| dralo21 |
| (new user) |
| Wed May 07 2008 05:22 AM |
Re: malware problems
|
I tried combofix in safe mode and it created a log file. Here is the file:
ComboFix 08-05-01.3 - Administrator 2008-05-06 22:46:05.4 - NTFSx86 NETWORK
Microsoft® Windows Vista™ Business 6.0.6000.0.1252.1.1033.18.1577 [GMT -5:00]
Running from: C:\Users\jeff\Desktop\ef.exe
.
((((((((((((((((((((((((( Files Created from 2008-04-07 to 2008-05-07 )))))))))))))))))))))))))))))))
.
2008-05-06 22:37 . 2008-05-06 22:37 <DIR> d-------- C:\ComboFix
2008-05-06 12:38 . 2008-05-06 12:38 <DIR> d-------- C:\Users\jeff\AppData\Roaming\webex
2008-05-06 12:37 . 2008-05-06 18:08 <DIR> d-------- C:\ProgramData\WebEx
2008-05-05 09:03 . 2008-05-05 09:03 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-03 23:34 . 2008-05-03 23:34 77 --a------ C:\Users\jeff\outlookbackup.bat
2008-04-26 01:18 . 2008-04-26 01:23 <DIR> d-------- C:\Users\jeff\AppData\Roaming\COWON
2008-04-26 00:32 . 2008-04-26 00:37 <DIR> d-------- C:\Program Files\Quintessential Player
2008-04-26 00:24 . 2008-04-26 00:26 <DIR> d-------- C:\Users\jeff\AppData\Roaming\foobar2000
2008-04-25 10:43 . 2008-04-25 10:43 <DIR> d-------- C:\Users\Administrator\AppData\Roaming\Bitdefender
2008-04-25 10:43 . 2008-04-25 10:43 <DIR> d-------- C:\Users\ADMINI~1\AppData\Roaming\Bitdefender
2008-04-25 08:20 . 2008-04-27 01:16 121 --a------ C:\Windows\bdagent.INI
2008-04-25 03:13 . 2008-04-25 03:13 <DIR> d-------- C:\Users\jeff\AppData\Roaming\BitDefender
2008-04-25 03:10 . 2008-05-03 23:22 <DIR> d-------- C:\ProgramData\BitDefender
2008-04-25 03:10 . 2008-04-25 03:10 <DIR> d-------- C:\Program Files\BitDefender
2008-04-25 03:06 . 2008-04-25 03:08 524,288 --ahs---- C:\Users\User\NTUSER.DAT{8d92f5eb-127e-11dd-a3d8-001a805712da}.TMContainer00000000000000000002.regtrans-ms
2008-04-25 03:06 . 2008-04-25 03:08 524,288 --ahs---- C:\Users\User\NTUSER.DAT{8d92f5eb-127e-11dd-a3d8-001a805712da}.TMContainer00000000000000000001.regtrans-ms
2008-04-25 03:06 . 2008-04-25 03:08 524,288 --ahs---- C:\Users\Administrator\NTUSER.DAT{8d92f5ed-127e-11dd-a3d8-001a805712da}.TMContainer00000000000000000002.regtrans-ms
2008-04-25 03:06 . 2008-04-25 03:08 524,288 --ahs---- C:\Users\Administrator\NTUSER.DAT{8d92f5ed-127e-11dd-a3d8-001a805712da}.TMContainer00000000000000000001.regtrans-ms
2008-04-25 03:06 . 2008-04-25 03:08 65,536 --ahs---- C:\Users\User\NTUSER.DAT{8d92f5eb-127e-11dd-a3d8-001a805712da}.TM.blf
2008-04-25 03:06 . 2008-04-25 03:08 65,536 --ahs---- C:\Users\Administrator\NTUSER.DAT{8d92f5ed-127e-11dd-a3d8-001a805712da}.TM.blf
2008-04-25 03:03 . 2008-04-25 03:10 <DIR> d-------- C:\Program Files\Common Files\BitDefender
2008-04-23 18:27 . 2008-04-23 18:30 <DIR> d-------- C:\Users\Administrator\AppData\Roaming\AVG7
2008-04-23 18:27 . 2008-04-23 18:30 <DIR> d-------- C:\Users\ADMINI~1\AppData\Roaming\AVG7
2008-04-22 19:54 . 2008-04-22 19:54 <DIR> d-------- C:\Program Files\Audacity
2008-04-22 18:03 . 2008-04-22 18:03 <DIR> d-------- C:\Program Files\FREE Hi-Q Recorder
2008-04-20 08:16 . 2008-04-24 23:13 <DIR> d-------- C:\Users\jeff\.jbidwatcher
2008-04-20 08:09 . 2008-04-20 08:09 <DIR> d-------- C:\Program Files\BayGenie
2008-04-15 08:47 . 2008-04-23 15:38 <DIR> d-------- C:\Program Files\eBay Auction Sniper and Auto Search
2008-04-10 18:15 . 2008-04-10 18:15 <DIR> d-------- C:\Program Files\WinSCP
2008-04-09 14:26 . 2006-08-09 00:02 39,424 --a------ C:\Windows\System32\BrUsi06c.dll
2008-04-09 13:43 . 2008-04-09 13:43 <DIR> dr------- C:\Users\jeff\AppData\Roaming\Brother
2008-04-09 13:19 . 2008-04-09 13:19 <DIR> d-------- C:\Program Files\Brother
2008-04-09 13:18 . 2001-11-15 01:00 6,224 --------- C:\Windows\CVRPAGE.BMP
2008-04-09 10:25 . 2008-04-09 14:33 410 --a------ C:\Windows\BRWMARK.INI
2008-04-09 10:25 . 2008-04-09 10:25 184 --a------ C:\Windows\System32\brsvc01a.bsi
2008-04-09 10:25 . 2008-04-09 10:25 30 --a------ C:\Windows\System32\brss01a.ini
2008-04-09 10:25 . 2008-04-09 14:33 26 --a------ C:\Windows\BRPP2KA.INI
2008-04-09 10:21 . 2006-12-08 20:43 140,800 --a------ C:\Windows\System32\BrWia06d.dll
2008-04-09 10:20 . 2008-04-09 10:20 224 --a------ C:\Windows\Brpfx04a.ini
2008-04-09 10:20 . 2008-04-09 10:20 94 --a------ C:\Windows\brpcfx.ini
2008-04-09 10:20 . 2008-04-09 13:23 50 --a------ C:\Windows\System32\m8440def.dat
2008-04-09 08:13 . 2008-02-14 18:19 944,184 --a------ C:\Windows\System32\winload.exe
2008-04-09 08:13 . 2008-02-19 00:10 620,088 --a------ C:\Windows\System32\ci.dll
2008-04-09 08:13 . 2008-02-29 01:39 371,712 --a------ C:\Windows\System32\srcore.dll
2008-04-09 08:13 . 2008-02-29 01:38 313,856 --a------ C:\Windows\System32\rstrui.exe
2008-04-09 08:13 . 2008-02-29 01:39 40,960 --a------ C:\Windows\System32\srclient.dll
2008-04-09 08:13 . 2008-02-29 01:51 19,000 --a------ C:\Windows\System32\kd1394.dll
2008-04-09 08:13 . 2008-02-29 01:38 16,384 --a------ C:\Windows\System32\srdelayed.exe
2008-04-09 08:13 . 2008-02-29 01:34 7,168 --a------ C:\Windows\System32\f3ahvoas.dll
2008-04-09 08:13 . 2008-02-29 01:35 6,656 --a------ C:\Windows\System32\kbd106n.dll
2008-04-09 08:12 . 2008-02-28 23:16 2,027,008 --a------ C:\Windows\System32\win32k.sys
2008-04-09 08:12 . 2008-02-20 23:43 296,448 --a------ C:\Windows\System32\gdi32.dll
2008-04-09 08:12 . 2008-03-07 21:14 148,992 --a------ C:\Windows\System32\drivers\ks.sys
2008-04-09 08:12 . 2007-12-16 06:42 83,968 --a------ C:\Windows\System32\dnsrslvr.dll
2008-04-09 08:12 . 2007-12-16 06:41 24,576 --a------ C:\Windows\System32\dnscacheugc.exe
2008-04-08 22:41 . 2008-04-08 22:41 <DIR> d-------- C:\ProgramData\Brother
2008-04-08 21:41 . 2008-04-14 00:14 <DIR> d-------- C:\Users\jeff\AppData\Roaming\mIRC
2008-04-08 21:41 . 2008-04-08 21:41 <DIR> d-------- C:\Program Files\mIRC
2008-04-08 10:35 . 2008-04-22 18:06 <DIR> d-------- C:\Program Files\PolderbitS
2008-04-08 10:35 . 2008-04-08 10:35 24 --a------ C:\Windows\System32\Drv32_16.ini
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-07 00:28 --------- d-----w C:\Users\jeff\AppData\Roaming\LimeWire
2008-04-27 06:16 --------- d-----w C:\Users\Administrator\AppData\Roaming\DNA
2008-04-27 06:16 --------- d-----w C:\Users\ADMINI~1\AppData\Roaming\DNA
2008-04-27 00:49 --------- d-----w C:\Users\jeff\AppData\Roaming\Skype
2008-04-26 21:30 --------- d-----w C:\Users\jeff\AppData\Roaming\skypePM
2008-04-26 06:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-26 04:37 --------- d-----w C:\ProgramData\Sony Corporation
2008-04-25 08:06 --------- d-----w C:\ProgramData\avg7
2008-04-20 13:01 --------- d-----w C:\ProgramData\WinZip
2008-04-11 13:11 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-11 08:25 --------- d-----w C:\Program Files\Windows Mail
2008-04-11 08:14 --------- d-----w C:\ProgramData\Microsoft Help
2008-04-06 18:54 --------- d-----w C:\Users\jeff\AppData\Roaming\Intuit
2008-04-06 16:25 --------- d-----w C:\Program Files\Common Files\AnswerWorks 4.0
2008-04-06 16:22 --------- d-----w C:\ProgramData\Intuit
2008-04-06 16:22 --------- d-----w C:\Program Files\Common Files\Intuit
2008-04-06 16:20 --------- d-----w C:\Program Files\TurboTax
2008-04-06 15:53 --------- d-----w C:\Users\jeff\AppData\Roaming\AVG7
2008-04-06 15:02 --------- d-----w C:\Program Files\Bitcollider
2008-04-05 15:57 --------- d-----w C:\Program Files\GPLGS
2008-04-05 15:56 --------- d-----w C:\Program Files\Acro Software
2008-04-03 14:46 --------- d-----w C:\Users\jeff\AppData\Roaming\BitTorrent
2008-04-02 00:48 --------- d-----w C:\Program Files\Naxter
2008-03-31 15:40 --------- d-----w C:\Program Files\Auction Sentry
2008-03-31 14:58 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared
2008-03-31 06:46 --------- d-----w C:\Program Files\LimeWire
2008-03-31 04:31 45,056 ----a-w C:\Windows\NCUNINST.EXE
2008-03-30 20:12 --------- d-----w C:\Program Files\Common Files\SWF Studio
2008-03-16 23:48 --------- d-----w C:\Program Files\Auction Sentry Deluxe
2008-03-14 16:03 --------- d-----w C:\ProgramData\Roxio
2008-03-14 14:44 --------- d-----w C:\Program Files\ZOC5
2008-03-14 01:26 --------- d-----w C:\Users\jeff\AppData\Roaming\Roxio
2008-02-21 04:43 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-02-21 04:43 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-21 04:43 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-18 09:25 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-18 09:14 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-02-18 09:14 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-02-18 09:12 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-18 09:12 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-18 09:12 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-18 09:11 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-18 09:11 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-18 09:11 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-18 09:11 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-02-18 09:11 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-18 09:11 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-18 09:11 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-02-02 15:45 174 --sha-w C:\Program Files\desktop.ini
2008-01-21 02:08 32 ----a-w C:\ProgramData\ezsid.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@={F2F31467-B1AC-4df0-AE79-FD5FA085E22B}
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@={A3E208F7-0E3A-4182-A7A6-B169D5D691AA}
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-06-06 01:16 2955264 --a------ C:\Program Files\Protector Suite QL\farchns.dll
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-06-06 01:16 2955264 --a------ C:\Program Files\Protector Suite QL\farchns.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-21 14:07 1232896]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 07:35 2159104 C:\Windows\System32\oobefldr.dll]
"NSUFloatingUI"="C:\Program Files\Sony\Network Utility\LANUtil.exe" [2007-06-29 15:38 258048]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-04-23 18:27 288576]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 07:36 201728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-08-16 18:05 1006264]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" []
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
C:\Windows\system32\psqlpwd.dll 2007-06-06 01:03 90112 C:\Windows\System32\psqlpwd.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
VESWinlogon.dll 2007-07-24 21:26 98304 C:\Windows\System32\VESWinlogon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= C:\Program Files\Common Files\Sony Shared\VideoLib\sonydv.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{C67DDDAE-A244-4834-BA2C-A65357118D9E}"= Disabled:UDP:C:\Program Files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{0DF29474-BA0A-4240-902A-DAB1189EB8F1}"= Disabled:TCP:C:\Program Files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"TCP Query User{C7E5F1DD-058B-4E4E-8871-6DB9B8B7519B}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{DB579BAB-B1E0-4E0C-8701-463079B5C4A2}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"{962DFC9F-EB88-48CD-A5DE-DE9E2B5FC860}"= UDP:C:\Program Files\DNA\btdna.exe:DNA
"{2EA4F8B1-DD03-4647-B097-2539CD1EC0F5}"= TCP:C:\Program Files\DNA\btdna.exe:DNA
"{2F65F503-743B-4E3F-9C54-A6D8F736514B}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{8B14D379-749B-4FDB-9A5A-A33F77C5583E}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"TCP Query User{FA56B544-DC30-42D4-B2F4-1DF54A03C600}C:\\program files\\bittorrent\\bittorrent.exe"= UDP:C:\program files\bittorrent\bittorrent.exe:bittorrent
"UDP Query User{646A2580-0F2C-4115-8B91-703E207B451B}C:\\program files\\bittorrent\\bittorrent.exe"= TCP:C:\program files\bittorrent\bittorrent.exe:bittorrent
"{B861678B-2B2F-414A-A74E-879D54581DCD}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{249C9986-A953-4CAC-BAA1-3D936547DEEF}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{81691B73-B8E0-49A4-8FC3-ECB0AA05693A}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{1390E7A3-9CF0-433A-9497-78D276DA9DC8}"= UDP:C:\Program Files\Windows Easy Transfer Companion Beta\MigWizComp.exe:Windows Easy Transfer Companion (Beta)
"{3291DDCC-E512-49C4-95E5-1A2CCAC9E62C}"= TCP:C:\Program Files\Windows Easy Transfer Companion Beta\MigWizComp.exe:Windows Easy Transfer Companion (Beta)
"{43B207A0-A758-4F72-8DD9-E5B827FE9FCA}"= UDP:C:\Program Files\DNA\btdna.exe:DNA
"{487136E2-9312-467C-9F8B-5E90807F00E0}"= TCP:C:\Program Files\DNA\btdna.exe:DNA
"TCP Query User{CFD01B23-74F3-49CE-912D-C4CD7303AF4B}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{4ADA865F-F423-42A6-A10B-50648958AF0A}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"{EBD2BBC8-6C40-45CF-8C94-077247F28FE4}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{7680BB00-5457-48BC-BD79-50242AEF48ED}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{9B53A771-6C4A-45B9-88C1-59631E5909B9}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{2C292D3A-19BB-4C32-948F-535229EC30FB}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire
"{62B714E7-6B76-4869-A701-D47E4FFDB7F7}"= UDP:C:\Program Files\TurboTax\Premier 2007\32bit\ttax.exe:TurboTax
"{B263E29A-F675-47CC-AD39-9281CBD2AD72}"= TCP:C:\Program Files\TurboTax\Premier 2007\32bit\ttax.exe:TurboTax
"{36AC0DFB-79A3-410E-B726-74143330C72F}"= UDP:C:\Program Files\TurboTax\Premier 2007\32bit\updatemgr.exe:TurboTax Update Manager
"{FB621CA9-2E3A-481E-8BD9-C6D5217E1C2D}"= TCP:C:\Program Files\TurboTax\Premier 2007\32bit\updatemgr.exe:TurboTax Update Manager
"TCP Query User{A392C3AE-6DEF-47C1-A893-CA13CC56B82A}C:\\program files\\mirc\\mirc.exe"= UDP:C:\program files\mirc\mirc.exe:mIRC
"UDP Query User{3F398917-AC31-4AA6-9D8D-9B9CB476B8F4}C:\\program files\\mirc\\mirc.exe"= TCP:C:\program files\mirc\mirc.exe:mIRC
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
R0 shpf;Sony HDD Protection Filter Driver;C:\Windows\system32\DRIVERS\shpf.sys [2007-05-31 19:02]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\Windows\system32\DRIVERS\bdfndisf.sys [2008-01-25 15:40]
R3 SPI;Sony Programmable I/O Control Device;C:\Windows\system32\DRIVERS\SonyPI.sys [2006-10-12 04:48]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-05-18 19:02]
S2 NSUService;NSUService;"C:\Program Files\Sony\Network Utility\NSUService.exe" [2007-06-29 15:38]
S2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-11-09 22:20]
S3 btwaudio;Bluetooth Audio Device Service;C:\Windows\system32\drivers\btwaudio.sys [2007-07-12 19:45]
S3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [2007-07-12 19:45]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys [2007-07-12 19:45]
S3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2007-07-12 19:45]
S3 ICScsiSV;Image Converter SCSI Service;C:\Program Files\Sony\Image Converter 3\ICScsiSV.exe [2007-01-26 13:41]
S3 IcVzMonLauncher;IcVzMonLauncher;"C:\Program Files\Sony\Image Converter 3\IcVzMonLauncher.exe" [2007-01-26 13:41]
S3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-07-09 19:24]
S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment;C:\Program Files\Sony\Image Converter 3\IcVzMon.exe [2007-01-26 13:41]
S3 R5U870FLx86;R5U870 UVC Lower Filter ;C:\Windows\system32\Drivers\R5U870FLx86.sys [2007-06-06 19:01]
S3 R5U870FUx86;R5U870 UVC Upper Filter ;C:\Windows\system32\Drivers\R5U870FUx86.sys [2007-06-06 19:01]
S3 SonyImgF;Sony Image Conversion Filter Driver;C:\Windows\system32\DRIVERS\SonyImgF.sys [2007-04-05 23:09]
S3 SQLWriter;SQL Server VSS Writer;"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2006-04-14 12:04]
S3 TcUsb;TC USB Kernel Driver;C:\Windows\system32\Drivers\tcusb.sys [2007-04-26 19:01]
S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe [2007-01-10 18:51]
S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);"C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-UCLS-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\UCLS\HTTP" []
S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-06-20 17:34]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;"C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe" [2007-07-05 21:12]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;"C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe" [2007-07-05 19:43]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
bdx REG_MULTI_SZ scan
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{87893dfe-f814-11dc-99bd-001a805712da}]
\shell\AutoRun\command - I:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bd15a1ee-ef90-11dc-9879-001bfb58c1b7}]
\shell\AutoRun\command - I:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dc7f7944-af75-11dc-bfec-806e6f6e6963}]
\shell\AutoRun\command - G:\SETUP.EXE /AUTORUN
\shell\configure\command - G:\SETUP.EXE
\shell\install\command - G:\SETUP.EXE
*Newly Created Service* - ECACHE
*Newly Created Service* - PXHELP20
.
Contents of the 'Scheduled Tasks' folder
"2008-05-07 03:25:00 C:\Windows\Tasks\User_Feed_Synchronization-{9F38E0AC-29A2-4D32-9729-B70BF0191A80}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-06 22:50:44
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-05-06 22:52:00
ComboFix-quarantined-files.txt 2008-05-07 03:51:56
Pre-Run: 40,550,195,200 bytes free
Post-Run: 40,553,652,224 bytes free
256 --- E O F --- 2008-05-06 18:26:36