SECOND PART:
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-02 03:58 --------- d-----w c:\program files\Common Files\Sony Shared
2009-01-02 03:57 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-02 03:57 --------- d-----w c:\program files\Sony
2009-01-02 03:56 --------- d-----w c:\programdata\Sony Corporation
2008-12-23 06:53 --------- d-----w c:\program files\Apoint
2008-12-16 06:03 --------- d-----w c:\program files\Java
2008-12-15 06:24 --------- d-sh--w c:\programdata\Templates
2008-12-15 06:24 --------- d-sh--w c:\programdata\Start Menu
2008-12-15 06:24 --------- d-sh--w c:\programdata\Favorites
2008-12-15 06:24 --------- d-sh--w c:\programdata\Documents
2008-12-15 06:24 --------- d-sh--w c:\programdata\Desktop
2008-12-15 06:24 --------- d-sh--w c:\programdata\Application Data
2008-12-15 04:38 --------- d-----w c:\program files\Common Files\InstallShield
2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini
.
(((((((((((((((((((((((((((((
snapshot@2009-01-03_19.54.03.84 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-01-03 00:30:43 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-01-05 02:08:40 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-01-03 00:30:43 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-01-05 02:08:40 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-01-04 03:53:26 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2009-01-05 02:10:25 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2009-01-04 03:53:20 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2009-01-05 02:10:20 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2009-01-04 03:44:36 32,768 --sha-w
c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-01-05 02:10:23 32,768 --sha-w
c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-01-04 03:44:36 147,456 --sha-w
c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary
Internet Files\Content.IE5\index.dat
+ 2009-01-05 02:10:23 147,456 --sha-w
c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary
Internet Files\Content.IE5\index.dat
- 2009-01-04 03:44:36 32,768 --sha-w
c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-01-05 02:10:23 32,768 --sha-w
c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-01-03 00:39:14 107,714 ----a-w c:\windows\System32\perfc009.dat
+ 2009-01-05 00:11:13 107,714 ----a-w c:\windows\System32\perfc009.dat
- 2009-01-03 00:39:15 626,976 ----a-w c:\windows\System32\perfh009.dat
+ 2009-01-05 00:11:13 626,976 ----a-w c:\windows\System32\perfh009.dat
- 2009-01-03 00:33:08 4,734 ----a-w
c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-712910195-2065108488-2920947175-1002_UserData.bin
+ 2009-01-05 02:10:44 4,798 ----a-w
c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-712910195-2065108488-2920947175-1002_UserData.bin
- 2009-01-03 00:33:08 65,992 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-01-05 02:10:44 66,386 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2009-01-03 00:05:32 30,538 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-01-05 02:10:42 30,944 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2006-11-02 1196032]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-29 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-29 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-29 133656]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-15 136600]
"VAIO Center Access Bar"="c:\program files\sony\VAIO Center Access Bar\VCAB.exe" [2007-06-21 53248]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 115816]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec
Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe"
[2008-01-29 583048]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-07-24 18:26 98304 c:\windows\System32\VESWinlogon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= c:\program files\Common Files\Sony Shared\VideoLib\sonydv.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\
0[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{1980A3A3-72DB-4E3F-9F05-2191AA5DB79A}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{0816D0DF-B54B-4F22-AD54-EF92FB51704A}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)
R1 IDSvix86;Symantec Intrusion Prevention
Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\idsdefs\20081214.001\IDSvix86.sys
[2008-12-15 270384]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common
Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-12-15 99376]
R3 KeyScrambler;KeyScrambler;c:\windows\System32\drivers\keyscrambler.sys [2009-01-01 113896]
R3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\System32\drivers\R5U870FLx86.sys [2007-08-01 75008]
R3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\System32\drivers\R5U870FUx86.sys [2007-08-01 43904]
R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\System32\drivers\SonyImgF.sys [2007-08-01 31104]
R3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\symndisv.sys [2007-01-09 38200]
R3 ti21sony;ti21sony;c:\windows\System32\drivers\ti21sony.sys [2007-08-01 812544]
R4 regi;regi;c:\windows\System32\drivers\regi.sys [2007-04-17 11032]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing
Manager;c:\program files\Sony\VCM Intelligent Analyzing
Manager\VcmIAlzMgr.exe [2009-01-01 333088]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program
files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2007-08-01
79736]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
*Newly Created Service* - COMHOST
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.yahoo.com/IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
c:\windows\Downloaded Program Files\OberonGameHost.dll - O16 -: {D0C0F75C-683A-4390-A791-1ACFD5599AB8}
hxxp://games.myspace.com/Gameshell/GameHost/1.0/OberonGameHost.cabc:\windows\Downloaded Program Files\OberonGameHost_dbg.inf
FF - ProfilePath - c:\users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\rafdrutm.default\
FF - prefs.js: browser.startup.homepage -
hxxp://www.edcc.edu/FF - component:
c:\users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\rafdrutm.default\extensions\keyscrambler@qfx.software.corporation\components\KeyScramblerIE.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
ATTENTION: FIREFOX POLICES IS IN FORCE FF - user.js: yahoo.homepage.dontask - true.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-01-04 18:15:26
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2009-01-04 18:16:27
ComboFix-quarantined-files.txt 2009-01-05 02:16:24
ComboFix2.txt 2009-01-04 03:55:12
Pre-Run: 223,257,763,840 bytes free
Post-Run: 223,234,809,856 bytes free
239