WIN32.TDSS.rtf -- help needed

T

tjb123

New member
Hello,

I have been having major problems being redirected while on the internet, particularly while using Google. To such and extentthat itbecame almost impossible to search the internet for anything without getting 'push' somewhere I did not want to go..!!

I have found WIN32.TDSS.rtk on my laptop after running Spybot and I have read this is the cause of the redirects while surfing. The annoying thing is that I can not get rid of it. I did read it was related to a 'hidden' non-plug and play device driver (maybe, maybe not)

Could anyone help me with this problem as what ever I have tried this virus/malware keeps coming back.

Thank you.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:44:51, on 8/22/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Virgin Broadband\PCguard\Fws.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Virgin Broadband\PCguard\rps.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe
C:\WINDOWS\TEMP\rdctgolvmt.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\WinPcap\rpcapd.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Bin\SanaAgent.exe
C:\Program Files\3Com\3Com OfficeConnect Wireless Utility\3Com Wireless 11g PC Card\PRISMSVR.EXE
C:\Program Files\MagicMus\MulMouse.exe
C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\TuneUp Utilities 2009\MemOptimizer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\3Com\3Com OfficeConnect Wireless Utility\3Com Wireless 11g PC Card\Monitor.exe
C:\Program Files\MagicMus\MagicWl.exe
C:\Program Files\Virgin Broadband Wireless\ndis_events.exe
C:\Program Files\Virgin Broadband\PCguard\RpsSecurityAwareR.exe
C:\Program Files\Virgin Broadband Wireless\wpa_supplicant.exe
C:\Program Files\Virgin Broadband\advisor\BroadbandadvisorComHandler.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\TEMP\rdctgolvmt.exe
C:\Documents and Settings\home\My Documents\Downloads\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Virgin Broadband\PCguard\pkR.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\Program Files\3Com\3Com OfficeConnect Wireless Utility\3Com Wireless 11g PC Card\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [VersatoMs] C:\Program Files\MagicMus\MulMouse.exe
O4 - HKLM\..\Run: [Broadbandadvisor.exe] "C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" /AUTORUN
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Wireless Manager] "C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe" startup
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2009\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - Global Startup: 3Com Wireless 11g PC Card.lnk = C:\Program Files\3Com\3Com OfficeConnect Wireless Utility\3Com Wireless 11g PC Card\Monitor.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O23 - Service: AffinegyService - Affinegy, Inc. - C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe
O23 - Service: AffinegyService AffinegyServiceAffinegyServiceAlerter (AffinegyServiceAffinegyServiceAlerter) - Unknown owner - C:\WINDOWS\TEMP\rdctgolvmt.exe
O23 - Service: AffinegyService AffinegyServiceAlerter (AffinegyServiceAlerter) - Unknown owner - C:\WINDOWS\TEMP\pcmhfhurak.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Virgin Broadband PCguard (Radialpoint Security Services) - Virgin Media - C:\Program Files\Virgin Broadband\PCguard\RpsSecurityAwareR.exe
O23 - Service: Virgin Broadband PCguard SafeConnectAgent (RadialpointSafeConnectAgent) - Sana Security - C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Bin\SanaAgent.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: PCguard Firewall (RP_FWS) - Virgin Media - C:\Program Files\Virgin Broadband\PCguard\Fws.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
O23 - Service: TuneUp Theme Extension UxTuneUpCOMSysApp (UxTuneUpCOMSysApp) - Unknown owner - C:\WINDOWS\system32\accessx.exe (file missing)

--
End of file - 7001 bytes
 
Hi tjb123

Download gmer.zip and save to your desktop.
alternate download site
  • Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.
  • When you have done this, disconnect from the Internet and close all running programs.
    There is a small chance this application may crash your computer so save any work you have open.
  • Double-click on Gmer.exe to start the program.
  • Allow the gmer.sys driver to load if asked.
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
  • Click on the "Scan" and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in SAFE MODE"
Important! Please do not select the "Show all" checkbox during the scan..
 
GMER Log

GMER 1.0.15.15077 [gmer.exe] - http://www.gmer.net
Rootkit scan 2009-08-24 20:33:21
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[284] [0xF571AD40]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[285] [0xF571AD50]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[286] [0xF571AD60]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[287] [0xF571AD80]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[288] [0xF571ADA0]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[289] [0xF571ADD0]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[290] [0xF571ADE0]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[291] [0xF571AE00]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[292] [0xF571AE10]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[293] [0xF571AED0]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[294] [0xF571AFA0]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[295] [0xF571AFE0]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[296] [0xF571B020]

Code 86DC2398 ZwEnumerateKey
Code 86DBF890 ZwFlushInstructionCache
Code \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) FsRtlCheckLockForReadAccess
Code \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) IoIsOperationSynchronous
Code 86DC41AE IofCallDriver
Code 86DC456E IofCompleteRequest

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!KiDispatchInterrupt + BA 804DB92E 7 Bytes JMP F5724280 \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab)
.text ntoskrnl.exe!IofCallDriver 804E37C5 5 Bytes JMP 86DC41B3
.text ntoskrnl.exe!IofCompleteRequest 804E3BF6 5 Bytes JMP 86DC4573
.text ntoskrnl.exe!IoIsOperationSynchronous 804E875A 5 Bytes JMP F5721150 \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab)
.text ntoskrnl.exe!FsRtlCheckLockForReadAccess 80512919 5 Bytes JMP F5720B90 \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab)
PAGE ntoskrnl.exe!ZwEnumerateKey 80570D64 5 Bytes JMP 86DC239C
PAGE ntoskrnl.exe!ZwFlushInstructionCache 80577693 5 Bytes JMP 86DBF894

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[116] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0075000A
.text C:\WINDOWS\system32\svchost.exe[244] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0066000A
.text C:\Program Files\Virgin Broadband\PCguard\RpsSecurityAwareR.exe[280] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00A4000A
.text C:\Program Files\Virgin Broadband\PCguard\Kav\Bin\ScanningProcess.exe[480] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0071000A
.text C:\WINDOWS\Explorer.EXE[544] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00B5000A
.text ...

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2392] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [10001D50] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2392] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [10001CE0] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2392] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [10001050] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2392] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [10001D00] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2392] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [10001D50] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2392] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [10001CE0] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2392] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [10001050] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2392] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [10001D00] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2392] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [10001D50] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2392] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [10001D00] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2392] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [10001CE0] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2392] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [10001050] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2392] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [10001CE0] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2392] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [10001D00] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2392] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [10001050] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2392] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [10001CE0] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2392] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [10001D00] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2392] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [10001050] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2392] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [10001CE0] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2392] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [10001D00] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2392] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [10001050] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2392] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [10001D50] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2392] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [10001D20] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2392] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!AdjustWindowRectEx] [1002DE60] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2392] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!AdjustWindowRect] [1002DED0] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2392] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [10001050] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2392] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [10001CE0] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2392] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [10001D20] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2392] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [10001D50] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2392] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [10001D00] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2392] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [10001CE0] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2392] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [10001050] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2392] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowLongA] [1002DEF0] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2392] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [10001050] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2392] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [10001CE0] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2392] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [10001D00] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2392] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [10001D50] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2392] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [10001D20] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2392] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [10001D00] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2392] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [10001D50] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2392] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [10001050] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2392] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [10001CE0] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2392] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!SetWindowLongA] [1002DEF0] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2392] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [10001050] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2392] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [10001CE0] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2392] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [10001CE0] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2392] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [10001050] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2392] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [10001050] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2392] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [10001CE0] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2392] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [10001D20] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2392] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [10001D50] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2392] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [10001D00] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2392] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [10001CE0] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2392] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [10001050] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2392] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [10001050] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2392] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [10001CE0] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2392] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [10001D00] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2392] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [10001D20] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2392] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [10001050] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2392] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [10001CE0] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2392] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [10001CE0] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2392] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [10001050] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs klif.sys (spuper-ptor/Kaspersky Lab)
AttachedDevice \FileSystem\Ntfs \Ntfs SafeConnectFilter.sys (SafeConnect Application Activity Monitor Filter Driver./Sana Security, Inc. )
AttachedDevice \Driver\Tcpip \Device\Ip rp_skt32.sys (Radialpoint Filter/Radialpoint Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp rp_skt32.sys (Radialpoint Filter/Radialpoint Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp rp_skt32.sys (Radialpoint Filter/Radialpoint Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp rp_skt32.sys (Radialpoint Filter/Radialpoint Inc.)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat klif.sys (spuper-ptor/Kaspersky Lab)
AttachedDevice \FileSystem\Fastfat \Fat SafeConnectFilter.sys (SafeConnect Application Activity Monitor Filter Driver./Sana Security, Inc. )

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\system32\drivers\SKYNETcunldxpb.sys (*** hidden *** ) [SYSTEM] SKYNETxtasqhqe <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETxtasqhqe (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETxtasqhqe@start 1
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETxtasqhqe@type 1
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETxtasqhqe@group file system
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETxtasqhqe@imagepath \systemroot\system32\drivers\SKYNETcunldxpb.sys
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETxtasqhqe\main (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETxtasqhqe\main@aid 10072
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETxtasqhqe\main@sid 0
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETxtasqhqe\main@cmddelay 14400
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETxtasqhqe\main\connections (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETxtasqhqe\main\delete (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETxtasqhqe\main\injector (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETxtasqhqe\main\injector@* SKYNETwsp.dll
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETxtasqhqe\main\tasks (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETxtasqhqe\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETxtasqhqe\modules@SKYNETrk.sys \systemroot\system32\drivers\SKYNETcunldxpb.sys
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETxtasqhqe\modules@SKYNETcmd.dll \systemroot\system32\SKYNETivqjqbcf.dll
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETxtasqhqe\modules@SKYNETlog.dat \systemroot\system32\SKYNETgdcxpfqj.dat
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETxtasqhqe\modules@SKYNETwsp.dll \systemroot\system32\SKYNETdqloriqk.dll
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETxtasqhqe\modules@SKYNET.dat \systemroot\system32\SKYNETjhvfsjyx.dat
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETxtasqhqe (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETxtasqhqe@start 1
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETxtasqhqe@type 1
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETxtasqhqe@group file system
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETxtasqhqe@imagepath \systemroot\system32\drivers\SKYNETcunldxpb.sys
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETxtasqhqe\main (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETxtasqhqe\main@aid 10072
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETxtasqhqe\main@sid 0
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETxtasqhqe\main@cmddelay 14400
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETxtasqhqe\main\connections (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETxtasqhqe\main\delete (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETxtasqhqe\main\injector (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETxtasqhqe\main\injector@* SKYNETwsp.dll
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETxtasqhqe\main\tasks (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETxtasqhqe\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETxtasqhqe\modules@SKYNETrk.sys \systemroot\system32\drivers\SKYNETcunldxpb.sys
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETxtasqhqe\modules@SKYNETcmd.dll \systemroot\system32\SKYNETivqjqbcf.dll
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETxtasqhqe\modules@SKYNETlog.dat \systemroot\system32\SKYNETgdcxpfqj.dat
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETxtasqhqe\modules@SKYNETwsp.dll \systemroot\system32\SKYNETdqloriqk.dll
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETxtasqhqe\modules@SKYNET.dat \systemroot\system32\SKYNETjhvfsjyx.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETxtasqhqe
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETxtasqhqe@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETxtasqhqe@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETxtasqhqe@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETxtasqhqe@imagepath \systemroot\system32\drivers\SKYNETcunldxpb.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETxtasqhqe\main
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETxtasqhqe\main@aid 10072
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETxtasqhqe\main@sid 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETxtasqhqe\main@cmddelay 14400
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETxtasqhqe\main\connections
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETxtasqhqe\main\delete
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETxtasqhqe\main\injector
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETxtasqhqe\main\injector@* SKYNETwsp.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETxtasqhqe\main\tasks
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETxtasqhqe\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETxtasqhqe\modules@SKYNETrk.sys \systemroot\system32\drivers\SKYNETcunldxpb.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETxtasqhqe\modules@SKYNETcmd.dll \systemroot\system32\SKYNETivqjqbcf.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETxtasqhqe\modules@SKYNETlog.dat \systemroot\system32\SKYNETgdcxpfqj.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETxtasqhqe\modules@SKYNETwsp.dll \systemroot\system32\SKYNETdqloriqk.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETxtasqhqe\modules@SKYNET.dat \systemroot\system32\SKYNETjhvfsjyx.dat
Reg HKLM\SYSTEM\ControlSet004\Services\SKYNETxtasqhqe (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\SKYNETxtasqhqe@start 1
Reg HKLM\SYSTEM\ControlSet004\Services\SKYNETxtasqhqe@type 1
Reg HKLM\SYSTEM\ControlSet004\Services\SKYNETxtasqhqe@group file system
Reg HKLM\SYSTEM\ControlSet004\Services\SKYNETxtasqhqe@imagepath \systemroot\system32\drivers\SKYNETcunldxpb.sys
Reg HKLM\SYSTEM\ControlSet004\Services\SKYNETxtasqhqe\main (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\SKYNETxtasqhqe\main@aid 10072
Reg HKLM\SYSTEM\ControlSet004\Services\SKYNETxtasqhqe\main@sid 0
Reg HKLM\SYSTEM\ControlSet004\Services\SKYNETxtasqhqe\main@cmddelay 14400
Reg HKLM\SYSTEM\ControlSet004\Services\SKYNETxtasqhqe\main\connections (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\SKYNETxtasqhqe\main\delete (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\SKYNETxtasqhqe\main\injector (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\SKYNETxtasqhqe\main\injector@* SKYNETwsp.dll
Reg HKLM\SYSTEM\ControlSet004\Services\SKYNETxtasqhqe\main\tasks (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\SKYNETxtasqhqe\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\SKYNETxtasqhqe\modules@SKYNETrk.sys \systemroot\system32\drivers\SKYNETcunldxpb.sys
Reg HKLM\SYSTEM\ControlSet004\Services\SKYNETxtasqhqe\modules@SKYNETcmd.dll \systemroot\system32\SKYNETivqjqbcf.dll
Reg HKLM\SYSTEM\ControlSet004\Services\SKYNETxtasqhqe\modules@SKYNETlog.dat \systemroot\system32\SKYNETgdcxpfqj.dat
Reg HKLM\SYSTEM\ControlSet004\Services\SKYNETxtasqhqe\modules@SKYNETwsp.dll \systemroot\system32\SKYNETdqloriqk.dll
Reg HKLM\SYSTEM\ControlSet004\Services\SKYNETxtasqhqe\modules@SKYNET.dat \systemroot\system32\SKYNETjhvfsjyx.dat
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@LoadAppInit_DLLs 1

---- EOF - GMER 1.0.15 ----
 
We will continue with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
If you need help to disable your protection programs see here.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log.
 
Logs

Sorry for the long wait but my wireless card decided to stop working today - fixed now....

logs to follow as requested..

COMBOFIX

ComboFix 09-08-24.05 - home 08/25/2009 7:00.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1007.634 [GMT 1:00]
Running from: c:\documents and settings\home\Desktop\ComboFix.exe
AV: PCguard Anti-Virus *On-access scanning disabled* (Updated) {5B5A3BD7-8573-4672-AEA8-C9BB713B6755}
FW: PCguard Firewall *disabled* {80593BF4-D969-4EC5-ADAE-A22F2DFC7A22}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\WinPCap
c:\program files\WinPCap\daemon_mgm.exe
c:\program files\WinPCap\npf_mgm.exe
c:\program files\WinPCap\rpcapd.exe
c:\windows\system32\drivers\npf.sys
c:\windows\system32\drivers\SKYNETcunldxpb.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\SKYNETdqloriqk.dll
c:\windows\system32\SKYNETgdcxpfqj.dat
c:\windows\system32\SKYNETivqjqbcf.dll
c:\windows\system32\SKYNETjhvfsjyx.dat
c:\windows\system32\tmp.reg
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SKYNETxtasqhqe
-------\Legacy_SKYNETxtasqhqe
-------\Legacy_NPF
-------\Legacy_UXTUNEUPCOMSYSAPP
-------\Service_NPF
-------\Service_UxTuneUpCOMSysApp


((((((((((((((((((((((((( Files Created from 2009-07-25 to 2009-08-25 )))))))))))))))))))))))))))))))
.

2009-08-23 16:07 . 2009-07-15 09:48 29000 ----a-w- c:\windows\system32\uxtuneup.dll
2009-08-23 16:07 . 2009-08-23 16:07 361288 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-08-23 14:32 . 2009-08-23 14:33 -------- d-----w- C:\!KillBox
2009-08-23 06:30 . 2009-08-23 06:32 -------- dc-h--w- c:\windows\ie8
2009-08-22 17:47 . 2009-08-22 17:47 -------- d-----w- c:\program files\ERUNT
2009-08-22 17:23 . 2008-06-19 16:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-08-22 17:20 . 2009-08-22 17:20 -------- d-----w- c:\program files\Panda Security
2009-08-22 17:12 . 2009-08-22 17:14 -------- d-----w- C:\rsit
2009-08-22 13:54 . 2008-08-28 12:16 71184 ----a-w- c:\windows\system32\drivers\DefragFS.sys
2009-08-22 13:54 . 2009-08-22 13:54 -------- d-----w- c:\program files\Raxco
2009-08-22 13:54 . 2009-08-22 13:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Raxco
2009-08-20 20:44 . 2009-08-20 20:44 -------- d-----w- c:\documents and settings\home\Local Settings\Application Data\Opera
2009-08-20 20:44 . 2009-08-21 19:19 -------- d-----w- c:\program files\Opera
2009-08-13 02:02 . 2008-04-14 00:42 221184 ----a-w- c:\windows\system32\wmpns.dll
2009-08-12 19:59 . 2009-08-12 19:59 -------- d-----w- c:\documents and settings\All Users\Application Data\PassMark
2009-08-12 19:56 . 2009-08-21 19:26 -------- d-----w- c:\program files\WirelessMon
2009-08-08 06:27 . 2009-08-08 06:27 3942048 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-08-01 20:43 . 2009-08-16 19:15 -------- d-----w- c:\docume~1\home\APPLIC~1\Any Video Converter
2009-08-01 20:43 . 2009-08-01 20:44 -------- d-----w- c:\program files\Any Video Converter
2009-07-30 05:10 . 2009-07-30 05:10 -------- d-----w- c:\documents and settings\home\DoctorWeb

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-25 17:20 . 2009-07-06 21:49 1426464 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-08-25 17:19 . 2009-07-06 21:49 6688 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-08-25 06:20 . 2009-07-06 21:49 20084 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-08-25 06:20 . 2009-07-06 21:49 1604 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-08-25 05:27 . 2009-04-24 17:02 -------- d-----w- c:\docume~1\home\APPLIC~1\Affinegy
2009-08-23 16:07 . 2009-07-07 20:38 604488 ----a-w- c:\windows\system32\TUProgSt.exe
2009-08-23 16:07 . 2009-07-07 20:37 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-08-23 15:02 . 2009-07-09 05:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-23 08:57 . 2009-04-18 11:35 -------- d-----w- c:\program files\Vuze
2009-08-22 17:13 . 2009-07-21 05:18 -------- d-----w- c:\program files\Trend Micro
2009-08-21 19:38 . 2009-07-09 05:16 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-21 19:20 . 2009-06-23 15:16 -------- d-----w- c:\program files\SWiSH Max2
2009-08-20 16:58 . 2009-04-18 11:39 -------- d-----w- c:\docume~1\home\APPLIC~1\Azureus
2009-08-16 19:38 . 2009-04-26 19:53 -------- d-----w- c:\docume~1\home\APPLIC~1\FileZilla
2009-08-13 02:08 . 2009-04-18 07:05 -------- d-----w- c:\program files\PeerGuardian2
2009-08-12 20:04 . 2009-05-23 15:03 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-08 06:27 . 2009-07-21 18:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-07 05:22 . 2009-04-20 17:25 724 ----a-w- c:\windows\aclockz6.dat
2009-08-06 19:22 . 2009-04-18 07:51 -------- d-----w- c:\program files\Java
2009-08-05 09:01 . 2008-04-14 00:42 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-03 12:36 . 2009-07-21 18:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 12:36 . 2009-07-21 18:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-25 04:23 . 2009-04-18 07:51 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-22 19:30 . 2009-07-12 19:24 -------- d-----w- c:\docume~1\home\APPLIC~1\SUPERAntiSpyware.com
2009-07-22 19:30 . 2009-07-12 19:24 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-07-21 18:27 . 2009-07-21 18:27 -------- d-----w- c:\docume~1\home\APPLIC~1\Malwarebytes
2009-07-21 18:27 . 2009-07-21 18:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-21 11:25 . 2009-07-20 23:10 2545 --s-a-w- c:\windows\system32\227948468.dat
2009-07-21 05:20 . 2009-05-02 04:39 -------- d-----w- c:\program files\Wisdom-soft ScreenHunter 5 Free
2009-07-21 05:20 . 2009-04-17 18:42 -------- d-----w- c:\program files\WYSIWYG Web Builder 5
2009-07-21 05:20 . 2009-04-15 04:32 -------- d-----w- c:\program files\Windows Media Connect 2
2009-07-21 05:20 . 2009-06-06 20:50 -------- d-----w- c:\program files\MagicMus
2009-07-21 05:20 . 2009-04-20 17:25 -------- d-----w- c:\program files\MemoKit
2009-07-18 20:22 . 2009-07-18 20:22 -------- d-----w- c:\documents and settings\All Users\Application Data\BVRP Software
2009-07-17 19:01 . 2008-04-14 00:41 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 22:43 . 2008-08-29 22:12 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-13 17:53 . 2009-07-13 17:53 192890 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\aeoffice.dll
2009-07-13 17:53 . 2009-07-13 17:53 1388918 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\aeheur.dll
2009-07-13 17:53 . 2009-07-13 17:53 115063 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\aehelp.dll
2009-07-13 17:53 . 2009-07-13 17:53 315764 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\aegen.dll
2009-07-13 17:53 . 2009-07-13 17:53 430452 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\aeemu.dll
2009-07-13 17:53 . 2009-07-13 17:53 172406 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\aecore.dll
2009-07-13 17:53 . 2009-07-13 17:53 53617 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\aebb.dll
2009-07-13 17:53 . 2009-07-13 17:53 2133360 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ToolBox\LT\HostFileEditor.exe
2009-07-12 19:24 . 2009-07-12 19:24 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-07-12 19:07 . 2009-04-24 16:57 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-11 18:51 . 2009-07-11 14:01 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2009-07-11 06:47 . 2009-07-11 06:47 117760 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-07-11 06:46 . 2009-07-11 06:46 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-07-09 17:52 . 2009-07-09 17:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-07-09 17:52 . 2009-07-09 17:52 314712 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-07-09 17:52 . 2009-07-09 19:33 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-07-09 17:52 . 2009-07-09 17:52 25440 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\savapibridge.dll
2009-07-09 17:52 . 2009-07-09 17:52 169312 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-07-09 17:52 . 2009-07-09 17:52 15688 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-07-09 17:52 . 2009-07-09 17:52 348496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-07-09 17:52 . 2009-07-09 17:52 298336 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-07-09 17:52 . 2009-07-09 17:52 84832 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-07-09 17:50 . 2009-07-09 17:50 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-07-09 17:50 . 2009-07-09 17:50 -------- d-----w- c:\program files\Lavasoft
2009-07-08 05:01 . 2009-04-21 20:44 -------- d-----w- c:\program files\Yahoo!
2009-07-07 20:47 . 2009-05-23 14:53 -------- d-----w- c:\program files\Uniblue
2009-07-07 20:47 . 2009-05-23 15:01 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverScanner
2009-07-07 20:47 . 2009-05-23 14:54 -------- d-----w- c:\docume~1\home\APPLIC~1\uniblue
2009-07-07 20:38 . 2009-07-07 20:38 -------- d-----w- c:\docume~1\home\APPLIC~1\TuneUp Software
2009-07-07 20:37 . 2009-07-07 20:37 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software
2009-07-07 20:37 . 2009-07-07 20:37 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-07-07 20:04 . 2009-06-23 11:07 -------- d-----w- c:\program files\SWiSHmax
2009-07-07 20:03 . 2009-04-21 20:47 -------- d-----w- c:\docume~1\home\APPLIC~1\Yahoo!
2009-07-07 20:03 . 2009-04-21 20:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-07-06 21:27 . 2009-07-06 21:16 -------- d-----w- c:\program files\Virgin Broadband
2009-07-06 21:26 . 2009-04-24 17:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Virgin Broadband
2009-07-05 20:22 . 2009-07-05 20:22 -------- d-----w- c:\docume~1\home\APPLIC~1\Apple Computer
2009-07-05 09:19 . 2009-07-05 09:19 0 ----a-w- c:\windows\nsreg.dat
2009-07-03 19:22 . 2009-04-18 07:35 -------- d-----w- c:\program files\FileZilla FTP Client
2009-07-03 17:09 . 2008-06-23 15:57 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-02 19:52 . 2009-07-02 19:52 -------- d-----w- c:\documents and settings\All Users\Application Data\hps
2009-07-02 18:24 . 2009-07-02 18:24 -------- d-----w- c:\program files\jessops
2009-06-30 19:12 . 2009-05-24 20:20 25512 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2009-06-30 19:12 . 2009-05-24 20:20 13224 ----a-w- c:\windows\system32\drivers\ggflt.sys
2009-06-22 17:11 . 2009-04-15 05:44 88984 ----a-w- c:\documents and settings\home\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-16 14:36 . 2008-04-14 00:42 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2008-04-14 00:41 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-12 12:31 . 2008-04-14 00:42 80896 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-12 12:31 . 2008-04-14 00:42 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:13 . 2008-04-14 00:41 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 08:19 . 2009-04-15 04:32 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:14 . 2008-04-14 00:42 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-06 20:33 . 2009-04-18 07:51 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-06-03 19:09 . 2008-04-14 00:42 1291264 ----a-w- c:\windows\system32\quartz.dll
.

------- Sigcheck -------

[-] 2008-08-29 22:15 1614848 362BC5AF8EAF712832C58CC13AE05750 c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-07-02 393216]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"TuneUp MemOptimizer"="c:\program files\TuneUp Utilities 2009\MemOptimizer.exe" [2009-07-16 163144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PRISMSVR.EXE"="c:\program files\3Com\3Com OfficeConnect Wireless Utility\3Com Wireless 11g PC Card\PRISMSVR.EXE" [2004-04-26 295001]
"VersatoMs"="c:\program files\MagicMus\MulMouse.exe" [2004-06-17 282624]
"Broadbandadvisor.exe"="c:\program files\Virgin Broadband\advisor\Broadbandadvisor.exe" [2009-05-27 2303216]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-07-09 520024]
"Wireless Manager"="c:\program files\Virgin Broadband Wireless\Wireless Manager.exe" [2008-05-26 585728]

c:\documents and settings\home\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
3Com Wireless 11g PC Card.lnk - c:\program files\3Com\3Com OfficeConnect Wireless Utility\3Com Wireless 11g PC Card\Monitor.exe [2004-7-2 299008]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *\0lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"Nitro PDF Printer Monitor"="c:\program files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe"
"S3hotkey"=S3hotkey.exe
"S3TRAY2"=S3tray2.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [7/9/2009 6:52 PM 64160]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [8/22/2009 6:23 PM 28544]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [1/18/2009 10:34 PM 1029456]
R2 MUsbFltr;USB WTMouse Filter Service;c:\windows\system32\drivers\MUsbFltr.sys [6/6/2009 9:50 PM 6528]
R2 RadialpointSafeConnectAgent;Virgin Broadband PCguard SafeConnectAgent;c:\program files\Virgin Broadband\PCguard\SafeConnect\bin\SanaAgent.exe [11/14/2008 6:28 PM 4937752]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [7/7/2009 9:38 PM 604488]
R3 CVIAAUD;Cnxt VIA 3D Environmental Audio;c:\windows\system32\drivers\cviaaud.sys [6/6/2009 9:48 PM 321472]
R3 CVIAHALA;CVIAHALA;c:\windows\system32\drivers\cviahal.sys [6/6/2009 9:48 PM 216608]
R3 HSFHWVIA;HSFHWVIA;c:\windows\system32\drivers\HSFHWVIA.sys [6/6/2009 9:49 PM 192768]
R3 Radialpoint Security Services;Virgin Broadband PCguard;c:\program files\Virgin Broadband\PCguard\RpsSecurityAwareR.exe [5/27/2009 1:10 PM 170736]
R3 RadialpointSafeConnectDriver;RadialpointSafeConnectDriver;c:\program files\Virgin Broadband\PCguard\SafeConnect\Driver\platform_XP\SafeConnectDriver.sys [11/14/2008 6:28 PM 161304]
R3 RadialpointSafeConnectFilter;RadialpointSafeConnectFilter;c:\program files\Virgin Broadband\PCguard\SafeConnect\Driver\platform_XP\SafeConnectFilter.sys [11/14/2008 6:28 PM 29720]
R3 RadialpointSafeConnectShim;RadialpointSafeConnectShim;c:\program files\Virgin Broadband\PCguard\SafeConnect\Driver\platform_XP\SafeConnectShim.sys [11/14/2008 6:28 PM 27376]
S2 AffinegyServiceAffinegyServiceAlerter;AffinegyService AffinegyServiceAffinegyServiceAlerter;c:\windows\TEMP\rdctgolvmt.exe service --> c:\windows\TEMP\rdctgolvmt.exe service [?]
S2 AffinegyServiceAlerter;AffinegyService AffinegyServiceAlerter;c:\windows\TEMP\pcmhfhurak.exe service --> c:\windows\TEMP\pcmhfhurak.exe service [?]
S2 kiqdb;kiqdb;c:\windows\system32\drivers\pkaj.sys --> c:\windows\system32\drivers\pkaj.sys [?]
S3 3C154G;3Com OfficeConnect 802.11g PC Card Driver;c:\windows\system32\drivers\3C154G72.sys [4/24/2009 5:56 PM 386432]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [5/24/2009 9:20 PM 13224]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [5/8/2009 3:23 PM 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [5/8/2009 3:23 PM 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [5/8/2009 3:23 PM 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [5/8/2009 3:23 PM 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [5/8/2009 3:23 PM 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [5/8/2009 3:23 PM 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [5/8/2009 3:23 PM 115752]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [5/8/2009 3:23 PM 90408]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [5/8/2009 3:23 PM 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [5/8/2009 3:23 PM 122024]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [5/8/2009 3:23 PM 115368]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [5/8/2009 3:23 PM 25768]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [5/8/2009 3:23 PM 111784]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [5/8/2009 3:23 PM 117544]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\drivers\s115bus.sys [4/23/2007 1:54 PM 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\drivers\s115mdfl.sys [4/23/2007 1:54 PM 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\drivers\s115mdm.sys [4/23/2007 1:54 PM 108680]
S4 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe --> c:\program files\AskBarDis\bar\bin\AskService.exe [?]
S4 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe --> c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [?]
S4 PD91Agent;PD91Agent;c:\program files\Raxco\PerfectDisk2008\PD91Agent.exe [9/22/2008 4:58 PM 693512]
S4 PD91Engine;PD91Engine;c:\program files\Raxco\PerfectDisk2008\PD91Engine.exe [9/22/2008 4:58 PM 910600]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Nitro PDF Professional]
cscript //B "c:\program files\Nitro PDF\Professional\RemoveOldAddins.vbs"
.
Contents of the 'Scheduled Tasks' folder

2009-08-25 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-07-16 08:54]

2009-08-24 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 17:51]

2009-08-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-08-25 c:\windows\Tasks\User_Feed_Synchronization-{319BC319-DD29-46B2-AE61-ECC6F2186869}.job
- c:\windows\system32\msfeedssync.exe [2008-08-29 03:31]
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)


.
------- Supplementary Scan -------
.
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab
FF - ProfilePath - c:\docume~1\home\APPLIC~1\Mozilla\Firefox\Profiles\k6bceon5.default\
FF - prefs.js: browser.search.selectedEngine - Searchalot
FF - prefs.js: browser.startup.homepage - file:///C:/Documents%20and%20Settings/home/My%20Documents/homepage/Local%20Publish/index.html
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Virgin Broadband\advisor\nprpspa.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-25 18:19
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2772)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Other Running Processes ------------------------
.
SystemRoot\System32\smss.exe [836]
??\c:\windows\system32\csrss.exe [1140]
??\c:\windows\system32\winlogon.exe [1236]
c:\windows\system32\services.exe [1448]
c:\windows\system32\lsass.exe [1460]
c:\windows\system32\svchost.exe [1828]
c:\windows\system32\svchost.exe [1996]
c:\windows\System32\svchost.exe [248]
c:\windows\system32\svchost.exe [316]
c:\program files\Virgin Broadband\PCguard\Fws.exe [468]
c:\windows\system32\svchost.exe [1512]
c:\program files\Lavasoft\Ad-Aware\AAWService.exe [1852]
c:\program files\Virgin Broadband\PCguard\rps.exe [188]
c:\windows\system32\spoolsv.exe [684]
c:\program files\Virgin Broadband Wireless\AffinegyService.exe [952]
c:\program files\Java\jre6\bin\jqs.exe [1084]
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [1304]
c:\windows\System32\TUProgSt.exe [1492]
c:\windows\system32\CF10201.exe [640]
c:\program files\3Com\3Com OfficeConnect Wireless Utility\3Com Wireless 11g PC Card\PRISMSVR.EXE [1104]
c:\program files\Virgin Broadband\advisor\Broadbandadvisor.exe [788]
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe [204]
c:\program files\Virgin Broadband Wireless\Wireless Manager.exe [1956]
c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe [1960]
c:\program files\TuneUp Utilities 2009\MemOptimizer.exe [1500]
c:\program files\3Com\3Com OfficeConnect Wireless Utility\3Com Wireless 11g PC Card\Monitor.exe [1876]
c:\program files\Virgin Broadband Wireless\ndis_events.exe [2408]
c:\windows\system32\wbem\wmiprvse.exe [2500]
c:\windows\system32\ctfmon.exe [2564]
c:\windows\system32\wbem\unsecapp.exe [3600]
c:\windows\System32\alg.exe [520]
c:\windows\system32\wscntfy.exe [2244]
c:\windows\explorer.exe [2772]
c:\combofix\catchme.cfxxe [1192]
.
**************************************************************************
.
Completion time: 2009-08-25 18:28 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-25 17:27

Pre-Run: 69,319,385,088 bytes free
Post-Run: 69,182,308,352 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4
382 --- E O F --- 2009-08-23 06:34



HIJACKTHIS

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:55:32, on 8/25/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Virgin Broadband\PCguard\Fws.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Virgin Broadband\PCguard\rps.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Bin\SanaAgent.exe
C:\Program Files\3Com\3Com OfficeConnect Wireless Utility\3Com Wireless 11g PC Card\PRISMSVR.EXE
C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\TuneUp Utilities 2009\MemOptimizer.exe
C:\Program Files\3Com\3Com OfficeConnect Wireless Utility\3Com Wireless 11g PC Card\Monitor.exe
C:\Program Files\Virgin Broadband Wireless\ndis_events.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\home\My Documents\Downloads\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Virgin Broadband\PCguard\pkR.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\Program Files\3Com\3Com OfficeConnect Wireless Utility\3Com Wireless 11g PC Card\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [VersatoMs] C:\Program Files\MagicMus\MulMouse.exe
O4 - HKLM\..\Run: [Broadbandadvisor.exe] "C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" /AUTORUN
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [Wireless Manager] "C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe" startup
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2009\MemOptimizer.exe" autostart
O4 - S-1-5-18 Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: 3Com Wireless 11g PC Card.lnk = C:\Program Files\3Com\3Com OfficeConnect Wireless Utility\3Com Wireless 11g PC Card\Monitor.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O23 - Service: AffinegyService - Affinegy, Inc. - C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe
O23 - Service: AffinegyService AffinegyServiceAffinegyServiceAlerter (AffinegyServiceAffinegyServiceAlerter) - Unknown owner - C:\WINDOWS\TEMP\rdctgolvmt.exe (file missing)
O23 - Service: AffinegyService AffinegyServiceAlerter (AffinegyServiceAlerter) - Unknown owner - C:\WINDOWS\TEMP\pcmhfhurak.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Virgin Broadband PCguard (Radialpoint Security Services) - Virgin Media - C:\Program Files\Virgin Broadband\PCguard\RpsSecurityAwareR.exe
O23 - Service: Virgin Broadband PCguard SafeConnectAgent (RadialpointSafeConnectAgent) - Sana Security - C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Bin\SanaAgent.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing)
O23 - Service: PCguard Firewall (RP_FWS) - Virgin Media - C:\Program Files\Virgin Broadband\PCguard\Fws.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--
End of file - 6195 bytes
 
To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.

You will now be presented with a screen similar to the one below:

uninstall-man.jpg


5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply.
 
Uninstall Log

3Com OfficeConnect Wireless 11g PC Card
AC97 SoftV92 Data Fax Modem with SmartCP
Acrobat.com
Ad-Aware
Ad-Aware
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1.2
Any Video Converter 2.7.6
Apple Software Update
CCleaner (remove only)
Conexant AC-Link Audio
ERUNT 1.1j
FileZilla Client 3.2.6.1
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB970653-v3)
Image Resizer Powertoy for Windows XP
Java(TM) 6 Update 15
Jessops
Malwarebytes' Anti-Malware
MemoKit
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Office Professional Edition 2003
Microsoft Office Word Viewer 2003
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.5.2)
MSXML 4.0 SP2 (KB954430)
Nitro PDF Professional
Panda ActiveScan 2.0
PeerGuardian 2.0
PerfectDisk 2008
Picasa 3
QuickTime
RealPlayer
RPS Burn
RPS CRT
RPS Diagnostic Utility
RPS Firewall
RPS Ksdk
RPS ParentalControl
RPS PerfectDiskStub
RPS PopupBlocker
RPS RpsCore
RPS SafeConnect
S3Display
S3Gamma2
S3Info2
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 8 (KB972260)
Sony Ericsson Media Manager 1.2
Sony Ericsson PC Suite 4.010.00
Spybot - Search & Destroy
TuneUp Utilities 2009
Update for Windows Internet Explorer 8 (KB972636)
Update Service
V Stuff Backup v1.0.0
ViewMate Desktop Mouse CC2201 Uninstaller
Virgin Broadband advisor 1.5.24
Virgin Broadband PCguard
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Windows Internet Explorer 8
WinRAR archiver
Wireless Manager
Wisdom-soft ScreenHunter 5.1 Free
WYSIWYG Web Builder 5.0
 
  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Code: 
    SRPeek::
c:\windows\system32\sfcfiles.dll
  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

    CFScriptB-4.gif

  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
 
ComboFix 09-08-26.05 - home 08/26/2009 21:05.3.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1007.536 [GMT 1:00]
Running from: c:\documents and settings\home\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\home\Desktop\CFScript.txt
AV: PCguard Anti-Virus *On-access scanning disabled* (Updated) {5B5A3BD7-8573-4672-AEA8-C9BB713B6755}
FW: PCguard Firewall *disabled* {80593BF4-D969-4EC5-ADAE-A22F2DFC7A22}
.

((((((((((((((((((((((((( Files Created from 2009-07-26 to 2009-08-26 )))))))))))))))))))))))))))))))
.

2009-08-25 21:02 . 2009-08-25 21:02 -------- d-----w- c:\windows\LastGood
2009-08-25 19:47 . 2009-08-25 19:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Prism
2009-08-25 19:47 . 2004-06-28 02:08 16831 ----a-r- c:\windows\system32\CCU3C154.dll
2009-08-25 19:47 . 2004-06-17 11:59 225280 ----a-r- c:\windows\system32\CCU3C154.exe
2009-08-25 19:47 . 2004-05-18 03:27 386432 ----a-r- c:\windows\system32\drivers\3C154G72.sys
2009-08-25 19:46 . 2009-08-25 19:46 15781 ----a-w- c:\windows\system32\drivers\mdc8021x.sys
2009-08-25 19:46 . 2009-08-25 19:46 -------- d-----w- c:\program files\3Com
2009-08-23 16:07 . 2009-07-15 09:48 29000 ----a-w- c:\windows\system32\uxtuneup.dll
2009-08-23 16:07 . 2009-08-23 16:07 361288 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-08-23 14:32 . 2009-08-23 14:33 -------- d-----w- C:\!KillBox
2009-08-23 06:30 . 2009-08-23 06:32 -------- dc-h--w- c:\windows\ie8
2009-08-22 17:47 . 2009-08-22 17:47 -------- d-----w- c:\program files\ERUNT
2009-08-22 17:23 . 2008-06-19 16:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-08-22 17:20 . 2009-08-22 17:20 -------- d-----w- c:\program files\Panda Security
2009-08-22 17:12 . 2009-08-22 17:14 -------- d-----w- C:\rsit
2009-08-22 13:54 . 2008-08-28 12:16 71184 ----a-w- c:\windows\system32\drivers\DefragFS.sys
2009-08-22 13:54 . 2009-08-22 13:54 -------- d-----w- c:\program files\Raxco
2009-08-22 13:54 . 2009-08-22 13:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Raxco
2009-08-20 20:44 . 2009-08-20 20:44 -------- d-----w- c:\documents and settings\home\Local Settings\Application Data\Opera
2009-08-20 20:44 . 2009-08-21 19:19 -------- d-----w- c:\program files\Opera
2009-08-13 02:02 . 2008-04-14 00:42 221184 ----a-w- c:\windows\system32\wmpns.dll
2009-08-12 19:59 . 2009-08-12 19:59 -------- d-----w- c:\documents and settings\All Users\Application Data\PassMark
2009-08-12 19:56 . 2009-08-21 19:26 -------- d-----w- c:\program files\WirelessMon
2009-08-08 06:27 . 2009-08-08 06:27 3942048 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-08-06 19:17 . 2009-08-06 19:17 152576 ----a-w- c:\documents and settings\home\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-08-01 20:43 . 2009-08-16 19:15 -------- d-----w- c:\documents and settings\home\Application Data\Any Video Converter
2009-08-01 20:43 . 2009-08-01 20:44 -------- d-----w- c:\program files\Any Video Converter
2009-07-30 05:10 . 2009-07-30 05:10 -------- d-----w- c:\documents and settings\home\DoctorWeb

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-26 20:21 . 2009-07-06 21:49 2044704 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-08-26 20:21 . 2009-07-06 21:49 36384 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-08-25 20:32 . 2009-07-06 21:49 2636 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-08-25 20:32 . 2009-07-06 21:49 21428 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-08-25 20:32 . 2009-04-24 17:02 -------- d-----w- c:\documents and settings\home\Application Data\Affinegy
2009-08-23 16:07 . 2009-07-07 20:38 604488 ----a-w- c:\windows\system32\TUProgSt.exe
2009-08-23 16:07 . 2009-07-07 20:37 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-08-23 15:02 . 2009-07-09 05:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-23 08:57 . 2009-04-18 11:35 -------- d-----w- c:\program files\Vuze
2009-08-22 17:13 . 2009-07-21 05:18 -------- d-----w- c:\program files\Trend Micro
2009-08-21 19:38 . 2009-07-09 05:16 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-21 19:20 . 2009-06-23 15:16 -------- d-----w- c:\program files\SWiSH Max2
2009-08-20 16:58 . 2009-04-18 11:39 -------- d-----w- c:\documents and settings\home\Application Data\Azureus
2009-08-16 19:38 . 2009-04-26 19:53 -------- d-----w- c:\documents and settings\home\Application Data\FileZilla
2009-08-13 02:08 . 2009-04-18 07:05 -------- d-----w- c:\program files\PeerGuardian2
2009-08-12 20:04 . 2009-05-23 15:03 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-08 06:27 . 2009-07-21 18:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-07 05:22 . 2009-04-20 17:25 724 ----a-w- c:\windows\aclockz6.dat
2009-08-06 19:22 . 2009-04-18 07:51 -------- d-----w- c:\program files\Java
2009-08-05 09:01 . 2008-04-14 00:42 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-03 12:36 . 2009-07-21 18:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 12:36 . 2009-07-21 18:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-25 04:23 . 2009-04-18 07:51 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-22 19:30 . 2009-07-12 19:24 -------- d-----w- c:\documents and settings\home\Application Data\SUPERAntiSpyware.com
2009-07-22 19:30 . 2009-07-12 19:24 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-07-21 18:27 . 2009-07-21 18:27 -------- d-----w- c:\documents and settings\home\Application Data\Malwarebytes
2009-07-21 18:27 . 2009-07-21 18:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-21 11:25 . 2009-07-20 23:10 2545 --s-a-w- c:\windows\system32\227948468.dat
2009-07-21 05:20 . 2009-05-02 04:39 -------- d-----w- c:\program files\Wisdom-soft ScreenHunter 5 Free
2009-07-21 05:20 . 2009-04-17 18:42 -------- d-----w- c:\program files\WYSIWYG Web Builder 5
2009-07-21 05:20 . 2009-04-15 04:32 -------- d-----w- c:\program files\Windows Media Connect 2
2009-07-21 05:20 . 2009-06-06 20:50 -------- d-----w- c:\program files\MagicMus
2009-07-21 05:20 . 2009-04-20 17:25 -------- d-----w- c:\program files\MemoKit
2009-07-18 20:22 . 2009-07-18 20:22 -------- d-----w- c:\documents and settings\All Users\Application Data\BVRP Software
2009-07-17 19:01 . 2008-04-14 00:41 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 22:43 . 2008-08-29 22:12 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-13 17:53 . 2009-07-13 17:53 192890 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\aeoffice.dll
2009-07-13 17:53 . 2009-07-13 17:53 1388918 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\aeheur.dll
2009-07-13 17:53 . 2009-07-13 17:53 115063 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\aehelp.dll
2009-07-13 17:53 . 2009-07-13 17:53 315764 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\aegen.dll
2009-07-13 17:53 . 2009-07-13 17:53 430452 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\aeemu.dll
2009-07-13 17:53 . 2009-07-13 17:53 172406 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\aecore.dll
2009-07-13 17:53 . 2009-07-13 17:53 53617 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\aebb.dll
2009-07-13 17:53 . 2009-07-13 17:53 2133360 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ToolBox\LT\HostFileEditor.exe
2009-07-12 19:24 . 2009-07-12 19:24 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-07-12 19:07 . 2009-04-24 16:57 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-11 18:51 . 2009-07-11 14:01 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2009-07-11 06:47 . 2009-07-11 06:47 117760 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-07-11 06:46 . 2009-07-11 06:46 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-07-09 17:52 . 2009-07-09 17:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-07-09 17:52 . 2009-07-09 17:52 314712 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-07-09 17:52 . 2009-07-09 19:33 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-07-09 17:52 . 2009-07-09 17:52 25440 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\savapibridge.dll
2009-07-09 17:52 . 2009-07-09 17:52 169312 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-07-09 17:52 . 2009-07-09 17:52 15688 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-07-09 17:52 . 2009-07-09 17:52 348496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-07-09 17:52 . 2009-07-09 17:52 298336 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-07-09 17:52 . 2009-07-09 17:52 84832 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-07-09 17:50 . 2009-07-09 17:50 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-07-09 17:50 . 2009-07-09 17:50 -------- d-----w- c:\program files\Lavasoft
2009-07-08 05:01 . 2009-04-21 20:44 -------- d-----w- c:\program files\Yahoo!
2009-07-07 20:47 . 2009-05-23 14:53 -------- d-----w- c:\program files\Uniblue
2009-07-07 20:47 . 2009-05-23 15:01 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverScanner
2009-07-07 20:47 . 2009-05-23 14:54 -------- d-----w- c:\documents and settings\home\Application Data\uniblue
2009-07-07 20:38 . 2009-07-07 20:38 -------- d-----w- c:\documents and settings\home\Application Data\TuneUp Software
2009-07-07 20:37 . 2009-07-07 20:37 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software
2009-07-07 20:37 . 2009-07-07 20:37 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-07-07 20:04 . 2009-06-23 11:07 -------- d-----w- c:\program files\SWiSHmax
2009-07-07 20:03 . 2009-04-21 20:47 -------- d-----w- c:\documents and settings\home\Application Data\Yahoo!
2009-07-07 20:03 . 2009-04-21 20:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-07-06 21:27 . 2009-07-06 21:16 -------- d-----w- c:\program files\Virgin Broadband
2009-07-06 21:26 . 2009-04-24 17:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Virgin Broadband
2009-07-05 20:22 . 2009-07-05 20:22 -------- d-----w- c:\documents and settings\home\Application Data\Apple Computer
2009-07-05 09:19 . 2009-07-05 09:19 0 ----a-w- c:\windows\nsreg.dat
2009-07-03 19:22 . 2009-04-18 07:35 -------- d-----w- c:\program files\FileZilla FTP Client
2009-07-03 17:09 . 2008-06-23 15:57 915456 ------w- c:\windows\system32\wininet.dll
2009-07-02 19:52 . 2009-07-02 19:52 -------- d-----w- c:\documents and settings\All Users\Application Data\hps
2009-07-02 18:24 . 2009-07-02 18:24 -------- d-----w- c:\program files\jessops
2009-06-30 19:12 . 2009-05-24 20:20 25512 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2009-06-30 19:12 . 2009-05-24 20:20 13224 ----a-w- c:\windows\system32\drivers\ggflt.sys
2009-06-22 17:11 . 2009-04-15 05:44 88984 ----a-w- c:\documents and settings\home\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-16 14:36 . 2008-04-14 00:42 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2008-04-14 00:41 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-12 12:31 . 2008-04-14 00:42 80896 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-12 12:31 . 2008-04-14 00:42 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:13 . 2008-04-14 00:41 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 08:19 . 2009-04-15 04:32 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:14 . 2008-04-14 00:42 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-06 20:33 . 2009-04-18 07:51 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-06-03 19:09 . 2008-04-14 00:42 1291264 ----a-w- c:\windows\system32\quartz.dll
.

(((((((((((((((((((((((((((((((((((((((((( SR_Search ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
------- Sigcheck -------

[-] 2008-08-29 22:15 1614848 362BC5AF8EAF712832C58CC13AE05750 c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-08-25_17.19.50 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-14 00:42 . 2009-07-14 11:03 46080 c:\windows\system32\tzchange.exe
+ 2009-08-25 19:46 . 2009-08-25 19:46 1271808 c:\windows\Installer\28018c.msi
+ 2009-04-24 16:55 . 2009-08-25 19:45 3705344 c:\windows\Downloaded Installations\{FA159870-93D0-4CE5-AAE5-6BB2E4E998BE}\3Com OfficeConnect Wireless Utility.msi
- 2009-04-24 16:55 . 2009-04-24 16:55 3705344 c:\windows\Downloaded Installations\{FA159870-93D0-4CE5-AAE5-6BB2E4E998BE}\3Com OfficeConnect Wireless Utility.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-07-02 393216]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"TuneUp MemOptimizer"="c:\program files\TuneUp Utilities 2009\MemOptimizer.exe" [2009-07-16 163144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VersatoMs"="c:\program files\MagicMus\MulMouse.exe" [2004-06-17 282624]
"Broadbandadvisor.exe"="c:\program files\Virgin Broadband\advisor\Broadbandadvisor.exe" [2009-05-27 2303216]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-07-09 520024]
"Wireless Manager"="c:\program files\Virgin Broadband Wireless\Wireless Manager.exe" [2008-05-26 585728]
"PRISMSVR.EXE"="c:\program files\3Com\3Com OfficeConnect Wireless Utility\3Com Wireless 11g PC Card\PRISMSVR.EXE" [2004-04-26 295001]

c:\documents and settings\home\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
3Com Wireless 11g PC Card.lnk - c:\program files\3Com\3Com OfficeConnect Wireless Utility\3Com Wireless 11g PC Card\Monitor.exe [2004-7-2 299008]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *\0lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"Nitro PDF Printer Monitor"="c:\program files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe"
"S3hotkey"=S3hotkey.exe
"S3TRAY2"=S3tray2.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [7/9/2009 6:52 PM 64160]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [8/22/2009 6:23 PM 28544]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [1/18/2009 10:34 PM 1029456]
R2 MUsbFltr;USB WTMouse Filter Service;c:\windows\system32\drivers\MUsbFltr.sys [6/6/2009 9:50 PM 6528]
R2 RadialpointSafeConnectAgent;Virgin Broadband PCguard SafeConnectAgent;c:\program files\Virgin Broadband\PCguard\SafeConnect\bin\SanaAgent.exe [11/14/2008 6:28 PM 4937752]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [7/7/2009 9:38 PM 604488]
R3 3C154G;3Com OfficeConnect 802.11g PC Card Driver;c:\windows\system32\drivers\3C154G72.sys [8/25/2009 8:47 PM 386432]
R3 CVIAAUD;Cnxt VIA 3D Environmental Audio;c:\windows\system32\drivers\cviaaud.sys [6/6/2009 9:48 PM 321472]
R3 CVIAHALA;CVIAHALA;c:\windows\system32\drivers\cviahal.sys [6/6/2009 9:48 PM 216608]
R3 HSFHWVIA;HSFHWVIA;c:\windows\system32\drivers\HSFHWVIA.sys [6/6/2009 9:49 PM 192768]
R3 Radialpoint Security Services;Virgin Broadband PCguard;c:\program files\Virgin Broadband\PCguard\RpsSecurityAwareR.exe [5/27/2009 1:10 PM 170736]
R3 RadialpointSafeConnectDriver;RadialpointSafeConnectDriver;c:\program files\Virgin Broadband\PCguard\SafeConnect\Driver\platform_XP\SafeConnectDriver.sys [11/14/2008 6:28 PM 161304]
R3 RadialpointSafeConnectFilter;RadialpointSafeConnectFilter;c:\program files\Virgin Broadband\PCguard\SafeConnect\Driver\platform_XP\SafeConnectFilter.sys [11/14/2008 6:28 PM 29720]
R3 RadialpointSafeConnectShim;RadialpointSafeConnectShim;c:\program files\Virgin Broadband\PCguard\SafeConnect\Driver\platform_XP\SafeConnectShim.sys [11/14/2008 6:28 PM 27376]
S2 AffinegyServiceAffinegyServiceAlerter;AffinegyService AffinegyServiceAffinegyServiceAlerter;c:\windows\TEMP\rdctgolvmt.exe service --> c:\windows\TEMP\rdctgolvmt.exe service [?]
S2 AffinegyServiceAlerter;AffinegyService AffinegyServiceAlerter;c:\windows\TEMP\pcmhfhurak.exe service --> c:\windows\TEMP\pcmhfhurak.exe service [?]
S2 kiqdb;kiqdb;c:\windows\system32\drivers\pkaj.sys --> c:\windows\system32\drivers\pkaj.sys [?]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [5/24/2009 9:20 PM 13224]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [5/8/2009 3:23 PM 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [5/8/2009 3:23 PM 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [5/8/2009 3:23 PM 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [5/8/2009 3:23 PM 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [5/8/2009 3:23 PM 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [5/8/2009 3:23 PM 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [5/8/2009 3:23 PM 115752]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [5/8/2009 3:23 PM 90408]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [5/8/2009 3:23 PM 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [5/8/2009 3:23 PM 122024]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [5/8/2009 3:23 PM 115368]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [5/8/2009 3:23 PM 25768]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [5/8/2009 3:23 PM 111784]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [5/8/2009 3:23 PM 117544]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\drivers\s115bus.sys [4/23/2007 1:54 PM 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\drivers\s115mdfl.sys [4/23/2007 1:54 PM 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\drivers\s115mdm.sys [4/23/2007 1:54 PM 108680]
S4 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe --> c:\program files\AskBarDis\bar\bin\AskService.exe [?]
S4 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe --> c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [?]
S4 PD91Agent;PD91Agent;c:\program files\Raxco\PerfectDisk2008\PD91Agent.exe [9/22/2008 4:58 PM 693512]
S4 PD91Engine;PD91Engine;c:\program files\Raxco\PerfectDisk2008\PD91Engine.exe [9/22/2008 4:58 PM 910600]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Nitro PDF Professional]
cscript //B "c:\program files\Nitro PDF\Professional\RemoveOldAddins.vbs"
.
Contents of the 'Scheduled Tasks' folder

2009-08-26 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-07-16 08:54]

2009-08-24 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 17:51]

2009-08-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-08-25 c:\windows\Tasks\User_Feed_Synchronization-{319BC319-DD29-46B2-AE61-ECC6F2186869}.job
- c:\windows\system32\msfeedssync.exe [2008-08-29 03:31]
.
.
------- Supplementary Scan -------
.
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab
FF - ProfilePath - c:\documents and settings\home\Application Data\Mozilla\Firefox\Profiles\k6bceon5.default\
FF - prefs.js: browser.startup.homepage - file:///C:/Documents%20and%20Settings/home/My%20Documents/homepage/Local%20Publish/index.html
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Virgin Broadband\advisor\nprpspa.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-26 21:21
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3196)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
Completion time: 2009-08-26 21:29
ComboFix-quarantined-files.txt 2009-08-26 20:29
ComboFix2.txt 2009-08-26 19:58
ComboFix3.txt 2009-08-25 17:28

Pre-Run: 68,911,489,024 bytes free
Post-Run: 68,897,652,736 bytes free

Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4
326 --- E O F --- 2009-08-26 02:00
 
I do not have the windows CD as it came pre-installed on my laptop.

You asked - "OK, no copy of sfcfiles.dll in system restore" - I did a 'search' of the C:\ drive and it only came up with the one occurrence. How do I check the system restore?

What is this sfcfiles.dll ..?
 
Combofix checked it for you already :) Are you maybe able to borrow windows CD from someone?

Here is some information about it; it is pretty important windows file which doesn't appear to be original one.
 
I will see if I can borrow one from work today. If they wont let me take the CD away with me, would it be sufficient to copy that particular file from the CD onto a memory stick..?
 
In theory yes but replacing it might not be that easy.

So CD is recommended option.
 
I could not get hold of a CD today, but I managed to find the original system restore discs. I think these are intended to rebuild the system but will reformat the hard drive.

Should I try and search the discs for the dll file?
 
You must log in or register to reply here.
Back
Top