24 . 2008-10-25 18:24 <DIR> d-------- c:\windows\system32\en
2008-10-25 18:24 . 2008-10-25 18:24 <DIR> d-------- c:\windows\system32\bits

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-11 15:04 --------- d-----w c:\program files\Common Files\Adobe
2008-11-11 15:02 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-07 22:17 --------- d-----w c:\program files\Java
2008-10-25 23:44 --------- d-----w c:\program files\Windows Media Connect
2008-10-25 21:59 --------- d-----w c:\program files\Sony
2008-10-25 21:49 --------- d-----w c:\program files\Common Files\Sony Shared
2008-10-25 21:49 --------- d-----w c:\documents and settings\All Users\Application Data\Sony Corporation
2008-10-25 21:26 --------- d-----w c:\documents and settings\Administrator\Application Data\Sony Corporation
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
.

((((((((((((((((((((((((((((( snapshot@2008-11-11_10.41.29.65 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-24 11:21:09 455,296 ------w c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2008-11-11 23:44:54 32,768 ----a-r c:\windows\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}\icon.exe
- 2008-04-14 00:12:01 1,306,624 -c----w c:\windows\system32\dllcache\msxml6.dll
+ 2008-09-10 01:14:56 1,307,648 -c----w c:\windows\system32\dllcache\msxml6.dll
- 2008-10-07 19:19:42 16,721,856 ----a-w c:\windows\system32\MRT.exe
+ 2008-11-04 00:10:25 17,318,336 ----a-w c:\windows\system32\MRT.exe
- 2008-04-14 00:12:01 1,104,896 ----a-w c:\windows\system32\msxml3.dll
+ 2008-09-04 17:15:04 1,106,944 ----a-w c:\windows\system32\msxml3.dll
- 2007-05-08 22:03:04 1,275,392 ----a-w c:\windows\system32\msxml4.dll
+ 2008-09-30 21:43:34 1,286,152 ----a-w c:\windows\system32\msxml4.dll
- 2008-04-14 00:12:01 1,306,624 ------w c:\windows\system32\msxml6.dll
+ 2008-09-10 01:14:56 1,307,648 ----a-w c:\windows\system32\msxml6.dll
- 2007-07-27 17:41:40 16,760 ------w c:\windows\system32\spmsg.dll
+ 2008-07-08 13:02:01 17,272 ------w c:\windows\system32\spmsg.dll
+ 2008-11-13 00:33:20 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_2e0.dat
+ 2008-09-30 21:42:08 1,286,152 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9870.0_x-ww_a32d74cf\msxml4.dll
+ 2008-09-30 21:45:12 91,656 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.1.0_x-ww_2a41bceb\msxml4r.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-09-23 21755688]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-11-11 342336]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-17 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-17 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-17 118784]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-11-17 118784]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-02-28 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-02-28 602182]
"EOUApp"="c:\program files\Intel\Wireless\Bin\EOUWiz.exe" [2006-02-28 569413]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-20 7561216]
"VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-19 28672]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2006-06-13 217088]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]
"VAIO Update 2"="c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-10-11 151552]
"NapsterShell"="c:\program files\Napster\napster.exe" [2006-06-29 319488]
"Switcher.exe"="c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2006-02-14 176128]
"DISCover"="c:\program files\DISC\DISCover.exe" [2006-06-01 1077248]
"Biomenu"="c:\program files\Protector Suite QL\menusw.exe" [2006-02-22 1354240]
"VAIOSurvey"="c:\program files\sony\vaio survey\surveysa.exe" [2005-06-13 258048]
"VAIOCameraUtility"="c:\program files\Sony\VAIO Camera Utility\VCUServe.exe" [2005-12-27 69632]
"HostManager"="c:\program files\Common Files\AOL\1224971836\ee\AOLSoftware.exe" [2006-04-13 50792]
"PartSeal"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-19 28672]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-01-24 111952]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2007-10-25 136512]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 29696]
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2006-04-07 1773568]
Trend Micro Anti-Spyware.lnk - c:\program files\Trend Micro\Tmas\Tmas.exe [2008-10-25 1310720]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{03A80B1D-5C6A-42c2-9DFB-81B6005D8023}"= "c:\program files\Trend Micro\Tmas\sshook.dll" [2008-10-25 77824]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2006-02-22 20:11 39936 c:\windows\system32\fusstub.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2006-03-09 16:51 73728 c:\windows\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= c:\progra~1\COMMON~1\SONYSH~1\VideoLib\sonydv.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli fusstub

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\cygwin\\usr\\X11R6\\bin\\XWin.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\StreamerOne\\StreamerOne.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 shpf;Sony HDD Protection Filter Driver;c:\windows\system32\DRIVERS\shpf.sys [2005-11-21 9216]
R2 FdRedir;FdRedir;c:\program files\Common Files\Protector Suite QL\Drivers\FdRedir.sys [2006-02-22 13440]
R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\Common Files\Protector Suite QL\Drivers\filedisk.sys [2006-02-22 33024]
R3 IFXTPM;IFXTPM;c:\windows\system32\DRIVERS\IFXTPM.SYS [2005-10-21 36352]
R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\DRIVERS\SonyImgF.sys [2006-03-06 30080]
R3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\DRIVERS\SonyPI.sys [2003-06-18 71961]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2006-02-21 226304]
S1 d3f96ca3;d3f96ca3;c:\windows\system32\drivers\d3f96ca3.sys [ ]
S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment;c:\program files\Sony\Image Converter 2\IcVzMon.exe [2005-07-14 32768]
.
Contents of the 'Scheduled Tasks' folder

2008-10-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-12 19:35:27
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\program files\McAfee\VirusScan Enterprise\Mcshield.exe
c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe
c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\windows\system32\searchindexer.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Apoint\ApntEx.exe
c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\McAfee\Common Framework\Mctray.exe
c:\program files\DISC\DiscStreamHub.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Completion time: 2008-11-12 19:41:32 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-13 00:41:26
ComboFix2.txt 2008-11-12 17:16:43
ComboFix3.txt 2008-11-11 15:41:57

Pre-Run: 100,820,160,512 bytes free
Post-Run: 100,807,163,904 bytes free

309 --- E O F --- 2008-11-01 22:12:28

Kaspersky

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Thursday, November 13, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, November 12, 2008 22:52:42
Records in database: 1382106
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Files scanned: 173904
Threat name: 2
Infected objects: 2
Suspicious objects: 0
Duration of the scan: 01:51:30

File name / Threat name / Threats count
C:\Qoobox\Quarantine\C\WINDOWS\system32\mkrnl.exe.vir Infected: Trojan.Win32.FraudPack.guu 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\prun.exe.vir Infected: Trojan.Win32.VB.gop 1

The selected area was scanned.

Thanks again

11-13-2008, 11:08 AM	#7 (permalink)
minaccia Registered User Join Date: Nov 2008 Posts: 7 OS: xp sp3	Re: probable spyware +windows alert messages Hi sjb007, thanks for your effort again. Again I followed your instructions and below you may find the reports: Combofix ComboFix 08-11-11.01 - Owner 2008-11-12 19:29:13.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.997 [GMT -5:00] Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt * Created a new restore point * Resident AV is active FILE :: c:\windows\system32\epoPGPsdk.dll c:\windows\system32\epoPGPsdk.dll.sig . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\epoPGPsdk.dll c:\windows\system32\epoPGPsdk.dll.sig . ((((((((((((((((((((((((( Files Created from 2008-10-13 to 2008-11-13 ))))))))))))))))))))))))))))))) . 2008-11-11 18:44 . 2008-10-24 06:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys 2008-11-11 18:43 . 2008-09-04 12:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll 2008-11-11 14:05 . 2008-11-11 14:06 <DIR> d-------- c:\program files\McAfee 2008-11-11 14:05 . 2008-11-11 14:05 <DIR> d-------- c:\program files\Common Files\McAfee 2008-11-11 14:05 . 2008-01-24 20:50 171,400 --a------ c:\windows\system32\drivers\mfehidk.sys 2008-11-11 14:05 . 2008-01-24 20:50 72,936 --a------ c:\windows\system32\drivers\mfeavfk.sys 2008-11-11 14:05 . 2008-01-24 20:50 64,232 --a------ c:\windows\system32\drivers\mfeapfk.sys 2008-11-11 14:05 . 2008-01-24 20:50 52,104 --a------ c:\windows\system32\drivers\mfetdik.sys 2008-11-11 14:05 . 2008-01-24 20:50 33,960 --a------ c:\windows\system32\drivers\mfebopk.sys 2008-11-09 13:20 . 2008-11-12 10:57 <DIR> d-------- c:\program files\Spybot - Search & Destroy 2008-11-09 13:20 . 2008-11-12 10:56 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2008-11-08 17:58 . 2008-11-08 17:58 <DIR> d-------- C:\rsit 2008-11-08 17:37 . 2008-11-08 17:40 250 --a------ c:\windows\gmer.ini 2008-11-08 16:35 . 2008-11-08 16:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\NVIDIA 2008-11-08 14:30 . 2008-11-08 14:30 <DIR> d-------- c:\documents and settings\Owner\Application Data\McAfee 2008-11-08 13:09 . 2008-11-12 12:05 <DIR> d-------- C:\Temp 2008-11-08 13:09 . 2008-11-12 19:29 <DIR> d-------- C:\QUARANTINE 2008-11-08 12:49 . 2008-11-08 12:49 107,888 --a------ c:\windows\system32\CmdLineExt.dll 2008-11-08 12:22 . 2006-11-29 13:06 3,426,072 --a------ c:\windows\system32\d3dx9_32.dll 2008-11-08 12:22 . 2006-09-28 16:05 2,414,360 --a------ c:\windows\system32\d3dx9_31.dll 2008-11-08 12:22 . 2006-12-08 12:02 251,672 --a------ c:\windows\system32\xactengine2_5.dll 2008-11-08 12:22 . 2006-09-28 16:05 237,848 --a------ c:\windows\system32\xactengine2_4.dll 2008-11-08 12:22 . 2006-07-28 09:30 236,824 --a------ c:\windows\system32\xactengine2_3.dll 2008-11-08 12:22 . 2006-09-28 16:04 68,888 --a------ c:\windows\system32\xinput1_3.dll 2008-11-08 12:22 . 2006-07-28 09:30 62,744 --a------ c:\windows\system32\xinput1_2.dll 2008-11-08 12:22 . 2006-11-15 11:38 15,128 --a------ c:\windows\system32\x3daudio1_1.dll 2008-11-08 12:21 . 2005-05-26 15:34 2,297,552 --a------ c:\windows\system32\d3dx9_26.dll 2008-11-08 11:58 . 2008-11-08 11:58 <DIR> d-------- c:\documents and settings\Owner\Application Data\Sonic 2008-11-08 11:58 . 2008-11-08 11:58 <DIR> d-------- c:\documents and settings\Owner\Application Data\Leadertech 2008-11-08 11:58 . 2008-11-08 11:58 <DIR> d-------- c:\documents and settings\Owner\Application Data\DAEMON Tools 2008-11-07 17:17 . 2008-06-10 02:32 73,728 --a------ c:\windows\system32\javacpl.cpl 2008-11-05 14:25 . 2008-11-05 14:25 <DIR> d-------- c:\windows\Applian FLV Player 2008-11-05 14:25 . 2008-11-05 14:25 <DIR> d-------- c:\program files\FLV Player 2008-11-05 13:30 . 2008-11-05 13:30 <DIR> d-------- c:\program files\SopCast 2008-11-01 16:45 . 2008-11-01 16:45 <DIR> d-------- c:\program files\Microsoft CAPICOM 2.1.0.2 2008-10-31 14:32 . 2008-10-31 14:32 <DIR> d-------- c:\windows\Sun 2008-10-31 10:15 . 2008-10-31 10:15 <DIR> d-------- c:\documents and settings\Owner\Application Data\Windows Search 2008-10-30 17:33 . 2008-10-31 22:34 <DIR> d-------- c:\documents and settings\Owner\Application Data\Apple Computer 2008-10-30 17:33 . 2008-04-17 12:12 107,368 --a------ c:\windows\system32\GEARAspi.dll 2008-10-30 17:33 . 2008-04-17 12:12 15,464 --a------ c:\windows\system32\drivers\GEARAspiWDM.sys 2008-10-30 17:32 . 2008-10-30 17:33 <DIR> d-------- c:\program files\iTunes 2008-10-30 17:32 . 2008-10-30 17:32 <DIR> d-------- c:\program files\iPod 2008-10-30 17:32 . 2008-10-30 17:33 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-10-30 17:31 . 2008-10-30 17:32 <DIR> d-------- c:\program files\QuickTime 2008-10-30 17:31 . 2008-10-30 17:32 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple Computer 2008-10-30 17:30 . 2008-10-30 17:30 <DIR> d-------- c:\program files\Apple Software Update 2008-10-30 17:30 . 2008-10-01 12:01 32,000 --a------ c:\windows\system32\drivers\usbaapl.sys 2008-10-30 17:29 . 2008-10-30 17:31 <DIR> d-------- c:\program files\Common Files\Apple 2008-10-30 17:29 . 2008-10-30 17:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple 2008-10-30 17:16 . 2008-04-13 16:12 159,232 --a------ c:\windows\system32\ptpusd.dll 2008-10-30 17:16 . 2008-04-13 10:45 15,104 --a------ c:\windows\system32\drivers\usbscan.sys 2008-10-30 17:16 . 2008-04-13 10:45 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys 2008-10-30 17:16 . 2001-08-17 21:36 5,632 --a------ c:\windows\system32\ptpusb.dll 2008-10-29 17:40 . 2008-10-29 17:40 <DIR> d-------- c:\documents and settings\Owner\Application Data\vlc 2008-10-29 17:28 . 2008-10-29 17:28 <DIR> d-------- c:\program files\VideoLAN 2008-10-29 17:28 . 2008-10-29 17:28 <DIR> d-------- c:\program files\StreamerOne 2008-10-29 13:54 . 2008-11-12 19:35 <DIR> d-------- c:\program files\DNA 2008-10-29 13:54 . 2008-11-12 19:35 <DIR> d-------- c:\documents and settings\Owner\Application Data\DNA 2008-10-27 18:27 . 2008-10-27 18:27 <DIR> d-------- c:\program files\WinSCP 2008-10-27 18:15 . 2008-10-27 18:15 <DIR> d-------- c:\program files\cygwin 2008-10-27 18:15 . 2008-10-27 19:39 <DIR> d-------- C:\cygwin 2008-10-27 13:44 . 2008-11-12 19:36 <DIR> d-------- c:\documents and settings\Owner\Application Data\skypePM 2008-10-27 13:44 . 2008-10-27 13:44 56 --ah----- c:\windows\system32\ezsidmv.dat 2008-10-27 13:43 . 2008-10-27 13:43 <DIR> d-------- c:\program files\Skype 2008-10-27 13:43 . 2008-10-27 13:43 <DIR> d-------- c:\program files\Common Files\Skype 2008-10-27 13:43 . 2008-11-12 19:36 <DIR> d-------- c:\documents and settings\Owner\Application Data\Skype 2008-10-27 13:43 . 2008-10-27 13:43 <DIR> d-------- c:\documents and settings\All Users\Application Data\Skype 2008-10-27 13:28 . 2005-06-18 17:57 25,088 --a------ c:\windows\system32\spdifcp.dll 2008-10-27 13:22 . 2008-10-27 13:22 <DIR> d-------- c:\documents and settings\Owner\Application Data\Windows Desktop Search 2008-10-27 13:21 . 2008-10-27 13:21 <DIR> d-------- c:\windows\system32\GroupPolicy 2008-10-27 13:21 . 2008-10-27 13:21 <DIR> d-------- c:\program files\Windows Desktop Search 2008-10-27 13:19 . 2008-03-07 12:02 192,000 -----c--- c:\windows\system32\dllcache\offfilt.dll 2008-10-27 13:19 . 2008-03-07 12:02 98,304 -----c--- c:\windows\system32\dllcache\nlhtml.dll 2008-10-27 13:19 . 2008-03-07 12:02 29,696 -----c--- c:\windows\system32\dllcache\mimefilt.dll 2008-10-27 13:18 . 2007-07-30 18:19 271,224 --a------ c:\windows\system32\mucltui.dll 2008-10-27 13:18 . 2007-07-30 18:19 207,736 --a------ c:\windows\system32\muweb.dll 2008-10-27 13:18 . 2007-07-30 18:19 30,072 --a------ c:\windows\system32\mucltui.dll.mui 2008-10-27 12:57 . 2008-10-27 12:57 <DIR> d-------- c:\documents and settings\Owner\Application Data\MathWorks 2008-10-27 12:34 . 2008-10-27 12:34 <DIR> d-------- c:\program files\MATLAB 2008-10-27 09:36 . 2008-10-31 17:45 <DIR> d-------- c:\documents and settings\Owner\Application Data\AdobeUM 2008-10-27 09:20 . 2008-11-11 09:58 <DIR> d-------- C:\swp55 2008-10-27 09:08 . 2006-10-26 18:56 32,592 --a------ c:\windows\system32\msonpmon.dll 2008-10-27 08:58 . 2008-11-11 09:51 <DIR> d-------- c:\documents and settings\All Users\Application Data\Microsoft Help 2008-10-27 08:31 . 2008-11-08 16:50 229,376 --a------ c:\documents and settings\Owner\cwshredder.dll 2008-10-27 00:15 . 2008-10-27 00:15 <DIR> d-------- C:\research2 2008-10-26 17:13 . 2008-10-26 17:13 <DIR> d-------- c:\documents and settings\Owner\Application Data\Roxio 2008-10-26 12:54 . 2008-10-26 12:54 <DIR> d-------- c:\program files\Common Files\Cisco Systems 2008-10-26 12:54 . 2008-11-11 14:06 <DIR> d-------- c:\documents and settings\All Users\Application Data\McAfee 2008-10-26 12:41 . 2008-10-26 12:41 0 --a------ c:\windows\nsreg.dat 2008-10-25 18:54 . 2008-10-25 18:54 <DIR> d-------- c:\program files\MSXML 4.0 2008-10-25 18:52 . 2008-10-03 12:41 6,066,176 -----c--- c:\windows\system32\dllcache\ieframe.dll 2008-10-25 18:52 . 2007-04-17 04:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat 2008-10-25 18:52 . 2007-03-08 00:10 991,232 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui 2008-10-25 18:52 . 2008-08-26 02:24 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll 2008-10-25 18:52 . 2008-08-26 02:24 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll 2008-10-25 18:52 . 2008-08-26 02:24 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll 2008-10-25 18:52 . 2008-08-26 02:24 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll 2008-10-25 18:52 . 2008-08-26 02:24 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll 2008-10-25 18:52 . 2008-08-25 03:38 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe 2008-10-25 18:46 . 2008-10-25 18:46 <DIR> d-------- c:\program files\Windows Media Connect 2 2008-10-25 18:44 . 2008-10-25 18:44 <DIR> d-------- c:\windows\system32\LogFiles 2008-10-25 18:44 . 2008-10-25 18:45 <DIR> d-------- c:\windows\system32\drivers\UMDF 2008-10-25 18:40 . 2008-09-08 05:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys 2008-10-25 18:40 . 2008-06-13 06:05 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys 2008-10-25 18:40 . 2008-07-07 15:26 253,952 -----c--- c:\windows\system32\dllcache\es.dll 2008-10-25 18:40 . 2008-05-08 09:02 203,136 -----c--- c:\windows\system32\dllcache\rmcast.sys 2008-10-25 18:40 . 2008-05-09 05:53 180,224 -----c--- c:\windows\system32\dllcache\scrobj.dll 2008-10-25 18:40 . 2008-05-09 05:53 172,032 -----c--- c:\windows\system32\dllcache\scrrun.dll 2008-10-25 18:40 . 2008-05-08 06:24 155,648 -----c--- c:\windows\system32\dllcache\wscript.exe 2008-10-25 18:40 . 2008-05-09 03:45 135,168 -----c--- c:\windows\system32\dllcache\cscript.exe 2008-10-25 18:40 . 2008-05-09 05:53 90,112 -----c--- c:\windows\system32\dllcache\wshext.dll 2008-10-25 18:40 . 2008-06-24 11:43 74,240 -----c--- c:\windows\system32\dllcache\mscms.dll 2008-10-25 18:39 . 2008-09-15 07:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys 2008-10-25 18:39 . 2008-05-07 00:12 1,288,192 -----c--- c:\windows\system32\dllcache\quartz.dll 2008-10-25 18:38 . 2008-08-14 05:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe 2008-10-25 18:38 . 2008-08-14 05:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe 2008-10-25 18:38 . 2008-08-14 04:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe 2008-10-25 18:38 . 2008-08-14 04:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe 2008-10-25 18:35 . 2008-04-11 14:04 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll 2008-10-25 18:35 . 2008-05-01 09:33 331,776 -----c--- c:\windows\system32\dllcache\msadce.dll 2008-10-25 18:34 . 2008-10-15 11:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll 2008-10-25 18:30 . 2008-10-25 18:30 0 --a------ c:\windows\tosOBEX.INI 2008-10-25 18:24 . 2008-10-25 18:24 <DIR> d-------- c:\windows\system32\scripting 2008-10-25 18:24 . 2008-10-25 18:24 <DIR> d-------- c:\windows\system32\en 2008-10-25 18:24 . 2008-10-25 18:24 <DIR> d-------- c:\windows\system32\bits . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-11 15:04 --------- d-----w c:\program files\Common Files\Adobe 2008-11-11 15:02 --------- d--h--w c:\program files\InstallShield Installation Information 2008-11-07 22:17 --------- d-----w c:\program files\Java 2008-10-25 23:44 --------- d-----w c:\program files\Windows Media Connect 2008-10-25 21:59 --------- d-----w c:\program files\Sony 2008-10-25 21:49 --------- d-----w c:\program files\Common Files\Sony Shared 2008-10-25 21:49 --------- d-----w c:\documents and settings\All Users\Application Data\Sony Corporation 2008-10-25 21:26 --------- d-----w c:\documents and settings\Administrator\Application Data\Sony Corporation 2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys . ((((((((((((((((((((((((((((( snapshot@2008-11-11_10.41.29.65 ))))))))))))))))))))))))))))))))))))))))) . + 2008-10-24 11:21:09 455,296 ------w c:\windows\Driver Cache\i386\mrxsmb.sys + 2008-11-11 23:44:54 32,768 ----a-r c:\windows\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}\icon.exe - 2008-04-14 00:12:01 1,306,624 -c----w c:\windows\system32\dllcache\msxml6.dll + 2008-09-10 01:14:56 1,307,648 -c----w c:\windows\system32\dllcache\msxml6.dll - 2008-10-07 19:19:42 16,721,856 ----a-w c:\windows\system32\MRT.exe + 2008-11-04 00:10:25 17,318,336 ----a-w c:\windows\system32\MRT.exe - 2008-04-14 00:12:01 1,104,896 ----a-w c:\windows\system32\msxml3.dll + 2008-09-04 17:15:04 1,106,944 ----a-w c:\windows\system32\msxml3.dll - 2007-05-08 22:03:04 1,275,392 ----a-w c:\windows\system32\msxml4.dll + 2008-09-30 21:43:34 1,286,152 ----a-w c:\windows\system32\msxml4.dll - 2008-04-14 00:12:01 1,306,624 ------w c:\windows\system32\msxml6.dll + 2008-09-10 01:14:56 1,307,648 ----a-w c:\windows\system32\msxml6.dll - 2007-07-27 17:41:40 16,760 ------w c:\windows\system32\spmsg.dll + 2008-07-08 13:02:01 17,272 ------w c:\windows\system32\spmsg.dll + 2008-11-13 00:33:20 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_2e0.dat + 2008-09-30 21:42:08 1,286,152 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9870.0_x-ww_a32d74cf\msxml4.dll + 2008-09-30 21:45:12 91,656 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.1.0_x-ww_2a41bceb\msxml4r.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-09-23 21755688] "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-11-11 342336] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-17 98304] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-17 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-17 118784] "Apoint"="c:\program files\Apoint\Apoint.exe" [2004-11-17 118784] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-02-28 667718] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-02-28 602182] "EOUApp"="c:\program files\Intel\Wireless\Bin\EOUWiz.exe" [2006-02-28 569413] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-20 7561216] "VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-19 28672] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2006-06-13 217088] "ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768] "VAIO Update 2"="c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-10-11 151552] "NapsterShell"="c:\program files\Napster\napster.exe" [2006-06-29 319488] "Switcher.exe"="c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2006-02-14 176128] "DISCover"="c:\program files\DISC\DISCover.exe" [2006-06-01 1077248] "Biomenu"="c:\program files\Protector Suite QL\menusw.exe" [2006-02-22 1354240] "VAIOSurvey"="c:\program files\sony\vaio survey\surveysa.exe" [2005-06-13 258048] "VAIOCameraUtility"="c:\program files\Sony\VAIO Camera Utility\VCUServe.exe" [2005-12-27 69632] "HostManager"="c:\program files\Common Files\AOL\1224971836\ee\AOLSoftware.exe" [2006-04-13 50792] "PartSeal"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-19 28672] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576] "ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-01-24 111952] "McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2007-10-25 136512] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 29696] Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2006-04-07 1773568] Trend Micro Anti-Spyware.lnk - c:\program files\Trend Micro\Tmas\Tmas.exe [2008-10-25 1310720] Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{03A80B1D-5C6A-42c2-9DFB-81B6005D8023}"= "c:\program files\Trend Micro\Tmas\sshook.dll" [2008-10-25 77824] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus] 2006-02-22 20:11 39936 c:\windows\system32\fusstub.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon] 2006-03-09 16:51 73728 c:\windows\system32\VESWinlogon.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.dvsd"= c:\progra~1\COMMON~1\SONYSH~1\VideoLib\sonydv.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli fusstub [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\DISC\\DISCover.exe"= "c:\\Program Files\\DISC\\DiscStreamHub.exe"= "c:\\Program Files\\DISC\\myFTP.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\cygwin\\usr\\X11R6\\bin\\XWin.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "c:\\Program Files\\StreamerOne\\StreamerOne.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\SopCast\\adv\\SopAdver.exe"= "c:\\Program Files\\SopCast\\SopCast.exe"= "c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R0 shpf;Sony HDD Protection Filter Driver;c:\windows\system32\DRIVERS\shpf.sys [2005-11-21 9216] R2 FdRedir;FdRedir;c:\program files\Common Files\Protector Suite QL\Drivers\FdRedir.sys [2006-02-22 13440] R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\Common Files\Protector Suite QL\Drivers\filedisk.sys [2006-02-22 33024] R3 IFXTPM;IFXTPM;c:\windows\system32\DRIVERS\IFXTPM.SYS [2005-10-21 36352] R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\DRIVERS\SonyImgF.sys [2006-03-06 30080] R3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\DRIVERS\SonyPI.sys [2003-06-18 71961] R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2006-02-21 226304] S1 d3f96ca3;d3f96ca3;c:\windows\system32\drivers\d3f96ca3.sys [ ] S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment;c:\program files\Sony\Image Converter 2\IcVzMon.exe [2005-07-14 32768] . Contents of the 'Scheduled Tasks' folder 2008-10-30 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-12 19:35:27 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . ------------------------ Other Running Processes ------------------------ . c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\program files\Intel\Wireless\Bin\S24EvMon.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\McAfee\Common Framework\FrameworkService.exe c:\program files\McAfee\VirusScan Enterprise\Mcshield.exe c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe c:\windows\system32\nvsvc32.exe c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\program files\Sony\VAIO Event Service\VESMgr.exe c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe c:\windows\system32\searchindexer.exe c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\program files\Apoint\ApntEx.exe c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe c:\program files\McAfee\Common Framework\Mctray.exe c:\program files\DISC\DiscStreamHub.exe c:\program files\iPod\bin\iPodService.exe c:\program files\Skype\Plugin Manager\skypePM.exe c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe c:\program files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe c:\windows\system32\wbem\wmiapsrv.exe . ************************************************************************ . Completion time: 2008-11-12 19:41:32 - machine was rebooted ComboFix-quarantined-files.txt 2008-11-13 00:41:26 ComboFix2.txt 2008-11-12 17:16:43 ComboFix3.txt 2008-11-11 15:41:57 Pre-Run: 100,820,160,512 bytes free Post-Run: 100,807,163,904 bytes free 309 --- E O F --- 2008-11-01 22:12:28 Kaspersky -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7 REPORT Thursday, November 13, 2008 Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Wednesday, November 12, 2008 22:52:42 Records in database: 1382106 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: C:\ D:\ E:\ Scan statistics: Files scanned: 173904 Threat name: 2 Infected objects: 2 Suspicious objects: 0 Duration of the scan: 01:51:30 File name / Threat name / Threats count C:\Qoobox\Quarantine\C\WINDOWS\system32\mkrnl.exe.vir Infected: Trojan.Win32.FraudPack.guu 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\prun.exe.vir Infected: Trojan.Win32.VB.gop 1 The selected area was scanned. Thanks again