S&D found this win32.tdss.ntf cannot be cleaned

**tapgambit** · 2009-09-05, 23:44

Hi everyone need help here here is the log from hjt

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:39:33 PM, on 9/5/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/VaioInfo.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase1140.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1194170079734
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://crucial.com/controls/cpcScanner.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - https://my.levelupgames.ph/keycrypt/npkcx.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4C8D4B4B-5705-4F8A-BC80-14E47E160D38}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: karna.dat??›T?
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c986944c28bbe0) (gupdate1c986944c28bbe0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: npkcsvc - Unknown owner - C:\WINDOWS\system32\npkcsvc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SonicStageMonitoring - Sony Corporation - C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

--
End of file - 13059 bytes

any help is greatly appreciated

**Shaba** · 2009-09-07, 17:43

Hi tapgambit

Download gmer.zip and save to your desktop.
alternate download site

Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.
When you have done this, disconnect from the Internet and close all running programs.
There is a small chance this application may crash your computer so save any work you have open.
Double-click on Gmer.exe to start the program.
Allow the gmer.sys driver to load if asked.
If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
Click on the Rootkit tab.
Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
Click on the "Scan" and wait for the scan to finish.
Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
Note: If you have any problems, try running GMER in SAFE MODE"

Important! Please do not select the "Show all" checkbox during the scan..

**tapgambit** · 2009-09-08, 08:09

thank for the response below is the logs

GMER 1.0.15.15077 [gmer.exe] - http://www.gmer.net
Rootkit scan 2009-09-07 23:06:25
Windows 5.1.2600 Service Pack 3

---- System - GMER 1.0.15 ----

SSDT 860DBA60 ZwOpenProcess
SSDT 860DBE80 ZwOpenThread
SSDT 860DC460 ZwSuspendProcess
SSDT 860DC280 ZwSuspendThread
SSDT 860DBC90 ZwTerminateProcess
SSDT 860DC0B0 ZwTerminateThread

Code 86B923A0 ZwEnumerateKey
Code 86CF7828 ZwFlushInstructionCache
Code 86EAA0EE IofCallDriver
Code 86182ED6 IofCompleteRequest

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!IofCallDriver 804EF1A6 5 Bytes JMP 86EAA0F3
.text ntkrnlpa.exe!IofCompleteRequest 804EF236 5 Bytes JMP 86182EDB
PAGE ntkrnlpa.exe!ZwFlushInstructionCache 805B6812 5 Bytes JMP 86CF782C
PAGE ntkrnlpa.exe!ZwEnumerateKey 80623FF0 5 Bytes JMP 86B923A4

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\eHome\ehSched.exe[132] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 005E000A
.text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[176] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 00]
.text C:\Program Files\Common Files\Motive\McciCMService.exe[576] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0081000A
.text C:\WINDOWS\system32\svchost.exe[808] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0067000A
.text C:\WINDOWS\System32\svchost.exe[956] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0067000A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[988] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0078000A
.text C:\WINDOWS\system32\winlogon.exe[1140] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0067000A
.text ...

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [AA882B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [AA882930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [AA883260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [AA880E90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [AA880E90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [AA882B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [AA882930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [AA883260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [AA882B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [AA880E90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [AA883260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [AA882930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [AA883260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [AA882930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [AA882B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [AA880E90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [AA882B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [AA882930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [AA883260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisCloseAdapter] [AA883260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisOpenAdapter] [AA882930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisDeregisterProtocol] [AA880E90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisRegisterProtocol] [AA882B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [AA882B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [AA880E90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [AA883260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [AA882930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[580] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateThread] [61A5C7E0] C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Check Point Software Technologies LTD)
IAT C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[580] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateThread] [61A5C7E0] C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Check Point Software Technologies LTD)
IAT C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[580] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [61A54AD0] C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Check Point Software Technologies LTD)
IAT C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[580] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [61A54B20] C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Check Point Software Technologies LTD)
IAT C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[580] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetModuleHandleA] [61A54AE0] C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Check Point Software Technologies LTD)
IAT C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[580] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [61A52910] C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Check Point Software Technologies LTD)
IAT C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[580] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] [61A5C7E0] C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Check Point Software Technologies LTD)
IAT C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[580] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CreateThread] [7C8841F8] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[580] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetModuleHandleA] [7C8841EE] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[580] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetModuleHandleW] [7C8841F3] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[580] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [7C8841E9] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[580] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!CreateThread] [7C8841F8] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[580] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [7C8841E9] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[580] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [7C8841E9] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\ZoneLabs\vsmon.exe[2000] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateThread] [61A5C7E0] C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Check Point Software Technologies LTD)
IAT C:\WINDOWS\system32\ZoneLabs\vsmon.exe[2000] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateThread] [61A5C7E0] C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Check Point Software Technologies LTD)
IAT C:\WINDOWS\system32\ZoneLabs\vsmon.exe[2000] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [61A52910] C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Check Point Software Technologies LTD)
IAT C:\WINDOWS\system32\ZoneLabs\vsmon.exe[2000] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [61A54AD0] C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Check Point Software Technologies LTD)
IAT C:\WINDOWS\system32\ZoneLabs\vsmon.exe[2000] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [61A54B20] C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Check Point Software Technologies LTD)
IAT C:\WINDOWS\system32\ZoneLabs\vsmon.exe[2000] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetModuleHandleA] [61A54AE0] C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Check Point Software Technologies LTD)
IAT C:\WINDOWS\system32\ZoneLabs\vsmon.exe[2000] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] [61A5C7E0] C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Check Point Software Technologies LTD)
IAT C:\WINDOWS\system32\ZoneLabs\vsmon.exe[2000] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CreateThread] [7C8841F8] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\ZoneLabs\vsmon.exe[2000] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetModuleHandleA] [7C8841EE] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\ZoneLabs\vsmon.exe[2000] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetModuleHandleW] [7C8841F3] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\ZoneLabs\vsmon.exe[2000] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [7C8841E9] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\ZoneLabs\vsmon.exe[2000] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!CreateThread] [7C8841F8] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\ZoneLabs\vsmon.exe[2000] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [7C8841E9] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\ZoneLabs\vsmon.exe[2000] @ C:\WINDOWS\system32\SAMLIB.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [7C8841E9] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)

Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\Ip epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)

Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)

Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\Udp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)

Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\RawIp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)

Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

---- Threads - GMER 1.0.15 ----

Thread System [4:548] 860DA790

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETapakomui
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETapakomui@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETapakomui@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETapakomui@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETapakomui@imagepath \systemroot\system32\drivers\SKYNETquwkkymi.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETapakomui\main
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETapakomui\main@aid 10096
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETapakomui\main@sid 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETapakomui\main@cmddelay 14400
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETapakomui\main\delete
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETapakomui\main\injector
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETapakomui\main\injector@* SKYNETwsp.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETapakomui\main\tasks
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETapakomui\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETapakomui\modules@SKYNETrk.sys \systemroot\system32\drivers\SKYNETquwkkymi.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETapakomui\modules@SKYNETcmd.dll \systemroot\system32\SKYNETxpdovmtb.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETapakomui\modules@SKYNETlog.dat \systemroot\system32\SKYNETbgrxnsvj.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETapakomui\modules@SKYNETwsp.dll \systemroot\system32\SKYNETnpcevswu.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETapakomui\modules@SKYNET.dat \systemroot\system32\SKYNETdltofwjl.dat
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETapakomui (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETapakomui@start 1
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETapakomui@type 1
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETapakomui@group file system
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETapakomui@imagepath \systemroot\system32\drivers\SKYNETquwkkymi.sys
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETapakomui\main (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETapakomui\main@aid 10096
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETapakomui\main@sid 0
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETapakomui\main@cmddelay 14400
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETapakomui\main\delete (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETapakomui\main\injector (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETapakomui\main\injector@* SKYNETwsp.dll
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETapakomui\main\tasks (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETapakomui\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETapakomui\modules@SKYNETrk.sys \systemroot\system32\drivers\SKYNETquwkkymi.sys
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETapakomui\modules@SKYNETcmd.dll \systemroot\system32\SKYNETxpdovmtb.dll
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETapakomui\modules@SKYNETlog.dat \systemroot\system32\SKYNETbgrxnsvj.dat
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETapakomui\modules@SKYNETwsp.dll \systemroot\system32\SKYNETnpcevswu.dll
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETapakomui\modules@SKYNET.dat \systemroot\system32\SKYNETdltofwjl.dat

---- EOF - GMER 1.0.15 ----

**Shaba** · 2009-09-08, 16:29

We will continue with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

http://www.bleepingcomputer.com/comb...o-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
If you need help to disable your protection programs see here.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log.

**tapgambit** · 2009-09-09, 05:27

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:24:43 PM, on 9/8/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/VaioInfo.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase1140.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1194170079734
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://crucial.com/controls/cpcScanner.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - https://my.levelupgames.ph/keycrypt/npkcx.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4C8D4B4B-5705-4F8A-BC80-14E47E160D38}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c986944c28bbe0) (gupdate1c986944c28bbe0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: npkcsvc - Unknown owner - C:\WINDOWS\system32\npkcsvc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SonicStageMonitoring - Sony Corporation - C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

--
End of file - 12375 bytes

ComboFix 09-09-08.05 - Ely love Glo 09/08/2009 19:52.1.2 - NTFSx86
Running from: c:\documents and settings\Ely lov\Desktop\ComboFix.exe
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Ely lov\My Documents\ZbThumbnail.info
c:\documents and settings\Ely lov\nah_log.dat
c:\recycler\S-1-5-21-1409082233-1604221776-725345543-500
c:\recycler\S-1-5-21-3042144386-38634818-1214478158-500
c:\recycler\S-1-5-21-481110767-1992948612-544039527-500
c:\recycler\S-1-5-21-511144305-880782294-3526584436-500
c:\windows\Installer\WinRMSrv.msi
c:\windows\notepad.tmp2
c:\windows\setup.exe
c:\windows\system32\Drivers\myplaxf.sys
c:\windows\system32\drivers\SKYNETquwkkymi.sys
c:\windows\system32\images
c:\windows\system32\images\i1.gif
c:\windows\system32\images\i2.gif
c:\windows\system32\images\i3.gif
c:\windows\system32\images\j1.gif
c:\windows\system32\images\j2.gif
c:\windows\system32\images\j3.gif
c:\windows\system32\images\jj1.gif
c:\windows\system32\images\jj2.gif
c:\windows\system32\images\jj3.gif
c:\windows\system32\images\l1.gif
c:\windows\system32\images\l2.gif
c:\windows\system32\images\l3.gif
c:\windows\system32\images\pix.gif
c:\windows\system32\images\t1.gif
c:\windows\system32\images\t2.gif
c:\windows\system32\images\up1.gif
c:\windows\system32\images\up2.gif
c:\windows\system32\images\w1.gif
c:\windows\system32\images\w11.gif
c:\windows\system32\images\w2.gif
c:\windows\system32\images\w3.gif
c:\windows\system32\images\w3.jpg
c:\windows\system32\images\wt1.gif
c:\windows\system32\images\wt2.gif
c:\windows\system32\images\wt3.gif
c:\windows\system32\notepad.tmp2
c:\windows\system32\SKYNETbgrxnsvj.dat
c:\windows\system32\SKYNETdltofwjl.dat
c:\windows\system32\SKYNETnpcevswu.dll
c:\windows\system32\SKYNETxpdovmtb.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SKYNETapakomui
-------\Legacy_SKYNETapakomui

((((((((((((((((((((((((( Files Created from 2009-08-09 to 2009-09-09 )))))))))))))))))))))))))))))))
.

2009-09-09 02:52 . 2009-09-09 02:52 -------- d-----w- c:\documents and settings\Ely lov\Local Settings\Application Data\ESET
2009-09-06 15:42 . 2009-09-06 15:42 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-09-05 22:46 . 2009-08-27 14:50 545 ----a-w- c:\windows\UC.PIF
2009-09-05 22:46 . 2009-08-27 14:50 545 ----a-w- c:\windows\RAR.PIF
2009-09-05 22:46 . 2009-08-27 14:50 545 ----a-w- c:\windows\PKZIP.PIF
2009-09-05 22:46 . 2009-08-27 14:50 545 ----a-w- c:\windows\PKUNZIP.PIF
2009-09-05 22:46 . 2009-08-27 14:50 545 ----a-w- c:\windows\NOCLOSE.PIF
2009-09-05 22:46 . 2009-08-27 14:50 545 ----a-w- c:\windows\LHA.PIF
2009-09-05 22:46 . 2009-08-27 14:50 545 ----a-w- c:\windows\ARJ.PIF
2009-09-05 22:46 . 2009-09-06 05:22 -------- d-----w- C:\totalcmd
2009-09-05 22:46 . 2009-09-05 22:46 -------- d-----w- c:\documents and settings\Ely lov\Application Data\GHISLER
2009-09-05 21:34 . 2009-09-05 21:35 -------- d-----w- c:\program files\ERUNT
2009-09-05 16:32 . 2009-09-05 16:32 -------- d-----w- c:\documents and settings\Ely lov\Application Data\ESET
2009-09-05 16:30 . 2009-09-05 16:30 -------- d-----w- c:\program files\ESET
2009-09-05 16:30 . 2009-09-05 16:30 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2009-09-02 03:48 . 2009-09-02 03:48 -------- d-sh--w- c:\documents and settings\Guest\IETldCache
2009-08-30 17:59 . 2009-08-30 18:02 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-29 18:16 . 2007-11-17 05:07 102664 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-08-26 02:49 . 2009-08-03 20:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-26 02:49 . 2009-08-03 20:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-26 02:49 . 2009-08-26 02:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-25 04:05 . 2009-02-16 07:10 1221512 ----a-w- c:\windows\system32\zpeng25.dll
2009-08-18 10:01 . 2009-09-06 15:18 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-08-17 05:41 . 2009-08-17 05:41 -------- d-----w- c:\program files\Safer Networking
2009-08-17 04:44 . 2009-09-02 04:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-15 16:57 . 2009-08-15 16:57 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-08-15 07:29 . 2009-08-15 07:29 -------- d-----w- c:\windows\system32\XPSViewer
2009-08-15 07:29 . 2009-08-15 07:29 -------- d-----w- c:\program files\MSBuild
2009-08-15 07:29 . 2009-08-15 07:29 -------- d-----w- c:\program files\Reference Assemblies
2009-08-15 07:28 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-15 07:28 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-08-15 07:28 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-15 07:28 . 2009-08-15 07:28 -------- d-----w- C:\496f6f11270db85f9e9c
2009-08-15 07:28 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-15 07:28 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-08-15 07:28 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-08-15 07:28 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-08-15 04:44 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-05 08:13 . 2007-12-23 08:25 -------- d-----w- c:\documents and settings\Ely lov\Application Data\Skype
2009-09-05 07:01 . 2007-12-23 08:28 -------- d-----w- c:\documents and settings\Ely lov\Application Data\skypePM
2009-09-02 06:36 . 2008-03-22 23:36 47004 ---ha-w- c:\windows\system32\mlfcache.dat
2009-08-31 07:16 . 2006-03-16 03:45 -------- d-----w- c:\program files\Java
2009-08-30 23:09 . 2007-12-23 08:25 -------- d-----r- c:\program files\Skype
2009-08-30 23:08 . 2009-03-01 05:45 -------- d-----w- c:\program files\Unison Desktop
2009-08-22 13:58 . 2009-07-11 21:57 -------- d-----w- c:\program files\Windows Live Safety Center
2009-08-16 07:42 . 2006-03-16 20:29 56736 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-09 21:08 . 2009-08-09 20:26 -------- d-----w- c:\program files\Garena
2009-08-09 20:00 . 2007-04-14 02:51 -------- d-----w- c:\program files\Creative
2009-08-09 20:00 . 2006-03-16 01:48 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-05 09:01 . 2006-03-15 23:55 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-01 07:29 . 2008-01-14 00:00 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-31 03:54 . 2008-07-01 05:09 -------- d-----w- c:\documents and settings\Ely lov\Application Data\mjusbsp
2009-07-25 23:53 . 2009-07-25 23:52 -------- d-----w- c:\program files\UltraISO
2009-07-25 23:52 . 2009-07-25 23:52 -------- d-----w- c:\program files\Common Files\EZB Systems
2009-07-25 12:23 . 2008-12-16 07:19 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-25 08:12 . 2009-07-25 08:12 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_netaapl_01005.Wdf
2009-07-17 19:01 . 2006-03-15 23:55 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 06:43 . 2006-03-15 23:56 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-13 02:10 . 2009-07-13 02:10 -------- d-----w- c:\program files\Intel Corporation
2009-07-04 07:59 . 2009-07-04 07:59 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-07-03 17:09 . 2006-03-15 23:56 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-25 08:25 . 2006-03-15 23:56 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2006-03-15 23:56 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2006-03-15 23:56 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2006-03-15 23:55 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-25 08:25 . 2006-03-15 23:55 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2006-03-15 23:55 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-24 11:18 . 2006-03-15 23:55 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-16 14:36 . 2006-03-15 23:56 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2006-03-15 23:55 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-12 12:31 . 2006-03-15 23:56 80896 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-12 12:31 . 2006-03-15 23:56 76288 ----a-w- c:\windows\system32\telnet.exe
2008-06-19 09:16 . 2008-06-19 09:16 118784 ----a-w- c:\program files\mozilla firefox\plugins\MyCamera.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-16 981384]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-05-14 2029640]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2008-03-27 1232896]

c:\documents and settings\Ely lov\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2005-05-21 01:42 73728 ----a-w- c:\windows\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Extender Resource Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Extender Resource Monitor.lnk
backup=c:\windows\pss\Extender Resource Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk
backup=c:\windows\pss\Service Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Ely lov^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\Ely lov\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\xampp\\apache\\bin\\apache.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\xampp\\mysql\\bin\\mysqld.exe"=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\Ely lov\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Program Files\\Garena\\Garena.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3776:UDP"= 3776:UDP:Media Center Extender Service
"3390:TCP"= 3390:TCP:Remote Media Center Experience
"6112:TCP"= 6112:TCP:Blizzard Downloader
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2/8/2009 3:48 AM 64160]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [5/14/2009 3:47 PM 107256]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [5/14/2009 3:47 PM 731840]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [3/6/2009 2:22 AM 55152]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [1/18/2009 2:34 PM 1029456]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB [?]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/6/2008 2:58 AM 24652]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [3/15/2006 4:57 PM 226304]
S2 gupdate1c986944c28bbe0;Google Update Service (gupdate1c986944c28bbe0);c:\program files\Google\Update\GoogleUpdate.exe [2/3/2009 11:46 PM 133104]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2/6/2009 7:08 PM 533360]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\ELYLOV~1\LOCALS~1\Temp\WZX26.tmp --> c:\docume~1\ELYLOV~1\LOCALS~1\Temp\WZX26.tmp [?]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [6/23/2009 7:51 PM 17408]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 P0630VID;Creative WebCam Live!;c:\windows\system32\drivers\P0630Vid.sys [4/13/2007 7:52 PM 91797]
S3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [3/15/2006 4:57 PM 29184]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE REG_MULTI_SZ QWAVE

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-08-23 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 03:08]

2009-08-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2009-09-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-04 06:46]

2009-09-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-04 06:46]

2009-09-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3823333615-61648065-2726266617-1005Core.job
- c:\documents and settings\Ely lov\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-06 19:21]

2009-09-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3823333615-61648065-2726266617-1005UA.job
- c:\documents and settings\Ely lov\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-06 19:21]

2009-09-09 c:\windows\Tasks\User_Feed_Synchronization-{A1E09E74-3AB2-4802-8548-29ADD3108A93}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 11:31]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://www.google.com.ph/intl/en/
uInternet Connection Wizard,ShellNext = hxxp://www.sony.com/vaiopeople
uInternet Settings,ProxyOverride = <local>;*.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: {4C8D4B4B-5705-4F8A-BC80-14E47E160D38} = 208.67.222.222,208.67.220.220
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
FF - ProfilePath - c:\documents and settings\Ely lov\Application Data\Mozilla\Firefox\Profiles\le3uztzb.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101672&gct=&gc=1&q=
FF - plugin: c:\documents and settings\Ely lov\Application Data\Mozilla\Firefox\Profiles\le3uztzb.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\documents and settings\Ely lov\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa2.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPCIG.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-08 20:14
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\ELYLOV~1\LOCALS~1\Temp\WZX26.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1144)
c:\windows\system32\VESWinlogon.dll
.
Completion time: 2009-09-09 20:20
ComboFix-quarantined-files.txt 2009-09-09 03:18

Pre-Run: 11,968,962,560 bytes free
Post-Run: 12,137,910,272 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
[spybotsd]
timeout.old=30

301 --- E O F --- 2009-08-26 05:38

**Shaba** · 2009-09-09, 06:16

To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.

You will now be presented with a screen similar to the one below:

5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply.

**tapgambit** · 2009-09-09, 06:27

Ad-Aware
Ad-Aware
Adobe AIR
Adobe AIR
Adobe Anchor Service CS3
Adobe Anchor Service CS4
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge CS4
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS3
Adobe Device Central CS4
Adobe Dreamweaver CS3
Adobe Dreamweaver CS3
Adobe Drive CS4
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS3
Adobe Extension Manager CS4
Adobe Flash CS3
Adobe Flash CS3 Professional
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Flash Video Encoder
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe Linguistics CS4
Adobe Media Player
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Reader 7.0.9
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Setup
Adobe Setup
Adobe Setup
Adobe Setup
Adobe Stock Photos CS3
Adobe Stock Photos CS3
Adobe Type Support CS4
Adobe Update Manager CS3
Adobe Update Manager CS4
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoStudio 5.5
ATT-PRT22
Auto Gordian Knot 2.55
AviSynth 2.5
Bonjour
Canon Camera Access Library
Canon Camera Support Core Library
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon Internet Library for ZoomBrowser EX
Canon MovieEdit Task for ZoomBrowser EX
Canon MP Navigator 2.0
Canon MP Navigator 3.0
Canon MP160
Canon MP160 User Registration
Canon MP500
Canon My Printer
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities Digital Photo Professional 3.5
Canon Utilities Easy-PhotoPrint
Canon Utilities EOS Utility
Canon Utilities MyCamera
Canon Utilities Original Data Security Tools
Canon Utilities PhotoStitch
Canon Utilities Picture Style Editor
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities WFT-E1/E2/E3 Utility
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
CCleaner (remove only)
Chikka Messenger V4
Choice Guard
Click to DVD 2.0.03 Menu Data
Click to DVD 2.5.20
Connect
Creative WebCam Center
Creative WebCam Live! User's Guide (English)
Critical Update for Windows Media Player 11 (KB959772)
Crux Calculator v5
Defraggler (remove only)
DivX Codec
DivX Converter
DivX Player
DivX Web Player
DSD Direct
DSD Playback Plug-in 1.0
DVD Decrypter (Remove Only)
DVgate Plus
DVR Manager (remove only)
Easy-WebPrint
EatCam Webcam Recorder 3.6 for Yahoo Messenger
ERUNT 1.1j
ESET Online Scanner
FlexCell Grid Control Trial Version
FLV Player 2.0 (build 25)
Fraps (remove only)
Free Natural Text to Speech Reader 2008
Garena
Google Earth
Google Update Helper
HDAUDIO SoftV92 Data Fax Modem with SmartCP
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 10 (KB910393)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Image Converter 2 Plus
ImageStation
Inkscape 0.46
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Drivers
Intel(R) Processor ID Utility
Intel(R) PROSet/Wireless Software
InterVideo WinDVD for VAIO
iPod for Windows 2006-03-23
Ipswitch WS_FTP Home
iTunes
iTunes Art Importer
Java(TM) 6 Update 15
JEOPARDY! (remove only)
Junk Mail filter update
K-Lite Mega Codec Pack 2.2.0
kuler
LAN Setting Utility
Landscape Design and Construction
Macromedia Extension Manager
Macromedia Flash 8 Video Encoder
Macromedia Flash Player 8
Malwarebytes' Anti-Malware
mCore
mDriver
Media Center Extender
Media Center Extender
Memory Stick Formatter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Digital Image Starter Edition 2006
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office Live Add-in 1.3
Microsoft Office Outlook Connector
Microsoft Office Professional Edition 2003
Microsoft Primary Interoperability Assemblies 2005
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Desktop Engine (VAIO_VEDB)
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.5
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual Studio 6.0 Enterprise Edition
Microsoft Web Publishing Wizard 1.53
Microsoft WorldWide Telescope
mMHouse
MobileMe Control Panel
Mozilla Firefox (3.5.2)
mPfMgr
mProSafe
MSVC80_x86
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Multimedia Transcoding Tool
mWlsSafe
mXML
Need For Speed II
Nero 7 Ultra Edition
Nero PhotoShow Express
Nero Recode CE
Netscape Browser (remove only)
Nokia Connectivity Cable Driver
Nokia PC Suite
Nokia PC Suite
nProtect KeyCrypt
NVIDIA Drivers
Office 2003 Trial Assistant
OpenMG Limited Patch 4.4-06-13-19-01
OpenMG Metadata Extractor for Windows Media Player
OpenMG Secure Module 4.4.00
OpenOffice.org 2.4
Paint.NET v3.36
PC Connectivity Solution
Pcsx2 0.9.2 Watermoose
PDF Settings CS4
Photoshop Camera Raw
Picasa 3
Quicken 2006
QuickTime
Roxio DigitalMedia Audio
Roxio DigitalMedia Copy
Roxio DigitalMedia Data
RunAlyzer
Safari
ScanSoft OmniPage SE 4.0
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Segoe UI
Setting Utility Series
SigmaTel Audio
Skype™ 4.1
Sonic Encoders
SonicStage 3.4
SonicStage Mastering Studio 2.2
SonicStage Mastering Studio Audio Filter
SonicStage Mastering Studio Audio Filter Custom Preset
SonicStage Mastering Studio Plugins
Sony Certificate PCH
Sony MP4 Shared Library
Sony Utilities DLL
Sony Video Shared Library
Spybot - Search & Destroy
Suite Shared Configuration CS4
Teratrax Database Manager 4.6
TextEdit 3.0
Total 3D Home, Landscape & Deck Premium Suite
TVUPlayer 2.4.0.1
Ultra MPEG-4 Converter 3.9.1120
UltraISO Premium V8.63
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB968220)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
VAIO Breeze Wallpaper
VAIO Camera Utility
VAIO Central
VAIO Entertainment Platform
VAIO Event Service
VAIO Hardware Diagnostics
VAIO Light Flo Wallpaper
VAIO Media 5.0
VAIO Media AC3 Decoder 1.0
VAIO Media Integrated Server 5.0
VAIO Media Redistribution 5.0
VAIO Media Registration Tool 5.0
VAIO Original Screen Saver
VAIO Original Screen Saver VAIO Cozy Screen SD Wide Contents
VAIO Power Management
VAIO Registration
VAIO Security Center
VAIO Support Central
VAIO Update 3
VAIO Wireless LAN Setup Utility
VAIOSurveySA
VC 9.0 Runtime
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VobSub v2.23 (Remove Only)
Wheel of Fortune (remove only)
Windows Driver Package - Nokia Modem (02/15/2007 3.1)
Windows Driver Package - Nokia Modem (02/15/2007 3.1)
Windows Driver Package - Nokia Modem (03/05/2008 3.7)
Windows Driver Package - Nokia Modem (03/13/2008 6.86.0.1)
Windows Driver Package - Nokia Modem (05/24/2007 6.84.0.1)
Windows Driver Package - Nokia Modem (08/03/2007 6.84.0.2)
Windows Driver Package - Nokia Modem (08/08/2007 3.3)
Windows Driver Package - Nokia Modem (10/12/2007 3.6)
Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 10 Hotfix [See KB886612 for more information]
Windows Media Player 11
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Media Center Edition 2005 KB905589
Windows XP Media Center Edition 2005 KB925766
Windows XP Service Pack 3
WinRAR archiver
WinSCP 4.1.8
Wireless Switch Setting Utility
XAMPP 1.6.4
Xfire (remove only)
XviD MPEG4 Video Codec (remove only)
XviD Video Codec 1.1.2-01022007
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
ZoneAlarm

**Shaba** · 2009-09-09, 07:47

As per forum rules, all p2p programs have to be removed.

So please uninstall uTorrent and post back a fresh uninstall list.

Also, do you recognize these?

c:\windows\UC.PIF
c:\windows\RAR.PIF
c:\windows\PKZIP.PIF
c:\windows\PKUNZIP.PIF
c:\windows\NOCLOSE.PIF
c:\windows\LHA.PIF
c:\windows\ARJ.PIF

**tapgambit** · 2009-09-09, 08:07

Ad-Aware
Ad-Aware
Adobe AIR
Adobe AIR
Adobe Anchor Service CS3
Adobe Anchor Service CS4
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge CS4
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS3
Adobe Device Central CS4
Adobe Dreamweaver CS3
Adobe Dreamweaver CS3
Adobe Drive CS4
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS3
Adobe Extension Manager CS4
Adobe Flash CS3
Adobe Flash CS3 Professional
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Flash Video Encoder
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe Linguistics CS4
Adobe Media Player
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Reader 7.0.9
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Setup
Adobe Setup
Adobe Setup
Adobe Setup
Adobe Stock Photos CS3
Adobe Stock Photos CS3
Adobe Type Support CS4
Adobe Update Manager CS3
Adobe Update Manager CS4
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoStudio 5.5
ATT-PRT22
Auto Gordian Knot 2.55
AviSynth 2.5
Bonjour
Canon Camera Access Library
Canon Camera Support Core Library
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon Internet Library for ZoomBrowser EX
Canon MovieEdit Task for ZoomBrowser EX
Canon MP Navigator 2.0
Canon MP Navigator 3.0
Canon MP160
Canon MP160 User Registration
Canon MP500
Canon My Printer
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities Digital Photo Professional 3.5
Canon Utilities Easy-PhotoPrint
Canon Utilities EOS Utility
Canon Utilities MyCamera
Canon Utilities Original Data Security Tools
Canon Utilities PhotoStitch
Canon Utilities Picture Style Editor
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities WFT-E1/E2/E3 Utility
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
CCleaner (remove only)
Chikka Messenger V4
Choice Guard
Click to DVD 2.0.03 Menu Data
Click to DVD 2.5.20
Connect
Creative WebCam Center
Creative WebCam Live! User's Guide (English)
Critical Update for Windows Media Player 11 (KB959772)
Crux Calculator v5
Defraggler (remove only)
DivX Codec
DivX Converter
DivX Player
DivX Web Player
DSD Direct
DSD Playback Plug-in 1.0
DVD Decrypter (Remove Only)
DVgate Plus
DVR Manager (remove only)
Easy-WebPrint
EatCam Webcam Recorder 3.6 for Yahoo Messenger
ERUNT 1.1j
ESET Online Scanner
FlexCell Grid Control Trial Version
FLV Player 2.0 (build 25)
Fraps (remove only)
Free Natural Text to Speech Reader 2008
Garena
Google Earth
Google Update Helper
HDAUDIO SoftV92 Data Fax Modem with SmartCP
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 10 (KB910393)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Image Converter 2 Plus
ImageStation
Inkscape 0.46
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Drivers
Intel(R) Processor ID Utility
Intel(R) PROSet/Wireless Software
InterVideo WinDVD for VAIO
iPod for Windows 2006-03-23
Ipswitch WS_FTP Home
iTunes
iTunes Art Importer
Java(TM) 6 Update 15
JEOPARDY! (remove only)
Junk Mail filter update
K-Lite Mega Codec Pack 2.2.0
kuler
LAN Setting Utility
Landscape Design and Construction
Macromedia Extension Manager
Macromedia Flash 8 Video Encoder
Macromedia Flash Player 8
Malwarebytes' Anti-Malware
mCore
mDriver
Media Center Extender
Media Center Extender
Memory Stick Formatter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Digital Image Starter Edition 2006
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office Live Add-in 1.3
Microsoft Office Outlook Connector
Microsoft Office Professional Edition 2003
Microsoft Primary Interoperability Assemblies 2005
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Desktop Engine (VAIO_VEDB)
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.5
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual Studio 6.0 Enterprise Edition
Microsoft Web Publishing Wizard 1.53
Microsoft WorldWide Telescope
mMHouse
MobileMe Control Panel
Mozilla Firefox (3.5.2)
mPfMgr
mProSafe
MSVC80_x86
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Multimedia Transcoding Tool
mWlsSafe
mXML
Need For Speed II
Nero 7 Ultra Edition
Nero PhotoShow Express
Nero Recode CE
Netscape Browser (remove only)
Nokia Connectivity Cable Driver
Nokia PC Suite
Nokia PC Suite
nProtect KeyCrypt
NVIDIA Drivers
Office 2003 Trial Assistant
OpenMG Limited Patch 4.4-06-13-19-01
OpenMG Metadata Extractor for Windows Media Player
OpenMG Secure Module 4.4.00
OpenOffice.org 2.4
Paint.NET v3.36
PC Connectivity Solution
Pcsx2 0.9.2 Watermoose
PDF Settings CS4
Photoshop Camera Raw
Picasa 3
Quicken 2006
QuickTime
Roxio DigitalMedia Audio
Roxio DigitalMedia Copy
Roxio DigitalMedia Data
RunAlyzer
Safari
ScanSoft OmniPage SE 4.0
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Segoe UI
Setting Utility Series
SigmaTel Audio
Skype™ 4.1
Sonic Encoders
SonicStage 3.4
SonicStage Mastering Studio 2.2
SonicStage Mastering Studio Audio Filter
SonicStage Mastering Studio Audio Filter Custom Preset
SonicStage Mastering Studio Plugins
Sony Certificate PCH
Sony MP4 Shared Library
Sony Utilities DLL
Sony Video Shared Library
Spybot - Search & Destroy
Suite Shared Configuration CS4
Teratrax Database Manager 4.6
TextEdit 3.0
Total 3D Home, Landscape & Deck Premium Suite
TVUPlayer 2.4.0.1
Ultra MPEG-4 Converter 3.9.1120
UltraISO Premium V8.63
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB968220)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
VAIO Breeze Wallpaper
VAIO Camera Utility
VAIO Central
VAIO Entertainment Platform
VAIO Event Service
VAIO Hardware Diagnostics
VAIO Light Flo Wallpaper
VAIO Media 5.0
VAIO Media AC3 Decoder 1.0
VAIO Media Integrated Server 5.0
VAIO Media Redistribution 5.0
VAIO Media Registration Tool 5.0
VAIO Original Screen Saver
VAIO Original Screen Saver VAIO Cozy Screen SD Wide Contents
VAIO Power Management
VAIO Registration
VAIO Security Center
VAIO Support Central
VAIO Update 3
VAIO Wireless LAN Setup Utility
VAIOSurveySA
VC 9.0 Runtime
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VobSub v2.23 (Remove Only)
Wheel of Fortune (remove only)
Windows Driver Package - Nokia Modem (02/15/2007 3.1)
Windows Driver Package - Nokia Modem (02/15/2007 3.1)
Windows Driver Package - Nokia Modem (03/05/2008 3.7)
Windows Driver Package - Nokia Modem (03/13/2008 6.86.0.1)
Windows Driver Package - Nokia Modem (05/24/2007 6.84.0.1)
Windows Driver Package - Nokia Modem (08/03/2007 6.84.0.2)
Windows Driver Package - Nokia Modem (08/08/2007 3.3)
Windows Driver Package - Nokia Modem (10/12/2007 3.6)
Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 10 Hotfix [See KB886612 for more information]
Windows Media Player 11
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Media Center Edition 2005 KB905589
Windows XP Media Center Edition 2005 KB925766
Windows XP Service Pack 3
WinRAR archiver
WinSCP 4.1.8
Wireless Switch Setting Utility
XAMPP 1.6.4
Xfire (remove only)
XviD MPEG4 Video Codec (remove only)
XviD Video Codec 1.1.2-01022007
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
ZoneAlarm

I am not familiar about those files, what are they?

**Shaba** · 2009-09-09, 08:34

In that case, please upload this - c:\windows\UC.PIF to http://virusscan.jotti.org and post back results.

Thread: S&D found this win32.tdss.ntf cannot be cleaned

Thread Tools

Display

S&D found this win32.tdss.ntf cannot be cleaned

here is the logs from gmer

hjt log and combo fix log

hjt

hjt

Posting Permissions