Malwarebytes

Welcome Guest ( Log In | Register )

 
 Closed TopicStart new topic
> hijack.windowsupdate, i cant remove it with mbam
vasilli
post Sep 7 2009, 11:08 AM
Post #1


New Member
*

Group: Members
Posts: 9
Joined: 7-September 09
Member No.: 19,383
Please i have a problem , its called hijack.windowsupdate.
here are my hjt logs.
please help asap




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:04:31 AM, on 9/7/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dude\dude.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\FileZilla Server\FileZilla Server.exe
C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe
C:\Program Files\Dude\dude.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\WINDOWS\system32\HPZipm12.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Starcomms iBOOST\Client\ventc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Starcomms iBOOST\squid\ventcsquid.exe
C:\Program Files\Starcomms iBOOST\squid\ventcdnsserver.exe
C:\Program Files\Starcomms iBOOST\squid\ventcdnsserver.exe
C:\Program Files\Starcomms iBOOST\squid\ventcdnsserver.exe
C:\Program Files\Starcomms iBOOST\squid\ventcdnsserver.exe
C:\Program Files\Starcomms iBOOST\squid\ventcdnsserver.exe
C:\Program Files\Starcomms iBOOST\squid\ventcdnsserver.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
C:\Program Files\Starcomms iBOOST\squid\ventcunlinkd.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\seun\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\NOTEPAD.EXE
C:\Documents and Settings\seun\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\seun\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\ICQ6.5\ICQ.exe
C:\Documents and Settings\seun\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\seun\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\System32\NOTEPAD.EXE
C:\Program Files\ICQ6.5\ICQ.exe
C:\Program Files\Total Video Converter\tvp.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Documents and Settings\seun\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\seun\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\seun\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\seun\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\seun\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\System32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\NOTEPAD.EXE
C:\Documents and Settings\seun\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\seun\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\SearchProtocolHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.55.63.3:8080
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: TBSB03223 - {B4806C1A-FE8A-4008-9DA3-8CEDB6E82C10} - C:\Program Files\WebMoney Advisor\wmadvisor.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: WebMoney Advisor - {3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840} - C:\Program Files\WebMoney Advisor\wmadvisor.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [DudeServer] C:\Program Files\Dude\dude.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MobiLink Lite] C:\Program Files\Novatel Wireless\MobiLink\Lite.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [] (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [] (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [] (User 'Default user')
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Add RSS Support Site to VAIO Information FLOW - C:\Program Files\Sony\VAIO Information FLOW\aiesc.html
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: WebMoney Advisor - {3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840} - C:\Program Files\WebMoney Advisor\wmadvisor.dll
O9 - Extra 'Tools' menuitem: WebMoney Advisor - {3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840} - C:\Program Files\WebMoney Advisor\wmadvisor.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.com/en/
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Settings Manager (ccsetmgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files\FileZilla Server\FileZilla Server.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - Firebird Project - C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Firebird Project - C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Cooporated Initialisation (VCI) - Sony Corporation - C:\Program Files\Sony\VAIO Cooperated Initialisation\VCI_SVC.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: Venturi Client (VenturiClient) - Venturi Wireless - C:\Program Files\Starcomms iBOOST\Client\ventc.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 21278 bytes
Go to the top of the page
 
+Quote Post
vasilli
post Sep 7 2009, 12:30 PM
Post #2


New Member
*

Group: Members
Posts: 9
Joined: 7-September 09
Member No.: 19,383
anybody?????????????????? wacko.gif wacko.gif wacko.gif wacko.gif sad.gif sad.gif sad.gif
Go to the top of the page
 
+Quote Post
screen317
post Sep 8 2009, 08:27 AM
Post #3


Forum Deity
******

Group: Moderators
Posts: 5,546
Joined: 25-November 07
From: Los Angeles
Member No.: 1,886
Hi and welcome to Malwarebytes.

You bumped your topic after an hour. Are you serious??

There are literally hundreds of people who posted before you also waiting for this free service.

Also, bumping your topic makes it appear as though you are already receiving help; as you can see, you were overlooked because of it.


Please update MBAM, run a Quick Scan, and post its log.

-screen317


--------------------
Chris Fistonich
Consumer Support Engineer



Follow us: Twitter, Become a fan: Facebook
Go to the top of the page
 
+Quote Post
vasilli
post Sep 9 2009, 08:44 AM
Post #4


New Member
*

Group: Members
Posts: 9
Joined: 7-September 09
Member No.: 19,383
Malwarebytes' Anti-Malware 1.40
Database version: 2748
Windows 5.1.2600 Service Pack 3

9/9/2009 2:44:08 AM
mbam-log-2009-09-09 (02-44-08).txt

Scan type: Quick Scan
Objects scanned: 122359
Time elapsed: 16 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BITS\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemRoot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wuauserv\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemroot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
Go to the top of the page
 
+Quote Post
screen317
post Sep 10 2009, 05:02 AM
Post #5


Forum Deity
******

Group: Moderators
Posts: 5,546
Joined: 25-November 07
From: Los Angeles
Member No.: 1,886
Hi,

Please visit this webpage for instructions for running ComboFix:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new HijackThis log so we may continue cleaning the system.



-screen317


--------------------
Chris Fistonich
Consumer Support Engineer



Follow us: Twitter, Become a fan: Facebook
Go to the top of the page
 
+Quote Post
vasilli
post Sep 10 2009, 08:22 AM
Post #6


New Member
*

Group: Members
Posts: 9
Joined: 7-September 09
Member No.: 19,383
here is the combofix log:


ComboFix 09-09-09.04 - seun 09/10/2009 1:51.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1014.399 [GMT -6:00]
Running from: c:\documents and settings\seun\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1351 [VPS 090909-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Avira AntiVir PersonalEdition Premium *On-access scanning enabled* (Outdated) {7C90E900-67C8-7C91-FFFF-FFFFB668917C}
AV: BitDefender Antivirus *On-access scanning disabled* (Outdated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: BitDefender Firewall *disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
FW: ZoneAlarm Extreme Security Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Start Menu\HP Image Zone .lnk
c:\documents and settings\seun\Application Data\.#
c:\documents and settings\seun\Application Data\.#\MBX@10EC@3D39D0.###
c:\documents and settings\seun\Application Data\.#\MBX@10EC@3D39E0.###
c:\documents and settings\seun\isql.exe
c:\program files\Mozilla Firefox\extensions\{6E2CEA66-9C01-4580-80E5-FF3267DC2408}
c:\program files\Mozilla Firefox\extensions\{6E2CEA66-9C01-4580-80E5-FF3267DC2408}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{6E2CEA66-9C01-4580-80E5-FF3267DC2408}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{6E2CEA66-9C01-4580-80E5-FF3267DC2408}\install.rdf
c:\program files\WebMoney Advisor
c:\program files\WebMoney Advisor\16x16x32b.bmp
c:\program files\WebMoney Advisor\autosearch_plugin.dll
c:\program files\WebMoney Advisor\basis.xml
c:\program files\WebMoney Advisor\booble.html
c:\program files\WebMoney Advisor\favicon.ico
c:\program files\WebMoney Advisor\info.txt
c:\program files\WebMoney Advisor\tbhelper.dll
c:\program files\WebMoney Advisor\tbs_include_script_014708.js
c:\program files\WebMoney Advisor\tbs_include_script_wmadvisor.js
c:\program files\WebMoney Advisor\tbu06031\16x16x32b.bmp
c:\program files\WebMoney Advisor\tbu06031\autosearch_plugin.dll
c:\program files\WebMoney Advisor\tbu06031\basis.xml
c:\program files\WebMoney Advisor\tbu06031\booble.html
c:\program files\WebMoney Advisor\tbu06031\favicon.ico
c:\program files\WebMoney Advisor\tbu06031\info.txt
c:\program files\WebMoney Advisor\tbu06031\tbhelper.dll
c:\program files\WebMoney Advisor\tbu06031\tbs_include_script_014708.js
c:\program files\WebMoney Advisor\tbu06031\tbs_include_script_wmadvisor.js
c:\program files\WebMoney Advisor\tbu06031\uninstall.exe
c:\program files\WebMoney Advisor\tbu06031\version.txt
c:\program files\WebMoney Advisor\tbu06031\wmadvisor.crc
c:\program files\WebMoney Advisor\tbu06031\wmadvisor.dll
c:\program files\WebMoney Advisor\tbu06031\WMPlugin.dll
c:\program files\WebMoney Advisor\uninstall.exe
c:\program files\WebMoney Advisor\version.txt
c:\program files\WebMoney Advisor\wmadvisor.crc
c:\program files\WebMoney Advisor\wmadvisor.dll
c:\program files\WebMoney Advisor\WMPlugin.dll
c:\windows\Downloaded Program Files\bdcore.dll
c:\windows\Downloaded Program Files\libfn.dll
c:\windows\Installer\59b1b4.msi
c:\windows\Installer\674e4.msi
c:\windows\Installer\df4d.msi
c:\windows\Installer\f8e934.msi
c:\windows\kb913800.exe
c:\windows\system32\logs
c:\windows\system32\SelfDel.bat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_OVFSTHXQHCGQFOT
-------\Service_ovfsthxqhcgqfot


((((((((((((((((((((((((( Files Created from 2009-08-10 to 2009-09-10 )))))))))))))))))))))))))))))))
.

2009-09-09 12:53 . 2009-09-09 12:53 -------- dc----w- c:\program files\ESET
2009-09-09 09:25 . 2009-09-09 09:25 -------- dc----w- c:\documents and settings\seun\Local Settings\Application Data\Scansoft
2009-09-09 08:47 . 2009-09-09 08:47 -------- dc----w- c:\documents and settings\seun\Application Data\ScanSoft
2009-09-09 08:47 . 2009-09-09 08:47 -------- dc----w- c:\documents and settings\All Users\Application Data\ScanSoft
2009-09-09 08:47 . 2009-09-09 08:47 -------- dc----w- c:\program files\Common Files\ScanSoft Shared
2009-09-09 08:46 . 2009-09-09 08:46 -------- dc----w- c:\program files\ScanSoft
2009-09-09 08:39 . 1995-07-31 19:44 212480 -c--a-w- c:\windows\PCDLIB32.DLL
2009-09-09 08:39 . 2009-09-09 08:39 -------- dc----w- c:\program files\ArcSoft
2009-09-09 08:33 . 2005-06-24 04:17 352256 -c--a-w- c:\windows\system32\CNQL1213.DLL
2009-09-09 08:33 . 2005-02-28 19:20 57344 -c--a-w- c:\windows\system32\CNQU110.DLL
2009-09-09 08:08 . 2009-09-09 08:08 -------- dcsh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-09-08 11:49 . 2009-09-08 11:49 -------- dc----w- c:\program files\Webroot
2009-09-08 07:48 . 2009-09-08 07:48 -------- dcsh--w- c:\documents and settings\LocalService\IETldCache
2009-09-07 13:53 . 2009-09-07 13:53 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{5A76C6B3-3FA8-46D0-AA81-62C3805E38BC}
2009-09-07 13:12 . 2009-09-07 13:17 -------- dc-h--w- c:\windows\msdownld.tmp
2009-09-07 13:04 . 2009-09-07 13:05 -------- dc----w- c:\program files\CA Yahoo! Anti-Spy
2009-09-06 18:02 . 2009-09-06 18:02 -------- dc----w- c:\documents and settings\All Users\Application Data\Novatel Wireless
2009-09-06 18:02 . 2009-09-06 18:02 -------- dc----w- c:\program files\Novatel Wireless
2009-08-31 07:54 . 2009-08-31 07:54 -------- dc----w- c:\program files\Total Seminars
2009-08-31 07:24 . 2009-08-31 08:37 4212 -c-ha-w- c:\windows\system32\zllictbl.dat
2009-08-29 11:17 . 2009-09-07 13:17 -------- dc-h--w- c:\windows\ie8
2009-08-26 07:02 . 2008-05-07 06:09 125200 -c--a-w- c:\windows\system32\drivers\dne2000.sys
2009-08-26 07:02 . 2008-05-07 06:09 109840 -c--a-w- c:\windows\system32\dneinobj.dll
2009-08-26 07:02 . 2008-05-29 21:41 89584 -c--a-w- c:\windows\system32\drivers\vwredir.sys
2009-08-26 07:02 . 2009-08-26 07:02 -------- dc----w- c:\program files\Common Files\Deterministic Networks
2009-08-26 07:02 . 2009-08-26 07:03 -------- dc----w- c:\program files\Starcomms iBOOST
2009-08-26 07:00 . 2009-08-26 07:00 -------- dc----w- c:\documents and settings\seun\Application Data\InstallShield
2009-08-26 06:58 . 2009-08-26 07:07 -------- dc----w- c:\program files\Starcomms izap@Slim
2009-08-25 10:13 . 2009-08-25 14:43 -------- dc----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-08-24 13:29 . 2009-08-17 16:04 23152 -c--a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-24 13:29 . 2009-08-17 16:04 51376 -c--a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-24 13:29 . 2009-08-17 16:03 26944 -c--a-w- c:\windows\system32\drivers\aavmker4.sys
2009-08-24 13:28 . 2009-08-17 16:06 93392 -c--a-w- c:\windows\system32\drivers\aswmon.sys
2009-08-24 13:28 . 2009-08-17 16:06 94160 -c--a-w- c:\windows\system32\drivers\aswmon2.sys
2009-08-24 13:28 . 2009-08-17 16:05 114768 -c--a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-24 13:28 . 2009-08-17 16:05 20560 -c--a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-24 13:28 . 2009-08-17 16:02 97480 -c--a-w- c:\windows\system32\AvastSS.scr
2009-08-24 13:28 . 2009-08-17 16:10 1279456 -c--a-w- c:\windows\system32\aswBoot.exe
2009-08-24 10:44 . 2009-08-24 14:28 -------- dc----w- c:\program files\F-Secure
2009-08-17 12:14 . 2009-08-17 12:14 -------- dc----w- c:\documents and settings\seun\Application Data\WinCare2008
2009-08-17 10:00 . 2004-03-24 18:44 151552 -c--a-w- c:\windows\system32\HexValidEmail.dll
2009-08-17 10:00 . 2001-09-11 16:23 24576 -c--a-w- c:\windows\system32\snEUps.dll
2009-08-17 10:00 . 2001-07-18 09:42 122880 -c--a-w- c:\windows\system32\snEU.exe
2009-08-17 10:00 . 2004-03-24 18:44 102400 -c--a-w- c:\windows\system32\HexDns.dll
2009-08-17 09:58 . 2009-08-17 10:00 -------- dc----w- c:\program files\GroupMail 5
2009-08-14 16:21 . 2009-08-14 16:21 -------- dc----w- c:\program files\WinSCP
2009-08-14 14:05 . 2009-08-14 14:05 -------- dc----w- c:\documents and settings\seun\Local Settings\Application Data\Cranium
2009-08-14 10:07 . 2009-08-14 10:07 -------- dc-h--w- c:\windows\$mmUninstallV1$
2009-08-14 10:07 . 2009-08-14 10:07 -------- dc----w- c:\program files\Mad-Monkey

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-10 08:11 . 2008-10-30 08:46 -------- dc----w- c:\documents and settings\seun\Application Data\DMCache
2009-09-09 14:28 . 2008-08-26 14:12 -------- dc----w- c:\documents and settings\seun\Application Data\Skype
2009-09-09 14:00 . 2008-11-05 05:10 -------- dc----w- c:\documents and settings\seun\Application Data\skypePM
2009-09-09 10:11 . 2009-06-19 07:10 -------- dc----w- c:\program files\Zain Mobile Internet
2009-09-09 09:09 . 2008-10-11 15:31 -------- dc----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-09-09 08:59 . 2008-10-17 08:08 -------- dc----w- c:\documents and settings\seun\Application Data\Canon
2009-09-09 08:39 . 2006-08-15 14:56 -------- dc-h--w- c:\program files\InstallShield Installation Information
2009-09-08 11:59 . 2009-05-11 11:03 -------- dc----w- c:\program files\Ask.com
2009-09-07 08:16 . 2008-08-27 04:39 -------- dc----w- c:\documents and settings\seun\Application Data\ICQ
2009-09-04 10:17 . 2009-08-04 15:35 -------- dc----w- c:\program files\Aimersoft
2009-09-04 10:14 . 2009-04-27 11:51 -------- dc----w- c:\program files\National Lampoon's University Tycoon
2009-09-01 17:35 . 2008-10-17 14:45 86704 -c--a-w- c:\documents and settings\seun\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-01 09:42 . 2009-02-19 09:57 -------- dc----w- c:\documents and settings\seun\Application Data\CheckPoint
2009-08-31 07:25 . 2009-02-19 09:55 272 -c--a-w- c:\windows\system32\lkfl.dat
2009-08-28 14:43 . 2008-08-28 00:08 -------- dc----w- c:\documents and settings\seun\Application Data\LimeWire
2009-08-27 17:06 . 2009-07-06 16:12 -------- dc----w- c:\program files\MassSender
2009-08-27 10:28 . 2008-12-04 16:42 -------- dc----w- c:\program files\mIRC
2009-08-26 07:39 . 2009-07-13 16:48 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-25 10:13 . 2008-08-27 05:34 -------- dc----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-08-25 10:13 . 2008-08-27 05:29 -------- dc----w- c:\program files\Yahoo!
2009-08-24 13:26 . 2009-04-24 15:09 -------- dc----w- c:\documents and settings\All Users\Application Data\F-Secure
2009-08-24 10:46 . 2009-04-24 15:02 -------- dc----w- c:\documents and settings\All Users\Application Data\fssg
2009-08-24 10:42 . 2008-09-15 07:32 -------- dc----w- c:\program files\Kaspersky Lab
2009-08-24 10:42 . 2008-09-15 07:32 -------- dc----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-08-24 10:42 . 2008-12-02 11:05 -------- dc----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-08-22 11:35 . 2009-06-28 08:55 -------- dc----w- c:\documents and settings\seun\Application Data\dvdcss
2009-08-17 16:06 . 2006-08-15 16:44 -------- dc----w- c:\program files\Java
2009-08-17 10:22 . 2009-07-23 17:55 -------- dc----w- c:\documents and settings\seun\Application Data\DiskAid
2009-08-17 10:00 . 2009-08-17 09:58 26441 -c--a-w- c:\documents and settings\seun\Application Data\unins000.dat
2009-08-17 09:58 . 2009-08-17 09:58 678682 -c--a-w- c:\documents and settings\seun\Application Data\unins000.exe
2009-08-17 09:56 . 2008-08-27 11:15 -------- dc--a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-16 17:58 . 2008-08-27 06:57 -------- dc----w- c:\documents and settings\seun\Application Data\Yahoo!
2009-08-14 12:43 . 2009-07-09 12:40 -------- dc----w- c:\documents and settings\seun\Application Data\FileZilla
2009-08-14 11:25 . 2009-06-24 14:58 -------- dc----w- c:\documents and settings\seun\Application Data\Thinstall
2009-08-14 05:17 . 2008-08-27 11:06 -------- dc----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-08-10 08:41 . 2009-08-10 08:41 -------- dc----w- c:\program files\iPhoneBrowser
2009-08-05 13:01 . 2009-06-22 14:24 -------- dc----w- c:\program files\Firebird
2009-08-04 13:45 . 2009-08-04 13:45 -------- dc----w- c:\program files\Xilisoft
2009-08-03 12:36 . 2009-07-13 16:48 38160 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 12:36 . 2009-07-13 16:48 19096 -c--a-w- c:\windows\system32\drivers\mbam.sys
2009-08-03 08:11 . 2009-08-03 08:10 -------- dc----w- c:\program files\UltraVPN
2009-07-30 13:20 . 2009-07-30 13:20 -------- dc----w- c:\documents and settings\LocalService\Application Data\Flock
2009-07-25 04:23 . 2008-12-04 14:32 411368 -c--a-w- c:\windows\system32\deploytk.dll
2009-07-24 20:37 . 2008-12-24 09:44 -------- dc----w- c:\documents and settings\seun\Application Data\Apple Computer
2009-07-23 15:29 . 2008-12-24 09:37 -------- dc----w- c:\documents and settings\All Users\Application Data\Apple
2009-07-23 15:14 . 2009-07-23 15:13 -------- dc----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-07-23 15:14 . 2008-12-24 09:42 -------- dc----w- c:\program files\iTunes
2009-07-23 15:14 . 2008-12-24 09:43 -------- dc----w- c:\program files\iPod
2009-07-23 15:08 . 2008-12-24 09:41 -------- dc----w- c:\program files\Bonjour
2009-07-23 12:47 . 2009-07-23 12:47 -------- dc----w- c:\program files\RealVNC
2009-07-21 12:43 . 2009-06-16 15:21 -------- dc----w- c:\program files\Open Contacts
2009-07-15 05:36 . 2008-08-27 04:44 -------- dc----w- c:\program files\ICQ6Toolbar
2009-07-14 16:36 . 2009-07-14 16:24 -------- dc----w- c:\program files\ICQ6.5
2009-07-14 16:30 . 2008-08-27 04:44 -------- dc----w- c:\documents and settings\All Users\Application Data\ICQ
2009-07-14 16:29 . 2008-08-27 04:39 -------- dc----w- c:\program files\ICQ6
2009-07-14 11:08 . 2009-02-16 08:29 104256 -c--a-w- c:\windows\HPFins09.dat
2009-07-13 16:48 . 2009-05-11 10:46 -------- dc----w- c:\documents and settings\seun\Application Data\Malwarebytes
2009-07-13 16:48 . 2009-05-11 10:43 -------- dc----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-13 07:48 . 2009-07-13 07:47 -------- dc----w- c:\program files\FileZilla Server
2009-07-09 11:16 . 2009-07-23 15:04 2060288 -c--a-w- c:\windows\system32\usbaaplrc.dll
2009-07-09 11:16 . 2008-12-24 09:38 39424 -c--a-w- c:\windows\system32\drivers\usbaapl.sys
2009-07-03 15:39 . 2009-05-05 15:45 664 -c--a-w- c:\windows\system32\d3d9caps.dat
2009-07-02 17:25 . 2009-07-02 17:25 3 -c--a-w- c:\windows\system32\krx280.dat
2009-06-16 13:07 . 2009-06-23 13:54 7779640 -c--a-w- c:\windows\system32\kentut.exe
2008-08-13 18:02 . 2008-08-13 18:02 35840 -c--a-w- c:\program files\mozilla firefox\components\FFComm.dll
2009-07-21 12:35 . 2009-06-16 13:26 122880 -c--a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2008-10-08 173368]

[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-02-09 21:06 764296 -c--a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2008-10-08 18:22 1172792 -c--a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-02-09 764296]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-02-09 764296]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-01-31 2594224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DudeServer"="c:\program files\Dude\dude.exe" [2009-04-20 4032512]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-08-03 419088]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2008-04-14 53760]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\documents and settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2006-06-20 15:11 73728 ----a-w- c:\windows\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk]
backup=c:\windows\pss\Adobe Acrobat Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^seun^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
backup=c:\windows\pss\LimeWire On Startup.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^seun^Start Menu^Programs^Startup^OneNote Table Of Contents.onetoc2]
backup=c:\windows\pss\OneNote Table Of Contents.onetoc2Startup

[HKLM\~\startupfolder\C:^Documents and Settings^seun^Start Menu^Programs^Startup^Trillian.lnk]
backup=c:\windows\pss\Trillian.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" /onboot
"Simp"=c:\program files\Secway\SimpPro 2.2\SimpPro.exe
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"ctfmon.exe"="c:\windows\system32\ctfmon.exe"
"Uniblue SpyEraser"="c:\program files\Uniblue\SpyEraser\SpyEraser.exe" -m
"Uniblue RegistryBooster 2"=c:\program files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" silent
"FileZilla Server Interface"="c:\program files\FileZilla Server\FileZilla Server Interface.exe"
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" /background
"Google Update"="c:\documents and settings\seun\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
"Uniblue SpeedUpMyPC"=c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s
"MobiLink Lite"="c:\program files\Novatel Wireless\MobiLink\Lite.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"wmagent.exe"="c:\program files\WebMoney Agent\wmagent.exe"
"ISUSPM Startup"=c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"DLA"=c:\windows\System32\DLA\DLACTRLW.EXE
"VMConsole.exe"=c:\program files\Sony\VAIO Media Integrated Server\Platform\VMConsole.exe /windowmin
"vaio update 4"="c:\program files\Sony\VAIO Update 4\VAIOUpdt.exe" /Stationary
"openvpn-gui"=c:\program files\UltraVPN\bin\openvpn-gui.exe
"Venturi Configurator"=c:\program files\Starcomms iBOOST\Configurator\ventcfg.exe -nomsgbox
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Secway\\SimpPro 2.2\\SimpPro.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\WebMoney\\WebMoney.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Sony\\Click to DVD 2\\CtoDvd.exe"=
"c:\\Program Files\\Dude\\dude.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\Starcomms iBOOST\\squid\\ventcsquid.exe"=
"c:\\Program Files\\Starcomms iBOOST\\squid\\ventcdnsserver.exe"=
"c:\\Program Files\\Starcomms iBOOST\\Configurator\\ventcfg.exe"=
"c:\\Program Files\\Starcomms iBOOST\\Configurator\\VClientUpdate.exe"=
"c:\\Program Files\\Starcomms iBOOST\\Client\\VentC.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service
"5000:TCP"= 5000:TCP:Active@ SMART Monitor

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [8/24/2009 7:28 AM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [8/24/2009 7:28 AM 20560]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_2_1\bin\fbguard.exe [6/22/2009 8:24 AM 81920]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [7/13/2009 10:48 AM 232720]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB [?]
R2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe -k netsvcs [8/14/2006 9:23 PM 14336]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [1/8/2009 10:13 AM 603904]
R2 VenturiClient;Venturi Client;c:\program files\Starcomms iBOOST\Client\VentC.exe [8/26/2009 1:02 AM 2495840]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_2_1\bin\fbserver.exe [6/22/2009 8:24 AM 2732032]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7/13/2009 10:48 AM 19096]
R3 tap0901;TAP-Win32 Adapter V9;c:\windows\system32\drivers\tap0901.sys [11/19/2008 12:22 PM 25216]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [8/14/2006 9:24 PM 226304]
R3 vwredir;Venturi Wireless Redirector;c:\windows\system32\drivers\vwredir.sys [8/26/2009 1:02 AM 89584]
S1 a3a75d15;a3a75d15;c:\windows\system32\drivers\a3a75d15.sys [4/15/2009 1:00 PM 0]
S3 Arfumftr;Trust RF-Mouse filter driver;c:\windows\system32\drivers\Arfumftr.sys [12/17/2001 8:27 AM 10904]
S3 FLMCKUSB;AuthenTec TruePrint USB Driver (AES3400, AES3500, AES4000);c:\windows\system32\drivers\FLMckUSB.sys [8/18/2006 3:50 PM 69810]
S3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [9/24/2008 9:18 AM 33752]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [8/17/2009 2:45 AM 30192]
S3 icsak;icsak;\??\c:\program files\CheckPoint\ZAForceField\AK\icsak.sys --> c:\program files\CheckPoint\ZAForceField\AK\icsak.sys [?]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [10/28/2008 9:16 AM 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [10/28/2008 9:17 AM 8320]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [12/23/2008 9:35 AM 50704]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [10/12/2007 4:04 PM 99200]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB [?]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [1/25/2008 3:12 AM 25088]
S3 usb2vcom;Nokia CA-42 USB;c:\windows\system32\drivers\usb2vcom.sys [7/28/2009 3:18 AM 22760]
S3 V0330VID;WebCam Vista;c:\windows\system32\drivers\V0330Vid.sys [9/3/2008 4:56 PM 173632]
S3 vwinter;Venturi Wireless Intercepter;\??\c:\windows\system32\drivers\vwinter.sys --> c:\windows\system32\drivers\vwinter.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2009-09-10 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-12 03:36]

2009-08-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

2009-09-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1226449082-3882521577-2508560971-1006Core.job
- c:\documents and settings\seun\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-10 05:11]

2009-09-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1226449082-3882521577-2508560971-1006UA.job
- c:\documents and settings\seun\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-10 05:11]

2009-09-06 c:\windows\Tasks\Malwarebytes' Scheduled Update for seun.job
- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-07-13 12:36]

2009-09-09 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2009-02-09 21:06]

2009-06-23 c:\windows\Tasks\Uniblue SpyEraser.job
- c:\program files\Uniblue\SpyEraser\SpyEraser.exe [2009-05-07 08:03]

2009-09-10 c:\windows\Tasks\User_Feed_Synchronization-{BE6986DE-BEBC-4A6D-ADB8-CC07CE8A713E}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 10:31]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
uInternet Settings,ProxyServer = 10.55.63.3:8080
uInternet Settings,ProxyOverride = <local>
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: Add RSS Support Site to VAIO Information FLOW - c:\program files\Sony\VAIO Information FLOW\aiesc.html
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: {{3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840} - {3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840} - c:\program files\WebMoney Advisor\wmadvisor.dll
LSP: c:\windows\system32\idmmbc.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
FF - ProfilePath - c:\documents and settings\seun\Application Data\Mozilla\Firefox\Profiles\1v2gpcua.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
FF - prefs.js: keyword.URL - hxxp://search.freecause.com/search?fr=freecause&ourmark=3&type=58757&ei=utf-8&yahoo_domain=search.yahoo.com&p=
FF - prefs.js: network.proxy.ftp - 10.55.63.3
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.gopher - 10.55.63.3
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.http - 10.55.63.3
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - 10.55.63.3
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - 10.55.63.3
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 1
FF - component: c:\documents and settings\seun\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
FF - component: c:\documents and settings\seun\Application Data\Mozilla\Firefox\Profiles\1v2gpcua.default\extensions\{18b8f08d-62fe-4dfc-ad6c-9ce46515d5ec}\components\Engine.dll
FF - component: c:\program files\Mozilla Firefox\components\FFComm.dll
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\documents and settings\seun\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Picasa2\npPicasa2.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
user_pref(network.proxy.http_port,);
FF - user.js: network.proxy.no_proxies_on -
.
.
------- File Associations -------
.
inifile=%SystemRoot%\System32\NOTEPAD.EXE %1"
.
- - - - ORPHANS REMOVED - - - -

BHO-{B4806C1A-FE8A-4008-9DA3-8CEDB6E82C10} - c:\program files\WebMoney Advisor\wmadvisor.dll
Toolbar-{3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840} - c:\program files\WebMoney Advisor\wmadvisor.dll
WebBrowser-{3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840} - c:\program files\WebMoney Advisor\wmadvisor.dll
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-10 02:11
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\TEMP\_av_proI.tm~a03824\setup.lok 0 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1226449082-3882521577-2508560971-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{FFC293A9-C477-1ACB-4F79-BD48E87E62E9}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"hacehmkadokahmkh"=hex:6e,62,68,66,64,61,61,68,70,70,6b,6a,61,62,6c,6a,6f,6b,
6e,6a,70,6f,70,69,69,6b,65,66,67,64,6a,6c,69,6d,65,66,69,67,6d,62,6e,63,66,\
"jacehmkadokahmkhoael"=hex:66,61,68,66,62,61,6e,6e,6d,70,6d,61,00,f0
"pakecjamndjmcemhopkjookkbmkkmbig"=hex:65,61,68,66,6b,70,70,6d,70,63,00,61

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5929d6b6-45d5-42c8-95c0-a7ae72465b1e}]
@Denied: (Full) (Everyone)
"Model"=dword:00000143
"Therad"=dword:00000017

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):e1,76,ee,1e,4e,32,70,06,1b,a6,b6,15,5d,b1,85,2b,17,af,c5,f0,cb,
24,86,76,98,46,0f,53,75,4b,34,1a,7a,a9,59,95,e9,70,fd,df,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):56,4c,16,0b,21,52,6e,09,b9,7b,0a,31,41,d9,db,70,99,6d,47,d3,ec,
14,f1,ce,ad,51,e5,b8,a2,33,1e,c5,1f,e6,30,83,a7,39,d9,25,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{e9982ac9-cdd3-4c19-8cd4-713292c624fc}]
@Denied: (Full) (Everyone)
"Model"=dword:00000029
"Therad"=dword:0000000f
"MData"=hex(0):cb,9b,ad,ef,27,7d,29,69,f5,02,f0,76,aa,4a,f1,7c,d3,d9,67,7f,6a,
4b,7b,ad,04,7a,b1,b5,76,9b,27,47,3e,bf,0a,94,23,cd,37,51,a3,07,27,6f,ef,00,\

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODI03.00.00.01PRO"="86C94042E90C235551F59FFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9
E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC7933C038D
5
30D6EB3452A2D97226D213B555730698929E222245DD19012464CF54B827FDFB057B530258633D1C
E
12B01274300A146C5A3C28B7A5703C1633771C7EC8DA99E626135890FC236E9C61F01B5079525B05
F
9B94CEE4EF5B56CA219AB971A9C4B907E845C383F90525982F0D80EEB4B09A391C7278FC5D215F9B
7
F5623F5875167BC55DF35BE07CA88CA9F743CFE70A6F98F113B09DE6719AFFA81B673D144937B323
A
E7DAEE7EEE00320C8A905DF12F7901B8D3774B6D4CCEF22BCE8AFE1215F6FA80C22469869BAD8DE0
A
41958F534F79425A2ABA85F0578F05339C09AB7A1948BE559F1245CBD667AE01DE65D4C660731BE1
4
02FEC2541C4528905F67104C40BE79191D39CC08B57C21547D8259B66FA33F97CC7A310FDD26A677
2
3C988E99954A1F4EFE63BF057FA0B2CD3FD94DEA81CB421CF6D57CD93AD2412BFCDA29277EC96E12
A
9221B2BDC1DD8AD72D0CD8E32F0427C44B76EA4B5748085AA075A46090E459FD4108CA0E002A5B67
8
F5E6302D4E127582EE586C2078D878D13AB4111A8EDD9129F907C21C8D50D594840029AE95A20ACD
1
8B866D80463F679C834C7B03E463827A6C4C85141B11F220797B76304B9555186712F3EC9365E855
4
F6FC253547DDDC5E2067CBD865EF102685C16C8E70FDC85891531D9EEB188FC74183FAF18B1A797D
0
B77B047CF006FEFA712CBEB797BD4496C0B4B9A3E131F36EF7FD92E10CD52D25322C0A30C6534A37
5
09CFD1440EB9EC9084161D13540414A0340D9B59ED462E10CEB59ACE1EFBB344E84D5AC1B4B876EA
3
CF0AEB71080E2B73F948EB00823B1F204CDA4FC9EB4F9D87B2FB84413493E6908BD03CDF4EA846C5
D
304B1C9B1DF888C92DFCA88C225B55BA608F04E747AA88DD3B7DB4BCC83E7BBA99789192B9ADCB23
9
1BA22DEB024F6C99F61FE0CD9BBB1E3B25BB06B1336C5A8C71C48FA8586EB9ECA2B34ACDCB542276
2
98B9CF2753F8C8B601FE29FF1C6E940E38FD3D82F278B0F742976C410BE27D8E10AA98E2EE2643D1
7
1F3CAB1F7D773FA6E40EDF540055B5ED064C217DA0EA954BC1B4BD0D6CF403DC26ED60BB2BD534D1
1
56C542109892AD31F6A26691CA1B2702D6C1281B553BD2474D83C6C7D997FE546214018E5DEE94C2
0
F28C4AECC06BC21A030F1BABD686C79EE1B0FCB59AB7C27061A3594CCF2663840E803DDB83AC952D
B
22E8ECE1CA8068B71A35A2CF7A3B161E6F12D0A1A45882165A0814B6A1A225BB55CB43504230077F
2
EE95C912BFDAB76F117D7CBF600F9827047B2FB7898570CB7B0B0931A9B8F05AE1E68D0DBD4EEA3C
D
DDA1706452EE5862F328FF286BD0B"
"OODEFRAG11.00.00.01WORKSTATION"="FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BE
CC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B9808C038D530D6EB3452A2D97226D21
3
B5558A34E6B5F7C1297AABBB2AAB81F2887715D20CAA4B1319335287D6F4B047C7D5AFB43E2641A9
7
2BC24C6960070B1B2A84A44297A5DE9AF3C70B810AB237D09C3ADDA2479368C49570C15FC1D60D57
2
42CA517FFDBBAF8C431E1D7CCB48CFD0959197DDFC0FE461D26D2E638F51FE8C97B737779A4FC525
0
9B54A08B71684E61A0FF27633677FF02972301614281EC8735447BC6EE4E471C4B465DD09E039139
3
FC08BB50BE7E32CD6B49A31EADFC71108A673FC72E19EE21BC27700D635FA439D68740BF77586421
C
CBE5FD28CB35721E78E332BC0429D3B94DEF3C13C3B6C373C335A1C5A5549FDAE69610ED7B1CDCB1
D
CB914F16138226A5EEE1DE6D64BF2BEDE223B91194282F4B35035E01BAACA77DC0161F0B152666FD
4
E774A5D49F8A8D4817A1CAC864B748322640562E44FC184A1403B612215765005B5A2D6AA74B7798
F
80FE1FF282825CC369F9381A951B4DB8D3F6BEEAE044703361B6089C95D10E1E1DCDC1719E817B44
3
7E6A11A63A898E15A592CF29CB25A8C858B8488C066E257F8AA4E71778CADDD3BAAA4F81F554C902
0
1F1713E117AA54ECDAC02A60D9EFF303EBE4B368B4E4622358291A35FC71C7B3B55275CC3B24E4A9
1
097936280CE446E9A094F4E7DB23462B47BBB96EEB322EA42901B7E5E2B2F914BC8A837A840ABAF7
3
21AC8D5ECECE30BC4BEA35F2E4CB5D1DED579CB04C333C62F422D50EA6A08168790A0BC4963B881C
2
E8A8840F908E6CE6552CD5A338988DC248D36660830E120C1F83310891B29B79B518D050BA9A6995
A
08BE73B2D916F63FCAD757907793F20C5FF3934B231526704A44E0D59B82EF9146238BC062CBA216
8
EBAFC8EAB1C6FD0F73F98A39B1630ECD42EEABA5BA2F9B2B2ABA375F7D1835AE366E37492C5556B4
F
0CD87DDEB355B6A2D4A9BE79F1924E4614B291009471A2A4621259099F9B1C47D508EB6040C7D3BA
C
29C0B1BA149D3C817A176F2C67AE883BD7DF7FB7A6C04959AC69F22CCEE32F788B26D79256219DDF
5
CE28E0DB5E0C838A1031706C242D45DC2FF1BC3164A289B8D1D46235D357F7758CD16B8E11CD7F5D
2
A05FD50D300B2244C5EDC8876D8726CD3D7B6CC4B2CDDDE21C0C9DA3B5522501F1CCE4541CE11F91
E
84423329EB093D842D6C2EA6192C7DC5674403BAACED80B340232B66CAE46D992AC2D1B1DAF64D25
B
40C5CF903532329DCBB0B1F423790A5624EAA710D0892A5B444CD7A053DBEEB6DB29E0D3496A36D5
8
20BC2C68A6262393B5ACC390287D9E3245D0A32DAC3980FB12825A598CD7283A78A55CD63868CD0B
5
65E71B348C9D5CF544BFCFD6D6900"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1056)
c:\windows\system32\VESWinlogon.dll

- - - - - - - > 'lsass.exe'(1184)
c:\windows\system32\idmmbc.dll

- - - - - - - > 'explorer.exe'(2412)
c:\progra~1\WINDOW~3\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\program files\Nokia\Nokia PC Suite 7\phonebrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\program files\WinSCP\DragExt.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\FileZilla Server\FileZilla server.exe
c:\windows\system32\gearsec.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\program files\Sony\VAIO Media Integrated Server\VMISrv.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\program files\Starcomms iBOOST\squid\ventcsquid.exe
c:\windows\system32\searchindexer.exe
c:\program files\Starcomms iBOOST\squid\ventcdnsserver.exe
c:\program files\Starcomms iBOOST\squid\ventcdnsserver.exe
c:\program files\Starcomms iBOOST\squid\ventcdnsserver.exe
c:\program files\Starcomms iBOOST\squid\ventcdnsserver.exe
c:\program files\Starcomms iBOOST\squid\ventcdnsserver.exe
c:\program files\Starcomms iBOOST\squid\ventcdnsserver.exe
c:\program files\Starcomms iBOOST\squid\ventcunlinkd.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\dllhost.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
c:\windows\system32\searchprotocolhost.exe
c:\windows\system32\searchfilterhost.exe
c:\windows\system32\searchprotocolhost.exe
.
**************************************************************************
.
Completion time: 2009-09-10 2:19 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-10 08:19

Pre-Run: 5,199,224,832 bytes free
Post-Run: 5,078,917,120 bytes free

570


________________________________________________________________________________
_____________________________________________Here is the hjt log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:20:25 AM, on 9/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\FileZilla Server\FileZilla Server.exe
C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\WINDOWS\system32\HPZipm12.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Dude\dude.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Starcomms iBOOST\Client\ventc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Starcomms iBOOST\squid\ventcsquid.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Starcomms iBOOST\squid\ventcdnsserver.exe
C:\Program Files\Starcomms iBOOST\squid\ventcdnsserver.exe
C:\Program Files\Starcomms iBOOST\squid\ventcdnsserver.exe
C:\Program Files\Starcomms iBOOST\squid\ventcdnsserver.exe
C:\Program Files\Starcomms iBOOST\squid\ventcdnsserver.exe
C:\Program Files\Starcomms iBOOST\squid\ventcdnsserver.exe
C:\Program Files\Starcomms iBOOST\squid\ventcunlinkd.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Documents and Settings\seun\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Documents and Settings\seun\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.55.63.3:8080
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O2 - BHO: Ask.com Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O3 - Toolbar: Ask.com Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [DudeServer] "C:\Program Files\Dude\dude.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Add RSS Support Site to VAIO Information FLOW - C:\Program Files\Sony\VAIO Information FLOW\aiesc.html
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.com/en/
O16 - DPF: {076169AA-8C3D-4CFC-AC23-3ACA88FC21B5} (F-Secure Online Scanner Launcher) - http://download.sp.f-secure.com/ols/f-secu.../fslauncher.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/...can8/oscan8.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Settings Manager (ccsetmgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files\FileZilla Server\FileZilla Server.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - Firebird Project - C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Firebird Project - C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Cooporated Initialisation (VCI) - Sony Corporation - C:\Program Files\Sony\VAIO Cooperated Initialisation\VCI_SVC.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: Venturi Client (VenturiClient) - Venturi Wireless - C:\Program Files\Starcomms iBOOST\Client\ventc.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 19438 bytes
Go to the top of the page
 
+Quote Post
vasilli
post Sep 10 2009, 08:23 AM
Post #7


New Member
*

Group: Members
Posts: 9
Joined: 7-September 09
Member No.: 19,383
here is the combofix log:


ComboFix 09-09-09.04 - seun 09/10/2009 1:51.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1014.399 [GMT -6:00]
Running from: c:\documents and settings\seun\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1351 [VPS 090909-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Avira AntiVir PersonalEdition Premium *On-access scanning enabled* (Outdated) {7C90E900-67C8-7C91-FFFF-FFFFB668917C}
AV: BitDefender Antivirus *On-access scanning disabled* (Outdated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: BitDefender Firewall *disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
FW: ZoneAlarm Extreme Security Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Start Menu\HP Image Zone .lnk
c:\documents and settings\seun\Application Data\.#
c:\documents and settings\seun\Application Data\.#\MBX@10EC@3D39D0.###
c:\documents and settings\seun\Application Data\.#\MBX@10EC@3D39E0.###
c:\documents and settings\seun\isql.exe
c:\program files\Mozilla Firefox\extensions\{6E2CEA66-9C01-4580-80E5-FF3267DC2408}
c:\program files\Mozilla Firefox\extensions\{6E2CEA66-9C01-4580-80E5-FF3267DC2408}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{6E2CEA66-9C01-4580-80E5-FF3267DC2408}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{6E2CEA66-9C01-4580-80E5-FF3267DC2408}\install.rdf
c:\program files\WebMoney Advisor
c:\program files\WebMoney Advisor\16x16x32b.bmp
c:\program files\WebMoney Advisor\autosearch_plugin.dll
c:\program files\WebMoney Advisor\basis.xml
c:\program files\WebMoney Advisor\booble.html
c:\program files\WebMoney Advisor\favicon.ico
c:\program files\WebMoney Advisor\info.txt
c:\program files\WebMoney Advisor\tbhelper.dll
c:\program files\WebMoney Advisor\tbs_include_script_014708.js
c:\program files\WebMoney Advisor\tbs_include_script_wmadvisor.js
c:\program files\WebMoney Advisor\tbu06031\16x16x32b.bmp
c:\program files\WebMoney Advisor\tbu06031\autosearch_plugin.dll
c:\program files\WebMoney Advisor\tbu06031\basis.xml
c:\program files\WebMoney Advisor\tbu06031\booble.html
c:\program files\WebMoney Advisor\tbu06031\favicon.ico
c:\program files\WebMoney Advisor\tbu06031\info.txt
c:\program files\WebMoney Advisor\tbu06031\tbhelper.dll
c:\program files\WebMoney Advisor\tbu06031\tbs_include_script_014708.js
c:\program files\WebMoney Advisor\tbu06031\tbs_include_script_wmadvisor.js
c:\program files\WebMoney Advisor\tbu06031\uninstall.exe
c:\program files\WebMoney Advisor\tbu06031\version.txt
c:\program files\WebMoney Advisor\tbu06031\wmadvisor.crc
c:\program files\WebMoney Advisor\tbu06031\wmadvisor.dll
c:\program files\WebMoney Advisor\tbu06031\WMPlugin.dll
c:\program files\WebMoney Advisor\uninstall.exe
c:\program files\WebMoney Advisor\version.txt
c:\program files\WebMoney Advisor\wmadvisor.crc
c:\program files\WebMoney Advisor\wmadvisor.dll
c:\program files\WebMoney Advisor\WMPlugin.dll
c:\windows\Downloaded Program Files\bdcore.dll
c:\windows\Downloaded Program Files\libfn.dll
c:\windows\Installer\59b1b4.msi
c:\windows\Installer\674e4.msi
c:\windows\Installer\df4d.msi
c:\windows\Installer\f8e934.msi
c:\windows\kb913800.exe
c:\windows\system32\logs
c:\windows\system32\SelfDel.bat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_OVFSTHXQHCGQFOT
-------\Service_ovfsthxqhcgqfot


((((((((((((((((((((((((( Files Created from 2009-08-10 to 2009-09-10 )))))))))))))))))))))))))))))))
.

2009-09-09 12:53 . 2009-09-09 12:53 -------- dc----w- c:\program files\ESET
2009-09-09 09:25 . 2009-09-09 09:25 -------- dc----w- c:\documents and settings\seun\Local Settings\Application Data\Scansoft
2009-09-09 08:47 . 2009-09-09 08:47 -------- dc----w- c:\documents and settings\seun\Application Data\ScanSoft
2009-09-09 08:47 . 2009-09-09 08:47 -------- dc----w- c:\documents and settings\All Users\Application Data\ScanSoft
2009-09-09 08:47 . 2009-09-09 08:47 -------- dc----w- c:\program files\Common Files\ScanSoft Shared
2009-09-09 08:46 . 2009-09-09 08:46 -------- dc----w- c:\program files\ScanSoft
2009-09-09 08:39 . 1995-07-31 19:44 212480 -c--a-w- c:\windows\PCDLIB32.DLL
2009-09-09 08:39 . 2009-09-09 08:39 -------- dc----w- c:\program files\ArcSoft
2009-09-09 08:33 . 2005-06-24 04:17 352256 -c--a-w- c:\windows\system32\CNQL1213.DLL
2009-09-09 08:33 . 2005-02-28 19:20 57344 -c--a-w- c:\windows\system32\CNQU110.DLL
2009-09-09 08:08 . 2009-09-09 08:08 -------- dcsh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-09-08 11:49 . 2009-09-08 11:49 -------- dc----w- c:\program files\Webroot
2009-09-08 07:48 . 2009-09-08 07:48 -------- dcsh--w- c:\documents and settings\LocalService\IETldCache
2009-09-07 13:53 . 2009-09-07 13:53 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{5A76C6B3-3FA8-46D0-AA81-62C3805E38BC}
2009-09-07 13:12 . 2009-09-07 13:17 -------- dc-h--w- c:\windows\msdownld.tmp
2009-09-07 13:04 . 2009-09-07 13:05 -------- dc----w- c:\program files\CA Yahoo! Anti-Spy
2009-09-06 18:02 . 2009-09-06 18:02 -------- dc----w- c:\documents and settings\All Users\Application Data\Novatel Wireless
2009-09-06 18:02 . 2009-09-06 18:02 -------- dc----w- c:\program files\Novatel Wireless
2009-08-31 07:54 . 2009-08-31 07:54 -------- dc----w- c:\program files\Total Seminars
2009-08-31 07:24 . 2009-08-31 08:37 4212 -c-ha-w- c:\windows\system32\zllictbl.dat
2009-08-29 11:17 . 2009-09-07 13:17 -------- dc-h--w- c:\windows\ie8
2009-08-26 07:02 . 2008-05-07 06:09 125200 -c--a-w- c:\windows\system32\drivers\dne2000.sys
2009-08-26 07:02 . 2008-05-07 06:09 109840 -c--a-w- c:\windows\system32\dneinobj.dll
2009-08-26 07:02 . 2008-05-29 21:41 89584 -c--a-w- c:\windows\system32\drivers\vwredir.sys
2009-08-26 07:02 . 2009-08-26 07:02 -------- dc----w- c:\program files\Common Files\Deterministic Networks
2009-08-26 07:02 . 2009-08-26 07:03 -------- dc----w- c:\program files\Starcomms iBOOST
2009-08-26 07:00 . 2009-08-26 07:00 -------- dc----w- c:\documents and settings\seun\Application Data\InstallShield
2009-08-26 06:58 . 2009-08-26 07:07 -------- dc----w- c:\program files\Starcomms izap@Slim
2009-08-25 10:13 . 2009-08-25 14:43 -------- dc----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-08-24 13:29 . 2009-08-17 16:04 23152 -c--a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-24 13:29 . 2009-08-17 16:04 51376 -c--a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-24 13:29 . 2009-08-17 16:03 26944 -c--a-w- c:\windows\system32\drivers\aavmker4.sys
2009-08-24 13:28 . 2009-08-17 16:06 93392 -c--a-w- c:\windows\system32\drivers\aswmon.sys
2009-08-24 13:28 . 2009-08-17 16:06 94160 -c--a-w- c:\windows\system32\drivers\aswmon2.sys
2009-08-24 13:28 . 2009-08-17 16:05 114768 -c--a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-24 13:28 . 2009-08-17 16:05 20560 -c--a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-24 13:28 . 2009-08-17 16:02 97480 -c--a-w- c:\windows\system32\AvastSS.scr
2009-08-24 13:28 . 2009-08-17 16:10 1279456 -c--a-w- c:\windows\system32\aswBoot.exe
2009-08-24 10:44 . 2009-08-24 14:28 -------- dc----w- c:\program files\F-Secure
2009-08-17 12:14 . 2009-08-17 12:14 -------- dc----w- c:\documents and settings\seun\Application Data\WinCare2008
2009-08-17 10:00 . 2004-03-24 18:44 151552 -c--a-w- c:\windows\system32\HexValidEmail.dll
2009-08-17 10:00 . 2001-09-11 16:23 24576 -c--a-w- c:\windows\system32\snEUps.dll
2009-08-17 10:00 . 2001-07-18 09:42 122880 -c--a-w- c:\windows\system32\snEU.exe
2009-08-17 10:00 . 2004-03-24 18:44 102400 -c--a-w- c:\windows\system32\HexDns.dll
2009-08-17 09:58 . 2009-08-17 10:00 -------- dc----w- c:\program files\GroupMail 5
2009-08-14 16:21 . 2009-08-14 16:21 -------- dc----w- c:\program files\WinSCP
2009-08-14 14:05 . 2009-08-14 14:05 -------- dc----w- c:\documents and settings\seun\Local Settings\Application Data\Cranium
2009-08-14 10:07 . 2009-08-14 10:07 -------- dc-h--w- c:\windows\$mmUninstallV1$
2009-08-14 10:07 . 2009-08-14 10:07 -------- dc----w- c:\program files\Mad-Monkey

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-10 08:11 . 2008-10-30 08:46 -------- dc----w- c:\documents and settings\seun\Application Data\DMCache
2009-09-09 14:28 . 2008-08-26 14:12 -------- dc----w- c:\documents and settings\seun\Application Data\Skype
2009-09-09 14:00 . 2008-11-05 05:10 -------- dc----w- c:\documents and settings\seun\Application Data\skypePM
2009-09-09 10:11 . 2009-06-19 07:10 -------- dc----w- c:\program files\Zain Mobile Internet
2009-09-09 09:09 . 2008-10-11 15:31 -------- dc----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-09-09 08:59 . 2008-10-17 08:08 -------- dc----w- c:\documents and settings\seun\Application Data\Canon
2009-09-09 08:39 . 2006-08-15 14:56 -------- dc-h--w- c:\program files\InstallShield Installation Information
2009-09-08 11:59 . 2009-05-11 11:03 -------- dc----w- c:\program files\Ask.com
2009-09-07 08:16 . 2008-08-27 04:39 -------- dc----w- c:\documents and settings\seun\Application Data\ICQ
2009-09-04 10:17 . 2009-08-04 15:35 -------- dc----w- c:\program files\Aimersoft
2009-09-04 10:14 . 2009-04-27 11:51 -------- dc----w- c:\program files\National Lampoon's University Tycoon
2009-09-01 17:35 . 2008-10-17 14:45 86704 -c--a-w- c:\documents and settings\seun\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-01 09:42 . 2009-02-19 09:57 -------- dc----w- c:\documents and settings\seun\Application Data\CheckPoint
2009-08-31 07:25 . 2009-02-19 09:55 272 -c--a-w- c:\windows\system32\lkfl.dat
2009-08-28 14:43 . 2008-08-28 00:08 -------- dc----w- c:\documents and settings\seun\Application Data\LimeWire
2009-08-27 17:06 . 2009-07-06 16:12 -------- dc----w- c:\program files\MassSender
2009-08-27 10:28 . 2008-12-04 16:42 -------- dc----w- c:\program files\mIRC
2009-08-26 07:39 . 2009-07-13 16:48 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-25 10:13 . 2008-08-27 05:34 -------- dc----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-08-25 10:13 . 2008-08-27 05:29 -------- dc----w- c:\program files\Yahoo!
2009-08-24 13:26 . 2009-04-24 15:09 -------- dc----w- c:\documents and settings\All Users\Application Data\F-Secure
2009-08-24 10:46 . 2009-04-24 15:02 -------- dc----w- c:\documents and settings\All Users\Application Data\fssg
2009-08-24 10:42 . 2008-09-15 07:32 -------- dc----w- c:\program files\Kaspersky Lab
2009-08-24 10:42 . 2008-09-15 07:32 -------- dc----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-08-24 10:42 . 2008-12-02 11:05 -------- dc----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-08-22 11:35 . 2009-06-28 08:55 -------- dc----w- c:\documents and settings\seun\Application Data\dvdcss
2009-08-17 16:06 . 2006-08-15 16:44 -------- dc----w- c:\program files\Java
2009-08-17 10:22 . 2009-07-23 17:55 -------- dc----w- c:\documents and settings\seun\Application Data\DiskAid
2009-08-17 10:00 . 2009-08-17 09:58 26441 -c--a-w- c:\documents and settings\seun\Application Data\unins000.dat
2009-08-17 09:58 . 2009-08-17 09:58 678682 -c--a-w- c:\documents and settings\seun\Application Data\unins000.exe
2009-08-17 09:56 . 2008-08-27 11:15 -------- dc--a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-16 17:58 . 2008-08-27 06:57 -------- dc----w- c:\documents and settings\seun\Application Data\Yahoo!
2009-08-14 12:43 . 2009-07-09 12:40 -------- dc----w- c:\documents and settings\seun\Application Data\FileZilla
2009-08-14 11:25 . 2009-06-24 14:58 -------- dc----w- c:\documents and settings\seun\Application Data\Thinstall
2009-08-14 05:17 . 2008-08-27 11:06 -------- dc----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-08-10 08:41 . 2009-08-10 08:41 -------- dc----w- c:\program files\iPhoneBrowser
2009-08-05 13:01 . 2009-06-22 14:24 -------- dc----w- c:\program files\Firebird
2009-08-04 13:45 . 2009-08-04 13:45 -------- dc----w- c:\program files\Xilisoft
2009-08-03 12:36 . 2009-07-13 16:48 38160 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 12:36 . 2009-07-13 16:48 19096 -c--a-w- c:\windows\system32\drivers\mbam.sys
2009-08-03 08:11 . 2009-08-03 08:10 -------- dc----w- c:\program files\UltraVPN
2009-07-30 13:20 . 2009-07-30 13:20 -------- dc----w- c:\documents and settings\LocalService\Application Data\Flock
2009-07-25 04:23 . 2008-12-04 14:32 411368 -c--a-w- c:\windows\system32\deploytk.dll
2009-07-24 20:37 . 2008-12-24 09:44 -------- dc----w- c:\documents and settings\seun\Application Data\Apple Computer
2009-07-23 15:29 . 2008-12-24 09:37 -------- dc----w- c:\documents and settings\All Users\Application Data\Apple
2009-07-23 15:14 . 2009-07-23 15:13 -------- dc----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-07-23 15:14 . 2008-12-24 09:42 -------- dc----w- c:\program files\iTunes
2009-07-23 15:14 . 2008-12-24 09:43 -------- dc----w- c:\program files\iPod
2009-07-23 15:08 . 2008-12-24 09:41 -------- dc----w- c:\program files\Bonjour
2009-07-23 12:47 . 2009-07-23 12:47 -------- dc----w- c:\program files\RealVNC
2009-07-21 12:43 . 2009-06-16 15:21 -------- dc----w- c:\program files\Open Contacts
2009-07-15 05:36 . 2008-08-27 04:44 -------- dc----w- c:\program files\ICQ6Toolbar
2009-07-14 16:36 . 2009-07-14 16:24 -------- dc----w- c:\program files\ICQ6.5
2009-07-14 16:30 . 2008-08-27 04:44 -------- dc----w- c:\documents and settings\All Users\Application Data\ICQ
2009-07-14 16:29 . 2008-08-27 04:39 -------- dc----w- c:\program files\ICQ6
2009-07-14 11:08 . 2009-02-16 08:29 104256 -c--a-w- c:\windows\HPFins09.dat
2009-07-13 16:48 . 2009-05-11 10:46 -------- dc----w- c:\documents and settings\seun\Application Data\Malwarebytes
2009-07-13 16:48 . 2009-05-11 10:43 -------- dc----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-13 07:48 . 2009-07-13 07:47 -------- dc----w- c:\program files\FileZilla Server
2009-07-09 11:16 . 2009-07-23 15:04 2060288 -c--a-w- c:\windows\system32\usbaaplrc.dll
2009-07-09 11:16 . 2008-12-24 09:38 39424 -c--a-w- c:\windows\system32\drivers\usbaapl.sys
2009-07-03 15:39 . 2009-05-05 15:45 664 -c--a-w- c:\windows\system32\d3d9caps.dat
2009-07-02 17:25 . 2009-07-02 17:25 3 -c--a-w- c:\windows\system32\krx280.dat
2009-06-16 13:07 . 2009-06-23 13:54 7779640 -c--a-w- c:\windows\system32\kentut.exe
2008-08-13 18:02 . 2008-08-13 18:02 35840 -c--a-w- c:\program files\mozilla firefox\components\FFComm.dll
2009-07-21 12:35 . 2009-06-16 13:26 122880 -c--a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2008-10-08 173368]

[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-02-09 21:06 764296 -c--a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2008-10-08 18:22 1172792 -c--a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-02-09 764296]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-02-09 764296]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-01-31 2594224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DudeServer"="c:\program files\Dude\dude.exe" [2009-04-20 4032512]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-08-03 419088]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2008-04-14 53760]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\documents and settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2006-06-20 15:11 73728 ----a-w- c:\windows\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk]
backup=c:\windows\pss\Adobe Acrobat Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^seun^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
backup=c:\windows\pss\LimeWire On Startup.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^seun^Start Menu^Programs^Startup^OneNote Table Of Contents.onetoc2]
backup=c:\windows\pss\OneNote Table Of Contents.onetoc2Startup

[HKLM\~\startupfolder\C:^Documents and Settings^seun^Start Menu^Programs^Startup^Trillian.lnk]
backup=c:\windows\pss\Trillian.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" /onboot
"Simp"=c:\program files\Secway\SimpPro 2.2\SimpPro.exe
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"ctfmon.exe"="c:\windows\system32\ctfmon.exe"
"Uniblue SpyEraser"="c:\program files\Uniblue\SpyEraser\SpyEraser.exe" -m
"Uniblue RegistryBooster 2"=c:\program files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" silent
"FileZilla Server Interface"="c:\program files\FileZilla Server\FileZilla Server Interface.exe"
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" /background
"Google Update"="c:\documents and settings\seun\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
"Uniblue SpeedUpMyPC"=c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s
"MobiLink Lite"="c:\program files\Novatel Wireless\MobiLink\Lite.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"wmagent.exe"="c:\program files\WebMoney Agent\wmagent.exe"
"ISUSPM Startup"=c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"DLA"=c:\windows\System32\DLA\DLACTRLW.EXE
"VMConsole.exe"=c:\program files\Sony\VAIO Media Integrated Server\Platform\VMConsole.exe /windowmin
"vaio update 4"="c:\program files\Sony\VAIO Update 4\VAIOUpdt.exe" /Stationary
"openvpn-gui"=c:\program files\UltraVPN\bin\openvpn-gui.exe
"Venturi Configurator"=c:\program files\Starcomms iBOOST\Configurator\ventcfg.exe -nomsgbox
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Secway\\SimpPro 2.2\\SimpPro.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\WebMoney\\WebMoney.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Sony\\Click to DVD 2\\CtoDvd.exe"=
"c:\\Program Files\\Dude\\dude.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\Starcomms iBOOST\\squid\\ventcsquid.exe"=
"c:\\Program Files\\Starcomms iBOOST\\squid\\ventcdnsserver.exe"=
"c:\\Program Files\\Starcomms iBOOST\\Configurator\\ventcfg.exe"=
"c:\\Program Files\\Starcomms iBOOST\\Configurator\\VClientUpdate.exe"=
"c:\\Program Files\\Starcomms iBOOST\\Client\\VentC.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service
"5000:TCP"= 5000:TCP:Active@ SMART Monitor

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [8/24/2009 7:28 AM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [8/24/2009 7:28 AM 20560]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_2_1\bin\fbguard.exe [6/22/2009 8:24 AM 81920]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [7/13/2009 10:48 AM 232720]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB [?]
R2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe -k netsvcs [8/14/2006 9:23 PM 14336]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [1/8/2009 10:13 AM 603904]
R2 VenturiClient;Venturi Client;c:\program files\Starcomms iBOOST\Client\VentC.exe [8/26/2009 1:02 AM 2495840]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_2_1\bin\fbserver.exe [6/22/2009 8:24 AM 2732032]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7/13/2009 10:48 AM 19096]
R3 tap0901;TAP-Win32 Adapter V9;c:\windows\system32\drivers\tap0901.sys [11/19/2008 12:22 PM 25216]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [8/14/2006 9:24 PM 226304]
R3 vwredir;Venturi Wireless Redirector;c:\windows\system32\drivers\vwredir.sys [8/26/2009 1:02 AM 89584]
S1 a3a75d15;a3a75d15;c:\windows\system32\drivers\a3a75d15.sys [4/15/2009 1:00 PM 0]
S3 Arfumftr;Trust RF-Mouse filter driver;c:\windows\system32\drivers\Arfumftr.sys [12/17/2001 8:27 AM 10904]
S3 FLMCKUSB;AuthenTec TruePrint USB Driver (AES3400, AES3500, AES4000);c:\windows\system32\drivers\FLMckUSB.sys [8/18/2006 3:50 PM 69810]
S3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [9/24/2008 9:18 AM 33752]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [8/17/2009 2:45 AM 30192]
S3 icsak;icsak;\??\c:\program files\CheckPoint\ZAForceField\AK\icsak.sys --> c:\program files\CheckPoint\ZAForceField\AK\icsak.sys [?]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [10/28/2008 9:16 AM 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [10/28/2008 9:17 AM 8320]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [12/23/2008 9:35 AM 50704]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [10/12/2007 4:04 PM 99200]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB [?]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [1/25/2008 3:12 AM 25088]
S3 usb2vcom;Nokia CA-42 USB;c:\windows\system32\drivers\usb2vcom.sys [7/28/2009 3:18 AM 22760]
S3 V0330VID;WebCam Vista;c:\windows\system32\drivers\V0330Vid.sys [9/3/2008 4:56 PM 173632]
S3 vwinter;Venturi Wireless Intercepter;\??\c:\windows\system32\drivers\vwinter.sys --> c:\windows\system32\drivers\vwinter.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2009-09-10 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-12 03:36]

2009-08-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

2009-09-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1226449082-3882521577-2508560971-1006Core.job
- c:\documents and settings\seun\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-10 05:11]

2009-09-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1226449082-3882521577-2508560971-1006UA.job
- c:\documents and settings\seun\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-10 05:11]

2009-09-06 c:\windows\Tasks\Malwarebytes' Scheduled Update for seun.job
- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-07-13 12:36]

2009-09-09 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2009-02-09 21:06]

2009-06-23 c:\windows\Tasks\Uniblue SpyEraser.job
- c:\program files\Uniblue\SpyEraser\SpyEraser.exe [2009-05-07 08:03]

2009-09-10 c:\windows\Tasks\User_Feed_Synchronization-{BE6986DE-BEBC-4A6D-ADB8-CC07CE8A713E}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 10:31]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
uInternet Settings,ProxyServer = 10.55.63.3:8080
uInternet Settings,ProxyOverride = <local>
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: Add RSS Support Site to VAIO Information FLOW - c:\program files\Sony\VAIO Information FLOW\aiesc.html
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: {{3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840} - {3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840} - c:\program files\WebMoney Advisor\wmadvisor.dll
LSP: c:\windows\system32\idmmbc.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
FF - ProfilePath - c:\documents and settings\seun\Application Data\Mozilla\Firefox\Profiles\1v2gpcua.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
FF - prefs.js: keyword.URL - hxxp://search.freecause.com/search?fr=freecause&ourmark=3&type=58757&ei=utf-8&yahoo_domain=search.yahoo.com&p=
FF - prefs.js: network.proxy.ftp - 10.55.63.3
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.gopher - 10.55.63.3
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.http - 10.55.63.3
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - 10.55.63.3
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - 10.55.63.3
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 1
FF - component: c:\documents and settings\seun\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
FF - component: c:\documents and settings\seun\Application Data\Mozilla\Firefox\Profiles\1v2gpcua.default\extensions\{18b8f08d-62fe-4dfc-ad6c-9ce46515d5ec}\components\Engine.dll
FF - component: c:\program files\Mozilla Firefox\components\FFComm.dll
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\documents and settings\seun\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Picasa2\npPicasa2.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
user_pref(network.proxy.http_port,);
FF - user.js: network.proxy.no_proxies_on -
.
.
------- File Associations -------
.
inifile=%SystemRoot%\System32\NOTEPAD.EXE %1"
.
- - - - ORPHANS REMOVED - - - -

BHO-{B4806C1A-FE8A-4008-9DA3-8CEDB6E82C10} - c:\program files\WebMoney Advisor\wmadvisor.dll
Toolbar-{3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840} - c:\program files\WebMoney Advisor\wmadvisor.dll
WebBrowser-{3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840} - c:\program files\WebMoney Advisor\wmadvisor.dll
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-10 02:11
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\TEMP\_av_proI.tm~a03824\setup.lok 0 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1226449082-3882521577-2508560971-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{FFC293A9-C477-1ACB-4F79-BD48E87E62E9}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"hacehmkadokahmkh"=hex:6e,62,68,66,64,61,61,68,70,70,6b,6a,61,62,6c,6a,6f,6b,
6e,6a,70,6f,70,69,69,6b,65,66,67,64,6a,6c,69,6d,65,66,69,67,6d,62,6e,63,66,\
"jacehmkadokahmkhoael"=hex:66,61,68,66,62,61,6e,6e,6d,70,6d,61,00,f0
"pakecjamndjmcemhopkjookkbmkkmbig"=hex:65,61,68,66,6b,70,70,6d,70,63,00,61

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5929d6b6-45d5-42c8-95c0-a7ae72465b1e}]
@Denied: (Full) (Everyone)
"Model"=dword:00000143
"Therad"=dword:00000017

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):e1,76,ee,1e,4e,32,70,06,1b,a6,b6,15,5d,b1,85,2b,17,af,c5,f0,cb,
24,86,76,98,46,0f,53,75,4b,34,1a,7a,a9,59,95,e9,70,fd,df,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):56,4c,16,0b,21,52,6e,09,b9,7b,0a,31,41,d9,db,70,99,6d,47,d3,ec,
14,f1,ce,ad,51,e5,b8,a2,33,1e,c5,1f,e6,30,83,a7,39,d9,25,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{e9982ac9-cdd3-4c19-8cd4-713292c624fc}]
@Denied: (Full) (Everyone)
"Model"=dword:00000029
"Therad"=dword:0000000f
"MData"=hex(0):cb,9b,ad,ef,27,7d,29,69,f5,02,f0,76,aa,4a,f1,7c,d3,d9,67,7f,6a,
4b,7b,ad,04,7a,b1,b5,76,9b,27,47,3e,bf,0a,94,23,cd,37,51,a3,07,27,6f,ef,00,\

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODI03.00.00.01PRO"="86C94042E90C235551F59FFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9
E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC7933C038D
5
30D6EB3452A2D97226D213B555730698929E222245DD19012464CF54B827FDFB057B530258633D1C
E
12B01274300A146C5A3C28B7A5703C1633771C7EC8DA99E626135890FC236E9C61F01B5079525B05
F
9B94CEE4EF5B56CA219AB971A9C4B907E845C383F90525982F0D80EEB4B09A391C7278FC5D215F9B
7
F5623F5875167BC55DF35BE07CA88CA9F743CFE70A6F98F113B09DE6719AFFA81B673D144937B323
A
E7DAEE7EEE00320C8A905DF12F7901B8D3774B6D4CCEF22BCE8AFE1215F6FA80C22469869BAD8DE0
A
41958F534F79425A2ABA85F0578F05339C09AB7A1948BE559F1245CBD667AE01DE65D4C660731BE1
4
02FEC2541C4528905F67104C40BE79191D39CC08B57C21547D8259B66FA33F97CC7A310FDD26A677
2
3C988E99954A1F4EFE63BF057FA0B2CD3FD94DEA81CB421CF6D57CD93AD2412BFCDA29277EC96E12
A
9221B2BDC1DD8AD72D0CD8E32F0427C44B76EA4B5748085AA075A46090E459FD4108CA0E002A5B67
8
F5E6302D4E127582EE586C2078D878D13AB4111A8EDD9129F907C21C8D50D594840029AE95A20ACD
1
8B866D80463F679C834C7B03E463827A6C4C85141B11F220797B76304B9555186712F3EC9365E855
4
F6FC253547DDDC5E2067CBD865EF102685C16C8E70FDC85891531D9EEB188FC74183FAF18B1A797D
0
B77B047CF006FEFA712CBEB797BD4496C0B4B9A3E131F36EF7FD92E10CD52D25322C0A30C6534A37
5
09CFD1440EB9EC9084161D13540414A0340D9B59ED462E10CEB59ACE1EFBB344E84D5AC1B4B876EA
3
CF0AEB71080E2B73F948EB00823B1F204CDA4FC9EB4F9D87B2FB84413493E6908BD03CDF4EA846C5
D
304B1C9B1DF888C92DFCA88C225B55BA608F04E747AA88DD3B7DB4BCC83E7BBA99789192B9ADCB23
9
1BA22DEB024F6C99F61FE0CD9BBB1E3B25BB06B1336C5A8C71C48FA8586EB9ECA2B34ACDCB542276
2
98B9CF2753F8C8B601FE29FF1C6E940E38FD3D82F278B0F742976C410BE27D8E10AA98E2EE2643D1
7
1F3CAB1F7D773FA6E40EDF540055B5ED064C217DA0EA954BC1B4BD0D6CF403DC26ED60BB2BD534D1
1
56C542109892AD31F6A26691CA1B2702D6C1281B553BD2474D83C6C7D997FE546214018E5DEE94C2
0
F28C4AECC06BC21A030F1BABD686C79EE1B0FCB59AB7C27061A3594CCF2663840E803DDB83AC952D
B
22E8ECE1CA8068B71A35A2CF7A3B161E6F12D0A1A45882165A0814B6A1A225BB55CB43504230077F
2
EE95C912BFDAB76F117D7CBF600F9827047B2FB7898570CB7B0B0931A9B8F05AE1E68D0DBD4EEA3C
D
DDA1706452EE5862F328FF286BD0B"
"OODEFRAG11.00.00.01WORKSTATION"="FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BE
CC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B9808C038D530D6EB3452A2D97226D21
3
B5558A34E6B5F7C1297AABBB2AAB81F2887715D20CAA4B1319335287D6F4B047C7D5AFB43E2641A9
7
2BC24C6960070B1B2A84A44297A5DE9AF3C70B810AB237D09C3ADDA2479368C49570C15FC1D60D57
2
42CA517FFDBBAF8C431E1D7CCB48CFD0959197DDFC0FE461D26D2E638F51FE8C97B737779A4FC525
0
9B54A08B71684E61A0FF27633677FF02972301614281EC8735447BC6EE4E471C4B465DD09E039139
3
FC08BB50BE7E32CD6B49A31EADFC71108A673FC72E19EE21BC27700D635FA439D68740BF77586421
C
CBE5FD28CB35721E78E332BC0429D3B94DEF3C13C3B6C373C335A1C5A5549FDAE69610ED7B1CDCB1
D
CB914F16138226A5EEE1DE6D64BF2BEDE223B91194282F4B35035E01BAACA77DC0161F0B152666FD
4
E774A5D49F8A8D4817A1CAC864B748322640562E44FC184A1403B612215765005B5A2D6AA74B7798
F
80FE1FF282825CC369F9381A951B4DB8D3F6BEEAE044703361B6089C95D10E1E1DCDC1719E817B44
3
7E6A11A63A898E15A592CF29CB25A8C858B8488C066E257F8AA4E71778CADDD3BAAA4F81F554C902
0
1F1713E117AA54ECDAC02A60D9EFF303EBE4B368B4E4622358291A35FC71C7B3B55275CC3B24E4A9
1
097936280CE446E9A094F4E7DB23462B47BBB96EEB322EA42901B7E5E2B2F914BC8A837A840ABAF7
3
21AC8D5ECECE30BC4BEA35F2E4CB5D1DED579CB04C333C62F422D50EA6A08168790A0BC4963B881C
2
E8A8840F908E6CE6552CD5A338988DC248D36660830E120C1F83310891B29B79B518D050BA9A6995
A
08BE73B2D916F63FCAD757907793F20C5FF3934B231526704A44E0D59B82EF9146238BC062CBA216
8
EBAFC8EAB1C6FD0F73F98A39B1630ECD42EEABA5BA2F9B2B2ABA375F7D1835AE366E37492C5556B4
F
0CD87DDEB355B6A2D4A9BE79F1924E4614B291009471A2A4621259099F9B1C47D508EB6040C7D3BA
C
29C0B1BA149D3C817A176F2C67AE883BD7DF7FB7A6C04959AC69F22CCEE32F788B26D79256219DDF
5
CE28E0DB5E0C838A1031706C242D45DC2FF1BC3164A289B8D1D46235D357F7758CD16B8E11CD7F5D
2
A05FD50D300B2244C5EDC8876D8726CD3D7B6CC4B2CDDDE21C0C9DA3B5522501F1CCE4541CE11F91
E
84423329EB093D842D6C2EA6192C7DC5674403BAACED80B340232B66CAE46D992AC2D1B1DAF64D25
B
40C5CF903532329DCBB0B1F423790A5624EAA710D0892A5B444CD7A053DBEEB6DB29E0D3496A36D5
8
20BC2C68A6262393B5ACC390287D9E3245D0A32DAC3980FB12825A598CD7283A78A55CD63868CD0B
5
65E71B348C9D5CF544BFCFD6D6900"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1056)
c:\windows\system32\VESWinlogon.dll

- - - - - - - > 'lsass.exe'(1184)
c:\windows\system32\idmmbc.dll

- - - - - - - > 'explorer.exe'(2412)
c:\progra~1\WINDOW~3\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\program files\Nokia\Nokia PC Suite 7\phonebrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\program files\WinSCP\DragExt.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\FileZilla Server\FileZilla server.exe
c:\windows\system32\gearsec.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\program files\Sony\VAIO Media Integrated Server\VMISrv.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\program files\Starcomms iBOOST\squid\ventcsquid.exe
c:\windows\system32\searchindexer.exe
c:\program files\Starcomms iBOOST\squid\ventcdnsserver.exe
c:\program files\Starcomms iBOOST\squid\ventcdnsserver.exe
c:\program files\Starcomms iBOOST\squid\ventcdnsserver.exe
c:\program files\Starcomms iBOOST\squid\ventcdnsserver.exe
c:\program files\Starcomms iBOOST\squid\ventcdnsserver.exe
c:\program files\Starcomms iBOOST\squid\ventcdnsserver.exe
c:\program files\Starcomms iBOOST\squid\ventcunlinkd.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\dllhost.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
c:\windows\system32\searchprotocolhost.exe
c:\windows\system32\searchfilterhost.exe
c:\windows\system32\searchprotocolhost.exe
.
**************************************************************************
.
Completion time: 2009-09-10 2:19 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-10 08:19

Pre-Run: 5,199,224,832 bytes free
Post-Run: 5,078,917,120 bytes free

570


________________________________________________________________________________
_____________________________________________Here is the hjt log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:20:25 AM, on 9/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\FileZilla Server\FileZilla Server.exe
C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\WINDOWS\system32\HPZipm12.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Dude\dude.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Starcomms iBOOST\Client\ventc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Starcomms iBOOST\squid\ventcsquid.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Starcomms iBOOST\squid\ventcdnsserver.exe
C:\Program Files\Starcomms iBOOST\squid\ventcdnsserver.exe
C:\Program Files\Starcomms iBOOST\squid\ventcdnsserver.exe
C:\Program Files\Starcomms iBOOST\squid\ventcdnsserver.exe
C:\Program Files\Starcomms iBOOST\squid\ventcdnsserver.exe
C:\Program Files\Starcomms iBOOST\squid\ventcdnsserver.exe
C:\Program Files\Starcomms iBOOST\squid\ventcunlinkd.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Documents and Settings\seun\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Documents and Settings\seun\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.55.63.3:8080
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O2 - BHO: Ask.com Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O3 - Toolbar: Ask.com Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [DudeServer] "C:\Program Files\Dude\dude.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Add RSS Support Site to VAIO Information FLOW - C:\Program Files\Sony\VAIO Information FLOW\aiesc.html
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.com/en/
O16 - DPF: {076169AA-8C3D-4CFC-AC23-3ACA88FC21B5} (F-Secure Online Scanner Launcher) - http://download.sp.f-secure.com/ols/f-secu.../fslauncher.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/...can8/oscan8.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Settings Manager (ccsetmgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files\FileZilla Server\FileZilla Server.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - Firebird Project - C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Firebird Project - C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Cooporated Initialisation (VCI) - Sony Corporation - C:\Program Files\Sony\VAIO Cooperated Initialisation\VCI_SVC.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: Venturi Client (VenturiClient) - Venturi Wireless - C:\Program Files\Starcomms iBOOST\Client\ventc.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 19438 bytes
Go to the top of the page
 
+Quote Post
screen317
post Sep 10 2009, 08:33 AM
Post #8


Forum Deity
******

Group: Moderators
Posts: 5,546
Joined: 25-November 07
From: Los Angeles
Member No.: 1,886
Hi,

I notice that you are using more than one antivirus program (avast!, AntiVir, and BitDefender). This is very dangerous, as multiple AVs can interfere with one another and actually allow MORE viruses to get through. I strongly suggest you go to Start -> Control Panel -> Add or Remove Programs and uninstall all but one antivirus program.

In addition, you are running more than one firewall (BitDefender and ZoneAlarm). For the same reasons, please only keep one installed. I also recommend uninstalling Ask Toolbar (it may be shown as Ask.com), due to its dubious repute.


Also, are you running any cracked programs??



Please delete your copy of ComboFix, download the latest version from here, and save it to your Desktop. Do not run it yet.


Next, please download this file and save it as it's originally named, next to ComboFix.exe.





Now close all open windows and programs, then drag the setup package onto ComboFix.exe and drop it. Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console. When complete, it will ask you whether or not to continue with the malware scan. Select No.


Next, please open Notepad - don't use any other text editor than notepad or the script will fail.
Copy/paste the text in the quotebox below into Notepad:

QUOTE
Driver::
a3a75d15
KILLALL::
Rootkit::
c:\windows\TEMP\_av_proI.tm~a03824\setup.lok
File::
C:\windows\system32\drivers\a3a75d15.sys


Save this as CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.



This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.


-screen317


--------------------
Chris Fistonich
Consumer Support Engineer



Follow us: Twitter, Become a fan: Facebook
Go to the top of the page
 
+Quote Post
vasilli
post Sep 10 2009, 02:31 PM
Post #9


New Member
*

Group: Members
Posts: 9
Joined: 7-September 09
Member No.: 19,383
Hi , thanks for the assistance, i have no other AV's running, just avast and malawarebytes.
the others are AV's i used before and have un installed them, they're no longer on the program list. Pls if u can advise how to completely unistall them i would appreciate.
I don't have any cracked programs running at the moment, might have tried out some in the past.
Here are the log files:


ComboFix 09-09-09.07 - seun 09/10/2009 6:48.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1014.521 [GMT -6:00]
Running from: c:\documents and settings\seun\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\seun\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1351 [VPS 090909-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Avira AntiVir PersonalEdition Premium *On-access scanning enabled* (Outdated) {7C90E900-67C8-7C91-FFFF-FFFFB668917C}
AV: BitDefender Antivirus *On-access scanning disabled* (Outdated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: BitDefender Firewall *disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
FW: ZoneAlarm Extreme Security Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

FILE ::
"c:\windows\system32\drivers\a3a75d15.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\a3a75d15.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_a3a75d15


((((((((((((((((((((((((( Files Created from 2009-08-10 to 2009-09-10 )))))))))))))))))))))))))))))))
.

2009-09-09 09:25 . 2009-09-09 09:25 -------- dc----w- c:\documents and settings\seun\Local Settings\Application Data\Scansoft
2009-09-09 08:47 . 2009-09-09 08:47 -------- dc----w- c:\documents and settings\seun\Application Data\ScanSoft
2009-09-09 08:47 . 2009-09-09 08:47 -------- dc----w- c:\documents and settings\All Users\Application Data\ScanSoft
2009-09-09 08:47 . 2009-09-09 08:47 -------- dc----w- c:\program files\Common Files\ScanSoft Shared
2009-09-09 08:46 . 2009-09-09 08:46 -------- dc----w- c:\program files\ScanSoft
2009-09-09 08:39 . 1995-07-31 19:44 212480 -c--a-w- c:\windows\PCDLIB32.DLL
2009-09-09 08:39 . 2009-09-09 08:39 -------- dc----w- c:\program files\ArcSoft
2009-09-09 08:33 . 2005-06-24 04:17 352256 -c--a-w- c:\windows\system32\CNQL1213.DLL
2009-09-09 08:33 . 2005-02-28 19:20 57344 -c--a-w- c:\windows\system32\CNQU110.DLL
2009-09-09 08:08 . 2009-09-09 08:08 -------- dcsh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-09-08 11:49 . 2009-09-08 11:49 -------- dc----w- c:\program files\Webroot
2009-09-08 07:48 . 2009-09-08 07:48 -------- dcsh--w- c:\documents and settings\LocalService\IETldCache
2009-09-07 13:53 . 2009-09-07 13:53 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{5A76C6B3-3FA8-46D0-AA81-62C3805E38BC}
2009-09-07 13:12 . 2009-09-07 13:17 -------- dc-h--w- c:\windows\msdownld.tmp
2009-09-07 13:04 . 2009-09-07 13:05 -------- dc----w- c:\program files\CA Yahoo! Anti-Spy
2009-09-06 18:02 . 2009-09-06 18:02 -------- dc----w- c:\documents and settings\All Users\Application Data\Novatel Wireless
2009-09-06 18:02 . 2009-09-06 18:02 -------- dc----w- c:\program files\Novatel Wireless
2009-08-31 07:54 . 2009-08-31 07:54 -------- dc----w- c:\program files\Total Seminars
2009-08-31 07:24 . 2009-08-31 08:37 4212 -c-ha-w- c:\windows\system32\zllictbl.dat
2009-08-29 11:17 . 2009-09-07 13:17 -------- dc-h--w- c:\windows\ie8
2009-08-26 07:02 . 2008-05-07 06:09 125200 -c--a-w- c:\windows\system32\drivers\dne2000.sys
2009-08-26 07:02 . 2008-05-07 06:09 109840 -c--a-w- c:\windows\system32\dneinobj.dll
2009-08-26 07:02 . 2008-05-29 21:41 89584 -c--a-w- c:\windows\system32\drivers\vwredir.sys
2009-08-26 07:02 . 2009-08-26 07:02 -------- dc----w- c:\program files\Common Files\Deterministic Networks
2009-08-26 07:02 . 2009-08-26 07:03 -------- dc----w- c:\program files\Starcomms iBOOST
2009-08-26 07:00 . 2009-08-26 07:00 -------- dc----w- c:\documents and settings\seun\Application Data\InstallShield
2009-08-26 06:58 . 2009-08-26 07:07 -------- dc----w- c:\program files\Starcomms izap@Slim
2009-08-25 10:13 . 2009-08-25 14:43 -------- dc----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-08-24 13:29 . 2009-08-17 16:04 23152 -c--a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-24 13:29 . 2009-08-17 16:04 51376 -c--a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-24 13:29 . 2009-08-17 16:03 26944 -c--a-w- c:\windows\system32\drivers\aavmker4.sys
2009-08-24 13:28 . 2009-08-17 16:06 93392 -c--a-w- c:\windows\system32\drivers\aswmon.sys
2009-08-24 13:28 . 2009-08-17 16:06 94160 -c--a-w- c:\windows\system32\drivers\aswmon2.sys
2009-08-24 13:28 . 2009-08-17 16:05 114768 -c--a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-24 13:28 . 2009-08-17 16:05 20560 -c--a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-24 13:28 . 2009-08-17 16:02 97480 -c--a-w- c:\windows\system32\AvastSS.scr
2009-08-24 13:28 . 2009-08-17 16:10 1279456 -c--a-w- c:\windows\system32\aswBoot.exe
2009-08-24 10:44 . 2009-08-24 14:28 -------- dc----w- c:\program files\F-Secure
2009-08-17 12:14 . 2009-08-17 12:14 -------- dc----w- c:\documents and settings\seun\Application Data\WinCare2008
2009-08-17 10:00 . 2004-03-24 18:44 151552 -c--a-w- c:\windows\system32\HexValidEmail.dll
2009-08-17 10:00 . 2001-09-11 16:23 24576 -c--a-w- c:\windows\system32\snEUps.dll
2009-08-17 10:00 . 2001-07-18 09:42 122880 -c--a-w- c:\windows\system32\snEU.exe
2009-08-17 10:00 . 2004-03-24 18:44 102400 -c--a-w- c:\windows\system32\HexDns.dll
2009-08-17 09:58 . 2009-08-17 10:00 -------- dc----w- c:\program files\GroupMail 5
2009-08-14 16:21 . 2009-08-14 16:21 -------- dc----w- c:\program files\WinSCP
2009-08-14 14:05 . 2009-08-14 14:05 -------- dc----w- c:\documents and settings\seun\Local Settings\Application Data\Cranium
2009-08-14 10:07 . 2009-08-14 10:07 -------- dc-h--w- c:\windows\$mmUninstallV1$
2009-08-14 10:07 . 2009-08-14 10:07 -------- dc----w- c:\program files\Mad-Monkey

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-10 14:17 . 2008-10-30 08:46 -------- dc----w- c:\documents and settings\seun\Application Data\DMCache
2009-09-10 10:10 . 2008-10-11 15:31 -------- dc----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-09-10 08:57 . 2009-05-11 11:03 -------- dc----w- c:\program files\Ask.com
2009-09-09 14:28 . 2008-08-26 14:12 -------- dc----w- c:\documents and settings\seun\Application Data\Skype
2009-09-09 14:00 . 2008-11-05 05:10 -------- dc----w- c:\documents and settings\seun\Application Data\skypePM
2009-09-09 10:11 . 2009-06-19 07:10 -------- dc----w- c:\program files\Zain Mobile Internet
2009-09-09 08:59 . 2008-10-17 08:08 -------- dc----w- c:\documents and settings\seun\Application Data\Canon
2009-09-09 08:39 . 2006-08-15 14:56 -------- dc-h--w- c:\program files\InstallShield Installation Information
2009-09-07 08:16 . 2008-08-27 04:39 -------- dc----w- c:\documents and settings\seun\Application Data\ICQ
2009-09-04 10:17 . 2009-08-04 15:35 -------- dc----w- c:\program files\Aimersoft
2009-09-04 10:14 . 2009-04-27 11:51 -------- dc----w- c:\program files\National Lampoon's University Tycoon
2009-09-01 17:35 . 2008-10-17 14:45 86704 -c--a-w- c:\documents and settings\seun\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-01 09:42 . 2009-02-19 09:57 -------- dc----w- c:\documents and settings\seun\Application Data\CheckPoint
2009-08-31 07:25 . 2009-02-19 09:55 272 -c--a-w- c:\windows\system32\lkfl.dat
2009-08-28 14:43 . 2008-08-28 00:08 -------- dc----w- c:\documents and settings\seun\Application Data\LimeWire
2009-08-27 17:06 . 2009-07-06 16:12 -------- dc----w- c:\program files\MassSender
2009-08-27 10:28 . 2008-12-04 16:42 -------- dc----w- c:\program files\mIRC
2009-08-26 07:39 . 2009-07-13 16:48 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-25 10:13 . 2008-08-27 05:34 -------- dc----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-08-25 10:13 . 2008-08-27 05:29 -------- dc----w- c:\program files\Yahoo!
2009-08-24 13:26 . 2009-04-24 15:09 -------- dc----w- c:\documents and settings\All Users\Application Data\F-Secure
2009-08-24 10:46 . 2009-04-24 15:02 -------- dc----w- c:\documents and settings\All Users\Application Data\fssg
2009-08-24 10:42 . 2008-09-15 07:32 -------- dc----w- c:\program files\Kaspersky Lab
2009-08-24 10:42 . 2008-09-15 07:32 -------- dc----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-08-24 10:42 . 2008-12-02 11:05 -------- dc----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-08-22 11:35 . 2009-06-28 08:55 -------- dc----w- c:\documents and settings\seun\Application Data\dvdcss
2009-08-17 16:06 . 2006-08-15 16:44 -------- dc----w- c:\program files\Java
2009-08-17 10:22 . 2009-07-23 17:55 -------- dc----w- c:\documents and settings\seun\Application Data\DiskAid
2009-08-17 10:00 . 2009-08-17 09:58 26441 -c--a-w- c:\documents and settings\seun\Application Data\unins000.dat
2009-08-17 09:58 . 2009-08-17 09:58 678682 -c--a-w- c:\documents and settings\seun\Application Data\unins000.exe
2009-08-17 09:56 . 2008-08-27 11:15 -------- dc--a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-16 17:58 . 2008-08-27 06:57 -------- dc----w- c:\documents and settings\seun\Application Data\Yahoo!
2009-08-14 12:43 . 2009-07-09 12:40 -------- dc----w- c:\documents and settings\seun\Application Data\FileZilla
2009-08-14 11:25 . 2009-06-24 14:58 -------- dc----w- c:\documents and settings\seun\Application Data\Thinstall
2009-08-14 05:17 . 2008-08-27 11:06 -------- dc----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-08-10 08:41 . 2009-08-10 08:41 -------- dc----w- c:\program files\iPhoneBrowser
2009-08-05 13:01 . 2009-06-22 14:24 -------- dc----w- c:\program files\Firebird
2009-08-04 13:45 . 2009-08-04 13:45 -------- dc----w- c:\program files\Xilisoft
2009-08-03 12:36 . 2009-07-13 16:48 38160 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 12:36 . 2009-07-13 16:48 19096 -c--a-w- c:\windows\system32\drivers\mbam.sys
2009-08-03 08:11 . 2009-08-03 08:10 -------- dc----w- c:\program files\UltraVPN
2009-07-30 13:20 . 2009-07-30 13:20 -------- dc----w- c:\documents and settings\LocalService\Application Data\Flock
2009-07-25 04:23 . 2008-12-04 14:32 411368 -c--a-w- c:\windows\system32\deploytk.dll
2009-07-24 20:37 . 2008-12-24 09:44 -------- dc----w- c:\documents and settings\seun\Application Data\Apple Computer
2009-07-23 15:29 . 2008-12-24 09:37 -------- dc----w- c:\documents and settings\All Users\Application Data\Apple
2009-07-23 15:14 . 2009-07-23 15:13 -------- dc----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-07-23 15:14 . 2008-12-24 09:42 -------- dc----w- c:\program files\iTunes
2009-07-23 15:14 . 2008-12-24 09:43 -------- dc----w- c:\program files\iPod
2009-07-23 15:08 . 2008-12-24 09:41 -------- dc----w- c:\program files\Bonjour
2009-07-23 12:47 . 2009-07-23 12:47 -------- dc----w- c:\program files\RealVNC
2009-07-21 12:43 . 2009-06-16 15:21 -------- dc----w- c:\program files\Open Contacts
2009-07-15 05:36 . 2008-08-27 04:44 -------- dc----w- c:\program files\ICQ6Toolbar
2009-07-14 16:36 . 2009-07-14 16:24 -------- dc----w- c:\program files\ICQ6.5
2009-07-14 16:30 . 2008-08-27 04:44 -------- dc----w- c:\documents and settings\All Users\Application Data\ICQ
2009-07-14 16:29 . 2008-08-27 04:39 -------- dc----w- c:\program files\ICQ6
2009-07-14 11:08 . 2009-02-16 08:29 104256 -c--a-w- c:\windows\HPFins09.dat
2009-07-13 16:48 . 2009-05-11 10:46 -------- dc----w- c:\documents and settings\seun\Application Data\Malwarebytes
2009-07-13 16:48 . 2009-05-11 10:43 -------- dc----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-13 07:48 . 2009-07-13 07:47 -------- dc----w- c:\program files\FileZilla Server
2009-07-09 11:16 . 2009-07-23 15:04 2060288 -c--a-w- c:\windows\system32\usbaaplrc.dll
2009-07-09 11:16 . 2008-12-24 09:38 39424 -c--a-w- c:\windows\system32\drivers\usbaapl.sys
2009-07-03 15:39 . 2009-05-05 15:45 664 -c--a-w- c:\windows\system32\d3d9caps.dat
2009-07-02 17:25 . 2009-07-02 17:25 3 -c--a-w- c:\windows\system32\krx280.dat
2009-06-16 13:07 . 2009-06-23 13:54 7779640 -c--a-w- c:\windows\system32\kentut.exe
2008-08-13 18:02 . 2008-08-13 18:02 35840 -c--a-w- c:\program files\mozilla firefox\components\FFComm.dll
2009-07-21 12:35 . 2009-06-16 13:26 122880 -c--a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-09-10_08.11.57 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-09-10 14:13 . 2009-09-10 14:13 16384 c:\windows\Temp\Perflib_Perfdata_8ec.dat
+ 2009-09-10 09:32 . 2009-09-10 09:32 16384 c:\windows\Temp\Perflib_Perfdata_53c.dat
+ 2009-09-10 14:13 . 2009-09-10 14:13 16384 c:\windows\Temp\Perflib_Perfdata_1dc.dat
+ 2009-09-10 14:13 . 2009-09-10 14:13 16384 c:\windows\Temp\Perflib_Perfdata_194.dat
+ 2006-08-15 11:44 . 2009-09-10 09:43 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2006-08-15 11:44 . 2009-09-09 09:31 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2006-08-15 11:44 . 2009-09-09 09:31 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2006-08-15 11:44 . 2009-09-10 09:43 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-09-09 08:08 . 2009-09-10 09:43 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
- 2009-09-09 08:08 . 2009-09-09 09:31 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
- 2006-08-15 11:44 . 2009-09-09 09:31 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-09-10 09:43 . 2009-09-10 09:43 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2008-10-08 173368]

[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-02-09 21:06 764296 -c--a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2008-10-08 18:22 1172792 -c--a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-02-09 764296]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-02-09 764296]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-01-31 2594224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DudeServer"="c:\program files\Dude\dude.exe" [2009-04-20 4032512]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-08-03 419088]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2008-04-14 53760]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\documents and settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2006-06-20 15:11 73728 ----a-w- c:\windows\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk]
backup=c:\windows\pss\Adobe Acrobat Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^seun^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
backup=c:\windows\pss\LimeWire On Startup.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^seun^Start Menu^Programs^Startup^OneNote Table Of Contents.onetoc2]
backup=c:\windows\pss\OneNote Table Of Contents.onetoc2Startup

[HKLM\~\startupfolder\C:^Documents and Settings^seun^Start Menu^Programs^Startup^Trillian.lnk]
backup=c:\windows\pss\Trillian.lnkStartup

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" /onboot
"Simp"=c:\program files\Secway\SimpPro 2.2\SimpPro.exe
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"ctfmon.exe"="c:\windows\system32\ctfmon.exe"
"Uniblue SpyEraser"="c:\program files\Uniblue\SpyEraser\SpyEraser.exe" -m
"Uniblue RegistryBooster 2"=c:\program files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" silent
"FileZilla Server Interface"="c:\program files\FileZilla Server\FileZilla Server Interface.exe"
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" /background
"Google Update"="c:\documents and settings\seun\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
"Uniblue SpeedUpMyPC"=c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s
"MobiLink Lite"="c:\program files\Novatel Wireless\MobiLink\Lite.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"wmagent.exe"="c:\program files\WebMoney Agent\wmagent.exe"
"ISUSPM Startup"=c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"DLA"=c:\windows\System32\DLA\DLACTRLW.EXE
"VMConsole.exe"=c:\program files\Sony\VAIO Media Integrated Server\Platform\VMConsole.exe /windowmin
"vaio update 4"="c:\program files\Sony\VAIO Update 4\VAIOUpdt.exe" /Stationary
"openvpn-gui"=c:\program files\UltraVPN\bin\openvpn-gui.exe
"Venturi Configurator"=c:\program files\Starcomms iBOOST\Configurator\ventcfg.exe -nomsgbox
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Secway\\SimpPro 2.2\\SimpPro.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\WebMoney\\WebMoney.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Sony\\Click to DVD 2\\CtoDvd.exe"=
"c:\\Program Files\\Dude\\dude.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\Starcomms iBOOST\\squid\\ventcsquid.exe"=
"c:\\Program Files\\Starcomms iBOOST\\squid\\ventcdnsserver.exe"=
"c:\\Program Files\\Starcomms iBOOST\\Configurator\\ventcfg.exe"=
"c:\\Program Files\\Starcomms iBOOST\\Configurator\\VClientUpdate.exe"=
"c:\\Program Files\\Starcomms iBOOST\\Client\\VentC.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service
"5000:TCP"= 5000:TCP:Active@ SMART Monitor

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [8/24/2009 7:28 AM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [8/24/2009 7:28 AM 20560]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_2_1\bin\fbguard.exe [6/22/2009 8:24 AM 81920]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [7/13/2009 10:48 AM 232720]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB [?]
R2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe -k netsvcs [8/14/2006 9:23 PM 14336]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [1/8/2009 10:13 AM 603904]
R2 VenturiClient;Venturi Client;c:\program files\Starcomms iBOOST\Client\VentC.exe [8/26/2009 1:02 AM 2495840]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_2_1\bin\fbserver.exe [6/22/2009 8:24 AM 2732032]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7/13/2009 10:48 AM 19096]
R3 tap0901;TAP-Win32 Adapter V9;c:\windows\system32\drivers\tap0901.sys [11/19/2008 12:22 PM 25216]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [8/14/2006 9:24 PM 226304]
R3 vwredir;Venturi Wireless Redirector;c:\windows\system32\drivers\vwredir.sys [8/26/2009 1:02 AM 89584]
S3 Arfumftr;Trust RF-Mouse filter driver;c:\windows\system32\drivers\Arfumftr.sys [12/17/2001 8:27 AM 10904]
S3 FLMCKUSB;AuthenTec TruePrint USB Driver (AES3400, AES3500, AES4000);c:\windows\system32\drivers\FLMckUSB.sys [8/18/2006 3:50 PM 69810]
S3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [9/24/2008 9:18 AM 33752]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [8/17/2009 2:45 AM 30192]
S3 icsak;icsak;\??\c:\program files\CheckPoint\ZAForceField\AK\icsak.sys --> c:\program files\CheckPoint\ZAForceField\AK\icsak.sys [?]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [10/28/2008 9:16 AM 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [10/28/2008 9:17 AM 8320]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [12/23/2008 9:35 AM 50704]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [10/12/2007 4:04 PM 99200]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB [?]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [1/25/2008 3:12 AM 25088]
S3 usb2vcom;Nokia CA-42 USB;c:\windows\system32\drivers\usb2vcom.sys [7/28/2009 3:18 AM 22760]
S3 V0330VID;WebCam Vista;c:\windows\system32\drivers\V0330Vid.sys [9/3/2008 4:56 PM 173632]
S3 vwinter;Venturi Wireless Intercepter;\??\c:\windows\system32\drivers\vwinter.sys --> c:\windows\system32\drivers\vwinter.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2009-09-10 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-12 03:36]

2009-08-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

2009-09-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1226449082-3882521577-2508560971-1006Core.job
- c:\documents and settings\seun\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-10 05:11]

2009-09-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1226449082-3882521577-2508560971-1006UA.job
- c:\documents and settings\seun\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-10 05:11]

2009-09-06 c:\windows\Tasks\Malwarebytes' Scheduled Update for seun.job
- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-07-13 12:36]

2009-06-23 c:\windows\Tasks\Uniblue SpyEraser.job
- c:\program files\Uniblue\SpyEraser\SpyEraser.exe [2009-05-07 08:03]

2009-09-10 c:\windows\Tasks\User_Feed_Synchronization-{BE6986DE-BEBC-4A6D-ADB8-CC07CE8A713E}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 10:31]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
uInternet Settings,ProxyServer = 10.55.63.3:8080
uInternet Settings,ProxyOverride = <local>
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: Add RSS Support Site to VAIO Information FLOW - c:\program files\Sony\VAIO Information FLOW\aiesc.html
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
LSP: c:\windows\system32\idmmbc.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
FF - ProfilePath - c:\documents and settings\seun\Application Data\Mozilla\Firefox\Profiles\1v2gpcua.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
FF - prefs.js: keyword.URL - hxxp://search.freecause.com/search?fr=freecause&ourmark=3&type=58757&ei=utf-8&yahoo_domain=search.yahoo.com&p=
FF - prefs.js: network.proxy.ftp - 10.55.63.3
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.gopher - 10.55.63.3
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - 10.55.63.3
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - 10.55.63.3
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\seun\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
FF - component: c:\documents and settings\seun\Application Data\Mozilla\Firefox\Profiles\1v2gpcua.default\extensions\{18b8f08d-62fe-4dfc-ad6c-9ce46515d5ec}\components\Engine.dll
FF - component: c:\program files\Mozilla Firefox\components\FFComm.dll
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\documents and settings\seun\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Picasa2\npPicasa2.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
user_pref(network.proxy.http_port,);
FF - user.js: network.proxy.no_proxies_on -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-10 08:15
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1226449082-3882521577-2508560971-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{FFC293A9-C477-1ACB-4F79-BD48E87E62E9}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"hacehmkadokahmkh"=hex:6e,62,68,66,64,61,61,68,70,70,6b,6a,61,62,6c,6a,6f,6b,
6e,6a,70,6f,70,69,69,6b,65,66,67,64,6a,6c,69,6d,65,66,69,67,6d,62,6e,63,66,\
"jacehmkadokahmkhoael"=hex:66,61,68,66,62,61,6e,6e,6d,70,6d,61,00,f0
"pakecjamndjmcemhopkjookkbmkkmbig"=hex:65,61,68,66,6b,70,70,6d,70,63,00,61

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5929d6b6-45d5-42c8-95c0-a7ae72465b1e}]
@Denied: (Full) (Everyone)
"Model"=dword:00000143
"Therad"=dword:00000017

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):e1,76,ee,1e,4e,32,70,06,1b,a6,b6,15,5d,b1,85,2b,17,af,c5,f0,cb,
24,86,76,98,46,0f,53,75,4b,34,1a,7a,a9,59,95,e9,70,fd,df,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):56,4c,16,0b,21,52,6e,09,b9,7b,0a,31,41,d9,db,70,99,6d,47,d3,ec,
14,f1,ce,ad,51,e5,b8,a2,33,1e,c5,1f,e6,30,83,a7,39,d9,25,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{e9982ac9-cdd3-4c19-8cd4-713292c624fc}]
@Denied: (Full) (Everyone)
"Model"=dword:00000029
"Therad"=dword:0000000f
"MData"=hex(0):cb,9b,ad,ef,27,7d,29,69,f5,02,f0,76,aa,4a,f1,7c,d3,d9,67,7f,6a,
4b,7b,ad,04,7a,b1,b5,76,9b,27,47,3e,bf,0a,94,23,cd,37,51,a3,07,27,6f,ef,00,\

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODI03.00.00.01PRO"="86C94042E90C235551F59FFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9
E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC7933C038D
5
30D6EB3452A2D97226D213B555730698929E222245DD19012464CF54B827FDFB057B530258633D1C
E
12B01274300A146C5A3C28B7A5703C1633771C7EC8DA99E626135890FC236E9C61F01B5079525B05
F
9B94CEE4EF5B56CA219AB971A9C4B907E845C383F90525982F0D80EEB4B09A391C7278FC5D215F9B
7
F5623F5875167BC55DF35BE07CA88CA9F743CFE70A6F98F113B09DE6719AFFA81B673D144937B323
A
E7DAEE7EEE00320C8A905DF12F7901B8D3774B6D4CCEF22BCE8AFE1215F6FA80C22469869BAD8DE0
A
41958F534F79425A2ABA85F0578F05339C09AB7A1948BE559F1245CBD667AE01DE65D4C660731BE1
4
02FEC2541C4528905F67104C40BE79191D39CC08B57C21547D8259B66FA33F97CC7A310FDD26A677
2
3C988E99954A1F4EFE63BF057FA0B2CD3FD94DEA81CB421CF6D57CD93AD2412BFCDA29277EC96E12
A
9221B2BDC1DD8AD72D0CD8E32F0427C44B76EA4B5748085AA075A46090E459FD4108CA0E002A5B67
8
F5E6302D4E127582EE586C2078D878D13AB4111A8EDD9129F907C21C8D50D594840029AE95A20ACD
1
8B866D80463F679C834C7B03E463827A6C4C85141B11F220797B76304B9555186712F3EC9365E855
4
F6FC253547DDDC5E2067CBD865EF102685C16C8E70FDC85891531D9EEB188FC74183FAF18B1A797D
0
B77B047CF006FEFA712CBEB797BD4496C0B4B9A3E131F36EF7FD92E10CD52D25322C0A30C6534A37
5
09CFD1440EB9EC9084161D13540414A0340D9B59ED462E10CEB59ACE1EFBB344E84D5AC1B4B876EA
3
CF0AEB71080E2B73F948EB00823B1F204CDA4FC9EB4F9D87B2FB84413493E6908BD03CDF4EA846C5
D
304B1C9B1DF888C92DFCA88C225B55BA608F04E747AA88DD3B7DB4BCC83E7BBA99789192B9ADCB23
9
1BA22DEB024F6C99F61FE0CD9BBB1E3B25BB06B1336C5A8C71C48FA8586EB9ECA2B34ACDCB542276
2
98B9CF2753F8C8B601FE29FF1C6E940E38FD3D82F278B0F742976C410BE27D8E10AA98E2EE2643D1
7
1F3CAB1F7D773FA6E40EDF540055B5ED064C217DA0EA954BC1B4BD0D6CF403DC26ED60BB2BD534D1
1
56C542109892AD31F6A26691CA1B2702D6C1281B553BD2474D83C6C7D997FE546214018E5DEE94C2
0
F28C4AECC06BC21A030F1BABD686C79EE1B0FCB59AB7C27061A3594CCF2663840E803DDB83AC952D
B
22E8ECE1CA8068B71A35A2CF7A3B161E6F12D0A1A45882165A0814B6A1A225BB55CB43504230077F
2
EE95C912BFDAB76F117D7CBF600F9827047B2FB7898570CB7B0B0931A9B8F05AE1E68D0DBD4EEA3C
D
DDA1706452EE5862F328FF286BD0B"
"OODEFRAG11.00.00.01WORKSTATION"="FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BE
CC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B9808C038D530D6EB3452A2D97226D21
3
B5558A34E6B5F7C1297AABBB2AAB81F2887715D20CAA4B1319335287D6F4B047C7D5AFB43E2641A9
7
2BC24C6960070B1B2A84A44297A5DE9AF3C70B810AB237D09C3ADDA2479368C49570C15FC1D60D57
2
42CA517FFDBBAF8C431E1D7CCB48CFD0959197DDFC0FE461D26D2E638F51FE8C97B737779A4FC525
0
9B54A08B71684E61A0FF27633677FF02972301614281EC8735447BC6EE4E471C4B465DD09E039139
3
FC08BB50BE7E32CD6B49A31EADFC71108A673FC72E19EE21BC27700D635FA439D68740BF77586421
C
CBE5FD28CB35721E78E332BC0429D3B94DEF3C13C3B6C373C335A1C5A5549FDAE69610ED7B1CDCB1
D
CB914F16138226A5EEE1DE6D64BF2BEDE223B91194282F4B35035E01BAACA77DC0161F0B152666FD
4
E774A5D49F8A8D4817A1CAC864B748322640562E44FC184A1403B612215765005B5A2D6AA74B7798
F
80FE1FF282825CC369F9381A951B4DB8D3F6BEEAE044703361B6089C95D10E1E1DCDC1719E817B44
3
7E6A11A63A898E15A592CF29CB25A8C858B8488C066E257F8AA4E71778CADDD3BAAA4F81F554C902
0
1F1713E117AA54ECDAC02A60D9EFF303EBE4B368B4E4622358291A35FC71C7B3B55275CC3B24E4A9
1
097936280CE446E9A094F4E7DB23462B47BBB96EEB322EA42901B7E5E2B2F914BC8A837A840ABAF7
3
21AC8D5ECECE30BC4BEA35F2E4CB5D1DED579CB04C333C62F422D50EA6A08168790A0BC4963B881C
2
E8A8840F908E6CE6552CD5A338988DC248D36660830E120C1F83310891B29B79B518D050BA9A6995
A
08BE73B2D916F63FCAD757907793F20C5FF3934B231526704A44E0D59B82EF9146238BC062CBA216
8
EBAFC8EAB1C6FD0F73F98A39B1630ECD42EEABA5BA2F9B2B2ABA375F7D1835AE366E37492C5556B4
F
0CD87DDEB355B6A2D4A9BE79F1924E4614B291009471A2A4621259099F9B1C47D508EB6040C7D3BA
C
29C0B1BA149D3C817A176F2C67AE883BD7DF7FB7A6C04959AC69F22CCEE32F788B26D79256219DDF
5
CE28E0DB5E0C838A1031706C242D45DC2FF1BC3164A289B8D1D46235D357F7758CD16B8E11CD7F5D
2
A05FD50D300B2244C5EDC8876D8726CD3D7B6CC4B2CDDDE21C0C9DA3B5522501F1CCE4541CE11F91
E
84423329EB093D842D6C2EA6192C7DC5674403BAACED80B340232B66CAE46D992AC2D1B1DAF64D25
B
40C5CF903532329DCBB0B1F423790A5624EAA710D0892A5B444CD7A053DBEEB6DB29E0D3496A36D5
8
20BC2C68A6262393B5ACC390287D9E3245D0A32DAC3980FB12825A598CD7283A78A55CD63868CD0B
5
65E71B348C9D5CF544BFCFD6D6900"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(524)
c:\windows\system32\VESWinlogon.dll

- - - - - - - > 'lsass.exe'(680)
c:\windows\system32\idmmbc.dll

- - - - - - - > 'explorer.exe'(3592)
c:\progra~1\WINDOW~3\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\program files\Nokia\Nokia PC Suite 7\phonebrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\program files\WinSCP\DragExt.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\FileZilla Server\FileZilla server.exe
c:\windows\system32\gearsec.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\program files\Sony\VAIO Media Integrated Server\VMISrv.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\windows\system32\searchindexer.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Starcomms iBOOST\squid\ventcsquid.exe
c:\program files\Starcomms iBOOST\squid\ventcdnsserver.exe
c:\program files\Starcomms iBOOST\squid\ventcdnsserver.exe
c:\program files\Starcomms iBOOST\squid\ventcdnsserver.exe
c:\program files\Starcomms iBOOST\squid\ventcdnsserver.exe
c:\program files\Starcomms iBOOST\squid\ventcdnsserver.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Starcomms iBOOST\squid\ventcdnsserver.exe
c:\program files\Starcomms iBOOST\squid\ventcunlinkd.exe
c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
c:\windows\system32\dllhost.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
c:\windows\system32\searchprotocolhost.exe
c:\program files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\searchfilterhost.exe
.
**************************************************************************
.
Completion time: 2009-09-10 8:24 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-10 14:23
ComboFix2.txt 2009-09-10 08:19

Pre-Run: 5,009,330,176 bytes free
Post-Run: 4,977,549,312 bytes free

521
________________________________________________________________________________
________________________________________

HJT:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:25:31 AM, on 9/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\FileZilla Server\FileZilla Server.exe
C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\WINDOWS\system32\HPZipm12.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Starcomms iBOOST\Client\ventc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Starcomms iBOOST\squid\ventcsquid.exe
C:\Program Files\Starcomms iBOOST\squid\ventcdnsserver.exe
C:\Program Files\Starcomms iBOOST\squid\ventcdnsserver.exe
C:\Program Files\Starcomms iBOOST\squid\ventcdnsserver.exe
C:\Program Files\Starcomms iBOOST\squid\ventcdnsserver.exe
C:\Program Files\Starcomms iBOOST\squid\ventcdnsserver.exe
C:\Program Files\Starcomms iBOOST\squid\ventcdnsserver.exe
C:\Program Files\Starcomms iBOOST\squid\ventcunlinkd.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Dude\dude.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Dude\dude.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\seun\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\seun\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.55.63.3:8080
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O2 - BHO: Ask.com Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O3 - Toolbar: Ask.com Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [DudeServer] "C:\Program Files\Dude\dude.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Add RSS Support Site to VAIO Information FLOW - C:\Program Files\Sony\VAIO Information FLOW\aiesc.html
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.com/en/
O16 - DPF: {076169AA-8C3D-4CFC-AC23-3ACA88FC21B5} (F-Secure Online Scanner Launcher) - http://download.sp.f-secure.com/ols/f-secu.../fslauncher.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/...can8/oscan8.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Settings Manager (ccsetmgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files\FileZilla Server\FileZilla Server.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - Firebird Project - C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Firebird Project - C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Cooporated Initialisation (VCI) - Sony Corporation - C:\Program Files\Sony\VAIO Cooperated Initialisation\VCI_SVC.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: Venturi Client (VenturiClient) - Venturi Wireless - C:\Program Files\Starcomms iBOOST\Client\ventc.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 19426 bytes
Go to the top of the page
 
+Quote Post
screen317
post Sep 11 2009, 03:43 AM
Post #10


Forum Deity
******

Group: Moderators
Posts: 5,546
Joined: 25-November 07
From: Los Angeles
Member No.: 1,886
Hi,

QUOTE (vasilli @ Sep 10 2009, 07:31 AM) *
Hi , thanks for the assistance, i have no other AV's running, just avast and malawarebytes.
What about firewalls?


Next, please open Notepad - don't use any other text editor than notepad or the script will fail.
Copy/paste the text in the quotebox below into Notepad:

QUOTE
SecCenter::
{7C90E900-67C8-7C91-FFFF-FFFFB668917C}
{6C4BB89C-B0ED-4F41-A29C-4373888923BB}


Save this as CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.



This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.


Next, please use the Internet Explorer browser and click here to use the F-Secure Online Scanner.
  • Click Start Scanning.
  • You should get a notification bar (on top) to install the ActiveX control.
  • Click on it and select to install the ActiveX.
  • Once the ActiveX is installed, you should accept the License terms by clicking OK below to start the scan.
  • In case you are having problems with installing the ActiveX/starting the scan, please read here.
  • Click the Full System Scan button.
  • It will start to download scanner components and databases. This can take a while.
  • The main scan will start.
  • Once the scan has finished scanning, click the Automatic cleaning (recommended) button
  • It could be possible that your firewall gives an alert - allow it, because that's a connection you establish to submit infected files to F-Secure.
  • The cleaning can take a while, so please be patient.
  • Then click the Show report button and Copy/Paste what is present under results in your next reply.



Next, download my Security Check from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Let me know how things are running now and what issues remain.

-screen317


--------------------
Chris Fistonich
Consumer Support Engineer



Follow us: Twitter, Become a fan: Facebook
Go to the top of the page
 
+Quote Post
vasilli
post Sep 11 2009, 11:38 AM
Post #11


New Member
*

Group: Members
Posts: 9
Joined: 7-September 09
Member No.: 19,383
hi, i tried did the combo fix and her eare the logs:

ComboFix 09-09-09.07 - seun 09/11/2009 4:39.3.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1014.413 [GMT -6:00]
Running from: c:\documents and settings\seun\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\seun\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1351 [VPS 090910-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Avira AntiVir PersonalEdition Premium *On-access scanning enabled* (Outdated) {7C90E900-67C8-7C91-FFFF-FFFFB668917C}
AV: BitDefender Antivirus *On-access scanning disabled* (Outdated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: BitDefender Firewall *disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
FW: ZoneAlarm Extreme Security Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((( Files Created from 2009-08-11 to 2009-09-11 )))))))))))))))))))))))))))))))
.

2009-09-09 09:25 . 2009-09-09 09:25 -------- dc----w- c:\documents and settings\seun\Local Settings\Application Data\Scansoft
2009-09-09 08:47 . 2009-09-09 08:47 -------- dc----w- c:\documents and settings\seun\Application Data\ScanSoft
2009-09-09 08:47 . 2009-09-09 08:47 -------- dc----w- c:\documents and settings\All Users\Application Data\ScanSoft
2009-09-09 08:47 . 2009-09-09 08:47 -------- dc----w- c:\program files\Common Files\ScanSoft Shared
2009-09-09 08:46 . 2009-09-09 08:46 -------- dc----w- c:\program files\ScanSoft
2009-09-09 08:39 . 1995-07-31 19:44 212480 -c--a-w- c:\windows\PCDLIB32.DLL
2009-09-09 08:39 . 2009-09-09 08:39 -------- dc----w- c:\program files\ArcSoft
2009-09-09 08:33 . 2005-06-24 04:17 352256 -c--a-w- c:\windows\system32\CNQL1213.DLL
2009-09-09 08:33 . 2005-02-28 19:20 57344 -c--a-w- c:\windows\system32\CNQU110.DLL
2009-09-09 08:08 . 2009-09-09 08:08 -------- dcsh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-09-08 11:49 . 2009-09-08 11:49 -------- dc----w- c:\program files\Webroot
2009-09-08 07:48 . 2009-09-08 07:48 -------- dcsh--w- c:\documents and settings\LocalService\IETldCache
2009-09-07 13:53 . 2009-09-07 13:53 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{5A76C6B3-3FA8-46D0-AA81-62C3805E38BC}
2009-09-07 13:12 . 2009-09-07 13:17 -------- dc-h--w- c:\windows\msdownld.tmp
2009-09-07 13:04 . 2009-09-07 13:05 -------- dc----w- c:\program files\CA Yahoo! Anti-Spy
2009-09-06 18:02 . 2009-09-06 18:02 -------- dc----w- c:\documents and settings\All Users\Application Data\Novatel Wireless
2009-09-06 18:02 . 2009-09-06 18:02 -------- dc----w- c:\program files\Novatel Wireless
2009-08-31 07:54 . 2009-08-31 07:54 -------- dc----w- c:\program files\Total Seminars
2009-08-31 07:24 . 2009-08-31 08:37 4212 -c-ha-w- c:\windows\system32\zllictbl.dat
2009-08-29 11:17 . 2009-09-07 13:17 -------- dc-h--w- c:\windows\ie8
2009-08-26 07:02 . 2008-05-07 06:09 125200 -c--a-w- c:\windows\system32\drivers\dne2000.sys
2009-08-26 07:02 . 2008-05-07 06:09 109840 -c--a-w- c:\windows\system32\dneinobj.dll
2009-08-26 07:02 . 2008-05-29 21:41 89584 -c--a-w- c:\windows\system32\drivers\vwredir.sys
2009-08-26 07:02 . 2009-08-26 07:02 -------- dc----w- c:\program files\Common Files\Deterministic Networks
2009-08-26 07:02 . 2009-08-26 07:03 -------- dc----w- c:\program files\Starcomms iBOOST
2009-08-26 07:00 . 2009-08-26 07:00 -------- dc----w- c:\documents and settings\seun\Application Data\InstallShield
2009-08-26 06:58 . 2009-08-26 07:07 -------- dc----w- c:\program files\Starcomms izap@Slim
2009-08-25 10:13 . 2009-08-25 14:43 -------- dc----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-08-24 13:29 . 2009-08-17 16:04 23152 -c--a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-24 13:29 . 2009-08-17 16:04 51376 -c--a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-24 13:29 . 2009-08-17 16:03 26944 -c--a-w- c:\windows\system32\drivers\aavmker4.sys
2009-08-24 13:28 . 2009-08-17 16:06 93392 -c--a-w- c:\windows\system32\drivers\aswmon.sys
2009-08-24 13:28 . 2009-08-17 16:06 94160 -c--a-w- c:\windows\system32\drivers\aswmon2.sys
2009-08-24 13:28 . 2009-08-17 16:05 114768 -c--a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-24 13:28 . 2009-08-17 16:05 20560 -c--a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-24 13:28 . 2009-08-17 16:02 97480 -c--a-w- c:\windows\system32\AvastSS.scr
2009-08-24 13:28 . 2009-08-17 16:10 1279456 -c--a-w- c:\windows\system32\aswBoot.exe
2009-08-24 10:44 . 2009-08-24 14:28 -------- dc----w- c:\program files\F-Secure
2009-08-17 12:14 . 2009-08-17 12:14 -------- dc----w- c:\documents and settings\seun\Application Data\WinCare2008
2009-08-17 10:00 . 2004-03-24 18:44 151552 -c--a-w- c:\windows\system32\HexValidEmail.dll
2009-08-17 10:00 . 2001-09-11 16:23 24576 -c--a-w- c:\windows\system32\snEUps.dll
2009-08-17 10:00 . 2001-07-18 09:42 122880 -c--a-w- c:\windows\system32\snEU.exe
2009-08-17 10:00 . 2004-03-24 18:44 102400 -c--a-w- c:\windows\system32\HexDns.dll
2009-08-17 09:58 . 2009-08-17 10:00 -------- dc----w- c:\program files\GroupMail 5
2009-08-14 16:21 . 2009-08-14 16:21 -------- dc----w- c:\program files\WinSCP
2009-08-14 14:05 . 2009-08-14 14:05 -------- dc----w- c:\documents and settings\seun\Local Settings\Application Data\Cranium
2009-08-14 10:07 . 2009-08-14 10:07 -------- dc-h--w- c:\windows\$mmUninstallV1$
2009-08-14 10:07 . 2009-08-14 10:07 -------- dc----w- c:\program files\Mad-Monkey

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-11 10:33 . 2008-08-26 14:12 -------- dc----w- c:\documents and settings\seun\Application Data\Skype
2009-09-11 10:17 . 2008-11-05 05:10 -------- dc----w- c:\documents and settings\seun\Application Data\skypePM
2009-09-11 08:51 . 2009-01-07 12:36 -------- dc----w- c:\program files\Red Kawa
2009-09-11 08:51 . 2008-10-31 05:59 2880 -csha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2009-09-11 08:46 . 2008-10-30 08:46 -------- dc----w- c:\documents and settings\seun\Application Data\DMCache
2009-09-10 14:32 . 2009-04-27 14:13 -------- dc----w- c:\program files\Monopoly Tycoon
2009-09-10 10:10 . 2008-10-11 15:31 -------- dc----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-09-10 08:57 . 2009-05-11 11:03 -------- dc----w- c:\program files\Ask.com
2009-09-09 10:11 . 2009-06-19 07:10 -------- dc----w- c:\program files\Zain Mobile Internet
2009-09-09 08:59 . 2008-10-17 08:08 -------- dc----w- c:\documents and settings\seun\Application Data\Canon
2009-09-09 08:39 . 2006-08-15 14:56 -------- dc-h--w- c:\program files\InstallShield Installation Information
2009-09-07 08:16 . 2008-08-27 04:39 -------- dc----w- c:\documents and settings\seun\Application Data\ICQ
2009-09-04 10:17 . 2009-08-04 15:35 -------- dc----w- c:\program files\Aimersoft
2009-09-04 10:14 . 2009-04-27 11:51 -------- dc----w- c:\program files\National Lampoon's University Tycoon
2009-09-01 17:35 . 2008-10-17 14:45 86704 -c--a-w- c:\documents and settings\seun\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-01 09:42 . 2009-02-19 09:57 -------- dc----w- c:\documents and settings\seun\Application Data\CheckPoint
2009-08-31 07:25 . 2009-02-19 09:55 272 -c--a-w- c:\windows\system32\lkfl.dat
2009-08-28 14:43 . 2008-08-28 00:08 -------- dc----w- c:\documents and settings\seun\Application Data\LimeWire
2009-08-27 17:06 . 2009-07-06 16:12 -------- dc----w- c:\program files\MassSender
2009-08-27 10:28 . 2008-12-04 16:42 -------- dc----w- c:\program files\mIRC
2009-08-26 07:39 . 2009-07-13 16:48 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-25 10:13 . 2008-08-27 05:34 -------- dc----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-08-25 10:13 . 2008-08-27 05:29 -------- dc----w- c:\program files\Yahoo!
2009-08-24 13:26 . 2009-04-24 15:09 -------- dc----w- c:\documents and settings\All Users\Application Data\F-Secure
2009-08-24 10:46 . 2009-04-24 15:02 -------- dc----w- c:\documents and settings\All Users\Application Data\fssg
2009-08-24 10:42 . 2008-09-15 07:32 -------- dc----w- c:\program files\Kaspersky Lab
2009-08-24 10:42 . 2008-09-15 07:32 -------- dc----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-08-24 10:42 . 2008-12-02 11:05 -------- dc----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-08-22 11:35 . 2009-06-28 08:55 -------- dc----w- c:\documents and settings\seun\Application Data\dvdcss
2009-08-17 16:06 . 2006-08-15 16:44 -------- dc----w- c:\program files\Java
2009-08-17 10:22 . 2009-07-23 17:55 -------- dc----w- c:\documents and settings\seun\Application Data\DiskAid
2009-08-17 10:00 . 2009-08-17 09:58 26441 -c--a-w- c:\documents and settings\seun\Application Data\unins000.dat
2009-08-17 09:58 . 2009-08-17 09:58 678682 -c--a-w- c:\documents and settings\seun\Application Data\unins000.exe
2009-08-17 09:56 . 2008-08-27 11:15 -------- dc--a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-16 17:58 . 2008-08-27 06:57 -------- dc----w- c:\documents and settings\seun\Application Data\Yahoo!
2009-08-14 12:43 . 2009-07-09 12:40 -------- dc----w- c:\documents and settings\seun\Application Data\FileZilla
2009-08-14 11:25 . 2009-06-24 14:58 -------- dc----w- c:\documents and settings\seun\Application Data\Thinstall
2009-08-14 05:17 . 2008-08-27 11:06 -------- dc----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-08-10 08:41 . 2009-08-10 08:41 -------- dc----w- c:\program files\iPhoneBrowser
2009-08-05 13:01 . 2009-06-22 14:24 -------- dc----w- c:\program files\Firebird
2009-08-04 13:45 . 2009-08-04 13:45 -------- dc----w- c:\program files\Xilisoft
2009-08-03 12:36 . 2009-07-13 16:48 38160 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 12:36 . 2009-07-13 16:48 19096 -c--a-w- c:\windows\system32\drivers\mbam.sys
2009-08-03 08:11 . 2009-08-03 08:10 -------- dc----w- c:\program files\UltraVPN
2009-07-30 13:20 . 2009-07-30 13:20 -------- dc----w- c:\documents and settings\LocalService\Application Data\Flock
2009-07-25 04:23 . 2008-12-04 14:32 411368 -c--a-w- c:\windows\system32\deploytk.dll
2009-07-24 20:37 . 2008-12-24 09:44 -------- dc----w- c:\documents and settings\seun\Application Data\Apple Computer
2009-07-23 15:29 . 2008-12-24 09:37 -------- dc----w- c:\documents and settings\All Users\Application Data\Apple
2009-07-23 15:14 . 2009-07-23 15:13 -------- dc----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-07-23 15:14 . 2008-12-24 09:42 -------- dc----w- c:\program files\iTunes
2009-07-23 15:14 . 2008-12-24 09:43 -------- dc----w- c:\program files\iPod
2009-07-23 15:08 . 2008-12-24 09:41 -------- dc----w- c:\program files\Bonjour
2009-07-23 12:47 . 2009-07-23 12:47 -------- dc----w- c:\program files\RealVNC
2009-07-21 12:43 . 2009-06-16 15:21 -------- dc----w- c:\program files\Open Contacts
2009-07-15 05:36 . 2008-08-27 04:44 -------- dc----w- c:\program files\ICQ6Toolbar
2009-07-14 16:36 . 2009-07-14 16:24 -------- dc----w- c:\program files\ICQ6.5
2009-07-14 16:30 . 2008-08-27 04:44 -------- dc----w- c:\documents and settings\All Users\Application Data\ICQ
2009-07-14 16:29 . 2008-08-27 04:39 -------- dc----w- c:\program files\ICQ6
2009-07-14 11:08 . 2009-02-16 08:29 104256 -c--a-w- c:\windows\HPFins09.dat
2009-07-13 16:48 . 2009-05-11 10:46 -------- dc----w- c:\documents and settings\seun\Application Data\Malwarebytes
2009-07-13 16:48 . 2009-05-11 10:43 -------- dc----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-09 11:16 . 2009-07-23 15:04 2060288 -c--a-w- c:\windows\system32\usbaaplrc.dll
2009-07-09 11:16 . 2008-12-24 09:38 39424 -c--a-w- c:\windows\system32\drivers\usbaapl.sys
2009-07-03 15:39 . 2009-05-05 15:45 664 -c--a-w- c:\windows\system32\d3d9caps.dat
2009-07-02 17:25 . 2009-07-02 17:25 3 -c--a-w- c:\windows\system32\krx280.dat
2009-06-16 13:07 . 2009-06-23 13:54 7779640 -c--a-w- c:\windows\system32\kentut.exe
2008-08-13 18:02 . 2008-08-13 18:02 35840 -c--a-w- c:\program files\mozilla firefox\components\FFComm.dll
2009-07-21 12:35 . 2009-06-16 13:26 122880 -c--a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-09-10_08.11.57 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-09-11 08:41 . 2009-09-11 08:41 16384 c:\windows\Temp\Perflib_Perfdata_adc.dat
+ 2009-09-11 08:40 . 2009-09-11 08:40 16384 c:\windows\Temp\Perflib_Perfdata_6f0.dat
- 2006-08-15 11:44 . 2009-09-09 09:31 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2006-08-15 11:44 . 2009-09-10 09:43 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2006-08-15 11:44 . 2009-09-10 09:43 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2006-08-15 11:44 . 2009-09-09 09:31 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-09-09 08:08 . 2009-09-10 09:43 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
- 2009-09-09 08:08 . 2009-09-09 09:31 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2008-08-27 07:51 . 2009-08-28 20:38 24689600 c:\windows\system32\MRT.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2008-10-08 173368]

[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-02-09 21:06 764296 -c--a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2008-10-08 18:22 1172792 -c--a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-02-09 764296]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-02-09 764296]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-01-31 2594224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DudeServer"="c:\program files\Dude\dude.exe" [2009-04-20 4032512]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-08-03 419088]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2008-04-14 53760]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\documents and settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2006-06-20 15:11 73728 ----a-w- c:\windows\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk]
backup=c:\windows\pss\Adobe Acrobat Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^seun^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
backup=c:\windows\pss\LimeWire On Startup.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^seun^Start Menu^Programs^Startup^OneNote Table Of Contents.onetoc2]
backup=c:\windows\pss\OneNote Table Of Contents.onetoc2Startup

[HKLM\~\startupfolder\C:^Documents and Settings^seun^Start Menu^Programs^Startup^Trillian.lnk]
backup=c:\windows\pss\Trillian.lnkStartup

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" /onboot
"Simp"=c:\program files\Secway\SimpPro 2.2\SimpPro.exe
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"ctfmon.exe"="c:\windows\system32\ctfmon.exe"
"Uniblue SpyEraser"="c:\program files\Uniblue\SpyEraser\SpyEraser.exe" -m
"Uniblue RegistryBooster 2"=c:\program files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" silent
"FileZilla Server Interface"="c:\program files\FileZilla Server\FileZilla Server Interface.exe"
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" /background
"Google Update"="c:\documents and settings\seun\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
"Uniblue SpeedUpMyPC"=c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s
"MobiLink Lite"="c:\program files\Novatel Wireless\MobiLink\Lite.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"wmagent.exe"="c:\program files\WebMoney Agent\wmagent.exe"
"ISUSPM Startup"=c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"DLA"=c:\windows\System32\DLA\DLACTRLW.EXE
"VMConsole.exe"=c:\program files\Sony\VAIO Media Integrated Server\Platform\VMConsole.exe /windowmin
"vaio update 4"="c:\program files\Sony\VAIO Update 4\VAIOUpdt.exe" /Stationary
"openvpn-gui"=c:\program files\UltraVPN\bin\openvpn-gui.exe
"Venturi Configurator"=c:\program files\Starcomms iBOOST\Configurator\ventcfg.exe -nomsgbox
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Secway\\SimpPro 2.2\\SimpPro.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\WebMoney\\WebMoney.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Sony\\Click to DVD 2\\CtoDvd.exe"=
"c:\\Program Files\\Dude\\dude.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\Starcomms iBOOST\\squid\\ventcsquid.exe"=
"c:\\Program Files\\Starcomms iBOOST\\squid\\ventcdnsserver.exe"=
"c:\\Program Files\\Starcomms iBOOST\\Configurator\\ventcfg.exe"=
"c:\\Program Files\\Starcomms iBOOST\\Configurator\\VClientUpdate.exe"=
"c:\\Program Files\\Starcomms iBOOST\\Client\\VentC.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service
"5000:TCP"= 5000:TCP:Active@ SMART Monitor

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [8/24/2009 7:28 AM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [8/24/2009 7:28 AM 20560]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_2_1\bin\fbguard.exe [6/22/2009 8:24 AM 81920]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [7/13/2009 10:48 AM 232720]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB [?]
R2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe -k netsvcs [8/14/2006 9:23 PM 14336]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [1/8/2009 10:13 AM 603904]
R2 VenturiClient;Venturi Client;c:\program files\Starcomms iBOOST\Client\VentC.exe [8/26/2009 1:02 AM 2495840]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_2_1\bin\fbserver.exe [6/22/2009 8:24 AM 2732032]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7/13/2009 10:48 AM 19096]
R3 tap0901;TAP-Win32 Adapter V9;c:\windows\system32\drivers\tap0901.sys [11/19/2008 12:22 PM 25216]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [8/14/2006 9:24 PM 226304]
R3 vwredir;Venturi Wireless Redirector;c:\windows\system32\drivers\vwredir.sys [8/26/2009 1:02 AM 89584]
S3 Arfumftr;Trust RF-Mouse filter driver;c:\windows\system32\drivers\Arfumftr.sys [12/17/2001 8:27 AM 10904]
S3 FLMCKUSB;AuthenTec TruePrint USB Driver (AES3400, AES3500, AES4000);c:\windows\system32\drivers\FLMckUSB.sys [8/18/2006 3:50 PM 69810]
S3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [9/24/2008 9:18 AM 33752]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [8/17/2009 2:45 AM 30192]
S3 icsak;icsak;\??\c:\program files\CheckPoint\ZAForceField\AK\icsak.sys --> c:\program files\CheckPoint\ZAForceField\AK\icsak.sys [?]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [10/28/2008 9:16 AM 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [10/28/2008 9:17 AM 8320]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [12/23/2008 9:35 AM 50704]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [10/12/2007 4:04 PM 99200]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB [?]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [1/25/2008 3:12 AM 25088]
S3 usb2vcom;Nokia CA-42 USB;c:\windows\system32\drivers\usb2vcom.sys [7/28/2009 3:18 AM 22760]
S3 V0330VID;WebCam Vista;c:\windows\system32\drivers\V0330Vid.sys [9/3/2008 4:56 PM 173632]
S3 vwinter;Venturi Wireless Intercepter;\??\c:\windows\system32\drivers\vwinter.sys --> c:\windows\system32\drivers\vwinter.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2009-09-11 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-12 03:36]

2009-08-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

2009-09-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1226449082-3882521577-2508560971-1006Core.job
- c:\documents and settings\seun\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-10 05:11]

2009-09-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1226449082-3882521577-2508560971-1006UA.job
- c:\documents and settings\seun\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-10 05:11]

2009-09-10 c:\windows\Tasks\Malwarebytes' Scheduled Update for seun.job
- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-07-13 12:36]

2009-06-23 c:\windows\Tasks\Uniblue SpyEraser.job
- c:\program files\Uniblue\SpyEraser\SpyEraser.exe [2009-05-07 08:03]

2009-09-11 c:\windows\Tasks\User_Feed_Synchronization-{BE6986DE-BEBC-4A6D-ADB8-CC07CE8A713E}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 10:31]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
uInternet Settings,ProxyServer = 10.55.63.3:8080
uInternet Settings,ProxyOverride = <local>
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: Add RSS Support Site to VAIO Information FLOW - c:\program files\Sony\VAIO Information FLOW\aiesc.html
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
LSP: c:\windows\system32\idmmbc.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
FF - ProfilePath - c:\documents and settings\seun\Application Data\Mozilla\Firefox\Profiles\1v2gpcua.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
FF - prefs.js: keyword.URL - hxxp://search.freecause.com/search?fr=freecause&ourmark=3&type=58757&ei=utf-8&yahoo_domain=search.yahoo.com&p=
FF - prefs.js: network.proxy.ftp - 10.55.63.3
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.gopher - 10.55.63.3
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - 10.55.63.3
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - 10.55.63.3
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\seun\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
FF - component: c:\documents and settings\seun\Application Data\Mozilla\Firefox\Profiles\1v2gpcua.default\extensions\{18b8f08d-62fe-4dfc-ad6c-9ce46515d5ec}\components\Engine.dll
FF - component: c:\program files\Mozilla Firefox\components\FFComm.dll
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\documents and settings\seun\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Picasa2\npPicasa2.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
user_pref(network.proxy.http_port,);
FF - user.js: network.proxy.no_proxies_on -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-11 04:49
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1226449082-3882521577-2508560971-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{FFC293A9-C477-1ACB-4F79-BD48E87E62E9}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"hacehmkadokahmkh"=hex:6e,62,68,66,64,61,61,68,70,70,6b,6a,61,62,6c,6a,6f,6b,
6e,6a,70,6f,70,69,69,6b,65,66,67,64,6a,6c,69,6d,65,66,69,67,6d,62,6e,63,66,\
"jacehmkadokahmkhoael"=hex:66,61,68,66,62,61,6e,6e,6d,70,6d,61,00,f0
"pakecjamndjmcemhopkjookkbmkkmbig"=hex:65,61,68,66,6b,70,70,6d,70,63,00,61

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5929d6b6-45d5-42c8-95c0-a7ae72465b1e}]
@Denied: (Full) (Everyone)
"Model"=dword:00000143
"Therad"=dword:00000017

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):e1,76,ee,1e,4e,32,70,06,1b,a6,b6,15,5d,b1,85,2b,17,af,c5,f0,cb,
24,86,76,98,46,0f,53,75,4b,34,1a,7a,a9,59,95,e9,70,fd,df,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):56,4c,16,0b,21,52,6e,09,b9,7b,0a,31,41,d9,db,70,99,6d,47,d3,ec,
14,f1,ce,ad,51,e5,b8,a2,33,1e,c5,1f,e6,30,83,a7,39,d9,25,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{e9982ac9-cdd3-4c19-8cd4-713292c624fc}]
@Denied: (Full) (Everyone)
"Model"=dword:00000029
"Therad"=dword:0000000f
"MData"=hex(0):cb,9b,ad,ef,27,7d,29,69,f5,02,f0,76,aa,4a,f1,7c,d3,d9,67,7f,6a,
4b,7b,ad,04,7a,b1,b5,76,9b,27,47,3e,bf,0a,94,23,cd,37,51,a3,07,27,6f,ef,00,\

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODI03.00.00.01PRO"="86C94042E90C235551F59FFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9
E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC7933C038D
5
30D6EB3452A2D97226D213B555730698929E222245DD19012464CF54B827FDFB057B530258633D1C
E
12B01274300A146C5A3C28B7A5703C1633771C7EC8DA99E626135890FC236E9C61F01B5079525B05
F
9B94CEE4EF5B56CA219AB971A9C4B907E845C383F90525982F0D80EEB4B09A391C7278FC5D215F9B
7
F5623F5875167BC55DF35BE07CA88CA9F743CFE70A6F98F113B09DE6719AFFA81B673D144937B323
A
E7DAEE7EEE00320C8A905DF12F7901B8D3774B6D4CCEF22BCE8AFE1215F6FA80C22469869BAD8DE0
A
41958F534F79425A2ABA85F0578F05339C09AB7A1948BE559F1245CBD667AE01DE65D4C660731BE1
4
02FEC2541C4528905F67104C40BE79191D39CC08B57C21547D8259B66FA33F97CC7A310FDD26A677
2
3C988E99954A1F4EFE63BF057FA0B2CD3FD94DEA81CB421CF6D57CD93AD2412BFCDA29277EC96E12
A
9221B2BDC1DD8AD72D0CD8E32F0427C44B76EA4B5748085AA075A46090E459FD4108CA0E002A5B67
8
F5E6302D4E127582EE586C2078D878D13AB4111A8EDD9129F907C21C8D50D594840029AE95A20ACD
1
8B866D80463F679C834C7B03E463827A6C4C85141B11F220797B76304B9555186712F3EC9365E855
4
F6FC253547DDDC5E2067CBD865EF102685C16C8E70FDC85891531D9EEB188FC74183FAF18B1A797D
0
B77B047CF006FEFA712CBEB797BD4496C0B4B9A3E131F36EF7FD92E10CD52D25322C0A30C6534A37
5
09CFD1440EB9EC9084161D13540414A0340D9B59ED462E10CEB59ACE1EFBB344E84D5AC1B4B876EA
3
CF0AEB71080E2B73F948EB00823B1F204CDA4FC9EB4F9D87B2FB84413493E6908BD03CDF4EA846C5
D
304B1C9B1DF888C92DFCA88C225B55BA608F04E747AA88DD3B7DB4BCC83E7BBA99789192B9ADCB23
9
1BA22DEB024F6C99F61FE0CD9BBB1E3B25BB06B1336C5A8C71C48FA8586EB9ECA2B34ACDCB542276
2
98B9CF2753F8C8B601FE29FF1C6E940E38FD3D82F278B0F742976C410BE27D8E10AA98E2EE2643D1
7
1F3CAB1F7D773FA6E40EDF540055B5ED064C217DA0EA954BC1B4BD0D6CF403DC26ED60BB2BD534D1
1
56C542109892AD31F6A26691CA1B2702D6C1281B553BD2474D83C6C7D997FE546214018E5DEE94C2
0
F28C4AECC06BC21A030F1BABD686C79EE1B0FCB59AB7C27061A3594CCF2663840E803DDB83AC952D
B
22E8ECE1CA8068B71A35A2CF7A3B161E6F12D0A1A45882165A0814B6A1A225BB55CB43504230077F
2
EE95C912BFDAB76F117D7CBF600F9827047B2FB7898570CB7B0B0931A9B8F05AE1E68D0DBD4EEA3C
D
DDA1706452EE5862F328FF286BD0B"
"OODEFRAG11.00.00.01WORKSTATION"="FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BE
CC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B9808C038D530D6EB3452A2D97226D21
3
B5558A34E6B5F7C1297AABBB2AAB81F2887715D20CAA4B1319335287D6F4B047C7D5AFB43E2641A9
7
2BC24C6960070B1B2A84A44297A5DE9AF3C70B810AB237D09C3ADDA2479368C49570C15FC1D60D57
2
42CA517FFDBBAF8C431E1D7CCB48CFD0959197DDFC0FE461D26D2E638F51FE8C97B737779A4FC525
0
9B54A08B71684E61A0FF27633677FF02972301614281EC8735447BC6EE4E471C4B465DD09E039139
3
FC08BB50BE7E32CD6B49A31EADFC71108A673FC72E19EE21BC27700D635FA439D68740BF77586421
C
CBE5FD28CB35721E78E332BC0429D3B94DEF3C13C3B6C373C335A1C5A5549FDAE69610ED7B1CDCB1
D
CB914F16138226A5EEE1DE6D64BF2BEDE223B91194282F4B35035E01BAACA77DC0161F0B152666FD
4
E774A5D49F8A8D4817A1CAC864B748322640562E44FC184A1403B612215765005B5A2D6AA74B7798
F
80FE1FF282825CC369F9381A951B4DB8D3F6BEEAE044703361B6089C95D10E1E1DCDC1719E817B44
3
7E6A11A63A898E15A592CF29CB25A8C858B8488C066E257F8AA4E71778CADDD3BAAA4F81F554C902
0
1F1713E117AA54ECDAC02A60D9EFF303EBE4B368B4E4622358291A35FC71C7B3B55275CC3B24E4A9
1
097936280CE446E9A094F4E7DB23462B47BBB96EEB322EA42901B7E5E2B2F914BC8A837A840ABAF7
3
21AC8D5ECECE30BC4BEA35F2E4CB5D1DED579CB04C333C62F422D50EA6A08168790A0BC4963B881C
2
E8A8840F908E6CE6552CD5A338988DC248D36660830E120C1F83310891B29B79B518D050BA9A6995
A
08BE73B2D916F63FCAD757907793F20C5FF3934B231526704A44E0D59B82EF9146238BC062CBA216
8
EBAFC8EAB1C6FD0F73F98A39B1630ECD42EEABA5BA2F9B2B2ABA375F7D1835AE366E37492C5556B4
F
0CD87DDEB355B6A2D4A9BE79F1924E4614B291009471A2A4621259099F9B1C47D508EB6040C7D3BA
C
29C0B1BA149D3C817A176F2C67AE883BD7DF7FB7A6C04959AC69F22CCEE32F788B26D79256219DDF
5
CE28E0DB5E0C838A1031706C242D45DC2FF1BC3164A289B8D1D46235D357F7758CD16B8E11CD7F5D
2
A05FD50D300B2244C5EDC8876D8726CD3D7B6CC4B2CDDDE21C0C9DA3B5522501F1CCE4541CE11F91
E
84423329EB093D842D6C2EA6192C7DC5674403BAACED80B340232B66CAE46D992AC2D1B1DAF64D25
B
40C5CF903532329DCBB0B1F423790A5624EAA710D0892A5B444CD7A053DBEEB6DB29E0D3496A36D5
8
20BC2C68A6262393B5ACC390287D9E3245D0A32DAC3980FB12825A598CD7283A78A55CD63868CD0B
5
65E71B348C9D5CF544BFCFD6D6900"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1924)
c:\windows\system32\VESWinlogon.dll

- - - - - - - > 'lsass.exe'(2016)
c:\windows\system32\idmmbc.dll

- - - - - - - > 'explorer.exe'(4684)
c:\progra~1\WINDOW~3\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-09-11 4:53
ComboFix-quarantined-files.txt 2009-09-11 10:52
ComboFix2.txt 2009-09-10 14:24
ComboFix3.txt 2009-09-10 08:19

Pre-Run: 4,887,351,296 bytes free
Post-Run: 4,878,049,280 bytes free

455
________________________________________________________________________________
_______________________________________
the f- secure online scanner wont run, here was the error:
Go to the top of the page
 
+Quote Post
screen317
post Sep 12 2009, 08:10 AM
Post #12


Forum Deity
******

Group: Moderators
Posts: 5,546
Joined: 25-November 07
From: Los Angeles
Member No.: 1,886
Hi,

QUOTE (screen317)
QUOTE (vasilli)
Hi , thanks for the assistance, i have no other AV's running, just avast and malawarebytes.

What about firewalls?



Try this online scanner instead:

Please use the Internet Explorer browser, and do an online scan with Kaspersky Online Scanner

Note: If you have used this particular scanner before, you MAY HAVE TO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component

Click Accept, when prompted to download and install the program files and database of malware definitions.
  • Click Run at the Security prompt.
  • The program will then begin downloading and installing and will also update the database.
  • Please be patient as this can take several minutes.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.
  • Click the Save Report As... button.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.
**Note**

To optimize scanning time and produce a more sensible report for review:
  • Close any open programs.
  • Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

-screen317


--------------------
Chris Fistonich
Consumer Support Engineer



Follow us: Twitter, Become a fan: Facebook
Go to the top of the page
 
+Quote Post
screen317
post Oct 4 2009, 05:33 AM
Post #13


Forum Deity
******

Group: Moderators
Posts: 5,546
Joined: 25-November 07
From: Los Angeles
Member No.: 1,886
Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!


--------------------
Chris Fistonich
Consumer Support Engineer



Follow us: Twitter, Become a fan: Facebook
Go to the top of the page
 
+Quote Post
« Next Oldest · Malware Removal - HijackThis Logs · Next Newest »
 

Closed TopicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

 

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Lo-Fi Version Time is now: 2nd September 2010 - 02:21 PM ()
Powered By IP.Board © 2010  IPS, Inc.
Licensed to: Malwarebytes