System Security 4.51 removal help

Please help! I've tried many different ways to remove this virus & the response is always "application cannot be executed. file is infected" I can't use HijakThis, it's the same message bubble. Any help would be great!

Please download the current version of HijackThis from HERE

• Double click and run the installer.
  
• It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  
• After installing, you should get the user agreement, press accept and Hijack This will run.
  
• Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.
  

Thank you for your help, I tried to download it, it says the file is infected

Hello are you able to download HijackThis?

Hi,
no, the comment bubble says it's infected

Try to download Hijackthis from here:

http://www.mediafire.com/download.php?momvgwttid4

I tried, same thing "application cannot be executed. file is infected"

Can you try to run ComboFix in Safe Mode? Restart your computer-->As as it starts to boot keep hitting the F8 key until you get to a screen that has various options, choose Safe Mode with Networking, Then run ComboFix and post the contents of the log back here.

• Download combofix from here
  Link 1
  Link 2
  

1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to Combo-Fix as follows:





3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. We need to disable your local AV (Anti-virus) before running Combofix.
See HERE for how to disable your AV..

• Double click on ComboFix.exe.
  
• Follow the prompts. NOTE:
  
• ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
  ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
  
• Allow combofix to run
  
• Post C:combofix.txt back here.
  
  Note:
  Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  

Here you go!

c:\documents and settings\All Users\Application Data\11764814
c:\documents and settings\All Users\Application Data\11764814\11764814.exe
c:\documents and settings\All Users\Application Data\11764814\11764814.glu
c:\documents and settings\All Users\Application Data\11764814\pc11764814cnf
c:\documents and settings\All Users\Application Data\11764814\pc11764814ins
c:\windows\ieocx.dll
c:\windows\system32\drivers\UACpxbxnnkhbobquwb.sys
c:\windows\system32\UACdoyeljcerkrbltn.log
c:\windows\system32\UACfavyqotbuipiclp.dll
c:\windows\system32\UACigrkuqqjvyiduyy.dll
c:\windows\system32\uacinit.dll
c:\windows\system32\UACksefwomcjmtltxd.dat
c:\windows\system32\UACmlgetndjgewhorp.dll
c:\windows\system32\UACpjyuhrhcxeyrvkg.dll
c:\windows\system32\UACsnomtjnnedwagea.log
c:\windows\system32\UACtagjukfpvjlqgwx.log
c:\windows\system32\UACulkmxfakrvesodo.dll

Drivers/Services

-------\Service_UACd.sys


Files Created from 2009-04-28 to 2009-05-28

2009-05-26 23:04 . 2009-05-26 23:04 -------- d-sh--w c:\windows\system32\config\systemprofile\IETldCache
2009-05-26 05:48 . 2009-05-26 05:48 -------- d-----w c:\windows\McAfee.com
2009-05-24 17:30 . 2009-05-24 17:30 -------- d-----w c:\windows\system32\scripting
2009-05-24 17:30 . 2009-05-24 17:30 -------- d-----w c:\windows\l2schemas
2009-05-24 17:30 . 2009-05-24 17:30 -------- d-----w c:\windows\system32\en
2009-05-24 17:30 . 2009-05-24 17:30 -------- d-----w c:\windows\system32\bits
2009-05-24 17:27 . 2009-05-24 17:27 -------- d-----w c:\windows\ServicePackFiles
2009-05-24 03:02 . 2009-05-24 03:02 194 ----a-w c:\documents and settings\Administrator\Application Data\asd.bat

Find3M Report

2009-05-28 00:13 . 2008-11-23 05:37 -------- d-----w c:\program files\Common Files\Akamai
2009-05-26 22:47 . 2006-03-30 06:44 29304 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-24 17:33 . 2006-01-26 18:41 87263 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-22 05:57 . 2009-01-22 04:12 -------- d-----w c:\documents and settings\Administrator\Application Data\Azureus
2009-05-22 00:36 . 2009-01-18 06:27 -------- d-----w c:\program files\V CAST Music with Rhapsody
2009-05-22 00:15 . 2009-01-22 04:11 -------- d-----w c:\program files\Vuze
2009-04-09 14:47 . 2009-04-09 14:47 -------- d-----w c:\program files\Microsoft Silverlight
2009-03-08 11:34 . 2004-08-04 12:00 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 11:34 . 2004-08-04 12:00 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 11:33 . 2004-08-04 12:00 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 11:33 . 2004-08-04 12:00 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 11:32 . 2004-08-04 12:00 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 11:32 . 2004-08-04 12:00 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 11:31 . 2004-08-04 12:00 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 11:31 . 2004-08-04 12:00 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 11:31 . 2004-08-04 12:00 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 11:22 . 2004-08-04 12:00 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-06 14:22 . 2004-08-04 12:00 284160 ----a-w c:\windows\system32\pdh.dll

Reg Loading Points

*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-12-10 02:40 333192 ----a-w c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-31 313472]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-19 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-06-11 339968]
"PRONoMgr.exe"="c:\program files\Intel\NCS\PROSet\PRONoMgr.exe" [2003-05-29 86016]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 49152]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-02 289576]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-5-12 73728]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2001-6-5 65588]
Varian, Inc. VPN Client.lnk - c:\program files\Cisco Systems\VPN\vpngui.exe [2006-1-26 1454143]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
2004-01-12 14:55 110592 ----a-w c:\windows\system32\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"="1"
"UpdatesDisableNotify"="1"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Xenocode\\ApplianceCaches\\KumaClient.exe_v4B8EBC79\\Native\\STUBEXE\\@PROGRAMFILES@\\Kuma Games\\Kuma.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:blizz download
"6118:TCP"= 6118:TCP:blizz download 2
"9420:TCP"= 9420:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
"1702:TCP"= 1702:TCP:Akamai NetSession Interface
"1038:TCP"= 1038:TCP:Akamai NetSession Interface
"1102:TCP"= 1102:TCP:Akamai NetSession Interface
"1091:TCP"= 1091:TCP:Akamai NetSession Interface
"2249:TCP"= 2249:TCP:Akamai NetSession Interface
"1077:TCP"= 1077:TCP:Akamai NetSession Interface
"1094:TCP"= 1094:TCP:Akamai NetSession Interface
"1093:TCP"= 1093:TCP:Akamai NetSession Interface
"1040:TCP"= 1040:TCP:Akamai NetSession Interface
"1088:TCP"= 1088:TCP:Akamai NetSession Interface
"1357:TCP"= 1357:TCP:Akamai NetSession Interface
"1039:TCP"= 1039:TCP:Akamai NetSession Interface
"1090:TCP"= 1090:TCP:Akamai NetSession Interface
"1049:TCP"= 1049:TCP:Akamai NetSession Interface
"1082:TCP"= 1082:TCP:Akamai NetSession Interface
"1092:TCP"= 1092:TCP:Akamai NetSession Interface
"1078:TCP"= 1078:TCP:Akamai NetSession Interface
"1085:TCP"= 1085:TCP:Akamai NetSession Interface
"1101:TCP"= 1101:TCP:Akamai NetSession Interface
"1108:TCP"= 1108:TCP:Akamai NetSession Interface
"1079:TCP"= 1079:TCP:Akamai NetSession Interface
"1080:TCP"= 1080:TCP:Akamai NetSession Interface
"1071:TCP"= 1071:TCP:Akamai NetSession Interface
"1070:TCP"= 1070:TCP:Akamai NetSession Interface
"1074:TCP"= 1074:TCP:Akamai NetSession Interface
"1548:TCP"= 1548:TCP:Akamai NetSession Interface
"1635:TCP"= 1635:TCP:Akamai NetSession Interface
"1114:TCP"= 1114:TCP:Akamai NetSession Interface
"1182:TCP"= 1182:TCP:Akamai NetSession Interface
"1103:TCP"= 1103:TCP:Akamai NetSession Interface
"1115:TCP"= 1115:TCP:Akamai NetSession Interface
"1119:TCP"= 1119:TCP:Akamai NetSession Interface
"1042:TCP"= 1042:TCP:Akamai NetSession Interface
"1087:TCP"= 1087:TCP:Akamai NetSession Interface
"1089:TCP"= 1089:TCP:Akamai NetSession Interface
"1067:TCP"= 1067:TCP:Akamai NetSession Interface
"1068:TCP"= 1068:TCP:Akamai NetSession Interface
"1065:TCP"= 1065:TCP:Akamai NetSession Interface
"1064:TCP"= 1064:TCP:Akamai NetSession Interface
"1055:TCP"= 1055:TCP:Akamai NetSession Interface
"1780:TCP"= 1780:TCP:Akamai NetSession Interface
"1809:TCP"= 1809:TCP:Akamai NetSession Interface
"1054:TCP"= 1054:TCP:Akamai NetSession Interface
"1053:TCP"= 1053:TCP:Akamai NetSession Interface
"1063:TCP"= 1063:TCP:Akamai NetSession Interface
"1069:TCP"= 1069:TCP:Akamai NetSession Interface
"1062:TCP"= 1062:TCP:Akamai NetSession Interface
"1073:TCP"= 1073:TCP:Akamai NetSession Interface
"1081:TCP"= 1081:TCP:Akamai NetSession Interface
"1066:TCP"= 1066:TCP:Akamai NetSession Interface
"1111:TCP"= 1111:TCP:Akamai NetSession Interface
"1061:TCP"= 1061:TCP:Akamai NetSession Interface
"2230:TCP"= 2230:TCP:Akamai NetSession Interface
"2637:TCP"= 2637:TCP:Akamai NetSession Interface
"1035:TCP"= 1035:TCP:Akamai NetSession Interface
"1072:TCP"= 1072:TCP:Akamai NetSession Interface
"1052:TCP"= 1052:TCP:Akamai NetSession Interface
"1060:TCP"= 1060:TCP:Akamai NetSession Interface
"1550:TCP"= 1550:TCP:Akamai NetSession Interface
"1037:TCP"= 1037:TCP:Akamai NetSession Interface
"2146:TCP"= 2146:TCP:Akamai NetSession Interface
"1076:TCP"= 1076:TCP:Akamai NetSession Interface
"1100:TCP"= 1100:TCP:Akamai NetSession Interface
"1084:TCP"= 1084:TCP:Akamai NetSession Interface
"1095:TCP"= 1095:TCP:Akamai NetSession Interface
"1086:TCP"= 1086:TCP:Akamai NetSession Interface
"1832:TCP"= 1832:TCP:Akamai NetSession Interface
"1876:TCP"= 1876:TCP:Akamai NetSession Interface
"1930:TCP"= 1930:TCP:Akamai NetSession Interface
"1289:TCP"= 1289:TCP:Akamai NetSession Interface
"1075:TCP"= 1075:TCP:Akamai NetSession Interface
"1097:TCP"= 1097:TCP:Akamai NetSession Interface
"1173:TCP"= 1173:TCP:Akamai NetSession Interface
"1414:TCP"= 1414:TCP:Akamai NetSession Interface
"1050:TCP"= 1050:TCP:Akamai NetSession Interface
"1048:TCP"= 1048:TCP:Akamai NetSession Interface
"2086:TCP"= 2086:TCP:Akamai NetSession Interface
"2093:TCP"= 2093:TCP:Akamai NetSession Interface
"2336:TCP"= 2336:TCP:Akamai NetSession Interface
"2344:TCP"= 2344:TCP:Akamai NetSession Interface
"2352:TCP"= 2352:TCP:Akamai NetSession Interface
"2662:TCP"= 2662:TCP:Akamai NetSession Interface
"1113:TCP"= 1113:TCP:Akamai NetSession Interface
"1196:TCP"= 1196:TCP:Akamai NetSession Interface
"4607:TCP"= 4607:TCP:Akamai NetSession Interface
"4756:TCP"= 4756:TCP:Akamai NetSession Interface
"1613:TCP"= 1613:TCP:Akamai NetSession Interface
"1044:TCP"= 1044:TCP:Akamai NetSession Interface
"1312:TCP"= 1312:TCP:Akamai NetSession Interface
"1153:TCP"= 1153:TCP:Akamai NetSession Interface
"1124:TCP"= 1124:TCP:Akamai NetSession Interface
"4489:TCP"= 4489:TCP:Akamai NetSession Interface

S2 Akamai;Akamai;c:\windows\System32\svchost.exe -k Akamai [8/4/2004 5:00 AM 14336]
S2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [1/21/2009 9:12 PM 464264]
S2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [1/21/2009 9:12 PM 234888]
S2 FlipShare Service;FlipShare Service;c:\program files\Pure Digital Technologies\FlipShare\FlipShareService.exe [10/5/2008 2:55 PM 439616]
S3 OZSCR;O2Micro SmartCardBus Smartcard Reader;c:\windows\system32\drivers\ozscr.sys [1/26/2006 12:47 PM 92550]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder

2009-05-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2009-05-28 c:\windows\Tasks\SDMsgUpdate (TE).job
- c:\progra~1\SMARTD~2\Messages\SDNotify.exe [2008-09-20 14:29]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-11764814 - c:\documents and settings\All Users\Application Data\11764814\11764814.exe
SafeBoot-procexp90.Sys

------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: {EF73B182-2003-412F-ACB0-8EDC3EAD964A} = 4.22.69.3
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
FF - ProfilePath -

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-27 18:40
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-790525478-152049171-854245398-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f7,8c,9e,df,c8,ff,22,44,bf,d9,74,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f7,8c,9e,df,c8,ff,22,44,bf,d9,74,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Driver Signing]
@Denied: (2) (Administrators)
"Policy"=hex:00,00,00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1152)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\LgNotify.dll
.
Completion time: 2009-05-28 18:42
ComboFix-quarantined-files.txt 2009-05-28 01:41

Pre-Run: 2,825,408,512 bytes free
Post-Run: 3,947,548,672 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

Current=3 Default=3 Failed=2 LastKnownGood=1 Sets=1,2,3,4
276 --- E O F --- 2009-05-26 23:15

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

MBAM log:

Malwarebytes' Anti-Malware 1.37
Database version: 2186
Windows 5.1.2600 Service Pack 3

5/27/2009 7:26:56 PM
mbam-log-2009-05-27 (19-26-56).txt

Scan type: Quick Scan
Objects scanned: 84873
Time elapsed: 3 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\WinPC Antivirus (Rogue.WinPCAntivirus) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\Administrator\Application Data\asd.bat (Rogue.WinPCDefender) -> Quarantined and deleted successfully.

Can you boot in normal mode and try to download HijackThis now.

Wow! It actually worked!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:38:41 PM, on 5/27/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN\cvpnd.exe
C:\Program Files\Pure Digital Technologies\FlipShare\FlipShareService.exe
C:\WINDOWS\system32\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\1XConfig.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O2 - BHO: XBTBPos00 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Fast Browser Search - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Varian, Inc. VPN Client.lnk = C:\Program Files\Cisco Systems\VPN\vpngui.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - https://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5625/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EF73B182-2003-412F-ACB0-8EDC3EAD964A}: Domain = nmr.varianinc.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{EF73B182-2003-412F-ACB0-8EDC3EAD964A}: NameServer = 4.22.69.3
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = varianinc.com,nmr.varianinc.com,csb.varianinc.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = varianinc.com,nmr.varianinc.com,csb.varianinc.com
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: SearchList = varianinc.com,nmr.varianinc.com,csb.varianinc.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = varianinc.com,nmr.varianinc.com,csb.varianinc.com
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN\cvpnd.exe
O23 - Service: FlipShare Service - Unknown owner - C:\Program Files\Pure Digital Technologies\FlipShare\FlipShareService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe

--
End of file - 8797 bytes

• Open HijackThis
  
• Choose "Do a system scan only"
  
• Check the boxes in front of these lines:
  
  
  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
  O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
  O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
  
  If you don't recognize these domains you can fix them as well, Keep in mind if they belong to your Internet Service provider there will be a big possibility that you will lose your internet connection if you fix them so choose carefully.
  O17 - HKLM\System\CCS\Services\Tcpip\..\{EF73B182-2003-412F-ACB0-8EDC3EAD964A}: Domain = nmr.varianinc.com
  O17 - HKLM\System\CCS\Services\Tcpip\..\{EF73B182-2003-412F-ACB0-8EDC3EAD964A}: NameServer = 4.22.69.3
  O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = varianinc.com,nmr.varianinc.com,csb.varianinc.com
  O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = varianinc.com,nmr.varianinc.com,csb.varianinc.com
  O17 - HKLM\System\CS3\Services\Tcpip\Parameters: SearchList = varianinc.com,nmr.varianinc.com,csb.varianinc.com
  O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = varianinc.com,nmr.varianinc.com,csb.varianinc.com
  
  
  
• Press "Fix Checked"
  
• Close Hijack This.
  

Also Run ComboFix in normal mode and paste back the log.

Here's the log:


Files Created from 2009-04-28 to 2009-05-28

2009-05-28 02:37 . 2009-05-28 02:37 -------- d-----w c:\program files\Trend Micro
2009-05-28 02:20 . 2009-05-28 02:20 -------- d-----w c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-05-28 02:20 . 2009-05-26 20:20 40160 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-28 02:20 . 2009-05-28 02:20 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-28 02:20 . 2009-05-28 02:20 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-28 02:20 . 2009-05-26 20:19 19096 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-26 23:04 . 2009-05-26 23:04 -------- d-sh--w c:\windows\system32\config\systemprofile\IETldCache
2009-05-26 05:48 . 2009-05-26 05:48 -------- d-----w c:\windows\McAfee.com
2009-05-24 17:30 . 2009-05-24 17:30 -------- d-----w c:\windows\system32\scripting
2009-05-24 17:30 . 2009-05-24 17:30 -------- d-----w c:\windows\l2schemas
2009-05-24 17:30 . 2009-05-24 17:30 -------- d-----w c:\windows\system32\en
2009-05-24 17:30 . 2009-05-24 17:30 -------- d-----w c:\windows\system32\bits
2009-05-24 17:27 . 2009-05-24 17:27 -------- d-----w c:\windows\ServicePackFiles

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-28 02:29 . 2008-11-23 05:37 -------- d-----w c:\program files\Common Files\Akamai
2009-05-26 22:47 . 2006-03-30 06:44 29304 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-24 17:33 . 2006-01-26 18:41 87263 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-22 05:57 . 2009-01-22 04:12 -------- d-----w c:\documents and settings\Administrator\Application Data\Azureus
2009-05-22 00:36 . 2009-01-18 06:27 -------- d-----w c:\program files\V CAST Music with Rhapsody
2009-05-22 00:15 . 2009-01-22 04:11 -------- d-----w c:\program files\Vuze
2009-04-09 14:47 . 2009-04-09 14:47 -------- d-----w c:\program files\Microsoft Silverlight
2009-03-08 11:34 . 2004-08-04 12:00 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 11:34 . 2004-08-04 12:00 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 11:33 . 2004-08-04 12:00 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 11:33 . 2004-08-04 12:00 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 11:32 . 2004-08-04 12:00 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 11:32 . 2004-08-04 12:00 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 11:31 . 2004-08-04 12:00 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 11:31 . 2004-08-04 12:00 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 11:31 . 2004-08-04 12:00 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 11:22 . 2004-08-04 12:00 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-06 14:22 . 2004-08-04 12:00 284160 ----a-w c:\windows\system32\pdh.dll

((((((((((((((((((((((((((((( SnapShot@2009-05-28_01.40.21 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-28 02:29 . 2009-05-28 02:29 16384 c:\windows\temp\Perflib_Perfdata_2e0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-31 313472]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-19 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-06-11 339968]
"PRONoMgr.exe"="c:\program files\Intel\NCS\PROSet\PRONoMgr.exe" [2003-05-29 86016]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 49152]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-02 289576]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-5-12 73728]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2001-6-5 65588]
Varian, Inc. VPN Client.lnk - c:\program files\Cisco Systems\VPN\vpngui.exe [2006-1-26 1454143]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
2004-01-12 14:55 110592 ----a-w c:\windows\system32\LgNotify.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Xenocode\\ApplianceCaches\\KumaClient.exe_v4B8EBC79\\Native\\STUBEXE\\@PROGRAMFILES@\\Kuma Games\\Kuma.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:blizz download
"6118:TCP"= 6118:TCP:blizz download 2
"9420:TCP"= 9420:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
"1702:TCP"= 1702:TCP:Akamai NetSession Interface
"1038:TCP"= 1038:TCP:Akamai NetSession Interface
"1102:TCP"= 1102:TCP:Akamai NetSession Interface
"1091:TCP"= 1091:TCP:Akamai NetSession Interface
"2249:TCP"= 2249:TCP:Akamai NetSession Interface
"1077:TCP"= 1077:TCP:Akamai NetSession Interface
"1094:TCP"= 1094:TCP:Akamai NetSession Interface
"1093:TCP"= 1093:TCP:Akamai NetSession Interface
"1040:TCP"= 1040:TCP:Akamai NetSession Interface
"1088:TCP"= 1088:TCP:Akamai NetSession Interface
"1357:TCP"= 1357:TCP:Akamai NetSession Interface
"1039:TCP"= 1039:TCP:Akamai NetSession Interface
"1090:TCP"= 1090:TCP:Akamai NetSession Interface
"1049:TCP"= 1049:TCP:Akamai NetSession Interface
"1082:TCP"= 1082:TCP:Akamai NetSession Interface
"1092:TCP"= 1092:TCP:Akamai NetSession Interface
"1078:TCP"= 1078:TCP:Akamai NetSession Interface
"1085:TCP"= 1085:TCP:Akamai NetSession Interface
"1101:TCP"= 1101:TCP:Akamai NetSession Interface
"1108:TCP"= 1108:TCP:Akamai NetSession Interface
"1079:TCP"= 1079:TCP:Akamai NetSession Interface
"1080:TCP"= 1080:TCP:Akamai NetSession Interface
"1071:TCP"= 1071:TCP:Akamai NetSession Interface
"1070:TCP"= 1070:TCP:Akamai NetSession Interface
"1074:TCP"= 1074:TCP:Akamai NetSession Interface
"1548:TCP"= 1548:TCP:Akamai NetSession Interface
"1635:TCP"= 1635:TCP:Akamai NetSession Interface
"1114:TCP"= 1114:TCP:Akamai NetSession Interface
"1182:TCP"= 1182:TCP:Akamai NetSession Interface
"1103:TCP"= 1103:TCP:Akamai NetSession Interface
"1115:TCP"= 1115:TCP:Akamai NetSession Interface
"1119:TCP"= 1119:TCP:Akamai NetSession Interface
"1042:TCP"= 1042:TCP:Akamai NetSession Interface
"1087:TCP"= 1087:TCP:Akamai NetSession Interface
"1089:TCP"= 1089:TCP:Akamai NetSession Interface
"1067:TCP"= 1067:TCP:Akamai NetSession Interface
"1068:TCP"= 1068:TCP:Akamai NetSession Interface
"1065:TCP"= 1065:TCP:Akamai NetSession Interface
"1064:TCP"= 1064:TCP:Akamai NetSession Interface
"1055:TCP"= 1055:TCP:Akamai NetSession Interface
"1780:TCP"= 1780:TCP:Akamai NetSession Interface
"1809:TCP"= 1809:TCP:Akamai NetSession Interface
"1054:TCP"= 1054:TCP:Akamai NetSession Interface
"1053:TCP"= 1053:TCP:Akamai NetSession Interface
"1063:TCP"= 1063:TCP:Akamai NetSession Interface
"1069:TCP"= 1069:TCP:Akamai NetSession Interface
"1062:TCP"= 1062:TCP:Akamai NetSession Interface
"1073:TCP"= 1073:TCP:Akamai NetSession Interface
"1081:TCP"= 1081:TCP:Akamai NetSession Interface
"1066:TCP"= 1066:TCP:Akamai NetSession Interface
"1111:TCP"= 1111:TCP:Akamai NetSession Interface
"1061:TCP"= 1061:TCP:Akamai NetSession Interface
"2230:TCP"= 2230:TCP:Akamai NetSession Interface
"2637:TCP"= 2637:TCP:Akamai NetSession Interface
"1035:TCP"= 1035:TCP:Akamai NetSession Interface
"1072:TCP"= 1072:TCP:Akamai NetSession Interface
"1052:TCP"= 1052:TCP:Akamai NetSession Interface
"1060:TCP"= 1060:TCP:Akamai NetSession Interface
"1550:TCP"= 1550:TCP:Akamai NetSession Interface
"1037:TCP"= 1037:TCP:Akamai NetSession Interface
"2146:TCP"= 2146:TCP:Akamai NetSession Interface
"1076:TCP"= 1076:TCP:Akamai NetSession Interface
"1100:TCP"= 1100:TCP:Akamai NetSession Interface
"1084:TCP"= 1084:TCP:Akamai NetSession Interface
"1095:TCP"= 1095:TCP:Akamai NetSession Interface
"1086:TCP"= 1086:TCP:Akamai NetSession Interface
"1832:TCP"= 1832:TCP:Akamai NetSession Interface
"1876:TCP"= 1876:TCP:Akamai NetSession Interface
"1930:TCP"= 1930:TCP:Akamai NetSession Interface
"1289:TCP"= 1289:TCP:Akamai NetSession Interface
"1075:TCP"= 1075:TCP:Akamai NetSession Interface
"1097:TCP"= 1097:TCP:Akamai NetSession Interface
"1173:TCP"= 1173:TCP:Akamai NetSession Interface
"1414:TCP"= 1414:TCP:Akamai NetSession Interface
"1050:TCP"= 1050:TCP:Akamai NetSession Interface
"1048:TCP"= 1048:TCP:Akamai NetSession Interface
"2086:TCP"= 2086:TCP:Akamai NetSession Interface
"2093:TCP"= 2093:TCP:Akamai NetSession Interface
"2336:TCP"= 2336:TCP:Akamai NetSession Interface
"2344:TCP"= 2344:TCP:Akamai NetSession Interface
"2352:TCP"= 2352:TCP:Akamai NetSession Interface
"2662:TCP"= 2662:TCP:Akamai NetSession Interface
"1113:TCP"= 1113:TCP:Akamai NetSession Interface
"1196:TCP"= 1196:TCP:Akamai NetSession Interface
"4607:TCP"= 4607:TCP:Akamai NetSession Interface
"4756:TCP"= 4756:TCP:Akamai NetSession Interface
"1613:TCP"= 1613:TCP:Akamai NetSession Interface
"1044:TCP"= 1044:TCP:Akamai NetSession Interface
"1312:TCP"= 1312:TCP:Akamai NetSession Interface
"1153:TCP"= 1153:TCP:Akamai NetSession Interface
"1124:TCP"= 1124:TCP:Akamai NetSession Interface
"4489:TCP"= 4489:TCP:Akamai NetSession Interface
"1350:TCP"= 1350:TCP:Akamai NetSession Interface

R2 Akamai;Akamai;c:\windows\System32\svchost.exe -k Akamai [8/4/2004 5:00 AM 14336]
R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [1/21/2009 9:12 PM 464264]
R2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [1/21/2009 9:12 PM 234888]
R2 FlipShare Service;FlipShare Service;c:\program files\Pure Digital Technologies\FlipShare\FlipShareService.exe [10/5/2008 2:55 PM 439616]
R3 OZSCR;O2Micro SmartCardBus Smartcard Reader;c:\windows\system32\drivers\ozscr.sys [1/26/2006 12:47 PM 92550]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder

2009-05-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2009-05-28 c:\windows\Tasks\SDMsgUpdate (TE).job
- c:\progra~1\SMARTD~2\Messages\SDNotify.exe [2008-09-20 14:29]
.
.------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: {EF73B182-2003-412F-ACB0-8EDC3EAD964A} = 4.22.69.3
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
FF - ProfilePath -

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-27 19:56
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-790525478-152049171-854245398-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f7,8c,9e,df,c8,ff,22,44,bf,d9,74,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f7,8c,9e,df,c8,ff,22,44,bf,d9,74,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Driver Signing]
@Denied: (2) (Administrators)
"Policy"=hex:00,00,00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(668)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\LgNotify.dll

- - - - - - - > 'explorer.exe'(2584)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-05-28 19:59
ComboFix-quarantined-files.txt 2009-05-28 02:58
ComboFix2.txt 2009-05-28 01:42

Pre-Run: 3,949,907,968 bytes free
Post-Run: 3,945,840,640 bytes free

Current=3 Default=3 Failed=2 LastKnownGood=1 Sets=1,2,3,4
257 --- E O F --- 2009-05-26 23:15