ComboFix 09-10-30.01 - Owner 11/01/2009 22:43.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.894.467 [GMT -5]
Running from: c:\documents and settings\Owner\My Documents\My Pictures\Family\Combo-Fix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.
ADS - svchost.exe: deleted 36 bytes in 1 streams. ADS - explorer.exe: deleted 36 bytes in 1 streams. ADS - win32k.sys: deleted 36 bytes in 1 streams. ADS - netcfgx.dll: deleted 36 bytes in 1 streams. ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Microsoft AData
c:\documents and settings\All Users\Microsoft AData\sysnet.dll
c:\documents and settings\All Users\Microsoft AData\t.sid
c:\documents and settings\Owner\Application Data\FunWebProducts
c:\documents and settings\Owner\Application Data\gadcom
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\bestwiner.stt
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\fbk.sts
c:\documents and settings\Owner\Start Menu\Programs\Personal Guard 2009
c:\documents and settings\Owner\Start Menu\Programs\Personal Guard 2009\Personal Guard 2009.lnk
c:\documents and settings\Owner\Start Menu\Programs\Personal Guard 2009\Uninstall.lnk
c:\program files\DefenderPro AntiSpy\AntiSpy\Def\CnsMin.dsc
c:\program files\DefenderPro AntiSpy\AntiSpy\Def\CnsMin.prf
c:\program files\GetPack
c:\program files\iCheck
c:\program files\Mjcore
c:\program files\Personal Guard 2009
c:\program files\Personal Guard 2009\config.scf
c:\program files\Personal Guard 2009\mmbase.sdb
c:\program files\Personal Guard 2009\personalguard.exe
c:\program files\Personal Guard 2009\q.sdb
c:\program files\Personal Guard 2009\queue.sdb
c:\program files\Personal Guard 2009\uninstalls.exe
c:\program files\Personal Guard 2009\vvbase.sdb
c:\program files\SelectRebates
c:\recycler\S-1-5-21-3769667371-463431236-1463065611-1003
c:\windows\microsoftdef.dll
c:\windows\run.log
c:\windows\system32\AKSCJRqr.ini2
c:\windows\system32\fihatoye.dll
c:\windows\system32\fokubino.dll
c:\windows\system32\HNnnnnpo.ini
c:\windows\system32\HNnnnnpo.ini2
c:\windows\system32\kijudawi.dll
c:\windows\system32\magiduko.dll
c:\windows\system32\nugubafe.dll
c:\windows\system32\pafuvole.dll
c:\windows\system32\ukahelel.ini
c:\windows\system32\vefiniwi.dll
D:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2009-10-02 to 2009-11-02 )))))))))))))))))))))))))))))))
.
2009-11-02 03:37 . 2009-11-02 03:40 -------- d-----w- C:\Combo-Fix
2009-11-01 00:16 . 2009-07-28 20:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-11-01 00:16 . 2009-03-30 14:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-11-01 00:16 . 2009-02-13 16:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-11-01 00:16 . 2009-02-13 16:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-11-01 00:16 . 2009-11-01 00:16 -------- d-----w- c:\program files\Avira
2009-11-01 00:16 . 2009-11-01 00:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-10-31 20:56 . 2009-10-31 20:56 262144 ----a-w- C:\ntuser.dat
2009-10-31 20:55 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-31 20:55 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-31 20:55 . 2009-10-31 20:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-31 20:55 . 2009-10-31 20:55 30784 ----a-w- c:\windows\system32\drivers\srfzlrkp.sys
2009-10-31 19:34 . 2009-10-31 19:40 -------- d-----w- c:\program files\Windows Live Safety Center
2009-10-31 19:30 . 2009-10-31 19:30 -------- d-sh--w- c:\documents and settings\Owner\PrivacIE
2009-10-31 19:28 . 2009-10-31 19:28 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-10-31 19:28 . 2009-10-31 19:28 -------- d-sh--w- c:\documents and settings\Owner\IETldCache
2009-10-31 19:26 . 2009-10-31 19:26 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-10-31 19:21 . 2009-10-31 19:22 -------- dc-h--w- c:\windows\ie8
2009-10-31 18:20 . 2009-10-31 18:20 -------- d-----w- c:\program files\Trend Micro
2009-10-31 03:27 . 2009-10-31 03:27 64 ----a-w- c:\windows\tsiwinfile.dat
2009-10-31 03:26 . 2009-10-31 03:26 737280 ----a-w- c:\windows\iun6002.exe
2009-10-31 03:26 . 2009-10-31 15:37 -------- d-----w- c:\program files\DefenderPro AntiSpy
2009-10-31 02:22 . 2009-10-31 02:22 -------- d-----w- C:\_OTM
2009-10-31 02:15 . 2009-10-31 02:15 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2009-10-31 02:14 . 2009-10-31 02:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-31 00:42 . 2009-10-31 00:42 382976 ----a-w- c:\windows\system32\winsc.exe
2009-10-31 00:42 . 2009-10-31 18:02 51197 ----a-w- c:\windows\spoov.exe
2009-10-31 00:42 . 2009-10-31 18:02 47872 ----a-w- c:\windows\certsystem.exe
2009-10-31 00:42 . 2009-10-31 18:02 38352 ----a-w- c:\windows\regred.exe
2009-10-31 00:42 . 2009-10-31 18:02 33149 ----a-w- c:\windows\usexplorer.exe
2009-10-31 00:42 . 2009-10-31 18:02 28320 ----a-w- c:\windows\securits.com
2009-10-30 15:00 . 2009-10-30 15:00 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Temp
2009-10-30 02:46 . 2009-10-30 20:00 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Yahoo!
2009-10-27 06:11 . 2009-10-27 07:04 -------- d-----w- c:\program files\Common Files\Oberon Media
2009-10-27 01:38 . 2009-10-27 01:38 -------- d-----w- c:\windows\system32\wbem\Repository
2009-10-25 23:54 . 2009-10-27 01:38 -------- d-----w- c:\program files\Windows Defender
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-02 03:57 . 2008-07-16 08:56 -------- d-----w- c:\program files\Common Files\Akamai
2009-11-01 17:13 . 2007-09-12 07:19 -------- d-----w- c:\program files\Diablo II
2009-10-31 20:56 . 2007-01-26 18:32 -------- d-----w- c:\documents and settings\Owner\Application Data\Yahoo!
2009-10-31 19:30 . 2007-01-27 09:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-10-31 17:58 . 2009-09-16 07:50 -------- d-----w- c:\documents and settings\Owner\Application Data\uTorrent
2009-10-31 15:36 . 2009-02-13 18:04 -------- d-----w- c:\program files\QuickTime
2009-10-31 15:36 . 2007-05-03 00:42 -------- d-----w- c:\program files\Lexmark 1200 Series
2009-10-31 15:36 . 2008-07-14 03:31 -------- d-----w- c:\program files\Linksys Wireless-G PCI Network Adapter with SpeedBooster
2009-10-31 15:36 . 2009-02-12 16:08 -------- d-----w- c:\program files\Xfire
2009-10-31 15:36 . 2008-01-26 20:09 -------- d-----w- c:\program files\World of Warcraft
2009-10-31 15:36 . 2006-06-09 03:24 -------- d-----w- c:\program files\AvRack
2009-10-31 15:36 . 2008-03-04 13:17 -------- d-----w- c:\program files\Presentersoft PowerVideoMaker
2009-10-31 15:36 . 2006-06-09 03:26 -------- d-----w- c:\program files\MSN Encarta Plus
2009-10-31 15:33 . 2006-06-09 03:28 -------- d-----w- c:\program files\Viewpoint
2009-10-31 06:42 . 2006-06-09 03:17 -------- d-----w- c:\program files\Google
2009-10-31 03:31 . 2007-01-31 07:57 -------- d-----w- c:\program files\Defender Pro
2009-10-31 03:03 . 2007-04-01 01:23 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-31 01:28 . 2009-09-07 01:01 -------- d-----w- c:\program files\Pando Networks
2009-10-28 17:27 . 2009-09-07 04:21 -------- d-----w- c:\program files\Turbine
2009-10-27 07:06 . 2007-04-01 01:23 -------- d-----w- c:\program files\Oberon Media
2009-10-27 06:12 . 2009-07-08 19:56 -------- d-----w- c:\documents and settings\All Users\Application Data\MumboJumbo
2009-10-18 02:04 . 2007-12-11 05:23 -------- d-----w- c:\program files\DivX
2009-10-18 02:03 . 2009-09-17 11:02 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-09-25 16:41 . 2009-09-25 16:41 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-09-25 16:41 . 2009-09-25 16:41 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-09-25 16:41 . 2009-09-25 16:41 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-09-25 16:41 . 2009-09-25 16:41 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-09-25 16:41 . 2009-09-25 16:41 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-09-25 16:41 . 2009-09-25 16:41 696320 ----a-w- c:\windows\system32\DivX.dll
2009-09-21 03:39 . 2007-05-15 01:57 -------- d--h--w- c:\documents and settings\Owner\Application Data\Move Networks
2009-09-16 07:50 . 2009-09-16 07:50 -------- d-----w- c:\program files\uTorrent
2009-09-15 07:38 . 2009-07-04 20:24 -------- d-----w- c:\program files\Soldier of Fortune II - Double Helix GOLD
2009-09-15 07:25 . 2009-09-15 07:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Turbine
2009-09-07 04:46 . 2009-09-07 04:46 -------- d-----w- c:\documents and settings\Owner\Application Data\Turbine
2009-09-07 04:46 . 2009-09-07 04:46 128 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\fusioncache.dat
2009-09-06 09:36 . 2009-09-06 09:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment
2009-09-03 19:51 . 2009-09-03 19:48 -------- d-----w- c:\program files\Stealthbot
2009-09-03 04:34 . 2006-06-09 03:22 -------- d-----w- c:\program files\Java
2009-08-23 21:14 . 2007-01-27 00:51 1216 ----a-w- c:\documents and settings\Owner\Application Data\wklnhst.dat
2009-08-23 13:13 . 2009-02-14 07:25 11952 ----a-w- c:\windows\system32\avgrsstx(3).dll
2009-08-23 13:13 . 2009-02-14 07:25 11952 ----a-w- c:\windows\system32\avgrsstx(2).dll
2007-04-14 20:00 . 2007-04-14 20:00 774144 -c--a-w- c:\program files\RngInterstitial.dll
2009-10-28 08:55 . 2008-09-03 00:21 23544 ----a-w- c:\program files\mozilla firefox\components\browserdirprovider(2).dll
2009-10-28 08:55 . 2008-09-03 00:21 23544 ----a-w- c:\program files\mozilla firefox\components\browserdirprovider(3).dll
2009-10-28 08:55 . 2008-09-03 00:21 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp(2).dll
2009-10-28 08:55 . 2008-09-03 00:21 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp(3).dll
2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-07-31 00:40 . 2009-07-31 00:40 52224 --sha-w- c:\windows\system32\busekuja.dll
2009-07-31 00:40 . 2009-07-31 00:40 52224 --sha-w- c:\windows\system32\hagebuzi.dll
2009-08-01 01:30 . 2009-08-01 01:30 89600 --sha-w- c:\windows\system32\luzigemu.dll
2009-07-31 13:31 . 2009-07-31 13:31 90112 --sha-w- c:\windows\system32\pilabuma.dll
2009-07-31 00:40 . 2009-07-31 00:40 52224 --sha-w- c:\windows\system32\vefiniwi(2).dll
2009-07-31 00:40 . 2009-07-31 00:40 52224 --sha-w- c:\windows\system32\vefiniwi(3).dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d8928606-cc60-4d32-af80-d7846c75f9cb}]
2009-07-31 00:40 52224 --sha-w- c:\windows\system32\busekuja.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-08 39408]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"Power2GoExpress"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"YOP"="c:\progra~1\Yahoo!\YOP\yop.exe" [2006-07-21 407032]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"RoxioDragToDisc"="c:\program files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" [2005-02-04 1695744]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 32768]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-09-18 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-09-18 7204864]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-12-14 221184]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2004-12-14 217088]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2004-12-14 458752]
"Lexmark 1200 Series"="c:\program files\Lexmark 1200 Series\lxczbmgr.exe" [2006-07-13 57344]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2005-09-26 90112]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2005-09-18 1519616]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" [X]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]
c:\documents and settings\Owner\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]
RCA Detective.lnk - c:\documents and settings\Owner\My Documents\RCA Detective\RCADetective.exe [2009-7-3 942592]
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Backyard Hockey 2005 Registration.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\Backyard Hockey 2005 Registration.lnk
backup=c:\windows\pss\Backyard Hockey 2005 Registration.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Diablo II\\Diablo II.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.4.3-to-3.0.2-enUS-Win-Final-downloader.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.1.2.9901-to-3.1.3.9947-enUS-downloader.exe"=
"c:\\Program Files\\Soldier of Fortune II - Double Helix GOLD\\SoF2MP.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe"=
"c:\\Program Files\\Turbine\\DDO Unlimited\\dndclient.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe"=
"c:\\Program Files\\Turbine\\Turbine Download Manager\\TurbineMessageService.exe"=
"c:\\Program Files\\Turbine\\Turbine Download Manager\\TurbineNetworkService.exe"=
"c:\\Program Files\\Logitech\\Video\\FxSvr2.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9420:TCP"= 9420:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"3528:TCP"= 3528:TCP:Akamai NetSession Interface
"1856:TCP"= 1856:TCP:Akamai NetSession Interface
"4042:TCP"= 4042:TCP:Akamai NetSession Interface
"2977:TCP"= 2977:TCP:Akamai NetSession Interface
"1118:TCP"= 1118:TCP:Akamai NetSession Interface
"2275:TCP"= 2275:TCP:Akamai NetSession Interface
"3467:TCP"= 3467:TCP:Akamai NetSession Interface
"4001:TCP"= 4001:TCP:Akamai NetSession Interface
"4325:TCP"= 4325:TCP:Akamai NetSession Interface
"4927:TCP"= 4927:TCP:Akamai NetSession Interface
"4942:TCP"= 4942:TCP:Akamai NetSession Interface
"1310:TCP"= 1310:TCP:Akamai NetSession Interface
"4935:TCP"= 4935:TCP:Akamai NetSession Interface
"4353:TCP"= 4353:TCP:Akamai NetSession Interface
"2511:TCP"= 2511:TCP:Akamai NetSession Interface
"2529:TCP"= 2529:TCP:Akamai NetSession Interface
"2515:TCP"= 2515:TCP:Akamai NetSession Interface
"1973:TCP"= 1973:TCP:Akamai NetSession Interface
"3514:TCP"= 3514:TCP:Akamai NetSession Interface
"3412:TCP"= 3412:TCP:Akamai NetSession Interface
"1939:TCP"= 1939:TCP:Akamai NetSession Interface
"1281:TCP"= 1281:TCP:Akamai NetSession Interface
"4343:TCP"= 4343:TCP:Akamai NetSession Interface
"3005:TCP"= 3005:TCP:Akamai NetSession Interface
"3268:TCP"= 3268:TCP:Akamai NetSession Interface
"4930:TCP"= 4930:TCP:Akamai NetSession Interface
"4829:TCP"= 4829:TCP:Akamai NetSession Interface
"1156:TCP"= 1156:TCP:Akamai NetSession Interface
"1949:TCP"= 1949:TCP:Akamai NetSession Interface
"1062:TCP"= 1062:TCP:Akamai NetSession Interface
"2427:TCP"= 2427:TCP:Akamai NetSession Interface
"1058:TCP"= 1058:TCP:Akamai NetSession Interface
"1286:TCP"= 1286:TCP:Akamai NetSession Interface
"1300:TCP"= 1300:TCP:Akamai NetSession Interface
"1322:TCP"= 1322:TCP:Akamai NetSession Interface
"2976:TCP"= 2976:TCP:Akamai NetSession Interface
"1046:TCP"= 1046:TCP:Akamai NetSession Interface
"1089:TCP"= 1089:TCP:Akamai NetSession Interface
"2138:TCP"= 2138:TCP:Akamai NetSession Interface
"2210:TCP"= 2210:TCP:Akamai NetSession Interface
"2308:TCP"= 2308:TCP:Akamai NetSession Interface
"2350:TCP"= 2350:TCP:Akamai NetSession Interface
"2395:TCP"= 2395:TCP:Akamai NetSession Interface
"1060:TCP"= 1060:TCP:Akamai NetSession Interface
"2127:TCP"= 2127:TCP:Akamai NetSession Interface
"2823:TCP"= 2823:TCP:Akamai NetSession Interface
"1069:TCP"= 1069:TCP:Akamai NetSession Interface
"1059:TCP"= 1059:TCP:Akamai NetSession Interface
"2018:TCP"= 2018:TCP:Akamai NetSession Interface
"4462:TCP"= 4462:TCP:Akamai NetSession Interface
"1222:TCP"= 1222:TCP:Akamai NetSession Interface
"1438:TCP"= 1438:TCP:Akamai NetSession Interface
"3403:TCP"= 3403:TCP:Akamai NetSession Interface
"3606:TCP"= 3606:TCP:Akamai NetSession Interface
"2491:TCP"= 2491:TCP:Akamai NetSession Interface
"4412:TCP"= 4412:TCP:Akamai NetSession Interface
"1052:TCP"= 1052:TCP:Akamai NetSession Interface
"2741:TCP"= 2741:TCP:Akamai NetSession Interface
"3285:TCP"= 3285:TCP:Akamai NetSession Interface
"2319:TCP"= 2319:TCP:Akamai NetSession Interface
"3615:TCP"= 3615:TCP:Akamai NetSession Interface
"1472:TCP"= 1472:TCP:Akamai NetSession Interface
"4322:TCP"= 4322:TCP:Akamai NetSession Interface
"4526:TCP"= 4526:TCP:Akamai NetSession Interface
"4490:TCP"= 4490:TCP:Akamai NetSession Interface
"4122:TCP"= 4122:TCP:Akamai NetSession Interface
"1298:TCP"= 1298:TCP:Akamai NetSession Interface
"4898:TCP"= 4898:TCP:Akamai NetSession Interface
"4916:TCP"= 4916:TCP:Akamai NetSession Interface
"4945:TCP"= 4945:TCP:Akamai NetSession Interface
"4976:TCP"= 4976:TCP:Akamai NetSession Interface
"1038:TCP"= 1038:TCP:Akamai NetSession Interface
"1095:TCP"= 1095:TCP:Akamai NetSession Interface
"1150:TCP"= 1150:TCP:Akamai NetSession Interface
"1190:TCP"= 1190:TCP:Akamai NetSession Interface
"1227:TCP"= 1227:TCP:Akamai NetSession Interface
"1237:TCP"= 1237:TCP:Akamai NetSession Interface
"1272:TCP"= 1272:TCP:Akamai NetSession Interface
"1283:TCP"= 1283:TCP:Akamai NetSession Interface
"1335:TCP"= 1335:TCP:Akamai NetSession Interface
"1344:TCP"= 1344:TCP:Akamai NetSession Interface
"1384:TCP"= 1384:TCP:Akamai NetSession Interface
"1392:TCP"= 1392:TCP:Akamai NetSession Interface
"1427:TCP"= 1427:TCP:Akamai NetSession Interface
"1079:TCP"= 1079:TCP:Akamai NetSession Interface
"1225:TCP"= 1225:TCP:Akamai NetSession Interface
"1572:TCP"= 1572:TCP:Akamai NetSession Interface
"3502:TCP"= 3502:TCP:Akamai NetSession Interface
"3626:TCP"= 3626:TCP:Akamai NetSession Interface
"2243:TCP"= 2243:TCP:Akamai NetSession Interface
"3046:TCP"= 3046:TCP:Akamai NetSession Interface
"1054:TCP"= 1054:TCP:Akamai NetSession Interface
"4406:TCP"= 4406:TCP:Akamai NetSession Interface
"1863:TCP"= 1863:TCP:Akamai NetSession Interface
"4689:TCP"= 4689:TCP:Akamai NetSession Interface
"2656:TCP"= 2656:TCP:Akamai NetSession Interface
"4929:TCP"= 4929:TCP:Akamai NetSession Interface
"3546:TCP"= 3546:TCP:Akamai NetSession Interface
"1744:TCP"= 1744:TCP:Akamai NetSession Interface
"1765:TCP"= 1765:TCP:Akamai NetSession Interface
"1072:TCP"= 1072:TCP:Akamai NetSession Interface
"1161:TCP"= 1161:TCP:Akamai NetSession Interface
"1628:TCP"= 1628:TCP:Akamai NetSession Interface
"2224:TCP"= 2224:TCP:Akamai NetSession Interface
"2294:TCP"= 2294:TCP:Akamai NetSession Interface
"2242:TCP"= 2242:TCP:Akamai NetSession Interface
"3185:TCP"= 3185:TCP:Akamai NetSession Interface
"1053:TCP"= 1053:TCP:Akamai NetSession Interface
"1214:TCP"= 1214:TCP:Akamai NetSession Interface
"1301:TCP"= 1301:TCP:Akamai NetSession Interface
"3621:TCP"= 3621:TCP:Akamai NetSession Interface
"4842:TCP"= 4842:TCP:Akamai NetSession Interface
"1084:TCP"= 1084:TCP:Akamai NetSession Interface
"2761:TCP"= 2761:TCP:Akamai NetSession Interface
"2093:TCP"= 2093:TCP:Akamai NetSession Interface
"4295:TCP"= 4295:TCP:Akamai NetSession Interface
"4346:TCP"= 4346:TCP:Akamai NetSession Interface
"1366:TCP"= 1366:TCP:Akamai NetSession Interface
"1644:TCP"= 1644:TCP:Akamai NetSession Interface
"2123:TCP"= 2123:TCP:Akamai NetSession Interface
"4217:TCP"= 4217:TCP:Akamai NetSession Interface
"4246:TCP"= 4246:TCP:Akamai NetSession Interface
"4774:TCP"= 4774:TCP:Akamai NetSession Interface
"1050:TCP"= 1050:TCP:Akamai NetSession Interface
"4359:TCP"= 4359:TCP:Akamai NetSession Interface
"1469:TCP"= 1469:TCP:Akamai NetSession Interface
"1477:TCP"= 1477:TCP:Akamai NetSession Interface
"1142:TCP"= 1142:TCP:Akamai NetSession Interface
"2546:TCP"= 2546:TCP:Akamai NetSession Interface
"3747:TCP"= 3747:TCP:Akamai NetSession Interface
"4190:TCP"= 4190:TCP:Akamai NetSession Interface
"3967:TCP"= 3967:TCP:Akamai NetSession Interface
"2007:TCP"= 2007:TCP:Akamai NetSession Interface
"1239:TCP"= 1239:TCP:Akamai NetSession Interface
"4685:TCP"= 4685:TCP:Akamai NetSession Interface
"3087:TCP"= 3087:TCP:Akamai NetSession Interface
"3106:TCP"= 3106:TCP:Akamai NetSession Interface
"1070:TCP"= 1070:TCP:Akamai NetSession Interface
"1063:TCP"= 1063:TCP:Akamai NetSession Interface
"1082:TCP"= 1082:TCP:Akamai NetSession Interface
"1433:TCP"= 1433:TCP:Akamai NetSession Interface
"1085:TCP"= 1085:TCP:Akamai NetSession Interface
"1080:TCP"= 1080:TCP:Akamai NetSession Interface
"1462:TCP"= 1462:TCP:Akamai NetSession Interface
"1088:TCP"= 1088:TCP:Akamai NetSession Interface
"1121:TCP"= 1121:TCP:Akamai NetSession Interface
"1209:TCP"= 1209:TCP:Akamai NetSession Interface
"1507:TCP"= 1507:TCP:Akamai NetSession Interface
"1556:TCP"= 1556:TCP:Akamai NetSession Interface
"1591:TCP"= 1591:TCP:Akamai NetSession Interface
"1604:TCP"= 1604:TCP:Akamai NetSession Interface
"2342:TCP"= 2342:TCP:Akamai NetSession Interface
"1109:TCP"= 1109:TCP:Akamai NetSession Interface
"1199:TCP"= 1199:TCP:Akamai NetSession Interface
"3173:TCP"= 3173:TCP:Akamai NetSession Interface
"3206:TCP"= 3206:TCP:Akamai NetSession Interface
"2886:TCP"= 2886:TCP:Akamai NetSession Interface
"2951:TCP"= 2951:TCP:Akamai NetSession Interface
"3020:TCP"= 3020:TCP:Akamai NetSession Interface
"3056:TCP"= 3056:TCP:Akamai NetSession Interface
"3085:TCP"= 3085:TCP:Akamai NetSession Interface
"3119:TCP"= 3119:TCP:Akamai NetSession Interface
"1061:TCP"= 1061:TCP:Akamai NetSession Interface
"1105:TCP"= 1105:TCP:Akamai NetSession Interface
"1170:TCP"= 1170:TCP:Akamai NetSession Interface
"1210:TCP"= 1210:TCP:Akamai NetSession Interface
"1218:TCP"= 1218:TCP:Akamai NetSession Interface
"1279:TCP"= 1279:TCP:Akamai NetSession Interface
"1113:TCP"= 1113:TCP:Akamai NetSession Interface
"1143:TCP"= 1143:TCP:Akamai NetSession Interface
"1215:TCP"= 1215:TCP:Akamai NetSession Interface
"1311:TCP"= 1311:TCP:Akamai NetSession Interface
"1356:TCP"= 1356:TCP:Akamai NetSession Interface
"1398:TCP"= 1398:TCP:Akamai NetSession Interface
"1078:TCP"= 1078:TCP:Akamai NetSession Interface
"4957:TCP"= 4957:TCP:Akamai NetSession Interface
"3954:TCP"= 3954:TCP:Akamai NetSession Interface
"3804:TCP"= 3804:TCP:Akamai NetSession Interface
"1953:TCP"= 1953:TCP:Akamai NetSession Interface
"2587:TCP"= 2587:TCP:Akamai NetSession Interface
"2632:TCP"= 2632:TCP:Akamai NetSession Interface
"4966:TCP"= 4966:TCP:Akamai NetSession Interface
"4994:TCP"= 4994:TCP:Akamai NetSession Interface
"1090:TCP"= 1090:TCP:Akamai NetSession Interface
"1183:TCP"= 1183:TCP:Akamai NetSession Interface
"3922:TCP"= 3922:TCP:Akamai NetSession Interface
"4040:TCP"= 4040:TCP:Akamai NetSession Interface
"4728:TCP"= 4728:TCP:Akamai NetSession Interface
"1803:TCP"= 1803:TCP:Akamai NetSession Interface
"4749:TCP"= 4749:TCP:Akamai NetSession Interface
"4780:TCP"= 4780:TCP:Akamai NetSession Interface
"4857:TCP"= 4857:TCP:Akamai NetSession Interface
"4917:TCP"= 4917:TCP:Akamai NetSession Interface
"3562:TCP"= 3562:TCP:Akamai NetSession Interface
"1590:TCP"= 1590:TCP:Akamai NetSession Interface
"2402:TCP"= 2402:TCP:Akamai NetSession Interface
"3820:TCP"= 3820:TCP:Akamai NetSession Interface
"1026:TCP"= 1026:TCP:Akamai NetSession Interface
"1047:TCP"= 1047:TCP:Akamai NetSession Interface
"1094:TCP"= 1094:TCP:Akamai NetSession Interface
"1162:TCP"= 1162:TCP:Akamai NetSession Interface
"3951:TCP"= 3951:TCP:Akamai NetSession Interface
"1043:TCP"= 1043:TCP:Akamai NetSession Interface
"2095:TCP"= 2095:TCP:Akamai NetSession Interface
"2471:TCP"= 2471:TCP:Akamai NetSession Interface
"4393:TCP"= 4393:TCP:Akamai NetSession Interface
"4407:TCP"= 4407:TCP:Akamai NetSession Interface
"4422:TCP"= 4422:TCP:Akamai NetSession Interface
"4448:TCP"= 4448:TCP:Akamai NetSession Interface
"4498:TCP"= 4498:TCP:Akamai NetSession Interface
"4511:TCP"= 4511:TCP:Akamai NetSession Interface
"4523:TCP"= 4523:TCP:Akamai NetSession Interface
"2388:TCP"= 2388:TCP:Akamai NetSession Interface
"1259:TCP"= 1259:TCP:Akamai NetSession Interface
"2177:TCP"= 2177:TCP:Akamai NetSession Interface
"1318:TCP"= 1318:TCP:Akamai NetSession Interface
"4820:TCP"= 4820:TCP:Akamai NetSession Interface
"4841:TCP"= 4841:TCP:Akamai NetSession Interface
"2560:TCP"= 2560:TCP:Akamai NetSession Interface
"3460:TCP"= 3460:TCP:Akamai NetSession Interface
"4231:TCP"= 4231:TCP:Akamai NetSession Interface
"1076:TCP"= 1076:TCP:Akamai NetSession Interface
"2826:TCP"= 2826:TCP:Akamai NetSession Interface
"2437:TCP"= 2437:TCP:Akamai NetSession Interface
"1702:TCP"= 1702:TCP:Akamai NetSession Interface
"1909:TCP"= 1909:TCP:Akamai NetSession Interface
"3058:TCP"= 3058:TCP:Akamai NetSession Interface
"3435:TCP"= 3435:TCP:Akamai NetSession Interface
"4348:TCP"= 4348:TCP:Akamai NetSession Interface
"2801:TCP"= 2801:TCP:Akamai NetSession Interface
"2923:TCP"= 2923:TCP:Akamai NetSession Interface
"1087:TCP"= 1087:TCP:Akamai NetSession Interface
"1611:TCP"= 1611:TCP:Akamai NetSession Interface
"1722:TCP"= 1722:TCP:Akamai NetSession Interface
"2202:TCP"= 2202:TCP:Akamai NetSession Interface
"1574:TCP"= 1574:TCP:Akamai NetSession Interface
"4193:TCP"= 4193:TCP:Akamai NetSession Interface
"2998:TCP"= 2998:TCP:Akamai NetSession Interface
"4129:TCP"= 4129:TCP:Akamai NetSession Interface
"4157:TCP"= 4157:TCP:Akamai NetSession Interface
"4169:TCP"= 4169:TCP:Akamai NetSession Interface
"3391:TCP"= 3391:TCP:Akamai NetSession Interface
"3578:TCP"= 3578:TCP:Akamai NetSession Interface
"4962:TCP"= 4962:TCP:Akamai NetSession Interface
"4668:TCP"= 4668:TCP:Akamai NetSession Interface
"1383:TCP"= 1383:TCP:Akamai NetSession Interface
"1097:TCP"= 1097:TCP:Akamai NetSession Interface
"2379:TCP"= 2379:TCP:Akamai NetSession Interface
"3673:TCP"= 3673:TCP:Akamai NetSession Interface
"1091:TCP"= 1091:TCP:Akamai NetSession Interface
"2434:TCP"= 2434:TCP:Akamai NetSession Interface
"2674:TCP"= 2674:TCP:Akamai NetSession Interface
"3227:TCP"= 3227:TCP:Akamai NetSession Interface
"3459:TCP"= 3459:TCP:Akamai NetSession Interface
"1892:TCP"= 1892:TCP:Akamai NetSession Interface
"2794:TCP"= 2794:TCP:Akamai NetSession Interface
"1640:TCP"= 1640:TCP:Akamai NetSession Interface
"4458:TCP"= 4458:TCP:Akamai NetSession Interface
"4502:TCP"= 4502:TCP:Akamai NetSession Interface
"2920:TCP"= 2920:TCP:Akamai NetSession Interface
"2943:TCP"= 2943:TCP:Akamai NetSession Interface
"1513:TCP"= 1513:TCP:Akamai NetSession Interface
"3665:TCP"= 3665:TCP:Akamai NetSession Interface
"3848:TCP"= 3848:TCP:Akamai NetSession Interface
"4453:TCP"= 4453:TCP:Akamai NetSession Interface
"4428:TCP"= 4428:TCP:Akamai NetSession Interface
"1988:TCP"= 1988:TCP:Akamai NetSession Interface
"4111:TCP"= 4111:TCP:Akamai NetSession Interface
"4684:TCP"= 4684:TCP:Akamai NetSession Interface
"1499:TCP"= 1499:TCP:Akamai NetSession Interface
"1100:TCP"= 1100:TCP:Akamai NetSession Interface
"1141:TCP"= 1141:TCP:Akamai NetSession Interface
"3322:TCP"= 3322:TCP:Akamai NetSession Interface
"1706:TCP"= 1706:TCP:Akamai NetSession Interface
"2452:TCP"= 2452:TCP:Akamai NetSession Interface
"4565:TCP"= 4565:TCP:Akamai NetSession Interface
"4582:TCP"= 4582:TCP:Akamai NetSession Interface
"1752:TCP"= 1752:TCP:Akamai NetSession Interface
"1913:TCP"= 1913:TCP:Akamai NetSession Interface
"2956:TCP"= 2956:TCP:Akamai NetSession Interface
"2644:TCP"= 2644:TCP:Akamai NetSession Interface
"1096:TCP"= 1096:TCP:Akamai NetSession Interface
"1166:TCP"= 1166:TCP:Akamai NetSession Interface
"4034:TCP"= 4034:TCP:Akamai NetSession Interface
"2980:TCP"= 2980:TCP:Akamai NetSession Interface
"2257:TCP"= 2257:TCP:Akamai NetSession Interface
"2559:TCP"= 2559:TCP:Akamai NetSession Interface
"3867:TCP"= 3867:TCP:Akamai NetSession Interface
"4788:TCP"= 4788:TCP:Akamai NetSession Interface
"1586:TCP"= 1586:TCP:Akamai NetSession Interface
"3448:TCP"= 3448:TCP:Akamai NetSession Interface
"2751:TCP"= 2751:TCP:Akamai NetSession Interface
"4899:TCP"= 4899:TCP:Akamai NetSession Interface
"3105:TCP"= 3105:TCP:Akamai NetSession Interface
"3652:TCP"= 3652:TCP:Akamai NetSession Interface
"1474:TCP"= 1474:TCP:Akamai NetSession Interface
"1051:TCP"= 1051:TCP:Akamai NetSession Interface
"1086:TCP"= 1086:TCP:Akamai NetSession Interface
"1164:TCP"= 1164:TCP:Akamai NetSession Interface
"1262:TCP"= 1262:TCP:Akamai NetSession Interface
R2 Akamai;Akamai;c:\windows\System32\svchost.exe -k Akamai [8/26/2004 11:12 AM 14336]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [10/31/2009 7:16 PM 108289]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [10/24/2007 8:31 AM 24652]
S1 srfzlrkp;srfzlrkp;c:\windows\system32\drivers\srfzlrkp.sys [10/31/2009 3:55 PM 30784]
S2 gupdate1c9b7eebc5c3ed2;Google Update Service (gupdate1c9b7eebc5c3ed2);c:\program files\Google\Update\GoogleUpdate.exe [4/7/2009 9:07 PM 133104]
S3 LiveTurbineMessageService;Turbine Message Service - Live;c:\program files\Turbine\Turbine Download Manager\TurbineMessageService.exe [9/15/2009 2:25 AM 267760]
S3 LiveTurbineNetworkService;Turbine Network Service - Live;c:\program files\Turbine\Turbine Download Manager\TurbineNetworkService.exe [9/15/2009 2:25 AM 218608]
S3 SWNC8U56;Sierra Wireless MUX NDIS Driver (UMTS56);c:\windows\system32\drivers\swnc8u56.sys [8/20/2008 1:35 PM 168192]
S3 SWUMX56;Sierra Wireless USB MUX Driver (UMTS56);c:\windows\system32\drivers\swumx56.sys [8/20/2008 1:36 PM 142976]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - CLASSPNP_2
*NewlyCreated* - GTNDIS5
*NewlyCreated* - MBR
*Deregistered* - CLASSPNP_2
*Deregistered* - mbr
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
2009-10-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
2009-11-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-08 02:06]
2009-11-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-08 02:06]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.yahoo.com/mSearch Bar =
hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.htmluSearchURL,(Default) =
hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.comIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: warriornation.net\www
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\ac3z4fhj.default\
FF - prefs.js: browser.search.defaulturl -
hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=13&q=FF - prefs.js: browser.search.selectedEngine - Fast Browser Search
FF - prefs.js: browser.startup.homepage -
hxxp://www.yahoo.com/FF - component: c:\program files\Mozilla Firefox\components\browserdirprovider(2).dll
FF - component: c:\program files\Mozilla Firefox\components\browserdirprovider(3).dll
FF - component: c:\program files\Mozilla Firefox\components\brwsrcmp(2).dll
FF - component: c:\program files\Mozilla Firefox\components\brwsrcmp(3).dll
FF - plugin: c:\documents and settings\Owner\Application Data\Move Networks\plugins\npqmp071505000010(2).dll
FF - plugin: c:\documents and settings\Owner\Application Data\Move Networks\plugins\npqmp071505000010(3).dll
FF - plugin: c:\documents and settings\Owner\Application Data\Move Networks\plugins\npqmp071505000010.dll
FF - plugin: c:\documents and settings\Owner\Application Data\VideoEgg\Loader\4665\npvideoegg-loader.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\windows\system32\Macromed\Flash\NPSWF32(2).dll
FF - plugin: c:\windows\system32\Macromed\Flash\NPSWF32(3).dll
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
HKCU-Run-SRS Audio Sandbox - c:\program files\SRS Labs\Audio Sandbox\SRSSSC.exe
HKCU-Run-Aim6 - (no file)
HKLM-Run-fumegaliv - c:\windows\system32\kijudawi.dll
HKLM-Run-Easy Dock - (no file)
HKLM-Run-turuzefobe - vefiniwi.dll
SharedTaskScheduler-{052bdd7b-7c0a-4ccf-b3c1-227c145b6c75} - c:\windows\system32\kijudawi.dll
SSODL-SysNet-{E830DB69-2B91-4203-9028-99E702C0160A} - c:\documents and settings\All Users\Microsoft AData\sysnet.dll
SSODL-kehejahat-{052bdd7b-7c0a-4ccf-b3c1-227c145b6c75} - c:\windows\system32\kijudawi.dll
AddRemove-Sierra Utilities - c:\program files\Sierra On-Line\sutil32.exe
AddRemove-StealthBot v2.6 Revision 3 - c:\program files\StealthBot\uninst.exe
AddRemove-Viewpoint Toolbar - c:\program files\Viewpoint\Viewpoint Toolbar\3.9.0\Uninstaller.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-11-01 22:56
Windows 5.1.2600 Service Pack 3 NTFS
scanning hȋdden processes ...
scanning hȋdden autostart entries ...
scanning hȋdden files ...
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fb,56,c8,a3,ca,52,bc,43,96,99,7a,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fb,56,c8,a3,ca,52,bc,43,96,99,7a,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(2396)
c:\windows\system32\busekuja.dll
c:\program files\Microsoft Office\Office12\GrooveShellExtensions.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Roxio\Easy Media Creator 7\Drag to Disc\Shellex.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\program files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe
c:\program files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WMP54GSv1_1.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\program files\Logitech\Video\FxSvr2.exe
.
**************************************************************************
.
Completion time: 2009-11-02 23:15 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-02 04:14
Pre-Run: 20,510,547,968 bytes free
Post-Run: 20,211,212,288 bytes free
- - End Of File - - 8407E81C91589A4288CCD4CEE69920A2
:Edit: Personal Guard 2009 & the false Windows Security Alert are not showing up as of right now, but now I have multiple pop-ups occurring. Not sure if this is just part of the Malware still on the system, just relaying the info.