Run a new combofix scan and post the results

ComboFix 10-02-05.04 - Sony 02/06/2010 12:56:58.4.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2039.1625 [GMT -6:00]
Running from: c:\documents and settings\Sony\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated) {820674FC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {00000000-0000-0000-0000-000000000000}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {0A333EF8-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {819EBAE4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {81B27664-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {81B2CA5C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {81BC2A5C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {81BEAA74-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {81C0BC8C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {81C0F93C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {81C1F924-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {81C5E954-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {81C6760C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {81C6BA5C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {81C74594-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {81C7D9B4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {81C7F374-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {81C9BB64-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {81C9D6B4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {81CA78EC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {81CB0504-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {81CC5C2C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {81CCADDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {81CDADDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {81D03644-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {81D4182C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {81D54924-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {81D74AB4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {81D7560C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {81D7E054-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {81D87B64-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {81D89DDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {81D8FDDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {81D90054-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {81D9223C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {81D97C1C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {81DA389C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {81DAA3FC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {81DBD5BC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {81DC53D4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {81DC9324-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {81DD0C34-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {81DD581C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {81DDA8B4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {81DE75E4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {81DEFC34-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {81DF1684-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {81DF6C44-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {81E0646C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {81E115BC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {81E1161C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {81E165F4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {81E16DDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {81E1F80C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {81E274A4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {81E5A874-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {81E5B57C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {81E689CC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {81FE5C34-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {81FF74BC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82005B64-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8200F88C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8203563C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82042C34-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8206EC1C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8207CDDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82090D44-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {820A3714-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {820AB284-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {820B46FC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {820B630C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {820CBDDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {820D4964-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {820EB8A4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {820FF304-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8210C72C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {821413F4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {821486C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8215491C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8216689C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8219D484-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {821FF514-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8226A96C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8227E71C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {822B0A54-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {822EE424-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {BADB0D00-FFA4-00EF-0D24-347CA8A3377C}
.

((((((((((((((((((((((((( Files Created from 2010-01-06 to 2010-02-06 )))))))))))))))))))))))))))))))
.

2010-02-06 18:43 . 2009-12-24 16:58 6515976 ---ha-w- c:\documents and settings\Sony\Application Data\mjusbsp\in00000\setup.exe
2010-02-06 18:43 . 2009-12-24 16:54 730032 ---ha-w- c:\documents and settings\Sony\Application Data\mjusbsp\ar00000\install.exe
2010-02-06 04:43 . 2010-02-06 04:44 -------- d-----w- c:\program files\Viewpoint
2010-02-03 05:00 . 2010-02-03 05:00 -------- d-----w- c:\documents and settings\HelpAssistant\WINDOWS
2010-02-02 15:26 . 2010-02-06 04:02 -------- d-----w- c:\documents and settings\HelpAssistant
2010-01-22 21:50 . 2010-02-06 02:06 -------- d-s---w- c:\documents and settings\LocalService\Temporary Internet Files
2010-01-22 21:50 . 2010-01-22 21:52 -------- d-s---w- c:\documents and settings\LocalService\History
2010-01-20 23:59 . 2010-01-20 23:59 -------- d-----w- c:\program files\MSXML 4.0
2010-01-20 23:51 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-20 23:50 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2010-01-20 23:42 . 2010-01-20 23:42 -------- d-----w- c:\documents and settings\Sony\Local Settings\Application Data\tjnet
2010-01-20 23:34 . 2009-12-24 16:58 6515976 ---ha-w- c:\documents and settings\Sony\Application Data\mjusbsp\Upgrade\setup1.exe
2010-01-20 23:34 . 2009-12-24 16:54 730032 ---ha-w- c:\documents and settings\Sony\Application Data\mjusbsp\Upgrade\install1.exe
2010-01-20 23:34 . 2010-02-06 18:44 -------- d-----w- c:\documents and settings\Sony\Application Data\mjusbsp
2010-01-20 22:54 . 2008-04-13 18:45 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2010-01-20 22:54 . 2008-04-13 18:45 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-05 05:53 . 2005-12-29 07:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-02-02 20:20 . 2010-02-02 20:20 -------- d-----w- c:\documents and settings\Administrator.INNUENDOES\Application Data\Malwarebytes
2010-02-01 21:35 . 2006-01-20 05:16 -------- d-----w- c:\documents and settings\LocalService\Application Data\Sony Corporation
2010-02-01 17:22 . 2008-09-11 13:56 66570 ----a-w- c:\documents and settings\All Users\Application Data\AOL\C_America Online 9.0a\ctem.sys
2010-01-26 01:14 . 2005-07-04 22:39 -------- d-----w- c:\documents and settings\Sony\Application Data\Sony Corporation
2010-01-11 03:16 . 2009-05-08 02:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-11 03:16 . 2009-05-28 18:53 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-07 22:07 . 2009-05-08 02:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 22:07 . 2009-05-08 02:14 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-29 07:11 . 2009-12-28 07:10 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-28 07:10 . 2009-12-28 07:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-12-28 07:10 . 2009-01-28 19:58 -------- d-----w- c:\program files\Avira
2009-12-24 16:59 . 2009-12-24 16:59 93016 ----a-w- c:\documents and settings\Sony\Application Data\mjusbsp\ug00000\magicJack.dll
2009-12-24 16:58 . 2009-12-24 16:58 6515976 ----a-w- c:\documents and settings\Sony\Application Data\mjusbsp\ug00000\setup.exe
2009-12-24 16:58 . 2009-12-24 16:58 416328 ----a-w- c:\documents and settings\Sony\Application Data\mjusbsp\magicJackLoader.exe
2009-12-24 16:58 . 2009-12-24 16:58 480608 ----a-w- c:\documents and settings\Sony\Application Data\mjusbsp\octvqe1_apiw.dll
2009-12-24 16:58 . 2009-12-24 16:58 214360 ----a-w- c:\documents and settings\Sony\Application Data\mjusbsp\TjVista.dll
2009-12-24 16:58 . 2009-12-24 16:58 337240 ----a-w- c:\documents and settings\Sony\Application Data\mjusbsp\TjIpSys.dll
2009-12-24 16:58 . 2009-12-24 16:58 607600 ----a-w- c:\documents and settings\Sony\Application Data\mjusbsp\SJHandsetMagicJack.dll
2009-12-24 16:58 . 2009-12-24 16:58 87384 ----a-w- c:\documents and settings\Sony\Application Data\mjusbsp\st00000\mjsetup.exe
2009-12-24 16:57 . 2009-12-24 16:57 93016 ----a-w- c:\documents and settings\Sony\Application Data\mjusbsp\st00000\magicJack.dll
2009-12-24 16:57 . 2009-12-24 16:57 93016 ----a-w- c:\documents and settings\Sony\Application Data\mjusbsp\magicJack.dll
2009-12-24 16:55 . 2009-12-24 16:55 12482904 ----a-w- c:\documents and settings\Sony\Application Data\mjusbsp\magicJack.exe
2009-12-24 16:54 . 2009-12-24 16:54 730032 ----a-w- c:\documents and settings\Sony\Application Data\mjusbsp\ug00000\install.exe
2009-12-24 16:53 . 2009-12-24 16:53 87384 ----a-w- c:\documents and settings\Sony\Application Data\mjusbsp\in00000\mjsetup.exe
2009-12-24 16:53 . 2009-12-24 16:53 93016 ----a-w- c:\documents and settings\Sony\Application Data\mjusbsp\in00000\magicJack.dll
2009-12-24 16:52 . 2009-12-24 16:52 441704 ----a-w- c:\documents and settings\Sony\Application Data\mjusbsp\ug00000\magicJackSplash.exe
2009-12-24 16:52 . 2009-12-24 16:52 441704 ----a-w- c:\documents and settings\Sony\Application Data\mjusbsp\st00000\magicJackSplash.exe
2009-12-24 16:52 . 2009-12-24 16:52 441704 ----a-w- c:\documents and settings\Sony\Application Data\mjusbsp\magicJackSplash.exe
2009-12-24 16:52 . 2009-12-24 16:52 441704 ----a-w- c:\documents and settings\Sony\Application Data\mjusbsp\in00000\magicJackSplash.exe
2009-12-24 16:52 . 2009-12-24 16:52 50520 ----a-w- c:\documents and settings\Sony\Application Data\mjusbsp\cdloader2.exe
2009-12-22 05:21 . 2005-03-02 23:44 667136 ------w- c:\windows\system32\wininet.dll
2009-12-22 05:20 . 2005-03-02 23:44 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-11-21 15:51 . 2005-03-02 23:44 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-08-05 21:24 . 2009-08-05 21:22 8050536 ----a-w- c:\program files\Firefox+Setup+3[2].5.2.exe
2009-04-06 21:30 . 2009-04-04 17:39 1277680 ----a-w- c:\program files\CouponPrinter.exe
2006-05-24 23:29 . 2006-05-24 23:29 37311488 ----a-w- c:\program files\iTunesSetup.exe
2006-02-20 04:11 . 2006-02-20 04:11 1931216 ----a-w- c:\program files\SetupSonyDownloadTaxi.exe
2006-02-18 07:33 . 2006-02-18 07:33 58368 ----a-w- c:\program files\MFInstall.exe
2006-02-16 04:17 . 2006-02-16 04:17 10420936 ----a-w- c:\program files\xlviewer.exe
2006-02-16 04:05 . 2006-02-16 04:04 12307656 ----a-w- c:\program files\wdviewer.exe
2006-02-16 04:02 . 2006-02-16 04:01 1951432 ----a-w- c:\program files\ppviewer.exe
2006-02-16 03:55 . 2006-02-16 03:55 2817536 ----a-w- c:\program files\ica32t.exe
2006-02-16 03:54 . 2006-02-16 03:54 7789851 ----a-w- c:\program files\rpv40plgIEu.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-02-06_02.40.50 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-02-06 18:42 . 2010-02-06 18:42 16384 c:\windows\Temp\Perflib_Perfdata_718.dat
+ 2010-02-06 18:42 . 2010-02-06 18:42 16384 c:\windows\Temp\Perflib_Perfdata_634.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-03-18 4363504]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"cdloader"="c:\documents and settings\Sony\Application Data\mjusbsp\cdloader2.exe" [2009-12-24 50520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HostManager"="c:\program files\Common Files\AOL\1147670399\ee\AOLSoftware.exe" [2007-10-08 41824]
"AGRSMMSG"="AGRSMMSG.exe" [2004-10-08 88363]
"SoundMan"="SOUNDMAN.EXE" [2004-10-21 77824]
"AlcWzrd"="ALCWZRD.EXE" [2004-10-21 2744832]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-02-08 126976]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-08-13 61952]
"CreateCD_Reminder"="c:\windows\Sonysys\VAIO Recovery\reminder.exe" [2004-07-16 53248]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-09-10 344064]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"VAIO Update 3"="c:\program files\Sony\VAIO Update 3\VAIOUpdt.exe" [2007-05-16 551032]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-09-26 185640]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-1-26 113664]
AOL 9.1 Tray Icon.lnk - c:\program files\America Online 9.0a\aoltray.exe [2008-9-11 36954]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online Tray Icon.lnk
backup=c:\windows\pss\America Online Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk
backup=c:\windows\pss\Service Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SpySubtract.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SpySubtract.lnk
backup=c:\windows\pss\SpySubtract.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows XP Start Something Demo Metrics.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows XP Start Something Demo Metrics.lnk
backup=c:\windows\pss\Windows XP Start Something Demo Metrics.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows XP Start Something Demo.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows XP Start Something Demo.lnk
backup=c:\windows\pss\Windows XP Start Something Demo.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
2004-10-08 15:50 88363 ----a-w- c:\windows\AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
2004-10-21 23:44 2744832 ----a-w- c:\windows\ALCWZRD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2004-09-10 05:10 344064 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CreateCD_Reminder]
2004-07-16 19:17 53248 ----a-w- c:\windows\SONYSYS\VAIO Recovery\Reminder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ExecAfterFirstBoot]
2005-02-23 21:01 204800 ----a-w- c:\windows\SONYSYS\EFlyer\ExecAfterFirstBoot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
2004-08-13 01:45 61952 ----a-w- c:\windows\system32\Hdaudpropshortcut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2005-02-08 18:32 126976 ----a-w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2005-02-08 18:36 155648 ----a-w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pure Networks Port Magic]
2004-04-05 21:33 99480 ----a-w- c:\progra~1\PURENE~1\PORTMA~1\PortAOL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-05 22:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2007-03-03 08:42 214560 ----a-w- c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2004-10-21 20:20 77824 ----a-w- c:\windows\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VZRemoteCommander]
2005-01-31 18:10 192512 ----a-w- c:\program files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YBrowser]
2006-07-21 22:19 129536 ----a-w- c:\progra~1\Yahoo!\browser\ybrwicon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"LiveUpdate Notice Service"=2 (0x2)
"LiveUpdate Notice Ex"=2 (0x2)
"CLTNetCnService"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\America Online 9.0a\\waol.exe"=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Common Files\\AOL\\1147670399\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Yahoo!\\browser\\ycommon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\Sony\\Application Data\\mjusbsp\\magicJack.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"3246:TCP"= 3246:TCP:Services
"2479:TCP"= 2479:TCP:Services
"3389:TCP"= 3389:TCP:Remote Desktop
"5744:TCP"= 5744:TCP:Services
"7473:TCP"= 7473:TCP:Services

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [12/28/2009 1:10 AM 108289]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [9/25/2009 11:32 PM 189736]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB [?]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB [?]
.
Contents of the 'Scheduled Tasks' folder

2005-07-04 c:\windows\Tasks\Registration reminder 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2005-03-03 00:12]

2005-07-04 c:\windows\Tasks\Registration reminder 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2005-03-03 00:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-us\local\search.html
IE: Transfer by Image Converter 2 - c:\program files\Sony\Image Converter 2\menu.htm
Trusted Zone: bitdefender.com
Trusted Zone: bitdefender.com\www
Trusted Zone: google.com\www
Trusted Zone: kaspersky.com\www
Trusted Zone: parlophone.co.uk\queenforum
Trusted Zone: sprintpcs.com\sso
Trusted Zone: trendmicro.com\housecall65
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://download.ewido.net/ewidoOnlineScan.cab
DPF: {65FDEDF3-8ED9-4F5B-825E-18C2D44191A7} - hxxps://as00.estara.com/UI/proxyhttps.php?a=downloads.estara.com./&hash=038ec32bd2ef1a2195536b9b7c312624&url=http%3A%2F%2Fd.64.69.14.190.downloads.estara.com.%2Fas%2FOneCCDM.php&template=107051&sessionid=486528149_64.69.14.190_53802&=&req=1265066018140OneCC.cab
FF - ProfilePath - c:\documents and settings\Sony\Application Data\Mozilla\Firefox\Profiles\vdvxu7xx.default\
.

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1825112312-1052192824-3671610397-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1825112312-1052192824-3671610397-1006\Software\Policies\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (S-1-5-21-1825112312-1052192824-3671610397-1006)
@Allowed: (Read) (S-1-5-21-1825112312-1052192824-3671610397-1006)
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(692)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2712)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-02-06 13:11:31
ComboFix-quarantined-files.txt 2010-02-06 19:11
ComboFix2.txt 2010-02-06 04:41
ComboFix3.txt 2010-02-06 02:46
ComboFix4.txt 2009-01-17 23:27

Pre-Run: 112,827,748,352 bytes free
Post-Run: 112,791,281,664 bytes free

- - End Of File - - 54EBBFF72DC0100BE815347EDADD6815

Cool, we killed the Stealth MBR rootkit

How's it running now?

Hey,

It's practically running like brand new! I was able to search the net, have Photoshop open and work in it, have a genealogy program open and no freezing at all. I am totally amazed! I thought that was the end of that computer.

You're the best!

Good job

The following will implement some cleanup procedures as well as reset System Restore points:

• Click START then RUN
• Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
  
  
  • 
  
  
  
  To be on the safe side, I would also change all my passwords.
  
  
  Here's my usual all clean post
  
  Log looks good
  
  
  
  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    1. From within Internet Explorer click on the Tools menu and then click on Options.
    2. Click once on the Security tab
    3. Click once on the Internet icon so it becomes highlighted.
    4. Click once on the Custom Level button.
       
    5. Change the Download signed ActiveX controls to Prompt
       
    6. Change the Download unsigned ActiveX controls to Disable
       
    7. Change the Initialize and script ActiveX controls not marked as safe to Disable
       
    8. Change the Installation of desktop items to Prompt
       
    9. Change the Launching programs and files in an IFRAME to Prompt
       
    10. Change the Navigate sub-frames across different domains to Prompt
        
    11. When all these settings have been made, click on the OK button.
        
    12. If it prompts you as to whether or not you want to save the settings, press the Yes button.
• Next press the Apply button and then the OK to exit the Internet Properties page.

Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week
(Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

Use a Firewall - I can not stress how important it is that you use a Firewall on your computer.
Without a firewall your computer is succeptible to being hacked and taken over.
I am very serious about this and see it happen almost every day with my clients.
Simply using a Firewall in its default configuration can lower your risk greatly.

Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly.
This will ensure your computer has always the latest security updates available installed on your computer.
If there are new updates to install, install them immediately, reboot your computer, and revisit the site
until there are no more critical updates.

Update all these programs regularly - Make sure you update all the programs I have listed regularly.
Without regular updates you WILL NOT be protected when new malicious programs are released.

Only run one Anti-Virus and Firewall program.


I would suggest you read How to Prevent Malware:

Cool, I'll go do all of that now. You guys are the best.

Great job

You're more then welcome.
Glad we were able to help

Peace be with you

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.