Ok combo fix completed and deleted a few things.
Log attached....
ComboFix 09-06-16.02 - Andy 17/06/2009 8:28.1 - NTFSx86
Microsoft® Windows Vista™ Business 6.0.6001.1.1252.44.1033.18.2046.971 [GMT 4:00]
Running from: c:\users\Andy\Desktop\comfxx.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\Andy\AppData\Roaming\EurekaLog
c:\users\Andy\AppData\Roaming\EurekaLog\EurekaLog.ini
C:\Autorun.inf
c:\users\Andy\AppData\Local\Temp\install_flash_player.exe
c:\windows\system32\drivers\gxvxcwsbcydviphienliqxboptqetyntsepku.sys
c:\windows\system32\gxvxccount
c:\windows\system32\gxvxcnjfcurigtufdpgckpnkcphikmjbevbru.dll
c:\windows\system32\gxvxcoemsxrcwuqtnfqvdoruwnrxmkqycpavr.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_GXVXCSERV.SYS
((((((((((((((((((((((((( Files Created from 2009-05-17 to 2009-06-17 )))))))))))))))))))))))))))))))
.
2009-06-17 04:37 . 2009-06-17 04:38 -------- d-----w- c:\users\Andy\AppData\Local\temp
2009-06-15 17:21 . 2009-06-15 17:21 -------- d-----w- c:\program files\SB
2009-06-15 13:15 . 2009-06-15 13:15 262144 ----a-w- C:\ntuser.dat
2009-06-15 12:50 . 2008-06-19 13:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-06-15 12:48 . 2009-06-15 12:48 -------- d-----w- c:\program files\Panda Security
2009-06-15 11:58 . 2009-06-15 11:58 -------- d-----w- c:\program files\Trend Micro
2009-06-15 09:32 . 2008-10-22 12:10 15504 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-15 09:32 . 2008-10-22 12:10 38496 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-15 09:32 . 2009-06-15 09:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-15 09:17 . 2009-06-15 09:19 -------- d-----w- c:\users\Andy\.housecall6.6
2009-06-08 06:27 . 2009-06-08 06:27 163601 ----a-w- c:\windows\XHeader Bonus Download Uninstaller.exe
2009-06-08 06:23 . 2009-06-08 12:49 -------- d-----w- c:\users\Andy\AppData\Local\xheader-data
2009-06-08 06:23 . 2009-06-08 06:23 203086 ----a-w- c:\windows\XHeader Uninstaller.exe
2009-06-08 06:23 . 2009-06-08 06:23 -------- d-----w- c:\program files\XHeader
2009-06-08 06:23 . 2009-06-08 06:23 -------- d-----w- c:\program files\Common Files\Thraex Software
2009-06-01 18:13 . 2009-06-01 18:13 33840 ----a-w- c:\windows\system32\drivers\hssdrv.sys
2009-06-01 12:26 . 2009-06-01 12:26 -------- d-----w- c:\program files\OpenVPN
2009-05-31 14:22 . 2009-05-31 14:22 0 ----a-w- c:\windows\system32\cd.dat
2009-05-25 15:07 . 2009-05-25 15:07 -------- d-----w- C:\Hotspot Shield
2009-05-19 13:18 . 2009-02-13 08:49 1255936 ----a-w- c:\windows\system32\lsasrv.dll
2009-05-19 13:18 . 2009-03-17 03:38 13824 ----a-w- c:\windows\system32\apilogen.dll
2009-05-19 13:18 . 2009-03-17 03:38 24064 ----a-w- c:\windows\system32\amxread.dll
2009-05-19 13:18 . 2009-02-13 08:49 72704 ----a-w- c:\windows\system32\secur32.dll
2009-05-19 13:18 . 2008-12-06 04:42 376832 ----a-w- c:\windows\system32\winhttp.dll
2009-05-19 13:18 . 2008-06-06 03:27 38912 ----a-w- c:\windows\system32\xolehlp.dll
2009-05-19 13:18 . 2008-06-06 03:27 562176 ----a-w- c:\windows\system32\msdtcprx.dll
2009-05-19 13:18 . 2009-02-09 03:10 2033152 ----a-w- c:\windows\system32\win32k.sys
2009-05-19 13:18 . 2008-11-27 04:43 268288 ----a-w- c:\windows\system32\schannel.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-17 04:26 . 2008-01-07 23:00 12 ----a-w- c:\windows\bthservsdp.dat
2009-06-17 04:26 . 2008-08-25 16:46 -------- d-----w- c:\users\Andy\AppData\Roaming\DNA
2009-06-16 13:51 . 2008-08-25 16:46 -------- d-----w- c:\users\Andy\AppData\Roaming\BitTorrent
2009-06-16 08:21 . 2009-01-30 09:46 -------- d-----w- c:\program files\Micro Niche Finder
2009-06-15 17:21 . 2008-07-03 07:27 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-06-15 17:13 . 2008-07-03 07:27 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-15 13:31 . 2008-07-02 16:27 187328 ----a-w- c:\users\Andy\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-15 13:15 . 2008-01-07 23:22 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-15 13:08 . 2009-05-15 07:38 53319 ----a-w- c:\programdata\TEMP\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\PostBuild.exe
2009-06-14 06:24 . 2009-03-02 08:51 -------- d-----w- c:\users\Andy\AppData\Roaming\Serif
2009-06-14 06:08 . 2009-03-02 15:34 -------- d-----w- c:\program files\Serif
2009-06-09 10:01 . 2009-03-29 13:04 -------- d-----w- c:\users\Andy\AppData\Roaming\HAPedit
2009-06-04 07:29 . 2008-07-04 06:56 -------- d-----w- c:\programdata\Roxio
2009-06-03 16:55 . 2008-07-28 02:14 -------- d-----w- c:\program files\Hotspot Shield
2009-06-03 16:53 . 2009-01-13 06:58 -------- d-----w- c:\users\Andy\AppData\Roaming\Skype
2009-06-03 16:19 . 2009-01-13 07:02 -------- d-----w- c:\users\Andy\AppData\Roaming\skypePM
2009-05-31 05:12 . 2008-02-22 09:17 -------- d-----w- c:\programdata\Microsoft Help
2009-05-31 04:37 . 2008-12-08 05:13 -------- d-----w- c:\users\Andy\AppData\Roaming\My Games
2009-05-19 11:05 . 2008-02-22 09:21 -------- d-----w- c:\program files\Common Files\Adobe
2009-05-15 07:52 . 2009-05-15 07:46 -------- d-----w- c:\users\Andy\AppData\Roaming\CyberLink
2009-05-15 07:40 . 2009-05-15 07:40 -------- d-----w- c:\program files\Common Files\CyberLink
2009-05-15 07:37 . 2009-05-15 07:38 29480 ----a-w- c:\windows\system32\msxml3a.dll
2009-05-15 04:39 . 2008-10-08 15:56 -------- d-----w- c:\program files\PokerStars
2009-05-06 07:48 . 2009-05-06 07:48 26694 ----a-r- c:\users\Andy\AppData\Roaming\Microsoft\Installer\{194BFA8B-8ABF-43F4-A4B5-A38F6B21C3C2}\_42307eb7.exe
2009-05-06 07:48 . 2009-05-06 07:48 26694 ----a-r- c:\users\Andy\AppData\Roaming\Microsoft\Installer\{194BFA8B-8ABF-43F4-A4B5-A38F6B21C3C2}\_366b66c4.exe
2009-05-06 07:47 . 2008-11-20 10:33 -------- d-----w- c:\program files\Google
2009-04-24 06:32 . 2009-04-09 09:49 -------- d-----w- c:\program files\Etisalat 3.5G Router
2009-04-07 07:18 . 2008-07-02 16:27 1356 ----a-w- c:\users\Andy\AppData\Local\d3d9caps.dat
2009-03-23 13:42 . 2009-03-23 13:42 124168 ----a-w- c:\windows\system32\WPPFilt.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2008-11-29 12:33 204248 ----a-w- c:\program files\Hotspot Shield\HssIE\HssIE.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-06-06 07:16 2955264 ----a-w- c:\program files\Protector Suite QL\farchns.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-06-06 07:16 2955264 ----a-w- c:\program files\Protector Suite QL\farchns.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"NSUFloatingUI"="c:\program files\Sony\Network Utility\LANUtil.exe" [2007-12-12 253952]
"BitTorrent DNA"="c:\users\Andy\Program Files\DNA\btdna.exe" [2008-12-20 342848]
"Google Update"="c:\users\Andy\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-04-28 133104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2008-10-22 399504]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-10-30 748072]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-06-06 07:03 90112 ----a-w- c:\windows\System32\psqlpwd.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-08-15 04:05 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{2FAF1869-0E79-47F0-9D6B-CC818E8A5917}"= Disabled:UDP:c:\program files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{A41470D1-2E04-4C1B-AA85-5789A3FCD6F2}"= Disabled:TCP:c:\program files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{DBBE6670-36F6-4B50-A107-54F728680C69}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{CA0F7CB1-E4EB-403F-BA0E-3B77CCAAC454}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{55DE0570-C2AA-4B28-9556-5619CF4C2E2F}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{6F598686-098D-433A-BECF-44A08414CD87}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"TCP Query User{93FB9604-DCB4-4758-BB17-AE30FA340DFB}c:\\program files\\dap\\dap.exe"= UDP:c:\program files\dap\dap.exe:Download Accelerator Plus (DAP)
"UDP Query User{93706FBD-6D6D-44CF-9363-F9EE31D25C31}c:\\program files\\dap\\dap.exe"= TCP:c:\program files\dap\dap.exe:Download Accelerator Plus (DAP)
"{A3C8153E-F1CE-41B0-B00B-91007E26E4BA}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{B84A7B83-C596-49AB-B54C-E58C4F11A30E}"= UDP:c:\program files\Sony\VAIO Media Integrated Server\VMISrv.exe:[VAIO Media] Integrated Server
"{6F11D133-759A-4F4B-A98F-7E00E465123B}"= TCP:c:\program files\Sony\VAIO Media Integrated Server\VMISrv.exe:[VAIO Media] Integrated Server
"{5A204EB9-D790-4903-8173-330D850C0271}"= UDP:c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe:[VAIO Media] HTTP Server
"{79FFC862-59D8-447C-B3DD-8E14F9A76167}"= TCP:c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe:[VAIO Media] HTTP Server
"{FC841F74-8612-400B-A1A5-12A42AFC365B}"= UDP:c:\program files\Sony\VAIO Media Integrated Server\UCLS.exe:[VAIO Media] Content Collection
"{E1A5E4F1-B069-4B58-9F04-FF102996D8C6}"= TCP:c:\program files\Sony\VAIO Media Integrated Server\UCLS.exe:[VAIO Media] Content Collection
"{5531D741-7FA6-4032-BDD5-EC717A8DBF8C}"= UDP:c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe:[VAIO Media] UPnP Server
"{6C38B1A8-4CF6-4696-B40C-4A2FE4917FE3}"= TCP:c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe:[VAIO Media] UPnP Server
"{ACD4948A-1C9B-472C-9946-12BB5A320283}"= UDP:c:\program files\Sony\VAIO Media Integrated Server\Platform\VmServerSettings.exe:[VAIO Media] SNAC Server
"{BBE47970-E836-4281-9F43-93DD1E608E45}"= TCP:c:\program files\Sony\VAIO Media Integrated Server\Platform\VmServerSettings.exe:[VAIO Media] SNAC Server
"TCP Query User{8BF2D0FD-7C11-4B36-A5FB-81D9CF23342A}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{D02D7CAA-92D5-488A-9816-A7D49D897728}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"{FA388117-414B-41B3-9799-B87AB9E01C4E}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{4791622C-2FCC-4C74-BE27-EDC0B8ED14AC}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
"TCP Query User{7A1FF285-C8EB-419E-B80B-36245F3D7456}c:\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\program files\bittorrent\bittorrent.exe:µTorrent
"UDP Query User{43E7AAF7-BC42-4BE9-81D0-00B92D3F8AE3}c:\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\program files\bittorrent\bittorrent.exe:µTorrent
"TCP Query User{419B887B-1714-4115-8D27-CD7C8A7A0105}c:\\users\\andy\\program files\\dna\\btdna.exe"= UDP:c:\users\andy\program files\dna\btdna.exe:btdna.exe
"UDP Query User{73565457-7578-47E4-8C48-B043EBBFFF9E}c:\\users\\andy\\program files\\dna\\btdna.exe"= TCP:c:\users\andy\program files\dna\btdna.exe:btdna.exe
"TCP Query User{BBC289DB-56EB-4486-8839-4812F3E17605}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus
"UDP Query User{3B14DBBF-7ADD-4427-B329-AFF3EC5C00AE}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus
"TCP Query User{0871E9C7-348B-4941-9CD1-6519AA4D6C19}c:\\program files\\sopcast\\sopcast.exe"= UDP:c:\program files\sopcast\sopcast.exe:SopCast Main Application
"UDP Query User{7E36FD87-DF17-4A2F-892E-14F1E5C7ACA5}c:\\program files\\sopcast\\sopcast.exe"= TCP:c:\program files\sopcast\sopcast.exe:SopCast Main Application
"TCP Query User{39B6962A-8ECB-416C-88C4-B70D7E96DC25}c:\\program files\\sopcast\\adv\\sopadver.exe"= UDP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"UDP Query User{70F7DEF6-07BE-45FB-8416-AA6FCBBE97D8}c:\\program files\\sopcast\\adv\\sopadver.exe"= TCP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"{62B63088-5D27-4BA6-9017-EA9968B4E742}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{08D6B501-D417-4659-8889-4C719F32D5F2}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{C40E8A51-B0D6-4CCC-A03B-26C902A1FE38}c:\\program files\\ghostsurf 2005\\proxy.exe"= UDP:c:\program files\ghostsurf 2005\proxy.exe:GhostSurf proxy
"UDP Query User{D0B38973-5A48-45D8-88BF-D38D9CA7631A}c:\\program files\\ghostsurf 2005\\proxy.exe"= TCP:c:\program files\ghostsurf 2005\proxy.exe:GhostSurf proxy
"{12AA7FCB-F8B1-4EAF-A501-1BC046FF3E75}"= Disabled:UDP:e:\setup\HPZNUI01.EXE:hpznui01.exe
"{71093ECC-C6FC-47D2-88E1-0875C206AF7D}"= Disabled:TCP:e:\setup\HPZNUI01.EXE:hpznui01.exe
"{47ECCF69-84A1-4386-AD79-A5BEEC5412E7}"= UDP:c:\program files\DNA\btdna.exe:DNA
"{C4507CD1-9246-47D9-9703-E9DC3FA781E0}"= TCP:c:\program files\DNA\btdna.exe:DNA
"{AA031398-B5AA-4F4A-BDA2-AA29D154E0C3}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{A31222CC-0FD5-4AB3-B26D-056A23E9C900}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{8676DA40-AECC-40C3-B4C1-A9EA65942362}c:\\users\\andy\\program files\\dna\\btdna.exe"= UDP:c:\users\andy\program files\dna\btdna.exe:btdna.exe
"UDP Query User{8AF50B7B-3CCA-4980-BEF7-ACFFE8B9B6AF}c:\\users\\andy\\program files\\dna\\btdna.exe"= TCP:c:\users\andy\program files\dna\btdna.exe:btdna.exe
"{BABF0FF8-B4B0-4BFC-BEE5-722715ECDEA0}"= UDP:c:\users\Andy\AppData\Local\Temp\hpdiu2\HPDIU\HPDIUNetwork.exe:HP Networked Printer Installer
"{1CCB7E98-51B9-47F4-BF8C-684D323D22A0}"= TCP:c:\users\Andy\AppData\Local\Temp\hpdiu2\HPDIU\HPDIUNetwork.exe:HP Networked Printer Installer
"{F79F4262-8EC9-4252-8564-81B43D7725EE}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{72D14792-31A3-4C55-A25D-C4799016654B}"= Disabled:UDp:\\sysabudhabi\Public\SOFTWARE\Drivers\HP C7100 Series Vista\AIO_CDA_Full_Net (E)\setup\hpznui01.exe:hpznui01.exe
"{A3625C6E-57F8-4DA4-91C7-E9DCB0924222}"= Disabled:TCp:\\sysabudhabi\Public\SOFTWARE\Drivers\HP C7100 Series Vista\AIO_CDA_Full_Net (E)\setup\hpznui01.exe:hpznui01.exe
"TCP Query User{206F5425-353B-4405-8628-017050906D4F}c:\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
"UDP Query User{9D03E802-2E84-437D-A476-6A213D9004C5}c:\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
"{7E0FD9A9-6966-40D0-A41B-BEE652C9232C}"= UDP:5353:Adobe CSI CS4
"{0C4AEE7A-2CA7-4E35-A123-B8B87236500F}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{373C5721-A108-4DE8-9756-C21A49E649A0}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"TCP Query User{AB4DD3D1-8BB3-44D8-8775-BF30EE4C8BCF}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= UDP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"UDP Query User{EEAAC290-F25D-48A5-99F1-F9072A4E09EC}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= TCP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"{C8CA989F-1EC0-4498-B9B6-EC01EDB9342F}"= UDP:5353:Adobe CSI CS4
"{489559A5-F911-463F-9727-EB6D4F4CBE77}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{19517C65-B9EE-4717-90F6-D26DCB79971E}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"TCP Query User{D3EC52B3-5587-497A-929A-4BC2DEE025B4}c:\\program files\\micro niche finder\\microniche.exe"= UDP:c:\program files\micro niche finder\microniche.exe: Micro Niche Finder
"UDP Query User{E8B61233-7E86-4968-B49F-1C0EA59EDE68}c:\\program files\\micro niche finder\\microniche.exe"= TCP:c:\program files\micro niche finder\microniche.exe: Micro Niche Finder
"TCP Query User{5FE54305-80E2-4B12-80C1-D6FE3172D5D0}c:\\program files\\sopcast\\adv\\sopadver.exe"= UDP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"UDP Query User{09C56F8D-30D5-41E9-9C6A-14C2E1C00A1F}c:\\program files\\sopcast\\adv\\sopadver.exe"= TCP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"TCP Query User{B9E288A4-8B7C-46B6-96D3-EFCE78CEF018}c:\\program files\\sopcast\\sopcast.exe"= UDP:c:\program files\sopcast\sopcast.exe:SopCast Main Application
"UDP Query User{43A368FC-7493-40B3-B0C1-D407AA4EFE5D}c:\\program files\\sopcast\\sopcast.exe"= TCP:c:\program files\sopcast\sopcast.exe:SopCast Main Application
"TCP Query User{2B9C88C9-0C05-4751-99FE-E06D10B97FDE}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{B87C723F-6129-4AB4-A655-7EF1BEF68B18}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{CBC36D5E-F821-41EA-97FD-0D215E3909B7}c:\\program files\\serif\\webplus\\x2\\program\\webplus.exe"= UDP:c:\program files\serif\webplus\x2\program\webplus.exe:Serif WebPlus X2
"UDP Query User{B7ED369F-D79D-4789-B7AD-5BE6189B38ED}c:\\program files\\serif\\webplus\\x2\\program\\webplus.exe"= TCP:c:\program files\serif\webplus\x2\program\webplus.exe:Serif WebPlus X2
"TCP Query User{54A569FA-056D-4094-B43A-02ED332132A4}c:\\program files\\serif\\webplus\\x2\\program\\webplus.exe"= UDP:c:\program files\serif\webplus\x2\program\webplus.exe:Serif WebPlus X2
"UDP Query User{7A2C4B55-339C-492D-9938-FCC9A673E70E}c:\\program files\\serif\\webplus\\x2\\program\\webplus.exe"= TCP:c:\program files\serif\webplus\x2\program\webplus.exe:Serif WebPlus X2
"TCP Query User{C96F99F2-2042-49EE-B882-0F13DA7991B3}c:\\users\\andy\\desktop\\hapedit\\hapedit.exe"= UDP:c:\users\andy\desktop\hapedit\hapedit.exe:hapedit.exe
"UDP Query User{1F2C338D-2F8C-4E1E-88C8-C950B9504CC8}c:\\users\\andy\\desktop\\hapedit\\hapedit.exe"= TCP:c:\users\andy\desktop\hapedit\hapedit.exe:hapedit.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
R0 pavboot;pavboot;c:\windows\System32\drivers\pavboot.sys [15/06/2009 16:50 28544]
R0 shpf;Sony HDD Protection Filter Driver;c:\windows\System32\drivers\shpf.sys [08/01/2008 01:37 21408]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [11/09/2007 00:45 124832]
R2 HssSrv;Hotspot Shield Routing Service;c:\program files\Hotspot Shield\HssWPR\hsssrv.exe [01/06/2009 22:13 331312]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [15/06/2009 13:32 170640]
R2 Micro Niche Finder Background Download Service;Micro Niche Finder Background Download Service;c:\program files\Micro Niche Finder\srvany.exe [19/04/2009 11:20 8192]
R2 NSUService;NSUService;c:\program files\Sony\Network Utility\NSUService.exe [22/02/2008 13:47 204800]
R2 uCamMonitor;CamMonitor;c:\program files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe [22/02/2008 13:38 125440]
R2 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\Sony\VAIO Media Integrated Server\UCLS.exe [22/02/2008 13:29 745472]
R2 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [22/02/2008 13:29 397312]
R2 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [22/02/2008 13:29 1089536]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\System32\drivers\ArcSoftKsUFilter.sys [22/02/2008 13:38 17920]
R3 MBAMProtector;MBAMProtector;c:\windows\System32\drivers\mbam.sys [15/06/2009 13:32 15504]
R3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\System32\drivers\R5U870FLx86.sys [08/01/2008 01:37 75392]
R3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\System32\drivers\R5U870FUx86.sys [08/01/2008 01:37 43904]
R3 SFEP;Sony Firmware Extension Parser;c:\windows\System32\drivers\SFEP.sys [08/01/2008 01:37 9344]
R3 SPI;Sony Programmable I/O Control Device;c:\windows\System32\drivers\SonyPI.sys [08/01/2008 01:37 14720]
R3 SSLDrv;SSL-VPN NetExtender Adapter;c:\windows\System32\drivers\SSLDrv.sys [04/02/2008 16:46 20504]
R3 tap0901;TAP-Win32 Adapter V9;c:\windows\System32\drivers\tap0901.sys [19/11/2008 22:22 25216]
R3 ti21sony;ti21sony;c:\windows\System32\drivers\ti21sony.sys [08/01/2008 01:37 812544]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\System32\drivers\btwl2cap.sys [08/01/2008 03:26 28464]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [11/11/2008 17:29 33752]
S3 HssTrayService;Hotspot Shield Tray Service;c:\program files\Hotspot Shield\bin\HssTrayService.exe [01/06/2009 22:58 34352]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [22/02/2008 13:42 292128]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [22/02/2008 13:42 79136]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-06-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2639940613-146822564-1301777117-1003.job
- c:\users\Andy\AppData\Local\Google\Update\GoogleUpdate.exe [2009-04-28 12:29]
2009-06-17 c:\windows\Tasks\User_Feed_Synchronization-{24543016-E3FC-4C9B-9769-75369AA17F83}.job
- c:\windows\system32\msfeedssync.exe [2009-05-18 11:31]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-AdobeBridge - (no file)
HKLM-Run-Malwarebytes Anti-Malware (reboot) - c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyServer = %3clocal%3e:80
uInternet Settings,ProxyOverride = <local>
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: sonicwall.com\sslvpn
Trusted Zone: systechgroup.net\ssl
TCP: {5FD2BAA1-9CD7-4CDB-B32F-B18FC8F66C79} = 10.16.128.1
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
FF - ProfilePath - c:\users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\f07zv1ww.default\
FF - prefs.js: browser.startup.homepage -
www.google.co.uk
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\users\Andy\AppData\Local\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\users\Andy\Program Files\DNA\plugins\npbtdna.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2009-06-17 08:38
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-2639940613-146822564-1301777117-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8F44A93C-4632-6C8F-5711-0C66DC8FBFA9}*]
@Allowed: (Read) (RestrictedCode)
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\
0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\
0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(624)
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\homefus2.dll
c:\program files\Protector Suite QL\infra.dll
.
Completion time: 2009-06-17 8:40
ComboFix-quarantined-files.txt 2009-06-17 04:39
Pre-Run: 123,816,755,200 bytes free
Post-Run: 124,133,556,224 bytes free
301 --- E O F --- 2009-05-19 13:20