cant access website

ayeshasi · 14 April 2009 at 4:51PM

Heres the log with the Malwarebytes updated version!

Malwarebytes' Anti-Malware 1.36
Database version: 1981
Windows 5.1.2600 Service Pack 3
14/04/2009 17:50:43
mbam-log-2009-04-14 (17-50-43).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 144106
Time elapsed: 46 minute(s), 47 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 6
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_CURRENT_USER\Control Panel\don't load\scui.cpl (Hijack.SecurityCenter) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\don't load\wscui.cpl (Hijack.SecurityCenter) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)

aliEnRIK · 15 April 2009 at 8:52AM

Run COMBOFIX
Follow the simple instructions it gives

Post the COMPLETE log it produces here (Split into sections if need be)

ayeshasi · 15 April 2009 at 8:59AM

After i run Conbofix...i get a msg saying 'error...you cannot rename combofix as combofix (1), please use another name'...... altho i havent renamed anything

Only have option to press OK....when i do that.,...nothing comes up :S

aliEnRIK · 15 April 2009 at 9:09AM

RIGHT click the exe file and RENAME it to QWERTY (Making the complete name 'QWERTY.EXE')

ayeshasi · 15 April 2009 at 9:20AM

Ok, here it is!

ComboFix 09-04-15.08 - Sony Vaio 15/04/2009 10:05.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.243 [GMT 1:00]
Running from: c:\documents and settings\Sony Vaio\Desktop\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Outdated)
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Sony Vaio\Application Data\inst.exe
c:\documents and settings\Sony Vaio\Cookies\cusyky.ban
c:\documents and settings\Sony Vaio\err.log
c:\windows\patch.exe
c:\windows\system32\TDSSmtpe.dat
.
((((((((((((((((((((((((( Files Created from 2009-03-15 to 2009-04-15 )))))))))))))))))))))))))))))))
.
2009-04-14 19:49 . 2009-02-09 12:10 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-14 19:49 . 2009-02-06 11:11 110592 -c----w c:\windows\system32\dllcache\services.exe
2009-04-14 19:49 . 2009-02-06 10:39 35328 -c----w c:\windows\system32\dllcache\sc.exe
2009-04-14 19:49 . 2009-02-09 12:10 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-14 19:49 . 2009-02-09 12:10 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-14 19:49 . 2009-02-09 12:10 729088 -c----w c:\windows\system32\dllcache\lsasrv.dll
2009-04-14 19:49 . 2009-02-09 12:10 714752 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-04-14 19:49 . 2009-02-09 12:10 617472 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-04-14 19:48 . 2008-05-03 11:55 2560

w c:\windows\system32\xpsp4res.dll
2009-04-13 21:00 . 2009-04-13 21:03

dc-h--w c:\windows\ie8
2009-04-13 20:58 . 2009-04-13 21:05

d--h--w c:\windows\msdownld.tmp
2009-04-12 11:33 . 2009-04-12 11:17 58952 ----a-w c:\windows\system32\MsgPlusLoader.dll
2009-04-12 11:18 . 2009-04-12 11:18

d

w c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-04-12 09:12 . 2009-04-12 09:12

d

w c:\documents and settings\Sony Vaio\Local Settings\Application Data\PCHealth
2009-04-11 22:22 . 2009-01-09 19:19 1089593 -c----w c:\windows\system32\dllcache\ntprint.cat
2009-04-11 22:03 . 2009-04-11 22:03

d

w c:\windows\system32\XPSViewer
2009-04-11 22:01 . 2008-07-06 12:06 89088 -c----w c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-04-11 22:01 . 2008-07-06 12:06 117760

w c:\windows\system32\prntvpt.dll
2009-04-11 22:01 . 2008-07-06 10:50 597504 -c----w c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-04-11 22:01 . 2008-07-06 12:06 575488 -c----w c:\windows\system32\dllcache\xpsshhdr.dll
2009-04-11 22:01 . 2008-07-06 12:06 575488

w c:\windows\system32\xpsshhdr.dll
2009-04-11 22:01 . 2008-07-06 12:06 1676288 -c----w c:\windows\system32\dllcache\xpssvcs.dll
2009-04-11 22:01 . 2008-07-06 12:06 1676288

w c:\windows\system32\xpssvcs.dll
2009-04-11 21:10 . 2009-04-14 20:23 1374 ----a-w c:\windows\imsins.BAK
2009-04-11 08:53 . 2009-03-08 03:32 594432 -c--a-w c:\windows\system32\dllcache\msfeeds.dll
2009-04-11 08:53 . 2009-03-08 03:31 55296 -c--a-w c:\windows\system32\dllcache\msfeedsbs.dll
2009-04-11 08:53 . 2009-03-08 03:32 1985024 -c--a-w c:\windows\system32\dllcache\iertutil.dll
2009-04-11 08:53 . 2009-03-08 03:31 59904 -c--a-w c:\windows\system32\dllcache\icardie.dll
2009-04-11 08:53 . 2008-12-19 09:10 13824 -c----w c:\windows\system32\dllcache\ieudinit.exe
2009-04-11 08:53 . 2009-03-08 03:11 445952 -c--a-w c:\windows\system32\dllcache\ieapfltr.dll
2009-04-11 08:52 . 2009-03-08 03:39 11063808 -c--a-w c:\windows\system32\dllcache\ieframe.dll
2009-04-10 18:54 . 2009-04-14 20:33

d

w c:\documents and settings\Sony Vaio\Tracing
2009-04-10 15:38 . 2009-03-08 13:22 1241088 -c--a-w c:\windows\system32\dllcache\ieframe.dll.mui
2009-04-10 15:38 . 2009-02-06 20:07 3698584 -c--a-w c:\windows\system32\dllcache\ieapfltr.dat
2009-04-09 09:51 . 2009-04-09 09:51

d-sh--w c:\documents and settings\Sony Vaio\IECompatCache
2009-03-26 19:52 . 2009-03-26 19:52

d

w c:\documents and settings\All Users\Application Data\AVS4YOU
2009-03-26 19:52 . 2009-03-26 19:52

d

w c:\documents and settings\Sony Vaio\Application Data\AVS4YOU
2009-03-26 19:51 . 2003-05-21 12:50 24576 ----a-w c:\windows\system32\msxml3a.dll
2009-03-21 14:06 . 2009-03-21 14:06 989696 -c----w c:\windows\system32\dllcache\kernel32.dll
2009-03-20 12:08 . 2009-03-20 12:08

d-sh--w c:\documents and settings\Sony Vaio\IETldCache
2009-03-20 12:08 . 2009-03-20 12:08

d-sh--w c:\documents and settings\LocalService\IETldCache
2009-03-20 11:42 . 2009-04-13 20:17

d

w c:\windows\ie8updates
2009-03-20 11:31 . 2009-02-28 04:55 105984 -c----w c:\windows\system32\dllcache\iecompat.dll
2009-03-18 15:54 . 2001-08-17 22:36 8192 ----a-w c:\windows\system32\kbdkor.dll
2009-03-18 15:54 . 2001-08-17 22:36 8704 ----a-w c:\windows\system32\kbdjpn.dll
2009-03-18 15:54 . 2001-08-17 14:55 6144 ----a-w c:\windows\system32\kbd101c.dll
2009-03-18 15:54 . 2001-08-17 14:55 5632 ----a-w c:\windows\system32\kbd103.dll
2009-03-18 15:53 . 2001-08-17 14:55 6144 ----a-w c:\windows\system32\kbd101b.dll
2009-03-18 15:53 . 2008-04-14 01:09 6144 ----a-w c:\windows\system32\kbd106.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-14 15:00 . 2008-11-10 10:27

d

w c:\program files\Malwarebytes' Anti-Malware
2009-04-14 11:38 . 2009-04-14 11:38

d

w c:\program files\Trend Micro
2009-04-13 21:08 . 2009-04-10 18:50

d

w c:\program files\Microsoft Silverlight
2009-04-12 21:04 . 2007-03-12 16:19 19009 -c--a-w C:\debug.log
2009-04-12 11:30 . 2006-09-26 20:00 85024 -c--a-w c:\documents and settings\Sony Vaio\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-12 11:29 . 2006-09-30 23:08

d

w c:\program files\Windows Live Toolbar
2009-04-12 11:28 . 2009-04-10 18:31

d

w c:\program files\Windows Live
2009-04-12 11:27 . 2009-04-12 11:27

d

w c:\program files\Windows Live SkyDrive
2009-04-11 22:03 . 2009-04-11 22:03

d

w c:\program files\MSBuild
2009-04-11 22:02 . 2009-04-11 22:02

d

w c:\program files\Reference Assemblies
2009-04-11 10:25 . 2006-09-30 23:05

d

w c:\program files\MSN Messenger
2009-04-10 23:06 . 2009-04-10 18:32

d

w c:\program files\Microsoft
2009-04-10 18:44 . 2009-04-10 18:44

d

w c:\program files\Microsoft Sync Framework
2009-04-10 18:41 . 2009-04-10 18:41

d

w c:\program files\Microsoft SQL Server Compact Edition
2009-04-10 18:18 . 2009-04-10 18:18

d

w c:\program files\Common Files\Windows Live
2009-04-06 14:32 . 2008-11-10 10:27 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 14:32 . 2008-11-10 10:27 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-03-29 10:34 . 2009-03-26 19:51

d

w c:\program files\AVS4YOU
2009-03-29 10:34 . 2009-03-26 19:51

d

w c:\program files\Common Files\AVSMedia
2009-03-26 19:41 . 2009-03-26 19:41

d

w c:\program files\MIKSOFT
2009-03-25 20:46 . 2008-09-16 20:25

d

w c:\program files\Windows Live Safety Center
2009-03-10 10:50 . 2006-10-01 12:16 148 -c-ha-w C:\sqmdata10.sqm
2009-03-10 10:50 . 2006-10-01 12:16 268 -c-ha-w C:\sqmdata09.sqm
2009-03-10 10:50 . 2006-10-01 12:15 268 -c-ha-w C:\sqmdata08.sqm
2009-03-10 10:50 . 2006-10-01 12:15 172 -c-ha-w C:\sqmnoopt08.sqm
2009-03-10 10:50 . 2006-10-01 12:14 244 -c-ha-w C:\sqmnoopt07.sqm
2009-03-08 03:34 . 2005-03-03 08:21 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 03:34 . 2005-03-03 08:20 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 03:33 . 2005-03-03 08:20 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 03:33 . 2005-03-03 08:21 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 03:32 . 2005-03-03 08:20 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 03:32 . 2005-03-03 08:20 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 03:31 . 2005-03-03 08:20 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 03:31 . 2005-03-03 08:20 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 03:31 . 2005-03-03 08:20 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 03:22 . 2005-03-03 08:20 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-06 14:22 . 2005-03-03 08:21 284160 ----a-w c:\windows\system32\pdh.dll
2009-02-23 22:10 . 2006-10-01 12:14 268 -c-ha-w C:\sqmdata07.sqm
2009-02-23 22:10 . 2006-10-01 12:14 244 -c-ha-w C:\sqmnoopt06.sqm
2009-02-09 12:10 . 2005-03-03 08:20 729088 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2005-03-03 08:21 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 12:10 . 2005-03-03 08:20 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2005-03-03 08:20 617472 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 11:13 . 2005-03-03 08:21 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-07 18:02 . 2004-08-03 22:59 2066048 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-06 17:52 . 2009-02-06 17:52 49504 ----a-w c:\windows\system32\sirenacm.dll
2009-02-06 11:11 . 2005-03-03 08:21 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 11:08 . 2005-03-03 08:20 2189056 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 10:39 . 2005-03-03 08:21 35328 ----a-w c:\windows\system32\sc.exe
2009-02-03 19:59 . 2005-03-03 08:21 56832 ----a-w c:\windows\system32\secur32.dll
2008-11-08 11:36 . 2008-11-08 11:36 18409 -c--a-w c:\documents and settings\All Users\Application Data\wuxacevax.bat
2008-11-08 11:36 . 2008-11-08 11:36 17723 -c--a-w c:\program files\Common Files\ikozevusyl.ban
2008-11-08 11:36 . 2008-11-08 11:36 15338 -c--a-w c:\documents and settings\All Users\Application Data\tisasufer.sys
2008-11-08 11:36 . 2008-11-08 11:36 14974 -c--a-w c:\documents and settings\All Users\Application Data\ucytaca.com
2008-11-08 11:36 . 2008-11-08 11:36 14806 -c--a-w c:\program files\Common Files\ikux.reg
2008-11-08 11:36 . 2008-11-08 11:36 14457 -c--a-w c:\program files\Common Files\fesavel.lib
2008-11-08 11:36 . 2008-11-08 11:36 13052 -c--a-w c:\documents and settings\Sony Vaio\Local Settings\Application Data\bisinafo.bat
2008-11-08 11:36 . 2008-11-08 11:36 12170 -c--a-w c:\documents and settings\Sony Vaio\Application Data\aqij.vbs
2008-11-08 11:36 . 2008-11-08 11:36 10204 -c--a-w c:\program files\Common Files\etynob.dl
2008-06-23 10:42 . 2008-06-23 10:42 0 -c--a-w c:\documents and settings\Sony Vaio\Application Data\wklnhst.dat
2007-05-30 16:26 . 2006-10-28 16:10 47360 -c--a-w c:\documents and settings\Sony Vaio\Application Data\pcouffin.sys
2007-02-15 20:49 . 2007-02-15 20:49 722176 -c--a-w c:\documents and settings\Sony Vaio\gotomypc_428.exe
2006-10-28 16:10 . 2006-10-28 16:10 81920 -c--a-w c:\documents and settings\Sony Vaio\Application Data\ezpinst.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"msnmsgr"="c:\progra~1\WI1F86~1\MESSEN~1\msnmsgr.exe" [2009-02-06 3885408]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\ypager.exe" [2004-06-07 2498560]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-24 39408]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2003-11-07 114688]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-02-17 5406720]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-02-22 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-02-22 126976]
"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2005-01-14 184320]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]
"PDService.exe"="c:\program files\Utimaco\SafeGuard PrivateDisk\pdservice.exe" [2004-07-06 40960]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-10-17 185896]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2005-02-21 13783040]
"Mouse Suite 98 Daemon"="ICO.EXE" - c:\windows\system32\ico.exe [2002-03-14 45056]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]
c:\documents and settings\Default User\Start Menu\Programs\Startup\
VAIO Launcher.lnk - c:\program files\Sony\VAIO Launcher\Launcher.exe [2006-9-13 778240]
c:\documents and settings\Sony Vaio\Start Menu\Programs\Startup\
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2009-1-24 385024]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2005-01-18 12:48 73728 ----a-w c:\windows\system32\VESWinlogon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= c:\progra~1\COMMON~1\SONYSH~1\VideoLib\sonydv.dll
"VIDC.MJPG"= Pvmjpg30.dll
"VIDC.PIM1"= pclepim1.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GetRight - Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\GetRight - Tray Icon.lnk
backup=c:\windows\pss\GetRight - Tray Icon.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk
backup=c:\windows\pss\Service Manager.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
2008-06-12 14:28 266497 -c--a-w c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BarbieGirlsTray]
2007-03-15 02:59 24576 -c--a-w c:\program files\Mattel\Barbie Girls\Mattel.BarbieGirls.Tray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
2007-03-23 13:20 227328 -c--a-w c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-03-14 02:43 83608 -c--a-w c:\program files\Java\jre1.6.0_01\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2006-10-17 20:53 185896 -c--a-w c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
2004-06-07 14:44 2498560 -c--a-w c:\program files\Yahoo!\Messenger\YPager.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"c:\\Program Files\\GetRight\\getright.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
R2 sdAuxService;PC Tools Auxiliary Service; [x]
R3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE [2002-12-17 311872]
S1 pctfw2;pctfw2;c:\windows\system32\drivers\pctfw2.sys [2008-07-28 160792]
S1 PrivateDisk;PrivateDisk;c:\windows\system32\Drivers\PrivateDiskM.sys [2004-07-06 45627]
S2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-04 98304]
S2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe [2002-12-17 7520337]
S2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-04 118784]
S2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
.
Contents of the 'Scheduled Tasks' folder
2009-04-15 c:\windows\Tasks\User_Feed_Synchronization-{B25C049C-1324-491F-8E07-53F67EA28FA3}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
HKLM-Run-MessengerPlus3 - c:\documents and settings\Sony Vaio\Desktop\MsgPlus.exe
HKU-Default-Run-msnmsgr - c:\program files\MSN Messenger\msnmsgr.exe
MSConfigStartUp-MsnMsgr - c:\program files\MSN Messenger\MsnMsgr.Exe
MSConfigStartUp-Sony Ericsson PC Suite - c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
MSConfigStartUp-Uniblue RegistryBooster 2 - c:\program files\Uniblue\RegistryBooster 2\RegistryBooster.exe

.

Supplementary Scan

.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8&rlz=1I7SNYJ_en
uInternet Settings,ProxyServer = 165.228.131.10:3128
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Download with GetRight Pro - c:\program files\GetRight\GRdownload.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Open in new background tab - c:\program files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/229?b80565f305254089b767039f4d0185c3
IE: Open in new foreground tab - c:\program files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/230?b80565f305254089b767039f4d0185c3
IE: Open with GetRight Pro Browser - c:\program files\GetRight\GRbrowse.htm
LSP: c:\program files\Common Files\PC Tools\LSP\PCTLsp.dll
Trusted Zone: sony-europe.com
Trusted Zone: sonystyle-europe.com
Trusted Zone: vaio-link.com
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://download.ewido.net/ewidoOnlineScan.cab
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-15 10:11
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.

LOCKED REGISTRY KEYS

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,de,ff,2c,3b,74,
20,b0,3b,e2,63,26,f1,3f,c8,ff,68,41,78,54,6b,cb,25,73,5e,e2,63,26,f1,3f,c8,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,bb,bd,2e,03,65,
62,44,7d,6a,9c,d6,61,af,45,84,18,38,bb,d5,45,c2,68,70,5c,6a,9c,d6,61,af,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,ae,c7,73,33,6b,
a1,eb,26,ff,7c,85,e0,43,d4,0e,fe,e7,38,ef,42,95,63,97,c3,ff,7c,85,e0,43,d4,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,39,aa,c8,6d,a3,
16,d7,97,86,8c,21,01,be,91,eb,e7,ba,33,a5,03,1a,41,48,16,86,8c,21,01,be,91,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,6f,a9,67,b3,f1,
c0,8e,a0,f5,1d,4d,73,a8,13,5c,05,1d,83,69,e8,ac,fb,66,38,f5,1d,4d,73,a8,13,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,b0,17,0e,68,30,
b3,05,5b,df,20,58,62,78,6b,cf,c8,4e,9e,52,48,ec,c0,a7,1c,df,20,58,62,78,6b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,8e,b6,e2,e1,a3,
1e,08,38,fb,a7,78,e6,12,2f,9a,ea,e2,c6,0d,83,3a,45,f8,77,fb,a7,78,e6,12,2f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,0f,fc,14,15,45,
fa,c2,17,01,3a,48,fc,e8,04,4a,f1,82,29,83,2f,7d,40,7b,d2,01,3a,48,fc,e8,04,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,ef,bc,5a,23,d3,
ff,64,5f,f6,0f,4e,58,98,5b,89,c9,25,df,65,00,2e,63,32,b1,f6,0f,4e,58,98,5b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,0e,56,82,64,10,
92,ed,3e,3d,ce,ea,26,2d,45,aa,78,37,32,9f,41,5c,1f,78,77,3d,ce,ea,26,2d,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,52,d3,40,6a,47,
74,70,9b,2a,b7,cc,b5,b9,7f,41,e7,8b,2c,6d,d9,31,77,a6,50,2a,b7,cc,b5,b9,7f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,b4,c7,f2,ee,5c,
b3,0f,49,6c,43,2d,1e,aa,22,2f,9c,92,e1,1e,0f,d6,06,73,36,6c,43,2d,1e,aa,22,\
.

DLLs Loaded Under Running Processes

- - - - - - - > 'winlogon.exe'(900)
c:\windows\system32\VESWinlogon.dll
- - - - - - - > 'lsass.exe'(956)
c:\program files\Common Files\PC Tools\LSP\PCTLsp.dll
- - - - - - - > 'explorer.exe'(2256)
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\xpsp3res.dll
.

Other Running Processes

.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
c:\windows\system32\igfxext.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
c:\windows\system32\wscntfy.exe
c:\program files\Apoint\ApntEx.exe
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
.

ayeshasi · 15 April 2009 at 9:21AM

**************************************************************************
.
Completion time: 2009-04-15 10:18 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-15 09:18
Pre-Run: 9,443,999,744 bytes free
Post-Run: 9,562,017,792 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
355 --- E O F --- 2009-04-12 09:21

aliEnRIK · 15 April 2009 at 10:17AM

Now run a
KASPERSKY ONLINE SCAN (click to scan 'MY COMPUTER')
http://www.kaspersky.co.uk/kos_trialpay_offer

ayeshasi · 15 April 2009 at 11:01AM

scanning............

ayeshasi · 15 April 2009 at 3:22PM

Ive done the scan....nothing found.
What shall i do now???

aliEnRIK · 15 April 2009 at 4:51PM

Ill go through the combofix log proper when ive time

For now though id do what some of the others have suggested and give FIREFOX a go
http://www.mozilla-europe.org/en/firefox/

The other option is to uninstall IE8 to revert back to IE7 but that has caused problems on some pcs so you do it at some risk

cant access website

Comments

Confirm your email address to Create Threads and Reply

🚀 Getting Started

Categories

Is this how you want to be seen?

Get our FREE Weekly email full of deals & guides - and it’s spam-free