ComboFix 09-03-19.02 - Irene Cheung 2009-03-22  0:47:27.1 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.502.192 [GMT 0:00]
Running from: c:\documents and settings\Irene Cheung\Desktop\ComboFix.exe
AV: BitDefender Antivirus *On-access scanning disabled* (Updated)
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated)
FW: BitDefender Firewall *disabled*
FW: Kaspersky Internet Security *disabled*
FW: Norton Internet Worm Protection *disabled*
 * Created a new restore point
.

(((((((((((((((((((((((((   Files Created from 2009-02-22 to 2009-03-22  )))))))))))))))))))))))))))))))
.

2009-03-21 21:21 . 2009-03-22 00:00	<DIR>	d--------	c:\windows\SxsCaPendDel
2009-03-21 20:14 . 2009-03-21 20:14	410,984	--a------	c:\windows\system32\deploytk.dll
2009-03-21 20:14 . 2009-03-21 20:14	73,728	--a------	c:\windows\system32\javacpl.cpl
2009-03-21 18:13 . 2009-03-21 18:25	101,287	--a------	c:\windows\system32\drivers\klin.dat
2009-03-21 18:13 . 2009-03-21 18:25	89,601	--a------	c:\windows\system32\drivers\klick.dat
2009-03-21 18:11 . 2009-03-21 18:11	<DIR>	d--------	c:\program files\Kaspersky Lab
2009-03-21 18:11 . 2009-03-22 00:53	<DIR>	d--------	c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-03-21 18:11 . 2009-03-22 00:51	2,698,784	--ahs----	c:\windows\system32\drivers\fidbox.dat
2009-03-21 18:11 . 2009-03-22 00:51	434,208	--ahs----	c:\windows\system32\drivers\fidbox2.dat
2009-03-21 18:11 . 2009-03-22 00:51	23,212	--ahs----	c:\windows\system32\drivers\fidbox.idx
2009-03-21 18:11 . 2009-03-22 00:51	2,564	--ahs----	c:\windows\system32\drivers\fidbox2.idx
2009-03-16 07:09 . 2009-03-16 07:09	28,256	--a------	c:\documents and settings\Administrator\Application Data\GDIPFONTCACHEV1.DAT
2009-03-16 07:06 . 2009-03-16 07:06	<DIR>	d--------	c:\documents and settings\Administrator\Application Data\Share-to-Web Upload Folder
2009-03-16 07:04 . 2006-04-04 19:00	<DIR>	d--------	c:\documents and settings\Administrator\Application Data\Sony Corporation
2009-03-16 07:04 . 2009-03-16 07:04	<DIR>	d--------	c:\documents and settings\Administrator
2009-03-16 06:52 . 2009-03-16 07:12	<DIR>	d--------	C:\SDFix
2009-03-03 09:59 . 2009-03-03 09:59	<DIR>	d--------	c:\windows\system32\scripting
2009-03-03 09:59 . 2009-03-03 09:59	<DIR>	d--------	c:\windows\system32\en
2009-03-03 09:59 . 2009-03-03 09:59	<DIR>	d--------	c:\windows\system32\bits
2009-03-03 09:59 . 2009-03-03 09:59	<DIR>	d--------	c:\windows\l2schemas
2009-03-03 09:52 . 2009-03-03 10:00	<DIR>	d--------	c:\windows\ServicePackFiles
2009-03-03 09:46 . 2009-03-12 08:29	1,374	--a------	c:\windows\imsins.BAK
2009-03-03 09:38 . 2009-03-03 09:38	<DIR>	d--------	c:\windows\EHome
2009-03-02 02:49 . 2009-03-02 01:57	15,688	--a------	c:\windows\system32\lsdelete.exe
2009-03-02 02:06 . 2009-03-02 02:06	<DIR>	d--------	c:\documents and settings\LocalService\Application Data\Share-to-Web Upload Folder
2009-03-02 01:58 . 2009-03-02 01:57	64,160	--a------	c:\windows\system32\drivers\Lbd.sys
2009-03-02 01:40 . 2009-03-02 01:40	<DIR>	d--------	c:\program files\Lavasoft
2009-03-02 01:40 . 2009-03-02 01:57	<DIR>	d--------	c:\documents and settings\All Users\Application Data\Lavasoft
2009-03-02 01:40 . 2009-03-02 01:40	<DIR>	d--h-c---	c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-03-01 21:40 . 2009-03-01 21:40	<DIR>	d--------	c:\program files\Trend Micro
2009-02-28 23:30 . 2009-03-21 17:33	<DIR>	d--------	c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-02-28 21:29 . 2009-02-28 21:29	<DIR>	d--------	c:\program files\MSXML 6.0
2009-02-28 16:25 . 2008-04-14 00:12	4,274,816	---------	c:\windows\system32\nv4_disp.dll
2009-02-28 16:24 . 2008-04-14 00:12	1,737,856	---------	c:\windows\system32\mtxparhd.dll
2009-02-28 16:23 . 2008-04-14 00:11	397,312	---------	c:\windows\system32\mmcex.dll
2009-02-28 16:23 . 2008-04-14 00:11	184,320	---------	c:\windows\system32\microsoft.managementconsole.dll
2009-02-28 16:23 . 2008-04-14 00:11	106,496	---------	c:\windows\system32\mmcfxcommon.dll
2009-02-28 16:23 . 2008-04-14 00:11	37,376	---------	c:\windows\system32\l2gpstore.dll
2009-02-28 16:23 . 2008-04-14 00:12	33,792	---------	c:\windows\system32\mmcperf.exe
2009-02-28 16:21 . 2008-04-14 00:11	1,888,992	---------	c:\windows\system32\ati3duag.dll
2009-02-28 11:54 . 2008-08-14 10:11	2,189,184	-----c---	c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-28 11:54 . 2008-08-14 10:09	2,145,280	-----c---	c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-28 11:54 . 2009-02-09 11:13	1,846,784	-----c---	c:\windows\system32\dllcache\win32k.sys
2009-02-28 11:53 . 2008-08-14 09:33	2,066,048	-----c---	c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-28 11:53 . 2008-08-14 09:33	2,023,936	-----c---	c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-28 11:53 . 2008-10-24 11:21	455,296	-----c---	c:\windows\system32\dllcache\mrxsmb.sys
2009-02-28 11:53 . 2008-12-11 10:57	333,952	-----c---	c:\windows\system32\dllcache\srv.sys
2009-02-28 11:50 . 2008-10-15 16:34	337,408	-----c---	c:\windows\system32\dllcache\netapi32.dll
2009-02-28 10:22 . 2009-02-28 23:48	81,984	--a------	c:\windows\system32\bdod.bin
2009-02-28 10:15 . 2009-02-28 10:15	850	--a------	c:\windows\system32\ProductTweaks.xml
2009-02-28 10:15 . 2009-02-28 22:13	385	--a------	c:\windows\system32\user_gensett.xml
2009-02-28 00:08 . 2009-02-28 00:08	<DIR>	d--------	c:\program files\BitDefender
2009-02-28 00:08 . 2009-02-28 09:34	<DIR>	d--------	c:\documents and settings\All Users\Application Data\BitDefender
2009-02-27 23:57 . 2009-02-28 23:49	<DIR>	d--------	c:\program files\Common Files\BitDefender
2009-02-27 16:41 . 2009-02-28 23:58	<DIR>	d-a------	c:\documents and settings\All Users\Application Data\TEMP
2009-02-24 00:07 . 2008-04-14 00:12	23,040	--a------	c:\windows\system32\setup.exe

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-21 23:54	---------	d-----w	c:\program files\Java
2009-03-21 22:38	---------	d-----w	c:\program files\Common Files\Real
2009-03-21 20:42	33,808	----a-w	c:\windows\system32\drivers\klbg.sys
2009-03-21 17:24	---------	d-----w	c:\program files\IEHistoryX
2009-03-16 06:46	28,256	-c--a-w	c:\documents and settings\Irene Cheung\Application Data\GDIPFONTCACHEV1.DAT
2009-03-10 21:39	---------	d-----w	c:\program files\MSN Messenger
2009-03-01 21:13	---------	d-----w	c:\program files\QuickTime
2009-03-01 00:04	---------	d-----w	c:\program files\Spybot - Search & Destroy
2009-02-28 23:58	---------	d-----w	c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-28 12:20	---------	d-----w	c:\program files\KMPlayer
2009-02-16 17:22	---------	d-----w	c:\documents and settings\Irene Cheung\Application Data\TeamViewer
2009-02-16 16:33	---------	d-----w	c:\program files\Google
2009-02-10 12:36	---------	d-----w	c:\program files\AVG
2009-01-29 14:06	---------	d-----w	c:\program files\Free PDF to Word Doc Converter
2009-01-28 00:40	---------	d-----w	c:\documents and settings\Irene Cheung\Application Data\585Soft
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-11 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-08-05 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-08-05 114688]
"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2005-10-19 184320]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]
"VAIO Update 2"="c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-10-11 151552]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-03-02 509784]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-03-21 206088]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-21 148888]
"RTHDCPL"="RTHDCPL.EXE" [2005-06-29 c:\windows\RTHDCPL.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2005-05-20 17:42 73728 c:\windows\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= c:\progra~1\COMMON~1\SONYSH~1\VideoLib\sonydv.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
--------- 2003-11-07 08:21 114688 c:\program files\Apoint\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel]
--a------ 2005-04-29 05:56 45056 c:\program files\Realtek\InstallShield\AzMixerSel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-14 00:12 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
--a------ 2003-06-26 17:50 212992 c:\program files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--------- 2006-12-10 20:52 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
--------- 2005-08-05 01:57 94208 c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
--a------ 2004-08-04 12:00 208952 c:\windows\ime\imjp8_1\imjpmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
--a------ 2004-08-04 12:00 59392 c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
--a------ 2004-08-04 12:00 455168 c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
--a------ 2004-08-04 12:00 455168 c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
--a------ 2002-04-17 10:42 69632 c:\program files\HP\HP Share-to-Web\hpgs2wnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-09-11 18:42 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2005-05-03 09:43 69632 c:\windows\ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mouse Suite 98 Daemon]
--------- 2002-03-14 16:46 45056 c:\windows\system32\ico.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\HP Share-to-Web\\hpgs2wnf.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\Irene Cheung\\temp\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 33808]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-03-02 64160]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB [?]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [2008-03-13 26640]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 950096]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2009-03-02 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-02 01:57]

2009-03-21 c:\windows\Tasks\User_Feed_Synchronization-{30AF291F-8AC6-4C99-808A-F6C70BD4CFF8}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 17:36]
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre1.5.0_06\bin\jusched.exe
MSConfigStartUp-TkBellExe - c:\program files\Common Files\Real\Update_OB\realsched.exe
MSConfigStartUp-DXDllRegExe - dxdllreg.exe


.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://uk.yahoo.com/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-22 00:53:32
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ... 

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(764)
c:\windows\system32\VESWinlogon.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-03-22  0:58:20 - machine was rebooted
ComboFix-quarantined-files.txt  2009-03-22 00:58:16

Pre-Run: 16,610,598,912 bytes free
Post-Run: 17,081,982,976 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

231	--- E O F ---	2009-03-14 09:16:59