Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

FEQSZFZEGZE INFECTION.


  • Please log in to reply

#1
Willysoso

Willysoso

    New Member

  • Member
  • Pip
  • 5 posts
So I've somehow contracted this feqszfzegze infection, and it's getting on my nerves. When I start my computer, I get a pop-up window entitled "Project1" saying it cannot be opened. I've looked around for some topics on how to remove it, but it all required OTList2.exe which means the solution is unique to each computer, so I was wondering if anyone would like to help me out on how to remove it. Thanks in advance.
  • 0

Advertisements


#2
Egwene

Egwene

    Member 2k

  • Visiting Consultant
  • 2,141 posts
Hello and welcome to Geeks to go !

Please download DDS and save it to your desktop.
  • Disable any script blocking protection
  • Double click dds.scr to run the tool.
  • When done, DDS.txt will open.
  • Click Yes at the next prompt for Optional Scan.
  • Save both reports to your desktop.
---------------------------------------------------

Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.

========
Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any
"<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
  • Click NO
  • In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
  • Now click the Scan button.
    Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
  • Save it where you can easily find it, such as your desktop.
Please attach the contents of GMER.txt in your next reply.

To attach a file, do the following:
  • Click Add Reply
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post

Regards,
Egwene.

Edited by Egwene, 24 May 2009 - 02:59 AM.

  • 0

#3
Willysoso

Willysoso

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Here's the DDS.txt --

DDS (Ver_09-05-14.01) - NTFSx86
Run by William Seo at 10:21:12.43 on Sun 05/24/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.184 [GMT -4:00]

AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\ooVoo\oovoo.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Microsoft Office\Office12\GROOVE.EXE
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre1.5.0_05\bin\jucheck.exe
C:\feqszfzegze\gzegzefezfddqsf.exe
C:\feqszfzegze\gzegzefezfddqsf.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\feqszfzegze\gzegzefezfddqsf.exe
C:\feqszfzegze\gzegzefezfddqsf.exe
C:\feqszfzegze\gzegzefezfddqsf.exe
C:\feqszfzegze\gzegzefezfddqsf.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\William Seo\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.sony.com/vaiopeople
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://www.sony.com/vaiopeople
uInternet Connection Wizard,ShellNext = hxxp://www.sony.com/vaiopeople
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: AOLSearchHook Class: {54eb34ea-e6be-4cfd-9f4f-c4a0c2eafa22} - c:\program files\aol\aol search enhancement\AOLSearch.dll
BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AOLSearchHook Class: {54eb34ea-e6be-4cfd-9f4f-c4a0c2eafa22} - c:\program files\aol\aol search enhancement\AOLSearch.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2009\ievkbd.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~4\office12\GRA8E1~1.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [IDMan] c:\program files\internet download manager\IDMan.exe /onboot
uRun: [oovoo.exe] c:\program files\oovoo\oovoo.exe /minimized
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [fgzegzergrehcwxcwxc] c:\feqszfzegze\gzegzefezfddqsf.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [VAIO Recovery] c:\windows\sonysys\vaio recovery\PartSeal.exe
mRun: [SunJavaUpdateSched] c:\program files\java\jre1.5.0_05\bin\jusched.exe
mRun: [SonyPowerCfg] c:\program files\sony\vaio power management\SPMgr.exe
mRun: [ISBMgr.exe] c:\program files\sony\isb utility\ISBMgr.exe
mRun: [VAIO Update 2] "c:\program files\sony\vaio update 2\VAIOUpdt.exe" /Stationary
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Switcher.exe] c:\program files\sony\wireless switch setting utility\Switcher.exe
mRun: [VAIOSurvey] c:\program files\sony\vaio survey\surveysa.exe
mRun: [VAIOCameraUtility] "c:\program files\sony\vaio camera utility\VCUServe.exe"
mRun: [PartSeal] c:\windows\sonysys\vaio recovery\PartSeal.exe
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2009\avp.exe"
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [feqszfzerghrezherthgfsdfsdcf] c:\feqszfzegze\gzegzefezfddqsf.exe
StartupFolder: c:\docume~1\willia~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office12\GROOVE.EXE
StartupFolder: c:\docume~1\willia~1\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
IE: Add to Banner Ad Blocker - c:\program files\kaspersky lab\kaspersky internet security 2009\ie_banner_deny.htm
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\internet download manager\IEGetVL.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - c:\program files\kaspersky lab\kaspersky internet security 2009\SCIEPlgn.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~4\office12\GR99D3~1.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
Notify: klogon - c:\windows\system32\klogon.dll
Notify: VESWinlogon - VESWinlogon.dll
AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd.dll,c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll,c:\progra~1\kasper~1\kasper~1\adialhk.dll,c:\progra~1\kasper~1\kasper~1\kloehk.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~4\office12\GRA8E1~1.DLL
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\willia~1\applic~1\mozilla\firefox\profiles\jdp44nex.default\
FF - component: c:\documents and settings\william seo\application data\idm\idmmzcc3\components\idmmzcc.dll
FF - plugin: c:\program files\java\jre1.5.0_05\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_05\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_05\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_05\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_05\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_05\bin\NPJPI150_05.dll
FF - plugin: c:\program files\java\jre1.5.0_05\bin\NPOJI610.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll

============= SERVICES / DRIVERS ===============

R0 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2008-7-21 121872]
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-1-29 33808]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2009-5-6 226832]
R2 AVP;Kaspersky Internet Security;c:\program files\kaspersky lab\kaspersky internet security 2009\avp.exe [2008-11-11 206088]
R2 CAMTHWDM;WebcamMax, WDM Video Capture;c:\windows\system32\drivers\CAMTHWDM.sys [2009-5-23 941784]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-5-23 179856]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlservr.exe -svaio_vedb --> c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlservr.exe -sVAIO_VEDB [?]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [2008-3-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-4-30 24592]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-5-23 15504]
R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [2005-12-15 28800]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2005-12-15 217472]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlagent.exe -i vaio_vedb --> c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlagent.EXE -i VAIO_VEDB [?]

=============== Created Last 30 ================

2009-05-24 03:03 <DIR> --d----- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-05-24 01:56 208,744 a------- c:\windows\system32\muweb.dll
2009-05-24 01:56 27,496 a------- c:\windows\system32\mucltui.dll.mui
2009-05-24 01:56 268,648 a------- c:\windows\system32\mucltui.dll
2009-05-24 00:21 <DIR> --d----- C:\_OTListIt
2009-05-24 00:16 <DIR> --d----- C:\feqszfzegze
2009-05-23 22:06 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-05-23 22:06 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-05-23 21:59 <DIR> --d----- c:\docume~1\willia~1\applic~1\Malwarebytes
2009-05-23 21:59 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-05-23 21:59 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-23 21:59 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-05-23 21:59 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-05-23 21:31 <DIR> --d----- c:\docume~1\alluse~1\applic~1\WebcamMax
2009-05-23 21:31 <DIR> --d----- c:\docume~1\willia~1\applic~1\Webcammax
2009-05-23 21:30 941,784 a------- c:\windows\system32\drivers\CAMTHWDM.sys
2009-05-23 21:30 <DIR> --d----- c:\program files\WebcamMax
2009-05-15 19:10 31,616 ac------ c:\windows\system32\dllcache\usbccgp.sys
2009-05-15 19:10 31,616 a------- c:\windows\system32\drivers\usbccgp.sys
2009-05-11 16:07 32,592 a------- c:\windows\system32\msonpmon.dll
2009-05-11 15:58 <DIR> --d----- c:\program files\Microsoft Visual Studio 8
2009-05-10 23:17 1,030 a------- c:\docume~1\willia~1\applic~1\wklnhst.dat
2009-05-10 21:31 <DIR> --d----- c:\program files\VideoLAN
2009-05-10 21:29 <DIR> --d----- c:\program files\K-Lite Codec Pack
2009-05-09 15:16 12,160 ac------ c:\windows\system32\dllcache\mouhid.sys
2009-05-09 15:16 12,160 a------- c:\windows\system32\drivers\mouhid.sys
2009-05-09 15:16 9,600 ac------ c:\windows\system32\dllcache\hidusb.sys
2009-05-09 15:16 9,600 a------- c:\windows\system32\drivers\hidusb.sys
2009-05-08 22:16 <DIR> --d----- c:\program files\MSXML 4.0
2009-05-07 23:37 <DIR> --d----- c:\program files\The KMPlayer
2009-05-07 22:58 <DIR> --d----- c:\program files\GRETECH
2009-05-07 21:27 <DIR> --d----- c:\docume~1\willia~1\applic~1\Desktopicon
2009-05-07 21:26 <DIR> --d----- c:\program files\Unlocker
2009-05-07 03:10 <DIR> --d----- c:\windows\system32\CatRoot_bak
2009-05-07 03:08 272,128 -c------ c:\windows\system32\dllcache\bthport.sys
2009-05-07 03:08 272,128 -------- c:\windows\system32\drivers\bthport.sys
2009-05-07 03:06 23,040 -------- c:\windows\kb913800.exe
2009-05-07 03:04 202,752 -c------ c:\windows\system32\dllcache\rmcast.sys
2009-05-07 03:04 453,632 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2009-05-07 03:04 2,330,624 -c------ c:\windows\system32\dllcache\WMVCore.dll
2009-05-07 03:03 333,184 -c------ c:\windows\system32\dllcache\srv.sys
2009-05-07 03:03 331,776 -c------ c:\windows\system32\dllcache\msadce.dll
2009-05-07 03:03 683,520 -c------ c:\windows\system32\dllcache\inetcomm.dll
2009-05-07 03:03 247,326 -c------ c:\windows\system32\dllcache\strmdll.dll
2009-05-07 03:03 1,106,944 -c------ c:\windows\system32\dllcache\msxml3.dll
2009-05-07 03:01 1,193,414 -c------ c:\windows\system32\dllcache\sysmain.sdb
2009-05-07 03:01 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe
2009-05-07 03:00 <DIR> --d----- c:\windows\system32\PreInstall
2009-05-07 00:35 56 a---h--- c:\windows\system32\ezsidmv.dat
2009-05-07 00:35 <DIR> --d--r-- c:\program files\Skype
2009-05-07 00:00 <DIR> --d--r-- c:\docume~1\willia~1\applic~1\Brother
2009-05-06 23:55 <DIR> --d----- c:\windows\Cache
2009-05-06 23:55 <DIR> --d----- c:\program files\Coupons
2009-05-06 23:53 332,800 -c------ c:\windows\system32\dllcache\netapi32.dll
2009-05-06 23:48 419 a------- c:\windows\BRWMARK.INI
2009-05-06 23:48 27 a------- c:\windows\BRPP2KA.INI
2009-05-06 23:48 6,784 ac------ c:\windows\system32\dllcache\serscan.sys
2009-05-06 23:48 6,784 a------- c:\windows\system32\drivers\serscan.sys
2009-05-06 23:48 226 a------- c:\windows\Brpfx04a.ini
2009-05-06 23:48 94 a------- c:\windows\brpcfx.ini
2009-05-06 23:48 50 a------- c:\windows\system32\bridf06a.dat
2009-05-06 23:47 <DIR> --d----- c:\program files\Brother
2009-05-06 23:43 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Brother
2009-05-06 22:55 <DIR> --d----- c:\docume~1\willia~1\applic~1\ooVoo Details
2009-05-06 22:55 <DIR> --d----- c:\program files\ooVoo
2009-05-06 22:43 <DIR> --d----- c:\docume~1\willia~1\applic~1\IDM
2009-05-06 22:43 <DIR> --d----- c:\docume~1\willia~1\applic~1\DMCache
2009-05-06 22:43 <DIR> --d----- c:\program files\Internet Download Manager
2009-05-06 15:34 105,395 a------- c:\windows\system32\drivers\klin.dat
2009-05-06 15:34 94,643 a------- c:\windows\system32\drivers\klick.dat
2009-05-06 15:34 1,935,392 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-05-06 15:34 434,208 a--sh--- c:\windows\system32\drivers\fidbox2.dat
2009-05-06 15:34 16,200 a--sh--- c:\windows\system32\drivers\fidbox.idx
2009-05-06 15:34 2,564 a--sh--- c:\windows\system32\drivers\fidbox2.idx
2009-05-06 15:34 <DIR> --d----- c:\program files\Kaspersky Lab
2009-05-06 15:34 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Kaspersky Lab
2009-05-06 15:32 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Kaspersky Lab Setup Files
2009-05-06 15:16 <DIR> --d----- c:\windows\system32\LogFiles
2009-05-06 15:14 <DIR> --d----- c:\windows\system32\SoftwareDistribution
2009-05-06 04:11 <DIR> --d----- c:\windows\system32\appmgmt
2009-05-06 03:44 <DIR> --d----- c:\docume~1\willia~1\applic~1\Intuit
2009-05-06 03:43 <DIR> --d----- c:\documents and settings\William Seo
2009-05-06 03:43 0 a---hr-- c:\windows\system32\drivers\Sony_VGN-FE550G.mrk
2009-05-06 03:33 559 a---h--- C:\IPH.PH
2009-05-06 03:33 <DIR> --d----- c:\program files\common files\AOL
2009-05-06 03:32 <DIR> --d----- c:\program files\Netscape
2009-05-06 03:28 <DIR> --d----- c:\program files\Symantec
2009-05-06 03:27 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Symantec
2009-05-06 03:27 <DIR> --d----- c:\program files\common files\Symantec Shared
2009-05-06 03:27 <DIR> --d----- c:\documents and settings\all users\ImageConverter2
2009-05-06 03:25 <DIR> --d----- c:\docume~1\alluse~1\applic~1\VAIO Media Platform
2009-05-06 03:24 2,981,888 a------- c:\windows\system32\iplw7.dll
2009-05-06 03:24 2,785,280 a------- c:\windows\system32\iplm6.dll
2009-05-06 03:24 2,686,976 a------- c:\windows\system32\iplm5.dll
2009-05-06 03:24 2,531,328 a------- c:\windows\system32\iplp6.dll
2009-05-06 03:24 2,502,656 a------- c:\windows\system32\iplpx.dll
2009-05-06 03:24 2,973,696 a------- c:\windows\system32\ipla6.dll
2009-05-06 03:24 53,248 a------- c:\windows\system32\ipl.dll
2009-05-06 03:24 19,968 a------- c:\windows\system32\Cpuinf32.dll
2009-05-06 03:24 <DIR> --d----- c:\windows\Downloaded Installations
2009-05-06 03:23 <DIR> --d----- c:\program files\Quicken
2009-05-06 03:23 31 a------- c:\windows\QUICKEN.INI
2009-05-06 03:23 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Intuit
2009-05-06 03:22 204,800 a------- c:\windows\system32\IVIresizeW7.dll
2009-05-06 03:22 200,704 a------- c:\windows\system32\IVIresizeA6.dll
2009-05-06 03:22 192,512 a------- c:\windows\system32\IVIresizeP6.dll
2009-05-06 03:22 192,512 a------- c:\windows\system32\IVIresizeM6.dll
2009-05-06 03:22 188,416 a------- c:\windows\system32\IVIresizePX.dll
2009-05-06 03:22 20,480 a------- c:\windows\system32\IVIresize.dll
2009-05-06 03:22 <DIR> --d----- c:\program files\common files\InterVideo
2009-05-06 03:22 <DIR> --d----- c:\program files\InterVideo
2009-05-06 03:20 376 a------- c:\windows\ODBC.INI
2009-05-06 03:20 24,816 a------- c:\windows\system32\mdimon.dll
2009-05-06 03:19 <DIR> --d----- c:\windows\SHELLNEW
2009-05-06 03:17 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Digital Interactive Systems Corporation
2009-05-06 03:14 2,158 a------- c:\windows\system32\tmmute.ini
2009-05-06 03:14 <DIR> --d----- c:\program files\Trend Micro
2009-05-06 03:14 68,608 a------- c:\windows\system32\SonyAIwo.dll
2009-05-06 03:14 61,952 a------- c:\windows\system32\SonyAIds.dll
2009-05-06 03:14 38,400 a------- c:\windows\system32\SonyAIwd.dll
2009-05-06 03:14 565,248 a------- c:\windows\system32\CddbMusicIDSony.dll
2009-05-06 03:12 765,952 a------- c:\windows\system32\CDDBUISony.dll
2009-05-06 03:12 598,016 a------- c:\windows\system32\CDDBControlSony.dll
2009-05-06 03:12 73,728 a------- c:\windows\system32\CddbLinkSony.dll
2009-04-29 08:20 210,352 a------- c:\windows\system32\idmmbc.dll

==================== Find3M ====================

2009-05-06 22:49 33,808 a------- c:\windows\system32\drivers\klbg.sys
2009-03-06 10:00 284,160 a------- c:\windows\system32\pdh.dll

============= FINISH: 10:22:29.76 ===============



Here is the Attach.txt--

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-05-14.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 5/6/2009 3:43:38 AM
System Uptime: 5/24/2009 12:28:47 AM (10 hours ago)

Motherboard: Sony Corporation | | VAIO
Processor: Genuine Intel® CPU T2300 @ 1.66GHz | N/A | 1662/167mhz
Processor: Genuine Intel® CPU T2300 @ 1.66GHz | N/A | 1662/167mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 86 GiB total, 70.765 GiB free.
D: is Removable
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 5/6/2009 3:43:43 AM - System Checkpoint
RP2: 5/6/2009 4:11:18 AM - Removed Quicken 2006
RP3: 5/6/2009 3:33:43 PM - Installed Kaspersky Internet Security 2009.
RP4: 5/6/2009 10:55:14 PM - Installed ooVoo
RP5: 5/6/2009 10:55:35 PM - Installed ooVoo
RP6: 5/6/2009 11:47:40 PM - Installed Brother MFL-Pro Suite
RP7: 5/6/2009 11:48:22 PM - Unsigned printer driver Brother PC-FAX v.2 installed.
RP8: 5/7/2009 3:00:16 AM - Software Distribution Service 3.0
RP9: 5/8/2009 10:14:18 PM - Software Distribution Service 3.0
RP10: 5/10/2009 9:31:57 AM - Software Distribution Service 3.0
RP11: 5/11/2009 9:44:43 AM - System Checkpoint
RP12: 5/11/2009 3:49:05 PM - Installed Microsoft Office Enterprise 2007
RP13: 5/11/2009 4:07:48 PM - Printer Driver Send To Microsoft OneNote Driver Installed
RP14: 5/12/2009 4:11:18 PM - System Checkpoint
RP15: 5/13/2009 4:27:58 PM - System Checkpoint
RP16: 5/14/2009 9:26:21 PM - System Checkpoint
RP17: 5/16/2009 1:57:26 AM - System Checkpoint
RP18: 5/18/2009 2:02:07 AM - System Checkpoint
RP19: 5/19/2009 5:17:43 AM - System Checkpoint
RP20: 5/20/2009 11:28:34 PM - System Checkpoint
RP21: 5/22/2009 12:05:20 AM - System Checkpoint
RP22: 5/23/2009 10:10:26 PM - Installed Windows Defender
RP23: 5/23/2009 10:12:02 PM - Software Distribution Service 3.0
RP24: 5/24/2009 3:00:23 AM - Software Distribution Service 3.0

==== Installed Programs ======================


Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop Album 2.0 Starter Edition
Adobe Reader 7.0.5
Brother MFL-Pro Suite
Click to DVD 2.0.03 Menu Data
Click to DVD 2.5.00
DSD Direct
DSD Playback Plug-in 1.0
DVgate Plus
Google Toolbar for Internet Explorer
HDAUDIO SoftV92 Data Fax Modem with SmartCP
High Definition Audio Driver Package - KB835221
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 10 (KB910393)
Hotfix for Windows XP (KB888795)
Hotfix for Windows XP (KB891593)
Hotfix for Windows XP (KB893357)
Hotfix for Windows XP (KB895961)
Hotfix for Windows XP (KB896256)
Hotfix for Windows XP (KB899337)
Hotfix for Windows XP (KB899510)
Hotfix for Windows XP (KB902841)
Hotfix for Windows XP (KB909667)
Hotfix for Windows XP (KB952287)
Image Converter 2 Plus
ImageStation
Intel® Graphics Media Accelerator Driver
Intel® PRO Network Connections Drivers
Intel® PROSet/Wireless Software
Internet Download Manager
InterVideo WinDVD for VAIO
ISScript
J2SE Runtime Environment 5.0 Update 5
K-Lite Mega Codec Pack 4.0.0
Kaspersky Internet Security 2009
LAN Setting Utility
Malwarebytes' Anti-Malware
mCore
mDriver
Memory Stick Formatter
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Data Access Components KB870669
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server Desktop Engine (VAIO_VEDB)
Microsoft Works
mMHouse
Mozilla Firefox (3.0.10)
mPfMgr
mProSafe
MSXML 4.0 SP2 (KB954430)
mWlsSafe
mXML
NVIDIA Drivers
Office 2003 Trial Assistant
ooVoo
OpenMG Limited Patch 4.3-05-10-05-01
OpenMG Metadata Extractor for Windows Media Player
OpenMG Secure Module 4.3.00
Roxio DigitalMedia Audio
Roxio DigitalMedia Copy
Roxio DigitalMedia Data
Search Enhancement by AOL Search
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB963027)
Setting Utility Series
SigmaTel Audio
Skype™ 4.0
Sonic Encoders
SonicStage 3.3
SonicStage Mastering Studio 2.1
SonicStage Mastering Studio Audio Filter
SonicStage Mastering Studio Audio Filter Custom Preset
SonicStage Mastering Studio Plugins
Sony Certificate PCH
Sony MP4 Shared Library
Sony Utilities DLL
Sony Video Shared Library
Spybot - Search & Destroy
The KMPlayer (remove only)
Unlocker 1.8.7
Update for 2007 Microsoft Office System (KB967642)
Update for Outlook 2007 Junk Email Filter (kb968503)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update Rollup 2 for Windows XP Media Center Edition 2005
VAIO Breeze Wallpaper
VAIO Camera Utility
VAIO Central
VAIO Entertainment Platform
VAIO Event Service
VAIO Light Flo Wallpaper
VAIO Media 5.0
VAIO Media AC3 Decoder 1.0
VAIO Media Integrated Server 5.0
VAIO Media Redistribution 5.0
VAIO Media Registration Tool 5.0
VAIO Original Screen Saver
VAIO Original Screen Saver VAIO Cozy Screen SD Wide Contents
VAIO Power Management
VAIO Registration
VAIO Security Center
VAIO Support Central
VAIO Update 2
VAIO Wireless LAN Setup Utility
VAIOSurveySA
VLC media player 0.9.9
WebcamMax
WebFldrs XP
Windows Defender
Windows Installer 3.1 (KB893803)
Windows Media Connect
Windows Media Format Runtime
Windows Media Player 10 Hotfix [See KB886612 for more information]
Windows XP Hotfix - KB307154
Windows XP Hotfix - KB833407
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB884018
Windows XP Hotfix - KB884575
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888239
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB888321
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893056
Windows XP Media Center Edition 2005 KB908250
WinRAR archiver
Wireless Switch Setting Utility

==== Event Viewer Messages From Past Week ========

5/23/2009 11:05:45 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SI3132
5/23/2009 11:05:40 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
5/21/2009 10:42:20 PM, error: ACPIEC [1] - \Device\ACPIEC: The embedded controller (EC) hardware didn't respond within the timeout period. This may indicate an error in the EC hardware or firmware, or possibly a poorly designed BIOS which accesses the EC in an unsafe manner. The EC driver will retry the failed transaction if possible.
5/20/2009 1:42:32 AM, error: ipnathlp [32003] - The Network Address Translator (NAT) was unable to request an operation of the kernel-mode translation module. This may indicate misconfiguration, insufficient resources, or an internal error. The data is the error code.

==== End Of File ===========================
Attached File  GMER.txt   22.33KB   248 downloads
  • 0

#4
Egwene

Egwene

    Member 2k

  • Visiting Consultant
  • 2,141 posts
Hello,

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you don't know how to disable them then just continue on.

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

Edited by Egwene, 25 May 2009 - 09:34 AM.

  • 0

#5
Willysoso

Willysoso

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Here is the ComboFix log you requested --

ComboFix 09-05-24.07 - William Seo 05/25/2009 12:43.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.356 [GMT -4:00]
Running from: c:\documents and settings\William Seo\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\setup.exe

.
((((((((((((((((((((((((( Files Created from 2009-04-25 to 2009-05-25 )))))))))))))))))))))))))))))))
.

2009-05-24 18:08 . 2004-08-10 12:00 57398 -c--a-w c:\windows\system32\dllcache\imjpdadm.exe
2009-05-24 07:03 . 2009-05-24 07:03 -------- d-----w c:\program files\Microsoft CAPICOM 2.1.0.2
2009-05-24 05:56 . 2008-10-16 18:06 208744 ----a-w c:\windows\system32\muweb.dll
2009-05-24 05:56 . 2008-10-16 18:06 268648 ----a-w c:\windows\system32\mucltui.dll
2009-05-24 04:21 . 2009-05-24 04:21 -------- d-----w C:\_OTListIt
2009-05-24 04:16 . 2009-05-24 04:20 -------- d-----w C:\feqszfzegze
2009-05-24 03:39 . 2009-05-24 03:39 -------- d-----w c:\documents and settings\William Seo\Application Data\AdobeUM
2009-05-24 02:12 . 2007-03-09 15:25 2321288 ----a-w c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2009-05-24 02:12 . 2009-05-06 15:06 4784464 ----a-w c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{BC0A94C0-37AE-4DB5-854F-FF50CC598A2D}\mpengine.dll
2009-05-24 02:10 . 2009-05-24 02:10 -------- d-----w c:\program files\Windows Defender
2009-05-24 02:06 . 2009-05-24 02:08 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-05-24 02:06 . 2009-05-24 02:07 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-24 01:59 . 2009-05-24 01:59 -------- d-----w c:\documents and settings\William Seo\Application Data\Malwarebytes
2009-05-24 01:59 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-24 01:59 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-24 01:59 . 2009-05-24 01:59 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-24 01:59 . 2009-05-24 01:59 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-24 01:31 . 2009-05-24 01:31 -------- d-----w c:\documents and settings\All Users\Application Data\WebcamMax
2009-05-24 01:31 . 2009-05-24 01:31 -------- d-----w c:\documents and settings\William Seo\Application Data\Webcammax
2009-05-24 01:30 . 2008-03-11 13:14 941784 ----a-w c:\windows\system32\drivers\CAMTHWDM.sys
2009-05-24 01:30 . 2009-05-24 01:31 -------- d-----w c:\program files\WebcamMax
2009-05-19 01:51 . 2009-05-19 01:51 1585608 ----a-w c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\F35E193DC3E84933B83DE961D9AC33BF\SketchPad.exe
2009-05-19 01:48 . 2009-05-19 01:48 868352 ----a-w c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\E12C95FCBD1240FEAE314D89676CA6F8\LieDetector.exe
2009-05-19 01:48 . 2009-05-19 01:48 640000 ----a-w c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\E12C95FCBD1240FEAE314D89676CA6F8\dbghelp.dll
2009-05-19 01:48 . 2009-05-19 01:48 53760 ----a-w c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\E12C95FCBD1240FEAE314D89676CA6F8\zlib.dll
2009-05-19 01:48 . 2009-05-19 01:48 1712128 ----a-w c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\E12C95FCBD1240FEAE314D89676CA6F8\GdiPlus.dll
2009-05-15 23:10 . 2004-08-04 03:08 31616 -c--a-w c:\windows\system32\dllcache\usbccgp.sys
2009-05-15 23:10 . 2004-08-04 03:08 31616 ----a-w c:\windows\system32\drivers\usbccgp.sys
2009-05-11 20:07 . 2006-10-26 23:56 32592 ----a-w c:\windows\system32\msonpmon.dll
2009-05-11 20:04 . 2009-05-11 20:04 -------- d-----w c:\program files\MSBuild
2009-05-11 20:02 . 2009-05-11 20:02 -------- d-----w c:\program files\Microsoft.NET
2009-05-11 19:58 . 2009-05-11 20:11 -------- d-----w c:\program files\Microsoft Visual Studio 8
2009-05-11 19:56 . 2009-05-11 19:56 -------- d-----w c:\documents and settings\William Seo\Local Settings\Application Data\Microsoft Help
2009-05-11 19:56 . 2009-05-24 07:02 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-05-11 03:17 . 2009-05-11 03:17 -------- d-----w c:\documents and settings\William Seo\Application Data\Template
2009-05-11 01:33 . 2009-05-11 01:42 -------- d-----w c:\documents and settings\William Seo\Application Data\vlc
2009-05-11 01:31 . 2009-05-11 01:31 -------- d-----w c:\program files\VideoLAN
2009-05-09 19:16 . 2001-08-17 17:48 12160 -c--a-w c:\windows\system32\dllcache\mouhid.sys
2009-05-09 19:16 . 2001-08-17 17:48 12160 ----a-w c:\windows\system32\drivers\mouhid.sys
2009-05-09 19:16 . 2001-08-17 18:02 9600 -c--a-w c:\windows\system32\dllcache\hidusb.sys
2009-05-09 19:16 . 2001-08-17 18:02 9600 ----a-w c:\windows\system32\drivers\hidusb.sys
2009-05-09 19:14 . 2009-05-09 19:15 -------- d-----w c:\documents and settings\William Seo\Local Settings\Application Data\Adobe
2009-05-09 02:16 . 2009-05-09 02:16 -------- d-----w c:\program files\MSXML 4.0
2009-05-08 03:37 . 2009-05-08 03:50 -------- d-----w c:\program files\The KMPlayer
2009-05-08 02:58 . 2009-05-21 16:05 -------- d-----w c:\program files\GRETECH
2009-05-08 01:27 . 2009-05-08 01:27 -------- d-----w c:\documents and settings\William Seo\Application Data\Desktopicon
2009-05-08 01:26 . 2009-05-08 01:27 -------- d-----w c:\program files\Unlocker
2009-05-07 07:10 . 2009-05-24 06:11 -------- d-----w c:\windows\system32\CatRoot_bak
2009-05-07 07:08 . 2008-06-13 13:10 272128 -c----w c:\windows\system32\dllcache\bthport.sys
2009-05-07 07:08 . 2008-06-13 13:10 272128 ------w c:\windows\system32\drivers\bthport.sys
2009-05-07 07:06 . 2006-03-21 03:23 23040 ------w c:\windows\kb913800.exe
2009-05-07 07:04 . 2008-05-08 12:28 202752 -c----w c:\windows\system32\dllcache\rmcast.sys
2009-05-07 07:04 . 2008-10-24 11:10 453632 -c----w c:\windows\system32\dllcache\mrxsmb.sys
2009-05-07 07:04 . 2008-06-11 06:58 2330624 -c----w c:\windows\system32\dllcache\WMVCore.dll
2009-05-07 07:03 . 2008-12-11 11:57 333184 -c----w c:\windows\system32\dllcache\srv.sys
2009-05-07 07:03 . 2008-05-01 14:30 331776 -c----w c:\windows\system32\dllcache\msadce.dll
2009-05-07 07:03 . 2008-04-11 18:50 683520 -c----w c:\windows\system32\dllcache\inetcomm.dll
2009-05-07 07:03 . 2008-10-03 10:15 247326 -c----w c:\windows\system32\dllcache\strmdll.dll
2009-05-07 07:03 . 2008-09-04 16:42 1106944 -c----w c:\windows\system32\dllcache\msxml3.dll
2009-05-07 07:01 . 2008-04-21 10:02 215552 -c----w c:\windows\system32\dllcache\wordpad.exe
2009-05-07 04:35 . 2009-05-07 04:35 56 ---ha-w c:\windows\system32\ezsidmv.dat
2009-05-07 04:35 . 2009-05-25 04:01 -------- d-----w c:\documents and settings\William Seo\Application Data\skypePM
2009-05-07 04:35 . 2009-05-25 16:52 -------- d-----w c:\documents and settings\William Seo\Application Data\Skype
2009-05-07 04:35 . 2009-05-07 04:35 -------- d-----w c:\program files\Common Files\Skype
2009-05-07 04:35 . 2009-05-07 04:35 -------- d-----r c:\program files\Skype
2009-05-07 04:35 . 2009-05-07 04:35 -------- d-----w c:\documents and settings\All Users\Application Data\Skype
2009-05-07 04:00 . 2009-05-07 04:00 -------- d-----r c:\documents and settings\William Seo\Application Data\Brother
2009-05-07 03:55 . 2009-05-07 03:55 -------- d-----w c:\windows\Cache
2009-05-07 03:55 . 2009-05-07 04:33 -------- d-----w c:\program files\Coupons
2009-05-07 03:53 . 2008-10-15 16:57 332800 -c----w c:\windows\system32\dllcache\netapi32.dll
2009-05-07 03:48 . 2001-08-17 17:53 6784 -c--a-w c:\windows\system32\dllcache\serscan.sys
2009-05-07 03:48 . 2001-08-17 17:53 6784 ----a-w c:\windows\system32\drivers\serscan.sys
2009-05-07 03:48 . 2009-05-07 03:48 50 ----a-w c:\windows\system32\bridf06a.dat
2009-05-07 03:43 . 2009-05-07 04:00 57 ----a-w c:\documents and settings\All Users\Application Data\Brother\BrLog\BrCollectDir\BR_cat.bat
2009-05-07 03:43 . 2009-05-07 03:43 -------- d-----w c:\documents and settings\All Users\Application Data\Brother
2009-05-07 02:55 . 2009-05-07 02:55 -------- d-----w c:\documents and settings\William Seo\Application Data\ooVoo Details
2009-05-07 02:55 . 2009-05-07 02:55 -------- d-----w c:\program files\ooVoo
2009-05-07 02:49 . 2009-05-07 02:49 206088 ----a-w c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\avp.exe
2009-05-06 19:32 . 2009-05-06 19:32 -------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-05-06 19:20 . 2009-05-06 19:20 0 ----a-w c:\windows\nsreg.dat
2009-05-06 19:20 . 2009-05-06 19:20 -------- d-----w c:\documents and settings\William Seo\Local Settings\Application Data\Mozilla
2009-05-06 19:16 . 2009-05-06 19:16 -------- d-----w c:\windows\system32\LogFiles
2009-05-06 07:44 . 2009-05-16 03:40 134 ----a-w c:\documents and settings\William Seo\Local Settings\Application Data\fusioncache.dat
2009-05-06 07:44 . 2009-05-06 07:23 -------- d-----w c:\documents and settings\William Seo\Application Data\Intuit
2009-05-06 07:44 . 2005-12-16 06:28 13888 ----a-w c:\documents and settings\William Seo\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-06 07:33 . 2009-05-06 07:33 -------- d-----w c:\documents and settings\All Users\Application Data\AOL
2009-05-06 07:33 . 2009-05-06 08:12 -------- d-----w c:\program files\Common Files\AOL
2009-05-06 07:32 . 2009-05-06 07:32 -------- d-----w c:\program files\Netscape
2009-05-06 07:28 . 2009-05-06 08:13 -------- d-----w c:\program files\Symantec
2009-05-06 07:27 . 2009-05-06 08:13 -------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-05-06 07:27 . 2009-05-06 08:13 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-05-06 07:27 . 2009-05-06 07:27 -------- d-----w c:\documents and settings\All Users\ImageConverter2
2009-05-06 07:25 . 2009-05-06 07:25 -------- d-----w c:\documents and settings\All Users\Application Data\VAIO Media Platform
2009-05-06 07:24 . 2005-10-07 00:52 2981888 ----a-w c:\windows\system32\iplw7.dll
2009-05-06 07:24 . 2005-10-07 00:52 2502656 ----a-w c:\windows\system32\iplpx.dll
2009-05-06 07:24 . 2005-10-07 00:51 2785280 ----a-w c:\windows\system32\iplm6.dll
2009-05-06 07:24 . 2005-10-07 00:51 2531328 ----a-w c:\windows\system32\iplp6.dll
2009-05-06 07:24 . 2005-10-07 00:51 2686976 ----a-w c:\windows\system32\iplm5.dll
2009-05-06 07:24 . 2005-10-07 00:51 2973696 ----a-w c:\windows\system32\ipla6.dll
2009-05-06 07:24 . 2005-10-07 00:51 53248 ----a-w c:\windows\system32\ipl.dll
2009-05-06 07:24 . 2005-10-07 00:51 19968 ----a-w c:\windows\system32\Cpuinf32.dll
2009-05-06 07:24 . 2009-05-06 07:24 -------- d-----w c:\windows\Downloaded Installations
2009-05-06 07:23 . 2009-05-06 08:11 -------- d-----w c:\program files\Quicken
2009-05-06 07:23 . 2009-05-06 07:23 -------- d-----w c:\documents and settings\All Users\Application Data\Intuit
2009-05-06 07:22 . 2009-05-06 07:22 -------- d-----w c:\program files\Common Files\InterVideo
2009-05-06 07:22 . 2002-11-21 17:57 204800 ----a-w c:\windows\system32\IVIresizeW7.dll
2009-05-06 07:22 . 2002-11-21 17:57 200704 ----a-w c:\windows\system32\IVIresizeA6.dll
2009-05-06 07:22 . 2002-11-21 17:57 192512 ----a-w c:\windows\system32\IVIresizeP6.dll
2009-05-06 07:22 . 2002-11-21 17:57 192512 ----a-w c:\windows\system32\IVIresizeM6.dll
2009-05-06 07:22 . 2002-11-21 17:57 188416 ----a-w c:\windows\system32\IVIresizePX.dll
2009-05-06 07:22 . 2002-11-21 17:57 20480 ----a-w c:\windows\system32\IVIresize.dll
2009-05-06 07:22 . 2009-05-06 07:22 -------- d-----w c:\program files\InterVideo
2009-05-06 07:20 . 2004-03-22 22:17 24816 ----a-w c:\windows\system32\mdimon.dll
2009-05-06 07:19 . 2009-05-11 20:13 -------- d-----w c:\windows\SHELLNEW
2009-05-06 07:19 . 2009-05-06 07:19 -------- d--h--r C:\MSOCache
2009-05-06 07:17 . 2009-05-24 07:01 -------- d-----w c:\program files\Microsoft Works
2009-05-06 07:17 . 2009-05-06 07:17 -------- d-----w c:\documents and settings\All Users\Application Data\Digital Interactive Systems Corporation
2009-05-06 07:15 . 2005-09-08 00:35 117200 ----a-w c:\documents and settings\All Users\Application Data\Sony Corporation\Click to DVD\2.0\HDDisc\SonyMpeg2tsSplitterInst\setup.exe
2009-05-06 07:14 . 2009-05-06 07:14 -------- d-----w c:\program files\Trend Micro
2009-05-06 07:14 . 2005-08-25 23:43 68608 ----a-w c:\windows\system32\SonyAIwo.dll
2009-05-06 07:14 . 2005-08-10 17:27 61952 ----a-w c:\windows\system32\SonyAIds.dll
2009-05-06 07:14 . 2005-06-20 22:38 38400 ----a-w c:\windows\system32\SonyAIwd.dll
2009-05-06 07:14 . 2005-09-08 17:09 565248 ----a-w c:\windows\system32\CddbMusicIDSony.dll
2009-05-06 07:12 . 2005-09-08 17:22 765952 ----a-w c:\windows\system32\CDDBUISony.dll
2009-05-06 07:12 . 2005-09-08 17:21 73728 ----a-w c:\windows\system32\CddbLinkSony.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-25 16:52 . 2005-12-16 06:28 79160 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-25 16:52 . 2009-05-07 02:43 -------- d-----w c:\documents and settings\William Seo\Application Data\DMCache
2009-05-25 16:51 . 2009-05-06 19:34 -------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-05-25 16:49 . 2009-05-06 19:34 2592 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-05-25 16:49 . 2009-05-06 19:34 442400 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-05-25 16:49 . 2009-05-06 19:34 1935392 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-05-25 16:49 . 2009-05-06 19:34 16200 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-05-24 03:20 . 2009-05-07 02:43 -------- d-----w c:\documents and settings\William Seo\Application Data\IDM
2009-05-20 12:38 . 2009-05-06 19:34 94643 ----a-w c:\windows\system32\drivers\klick.dat
2009-05-20 12:38 . 2009-05-06 19:34 105395 ----a-w c:\windows\system32\drivers\klin.dat
2009-05-11 04:34 . 2009-05-11 03:17 1030 ----a-w c:\documents and settings\William Seo\Application Data\wklnhst.dat
2009-05-11 01:29 . 2009-05-11 01:29 -------- d-----w c:\program files\K-Lite Codec Pack
2009-05-08 01:48 . 2009-05-07 02:43 -------- d-----w c:\program files\Internet Download Manager
2009-05-07 03:47 . 2009-05-07 03:47 -------- d-----w c:\program files\Brother
2009-05-07 03:47 . 2005-12-16 05:06 -------- d-----w c:\program files\Common Files\InstallShield
2009-05-07 03:47 . 2005-12-16 05:06 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-07 02:49 . 2008-01-29 21:29 33808 ----a-w c:\windows\system32\drivers\klbg.sys
2009-05-07 02:49 . 2009-05-07 02:49 33808 ----a-w c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\klbg.sys
2009-05-07 02:49 . 2009-05-07 02:49 226832 ----a-w c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\XP\klif.sys
2009-05-07 02:43 . 2009-05-07 02:43 198064 ----a-w c:\documents and settings\William Seo\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
2009-05-06 19:34 . 2009-05-06 19:34 -------- d-----w c:\program files\Kaspersky Lab
2009-05-06 07:51 . 2005-12-16 05:52 -------- d-----w c:\program files\Sony
2009-05-06 07:43 . 2009-05-06 07:43 0 ---ha-r c:\windows\system32\drivers\Sony_VGN-FE550G.mrk
2009-05-06 07:25 . 2005-12-16 06:11 -------- d-----w c:\documents and settings\All Users\Application Data\Sony Corporation
2009-05-06 07:23 . 2009-05-06 07:43 -------- d-----w c:\windows\system32\config\systemprofile\Application Data\Intuit
2009-05-06 07:13 . 2005-12-16 05:50 -------- d-----w c:\program files\Common Files\Sony Shared
2009-05-06 07:07 . 2009-05-06 07:43 -------- d-----w c:\documents and settings\William Seo\Application Data\Sony Corporation
2009-05-06 07:07 . 2009-05-06 07:43 -------- d-----w c:\windows\system32\config\systemprofile\Application Data\Sony Corporation
2009-05-06 07:07 . 2005-12-16 05:53 -------- d-----w c:\documents and settings\Administrator\Application Data\Sony Corporation
2009-04-09 11:32 . 2009-04-09 11:32 89088 ----a-w c:\documents and settings\William Seo\Application Data\Desktopicon\eBayShortcuts.exe
2009-03-06 14:00 . 2005-12-16 02:51 284160 ----a-w c:\windows\system32\pdh.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-04-30 2799024]
"oovoo.exe"="c:\program files\ooVoo\oovoo.exe" [2009-03-29 14612272]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-04-16 24264488]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]
"fgzegzergrehcwxcwxc"="c:\feqszfzegze\gzegzefezfddqsf.exe" [2009-05-24 610304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-25 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-25 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-25 118784]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-11-18 118784]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_05\bin\jusched.exe" [2005-08-27 36975]
"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2005-11-29 217088]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]
"VAIO Update 2"="c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-10-12 151552]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-11-30 7335936]
"Switcher.exe"="c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2005-11-24 167936]
"VAIOSurvey"="c:\program files\sony\vaio survey\surveysa.exe" [2005-06-13 258048]
"VAIOCameraUtility"="c:\program files\Sony\VAIO Camera Utility\VCUServe.exe" [2005-12-01 69632]
"PartSeal"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-05-07 206088]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-06-28 622592]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-06-29 77824]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-04-06 401040]
"feqszfzerghrezherthgfsdfsdcf"="c:\feqszfzegze\gzegzefezfddqsf.exe" [2009-05-24 610304]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-10 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]

c:\documents and settings\William Seo\Start Menu\Programs\Startup\
Microsoft Office Groove.lnk - c:\program files\Microsoft Office\Office12\GROOVE.EXE [2006-10-27 338216]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2005-05-21 01:42 73728 ----a-w c:\windows\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:UDP"= 443:UDP:ooVoo UDP port 443
"37674:TCP"= 37674:TCP:ooVoo TCP port 37674
"37674:UDP"= 37674:UDP:ooVoo UDP port 37674
"37675:UDP"= 37675:UDP:ooVoo UDP port 37675
"443:TCP"= 443:TCP:ooVoo TCP port 443

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [1/29/2008 5:29 PM 33808]
R2 CAMTHWDM;WebcamMax, WDM Video Capture;c:\windows\system32\drivers\CAMTHWDM.sys [5/23/2009 9:30 PM 941784]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [5/23/2009 9:59 PM 179856]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB [?]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [3/13/2008 6:02 PM 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [4/30/2008 5:06 PM 24592]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [5/23/2009 9:59 PM 15504]
R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [12/15/2005 10:52 PM 28800]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [12/15/2005 10:52 PM 217472]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{05470JDW-08D3-P07W-R6FR-D3JX24Q27U83}]
c:\feqszfzegze\gzegzefezfddqsf.exe Restart
.
Contents of the 'Scheduled Tasks' folder

2009-05-25 c:\windows\Tasks\Malwarebytes' Scheduled Update for William Seo.job
- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-05-24 19:32]

2009-05-25 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-procexp90.Sys


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.sony.com/vaiopeople
uInternet Connection Wizard,ShellNext = hxxp://www.sony.com/vaiopeople
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Add to Banner Ad Blocker - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
FF - ProfilePath - c:\documents and settings\William Seo\Application Data\Mozilla\Firefox\Profiles\jdp44nex.default\
FF - component: c:\documents and settings\William Seo\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJPI150_05.dll
FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPOJI610.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-25 12:52
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1416)
c:\windows\system32\VESWinlogon.dll

- - - - - - - > 'explorer.exe'(7892)
c:\windows\system32\shdoclc.dll
c:\windows\system32\msi.dll
c:\program files\Internet Download Manager\idmmkb.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
c:\program files\Java\jre1.5.0_05\bin\jucheck.exe
c:\program files\Brother\ControlCenter3\BrccMCtl.exe
c:\program files\Apoint\ApntEx.exe
c:\program files\Internet Explorer\IEXPLORE.EXE
c:\program files\Brother\Brmfcmon\BrMfimon.exe
c:\windows\system32\wscntfy.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Internet Download Manager\IEMonitor.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2009-05-25 12:56 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-25 16:56

Pre-Run: 75,482,329,088 bytes free
Post-Run: 75,508,801,536 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

347 --- E O F --- 2009-05-25 07:01
  • 0

#6
Egwene

Egwene

    Member 2k

  • Visiting Consultant
  • 2,141 posts
Hello,

Sorry for the delay, i was ill.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Open notepad and copy/paste the text in the quotebox below into it:

FileLook::
c:\windows\kb913800.exe

Folder::
C:\feqszfzegze

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{05470JDW-08D3-P07W-R6FR-D3JX24Q27U83}]


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Regards,
Egwene.
  • 0

#7
Willysoso

Willysoso

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Don't sweat it man. Your health is much more important.

Here is the log you requested --

ComboFix 09-05-28.09 - William Seo 05/29/2009 17:17.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.390 [GMT -4:00]
Running from: c:\documents and settings\William Seo\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\William Seo\Desktop\CFScript.txt
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\feqszfzegze
c:\feqszfzegze\gzegzefezfddqsf.exe
c:\feqszfzegze\logs.dat
c:\feqszfzegze\plugin.dat

.
((((((((((((((((((((((((( Files Created from 2009-04-28 to 2009-05-29 )))))))))))))))))))))))))))))))
.

2009-05-29 17:08 . 2009-05-06 15:06 4784464 ----a-w c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{93C8AD8A-EB8C-42EB-8667-488DE2D156ED}\mpengine.dll
2009-05-27 05:01 . 2009-05-27 05:01 687104 ----a-w c:\windows\is-1VSIF.exe
2009-05-27 05:00 . 2009-05-27 05:00 3371383 ----a-w c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-05-25 22:47 . 2009-05-25 22:47 -------- d-----w c:\windows\Sun
2009-05-25 20:13 . 2009-05-25 20:13 127877 ----a-w c:\documents and settings\William Seo\Application Data\Move Networks\uninstall.exe
2009-05-25 20:13 . 2009-05-28 04:13 -------- d-----w c:\documents and settings\William Seo\Application Data\Move Networks
2009-05-24 18:08 . 2004-08-10 12:00 57398 -c--a-w c:\windows\system32\dllcache\imjpdadm.exe
2009-05-24 07:03 . 2009-05-24 07:03 -------- d-----w c:\program files\Microsoft CAPICOM 2.1.0.2
2009-05-24 05:56 . 2008-10-16 18:06 208744 ----a-w c:\windows\system32\muweb.dll
2009-05-24 05:56 . 2008-10-16 18:06 268648 ----a-w c:\windows\system32\mucltui.dll
2009-05-24 04:21 . 2009-05-24 04:21 -------- d-----w C:\_OTListIt
2009-05-24 03:39 . 2009-05-24 03:39 -------- d-----w c:\documents and settings\William Seo\Application Data\AdobeUM
2009-05-24 02:12 . 2009-05-06 15:06 4784464 ----a-w c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2009-05-24 02:10 . 2009-05-24 02:10 -------- d-----w c:\program files\Windows Defender
2009-05-24 02:06 . 2009-05-24 02:08 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-05-24 02:06 . 2009-05-24 02:07 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-24 01:59 . 2009-05-24 01:59 -------- d-----w c:\documents and settings\William Seo\Application Data\Malwarebytes
2009-05-24 01:59 . 2009-05-26 17:19 19096 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-24 01:59 . 2009-05-26 17:20 40160 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-24 01:59 . 2009-05-28 15:35 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-24 01:59 . 2009-05-24 01:59 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-24 01:31 . 2009-05-24 01:31 -------- d-----w c:\documents and settings\All Users\Application Data\WebcamMax
2009-05-24 01:31 . 2009-05-24 01:31 -------- d-----w c:\documents and settings\William Seo\Application Data\Webcammax
2009-05-24 01:30 . 2008-03-11 13:14 941784 ----a-w c:\windows\system32\drivers\CAMTHWDM.sys
2009-05-24 01:30 . 2009-05-24 01:31 -------- d-----w c:\program files\WebcamMax
2009-05-19 01:51 . 2009-05-19 01:51 1585608 ----a-w c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\F35E193DC3E84933B83DE961D9AC33BF\SketchPad.exe
2009-05-19 01:48 . 2009-05-19 01:48 868352 ----a-w c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\E12C95FCBD1240FEAE314D89676CA6F8\LieDetector.exe
2009-05-19 01:48 . 2009-05-19 01:48 640000 ----a-w c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\E12C95FCBD1240FEAE314D89676CA6F8\dbghelp.dll
2009-05-19 01:48 . 2009-05-19 01:48 53760 ----a-w c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\E12C95FCBD1240FEAE314D89676CA6F8\zlib.dll
2009-05-19 01:48 . 2009-05-19 01:48 1712128 ----a-w c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\E12C95FCBD1240FEAE314D89676CA6F8\GdiPlus.dll
2009-05-15 23:10 . 2004-08-04 03:08 31616 -c--a-w c:\windows\system32\dllcache\usbccgp.sys
2009-05-15 23:10 . 2004-08-04 03:08 31616 ----a-w c:\windows\system32\drivers\usbccgp.sys
2009-05-11 20:07 . 2006-10-26 23:56 32592 ----a-w c:\windows\system32\msonpmon.dll
2009-05-11 20:04 . 2009-05-11 20:04 -------- d-----w c:\program files\MSBuild
2009-05-11 20:02 . 2009-05-11 20:02 -------- d-----w c:\program files\Microsoft.NET
2009-05-11 19:58 . 2009-05-11 20:11 -------- d-----w c:\program files\Microsoft Visual Studio 8
2009-05-11 19:56 . 2009-05-11 19:56 -------- d-----w c:\documents and settings\William Seo\Local Settings\Application Data\Microsoft Help
2009-05-11 19:56 . 2009-05-24 07:02 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-05-11 03:17 . 2009-05-11 03:17 -------- d-----w c:\documents and settings\William Seo\Application Data\Template
2009-05-11 01:33 . 2009-05-11 01:42 -------- d-----w c:\documents and settings\William Seo\Application Data\vlc
2009-05-11 01:31 . 2009-05-11 01:31 -------- d-----w c:\program files\VideoLAN
2009-05-09 19:16 . 2001-08-17 17:48 12160 -c--a-w c:\windows\system32\dllcache\mouhid.sys
2009-05-09 19:16 . 2001-08-17 17:48 12160 ----a-w c:\windows\system32\drivers\mouhid.sys
2009-05-09 19:16 . 2001-08-17 18:02 9600 -c--a-w c:\windows\system32\dllcache\hidusb.sys
2009-05-09 19:16 . 2001-08-17 18:02 9600 ----a-w c:\windows\system32\drivers\hidusb.sys
2009-05-09 19:14 . 2009-05-09 19:15 -------- d-----w c:\documents and settings\William Seo\Local Settings\Application Data\Adobe
2009-05-09 02:16 . 2009-05-09 02:16 -------- d-----w c:\program files\MSXML 4.0
2009-05-08 03:37 . 2009-05-08 03:50 -------- d-----w c:\program files\The KMPlayer
2009-05-08 02:58 . 2009-05-21 16:05 -------- d-----w c:\program files\GRETECH
2009-05-08 01:27 . 2009-05-08 01:27 -------- d-----w c:\documents and settings\William Seo\Application Data\Desktopicon
2009-05-08 01:26 . 2009-05-08 01:27 -------- d-----w c:\program files\Unlocker
2009-05-07 07:10 . 2009-05-24 06:11 -------- d-----w c:\windows\system32\CatRoot_bak
2009-05-07 07:08 . 2008-06-13 13:10 272128 -c----w c:\windows\system32\dllcache\bthport.sys
2009-05-07 07:08 . 2008-06-13 13:10 272128 ------w c:\windows\system32\drivers\bthport.sys
2009-05-07 07:06 . 2006-03-21 03:23 23040 ------w c:\windows\kb913800.exe
2009-05-07 07:04 . 2008-05-08 12:28 202752 -c----w c:\windows\system32\dllcache\rmcast.sys
2009-05-07 07:04 . 2008-10-24 11:10 453632 -c----w c:\windows\system32\dllcache\mrxsmb.sys
2009-05-07 07:04 . 2008-06-11 06:58 2330624 -c----w c:\windows\system32\dllcache\WMVCore.dll
2009-05-07 07:03 . 2008-12-11 11:57 333184 -c----w c:\windows\system32\dllcache\srv.sys
2009-05-07 07:03 . 2008-05-01 14:30 331776 -c----w c:\windows\system32\dllcache\msadce.dll
2009-05-07 07:03 . 2008-04-11 18:50 683520 -c----w c:\windows\system32\dllcache\inetcomm.dll
2009-05-07 07:03 . 2008-10-03 10:15 247326 -c----w c:\windows\system32\dllcache\strmdll.dll
2009-05-07 07:03 . 2008-09-04 16:42 1106944 -c----w c:\windows\system32\dllcache\msxml3.dll
2009-05-07 07:01 . 2008-04-21 10:02 215552 -c----w c:\windows\system32\dllcache\wordpad.exe
2009-05-07 04:35 . 2009-05-07 04:35 56 ---ha-w c:\windows\system32\ezsidmv.dat
2009-05-07 04:35 . 2009-05-29 17:03 -------- d-----w c:\documents and settings\William Seo\Application Data\skypePM
2009-05-07 04:35 . 2009-05-29 20:54 -------- d-----w c:\documents and settings\William Seo\Application Data\Skype
2009-05-07 04:35 . 2009-05-07 04:35 -------- d-----w c:\program files\Common Files\Skype
2009-05-07 04:35 . 2009-05-07 04:35 -------- d-----r c:\program files\Skype
2009-05-07 04:35 . 2009-05-07 04:35 -------- d-----w c:\documents and settings\All Users\Application Data\Skype
2009-05-07 04:00 . 2009-05-07 04:00 -------- d-----r c:\documents and settings\William Seo\Application Data\Brother
2009-05-07 03:55 . 2009-05-07 03:55 -------- d-----w c:\windows\Cache
2009-05-07 03:55 . 2009-05-07 04:33 -------- d-----w c:\program files\Coupons
2009-05-07 03:53 . 2008-10-15 16:57 332800 -c----w c:\windows\system32\dllcache\netapi32.dll
2009-05-07 03:48 . 2001-08-17 17:53 6784 -c--a-w c:\windows\system32\dllcache\serscan.sys
2009-05-07 03:48 . 2001-08-17 17:53 6784 ----a-w c:\windows\system32\drivers\serscan.sys
2009-05-07 03:48 . 2009-05-07 03:48 50 ----a-w c:\windows\system32\bridf06a.dat
2009-05-07 03:43 . 2009-05-07 04:00 57 ----a-w c:\documents and settings\All Users\Application Data\Brother\BrLog\BrCollectDir\BR_cat.bat
2009-05-07 03:43 . 2009-05-07 03:43 -------- d-----w c:\documents and settings\All Users\Application Data\Brother
2009-05-07 02:55 . 2009-05-07 02:55 -------- d-----w c:\documents and settings\William Seo\Application Data\ooVoo Details
2009-05-07 02:55 . 2009-05-07 02:55 -------- d-----w c:\program files\ooVoo
2009-05-07 02:49 . 2009-05-07 02:49 206088 ----a-w c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\avp.exe
2009-05-06 19:32 . 2009-05-06 19:32 -------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-05-06 19:20 . 2009-05-06 19:20 0 ----a-w c:\windows\nsreg.dat
2009-05-06 19:20 . 2009-05-06 19:20 -------- d-----w c:\documents and settings\William Seo\Local Settings\Application Data\Mozilla
2009-05-06 19:16 . 2009-05-06 19:16 -------- d-----w c:\windows\system32\LogFiles
2009-05-06 07:44 . 2009-05-16 03:40 134 ----a-w c:\documents and settings\William Seo\Local Settings\Application Data\fusioncache.dat
2009-05-06 07:44 . 2009-05-06 07:23 -------- d-----w c:\documents and settings\William Seo\Application Data\Intuit
2009-05-06 07:44 . 2005-12-16 06:28 13888 ----a-w c:\documents and settings\William Seo\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-06 07:33 . 2009-05-06 07:33 -------- d-----w c:\documents and settings\All Users\Application Data\AOL
2009-05-06 07:33 . 2009-05-06 08:12 -------- d-----w c:\program files\Common Files\AOL
2009-05-06 07:32 . 2009-05-06 07:32 -------- d-----w c:\program files\Netscape
2009-05-06 07:28 . 2009-05-06 08:13 -------- d-----w c:\program files\Symantec
2009-05-06 07:27 . 2009-05-06 08:13 -------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-05-06 07:27 . 2009-05-06 08:13 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-05-06 07:27 . 2009-05-06 07:27 -------- d-----w c:\documents and settings\All Users\ImageConverter2
2009-05-06 07:25 . 2009-05-06 07:25 -------- d-----w c:\documents and settings\All Users\Application Data\VAIO Media Platform
2009-05-06 07:24 . 2005-10-07 00:52 2981888 ----a-w c:\windows\system32\iplw7.dll
2009-05-06 07:24 . 2005-10-07 00:52 2502656 ----a-w c:\windows\system32\iplpx.dll
2009-05-06 07:24 . 2005-10-07 00:51 2785280 ----a-w c:\windows\system32\iplm6.dll
2009-05-06 07:24 . 2005-10-07 00:51 2531328 ----a-w c:\windows\system32\iplp6.dll
2009-05-06 07:24 . 2005-10-07 00:51 2686976 ----a-w c:\windows\system32\iplm5.dll
2009-05-06 07:24 . 2005-10-07 00:51 2973696 ----a-w c:\windows\system32\ipla6.dll
2009-05-06 07:24 . 2005-10-07 00:51 53248 ----a-w c:\windows\system32\ipl.dll
2009-05-06 07:24 . 2005-10-07 00:51 19968 ----a-w c:\windows\system32\Cpuinf32.dll
2009-05-06 07:24 . 2009-05-06 07:24 -------- d-----w c:\windows\Downloaded Installations
2009-05-06 07:23 . 2009-05-06 08:11 -------- d-----w c:\program files\Quicken
2009-05-06 07:23 . 2009-05-06 07:23 -------- d-----w c:\documents and settings\All Users\Application Data\Intuit
2009-05-06 07:22 . 2009-05-06 07:22 -------- d-----w c:\program files\Common Files\InterVideo
2009-05-06 07:22 . 2002-11-21 17:57 204800 ----a-w c:\windows\system32\IVIresizeW7.dll
2009-05-06 07:22 . 2002-11-21 17:57 200704 ----a-w c:\windows\system32\IVIresizeA6.dll
2009-05-06 07:22 . 2002-11-21 17:57 192512 ----a-w c:\windows\system32\IVIresizeP6.dll
2009-05-06 07:22 . 2002-11-21 17:57 192512 ----a-w c:\windows\system32\IVIresizeM6.dll
2009-05-06 07:22 . 2002-11-21 17:57 188416 ----a-w c:\windows\system32\IVIresizePX.dll
2009-05-06 07:22 . 2002-11-21 17:57 20480 ----a-w c:\windows\system32\IVIresize.dll
2009-05-06 07:22 . 2009-05-06 07:22 -------- d-----w c:\program files\InterVideo
2009-05-06 07:20 . 2004-03-22 22:17 24816 ----a-w c:\windows\system32\mdimon.dll
2009-05-06 07:19 . 2009-05-11 20:13 -------- d-----w c:\windows\SHELLNEW
2009-05-06 07:19 . 2009-05-06 07:19 -------- d--h--r C:\MSOCache
2009-05-06 07:17 . 2009-05-24 07:01 -------- d-----w c:\program files\Microsoft Works
2009-05-06 07:17 . 2009-05-06 07:17 -------- d-----w c:\documents and settings\All Users\Application Data\Digital Interactive Systems Corporation
2009-05-06 07:15 . 2005-09-08 00:35 117200 ----a-w c:\documents and settings\All Users\Application Data\Sony Corporation\Click to DVD\2.0\HDDisc\SonyMpeg2tsSplitterInst\setup.exe
2009-05-06 07:14 . 2009-05-06 07:14 -------- d-----w c:\program files\Trend Micro
2009-05-06 07:14 . 2005-08-25 23:43 68608 ----a-w c:\windows\system32\SonyAIwo.dll
2009-05-06 07:14 . 2005-08-10 17:27 61952 ----a-w c:\windows\system32\SonyAIds.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-29 21:21 . 2009-05-07 02:43 -------- d-----w c:\documents and settings\William Seo\Application Data\DMCache
2009-05-29 20:51 . 2009-05-06 19:34 -------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-05-29 17:08 . 2009-05-06 19:34 466976 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-05-29 17:08 . 2009-05-06 19:34 2676 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-05-28 16:55 . 2005-12-16 06:11 -------- d-----w c:\documents and settings\All Users\Application Data\Sony Corporation
2009-05-28 14:43 . 2009-05-07 02:43 -------- d-----w c:\documents and settings\William Seo\Application Data\IDM
2009-05-28 12:26 . 2009-05-28 12:11 86708 ----a-w c:\documents and settings\William Seo\Application Data\143375812.tmp
2009-05-28 12:25 . 2009-05-28 12:13 86708 ----a-w c:\documents and settings\William Seo\Application Data\143461203.tmp
2009-05-28 07:38 . 2009-05-06 19:34 2089504 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-05-28 07:38 . 2009-05-06 19:34 17404 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-05-25 16:52 . 2005-12-16 06:28 79160 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-20 12:38 . 2009-05-06 19:34 94643 ----a-w c:\windows\system32\drivers\klick.dat
2009-05-20 12:38 . 2009-05-06 19:34 105395 ----a-w c:\windows\system32\drivers\klin.dat
2009-05-11 04:34 . 2009-05-11 03:17 1030 ----a-w c:\documents and settings\William Seo\Application Data\wklnhst.dat
2009-05-11 01:29 . 2009-05-11 01:29 -------- d-----w c:\program files\K-Lite Codec Pack
2009-05-08 01:48 . 2009-05-07 02:43 -------- d-----w c:\program files\Internet Download Manager
2009-05-07 03:47 . 2009-05-07 03:47 -------- d-----w c:\program files\Brother
2009-05-07 03:47 . 2005-12-16 05:06 -------- d-----w c:\program files\Common Files\InstallShield
2009-05-07 03:47 . 2005-12-16 05:06 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-07 02:49 . 2008-01-29 21:29 33808 ----a-w c:\windows\system32\drivers\klbg.sys
2009-05-07 02:49 . 2009-05-07 02:49 33808 ----a-w c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\klbg.sys
2009-05-07 02:49 . 2009-05-07 02:49 226832 ----a-w c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\XP\klif.sys
2009-05-07 02:43 . 2009-05-07 02:43 198064 ----a-w c:\documents and settings\William Seo\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
2009-05-06 19:34 . 2009-05-06 19:34 -------- d-----w c:\program files\Kaspersky Lab
2009-05-06 07:51 . 2005-12-16 05:52 -------- d-----w c:\program files\Sony
2009-05-06 07:43 . 2009-05-06 07:43 0 ---ha-r c:\windows\system32\drivers\Sony_VGN-FE550G.mrk
2009-05-06 07:13 . 2005-12-16 05:50 -------- d-----w c:\program files\Common Files\Sony Shared
2009-05-06 07:07 . 2009-05-06 07:43 -------- d-----w c:\documents and settings\William Seo\Application Data\Sony Corporation
2009-05-06 07:07 . 2005-12-16 05:53 -------- d-----w c:\documents and settings\Administrator\Application Data\Sony Corporation
2009-04-09 11:32 . 2009-04-09 11:32 89088 ----a-w c:\documents and settings\William Seo\Application Data\Desktopicon\eBayShortcuts.exe
2009-03-26 15:35 . 2009-04-29 12:20 210352 ----a-w c:\windows\system32\idmmbc.dll
2009-03-06 14:00 . 2005-12-16 02:51 284160 ----a-w c:\windows\system32\pdh.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

--- c:\windows\kb913800.exe ---
Company: Microsoft Corporation
File Description: DRM KB913800 EXE
File Version: 11.00.00.4350 built by: dnsrv(bld4act)
Product Name: Microsoft® Windows Media
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: kb913800.exe
File size: 23040
Created time: 2009-05-07 07:06
Modified time: 2006-03-21 03:23
MD5: 1FF4DD88DC020F5D57ED69F6E25BB3DE
SHA1: 23EDCE14086B0CE15371E6EA8F1346EA8CF13AA7


((((((((((((((((((((((((((((( [email protected]_16.52.26 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-29 20:50 . 2009-05-29 20:50 16384 c:\windows\Temp\Perflib_Perfdata_4dc.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-04-30 2799024]
"oovoo.exe"="c:\program files\ooVoo\oovoo.exe" [2009-03-29 14612272]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-04-16 24264488]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-25 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-25 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-25 118784]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-11-18 118784]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_05\bin\jusched.exe" [2005-08-27 36975]
"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2005-11-29 217088]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]
"VAIO Update 2"="c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-10-12 151552]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-11-30 7335936]
"Switcher.exe"="c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2005-11-24 167936]
"VAIOSurvey"="c:\program files\sony\vaio survey\surveysa.exe" [2005-06-13 258048]
"VAIOCameraUtility"="c:\program files\Sony\VAIO Camera Utility\VCUServe.exe" [2005-12-01 69632]
"PartSeal"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-05-07 206088]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-06-28 622592]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-06-29 77824]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-10 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-05-26 414480]

c:\documents and settings\William Seo\Start Menu\Programs\Startup\
Microsoft Office Groove.lnk - c:\program files\Microsoft Office\Office12\GROOVE.EXE [2006-10-27 338216]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2005-05-21 01:42 73728 ----a-w c:\windows\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:UDP"= 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP port 37675
"443:TCP"= 443:TCP:*:Disabled:ooVoo TCP port 443

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [1/29/2008 5:29 PM 33808]
R2 CAMTHWDM;WebcamMax, WDM Video Capture;c:\windows\system32\drivers\CAMTHWDM.sys [5/23/2009 9:30 PM 941784]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [5/23/2009 9:59 PM 194832]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB [?]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [3/13/2008 6:02 PM 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [4/30/2008 5:06 PM 24592]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [5/23/2009 9:59 PM 19096]
R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [12/15/2005 10:52 PM 28800]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [12/15/2005 10:52 PM 217472]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB [?]
.
Contents of the 'Scheduled Tasks' folder

2009-05-29 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-fgzegzergrehcwxcwxc - c:\feqszfzegze\gzegzefezfddqsf.exe
HKLM-Run-feqszfzerghrezherthgfsdfsdcf - c:\feqszfzegze\gzegzefezfddqsf.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.sony.com/vaiopeople
uInternet Connection Wizard,ShellNext = hxxp://www.sony.com/vaiopeople
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Add to Banner Ad Blocker - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
FF - ProfilePath - c:\documents and settings\William Seo\Application Data\Mozilla\Firefox\Profiles\jdp44nex.default\
FF - component: c:\documents and settings\William Seo\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\documents and settings\William Seo\Application Data\Move Networks\plugins\npqmp071500000347.dll
FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJPI150_05.dll
FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPOJI610.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-29 17:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1420)
c:\windows\system32\VESWinlogon.dll
.
Completion time: 2009-05-29 17:23
ComboFix-quarantined-files.txt 2009-05-29 21:23
ComboFix2.txt 2009-05-25 16:56

Pre-Run: 68,785,414,144 bytes free
Post-Run: 68,804,562,944 bytes free

328 --- E O F --- 2009-05-29 17:08
  • 0

#8
Egwene

Egwene

    Member 2k

  • Visiting Consultant
  • 2,141 posts
Hello,

Open notepad and copy/paste the text in the codebox below into it:

@echo off
for %%g in (
C:\Qoobox\Quarantine\C\feqszfzegze
) do zip Files_for_submission %%g
del %0

Save this as zip.bat
Choose to "Save type as - All Files"
Save it on your desktop.
It should look like this: Posted Image
Double click on zip.bat & allow it to run

A file, Files_for_submission.zip will be created on your desktop.

Please upload that file here -->http://www.bleepingc...e.php?channel=4


Then :

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Then :

Establish an internet connection & perform an online scan with Firefox or Internet Explorer at Kaspersky Online Scanner

**Note**

To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan.
Click Accept, when prompted to download and install the program files and database of malware definitions.
  • Click Run at the Security prompt.
  • The program will then begin downloading and installing and will also update the database.
  • Please be patient as this can take several minutes.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.
  • Click the Save Report As... button.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

Regards,
Egwene.
  • 0

#9
Willysoso

Willysoso

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
I created the .bat file, but the "Files to be submitted.zip" isn't being created. Is the code correct?
  • 0

#10
Egwene

Egwene

    Member 2k

  • Visiting Consultant
  • 2,141 posts
Hello,

It should be :)

Move on the next steps.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP