this post is continued from a previous post of the same name but recently closed.
This post contains 2 logs, combofix and malwarebytes.
ComboFix 10-10-22.04 - sorgalim 10/25/2010 22:41:44.8.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1014.231 [GMT -5:00]
Running from: c:\users\sorgalim\Desktop\Combo1.exe
Command switches used :: c:\users\sorgalim\Desktop\CFScript.txt
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
FILE ::
"c:\windows\system32\drivers\kubvhnfi.sys"
"c:\windows\System32\drivers\pykhfd.sys"
"c:\windows\system32\drivers\sdjpfned.sys"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\drivers\kubvhnfi.sys
c:\windows\system32\drivers\sdjpfned.sys
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_fwrjxbg
((((((((((((((((((((((((( Files Created from 2010-09-26 to 2010-10-26 )))))))))))))))))))))))))))))))
.
2010-10-26 05:29 . 2010-10-26 05:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-10-23 07:09 . 2010-10-26 05:36 -------- d-----w- c:\users\sorgalim\AppData\Local\temp
2010-10-18 03:01 . 2010-10-18 03:01 6656 ----a-w- c:\windows\system32\75EC88C4.exe
2010-10-17 19:45 . 2010-09-13 13:56 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2010-10-17 19:45 . 2010-09-13 13:56 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-10-17 19:44 . 2010-09-06 16:20 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-10-17 19:44 . 2010-09-06 13:45 304128 ----a-w- c:\windows\system32\drivers\srv.sys
2010-10-17 19:44 . 2010-09-06 13:45 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-10-17 19:44 . 2010-09-06 13:45 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-10-17 19:44 . 2010-09-06 16:19 17920 ----a-w- c:\windows\system32\netevent.dll
2010-10-17 19:43 . 2010-08-10 15:53 274944 ----a-w- c:\windows\system32\schannel.dll
2010-10-17 19:43 . 2010-06-28 17:00 1316864 ----a-w- c:\windows\system32\ole32.dll
2010-10-17 19:43 . 2010-06-28 14:54 339968 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
2010-10-17 19:43 . 2010-08-26 16:37 157184 ----a-w- c:\windows\system32\t2embed.dll
2010-10-17 19:43 . 2010-08-31 15:46 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-10-17 19:43 . 2010-08-31 15:46 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-10-17 19:43 . 2010-08-31 13:27 2038272 ----a-w- c:\windows\system32\win32k.sys
2010-10-17 19:43 . 2010-05-04 19:13 231424 ----a-w- c:\windows\system32\msshsq.dll
2010-10-17 19:43 . 2010-08-20 16:05 867328 ----a-w- c:\windows\system32\wmpmde.dll
2010-10-17 19:43 . 2010-08-31 15:44 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-10-17 19:35 . 2010-09-09 22:52 6084944 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{274B8D77-CA28-4C19-B06C-FC6946AA22DB}\mpengine.dll
2010-10-17 02:01 . 2010-10-17 02:01 -------- d-----w- C:\rsit
2010-10-17 02:01 . 2010-10-17 02:01 -------- d-----w- c:\program files\trend micro
2010-10-14 06:16 . 2010-10-14 06:16 388096 ----a-r- c:\users\sorgalim\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-10-14 06:16 . 2010-10-14 06:16 -------- d-----w- c:\program files\winlogon
2010-10-09 01:18 . 2010-06-08 17:35 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-10-09 01:18 . 2010-06-08 17:35 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-10-09 01:10 . 2010-06-18 17:31 36864 ----a-w- c:\windows\system32\rtutils.dll
2010-10-09 01:09 . 2010-06-22 13:30 2048 ----a-w- c:\windows\system32\tzres.dll
2010-10-09 01:05 . 2010-05-27 20:08 81920 ----a-w- c:\windows\system32\iccvid.dll
2010-10-09 01:04 . 2010-01-06 15:39 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-10-09 01:04 . 2010-04-16 16:43 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-10-09 01:04 . 2010-04-16 14:39 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-10-07 08:40 . 2010-10-07 08:40 -------- d-----w- c:\program files\Windows Portable Devices
2010-10-07 08:22 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2010-10-07 08:22 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2010-10-07 08:22 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2010-10-07 08:20 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2010-10-07 08:20 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2010-10-07 08:20 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2010-10-07 01:15 . 2010-06-11 16:15 1248768 ----a-w- c:\windows\system32\msxml3.dll
2010-10-07 01:14 . 2010-04-16 16:46 502272 ----a-w- c:\windows\system32\usp10.dll
2010-10-06 21:27 . 2010-08-17 14:11 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-10-06 21:26 . 2010-06-17 18:08 10926592 ----a-w- c:\program files\Movie Maker\MOVIEMK.dll
2010-10-06 21:26 . 2010-06-17 16:16 150016 ----a-w- c:\program files\Movie Maker\MOVIEMK.exe
2010-10-06 21:26 . 2009-10-23 17:10 714240 ----a-w- c:\windows\system32\timedate.cpl
2010-10-06 21:26 . 2010-04-05 17:02 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-10-06 20:45 . 2010-10-06 20:45 -------- d-----w- c:\users\sorgalim\AppData\Roaming\McAfee
2010-10-06 09:37 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-10-06 09:37 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc.dll
2010-10-06 09:37 . 2010-01-25 08:21 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-10-06 09:37 . 2010-01-25 08:21 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-10-06 09:37 . 2010-01-25 08:21 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-10-06 09:37 . 2010-01-25 08:21 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-10-06 09:37 . 2010-01-25 12:00 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-10-06 09:37 . 2010-01-25 12:00 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-10-06 09:37 . 2010-01-25 11:58 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-10-06 09:32 . 2010-08-17 10:52 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2010-10-06 09:32 . 2010-06-16 16:04 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-10-06 09:31 . 2010-05-27 20:08 739328 ----a-w- c:\windows\system32\inetcomm.dll
2010-10-06 08:53 . 2009-09-10 14:58 1418752 ----a-w- c:\program files\Windows Media Player\setup_wm.exe
2010-10-06 08:53 . 2009-09-10 14:58 310784 ----a-w- c:\windows\system32\unregmp2.exe
2010-10-06 03:36 . 2010-10-06 04:04 -------- d-----w- C:\Combo-Fix
2010-10-06 02:50 . 2010-10-06 02:56 -------- d-----w- c:\users\sorgalim\AppData\Roaming\ImgBurn
2010-10-06 02:31 . 2010-10-06 02:31 -------- d-----w- c:\users\sorgalim\AppData\Local\Threat Expert
2010-10-06 02:31 . 2010-10-06 02:31 -------- d-----w- c:\program files\ImgBurn
2010-10-05 22:43 . 2010-10-06 21:22 -------- d-----w- C:\TDSSKiller_Quarantine
2010-09-27 06:23 . 2010-09-27 06:23 -------- d-----w- c:\program files\HJT
2010-09-27 04:48 . 2010-10-06 22:44 -------- d-----w- c:\program files\Mal
2010-09-26 22:35 . 2010-10-05 01:14 -------- d-----w- c:\users\sorgalim\ProcessExplorer
2010-09-26 22:20 . 2010-09-27 04:37 -------- d-----w- c:\program files\MAW
2010-09-26 21:54 . 2010-10-05 04:19 -------- d-----w- c:\users\sorgalim\malware_remove
2010-09-26 21:21 . 2010-09-26 21:21 -------- d-----w- c:\program files\Enigma Software Group
2010-09-26 21:20 . 2010-10-07 04:16 -------- d-----w- c:\windows\CED3DF1E01D145ADBF3364AE5E8843B8.TMP
2010-09-26 21:20 . 2010-09-26 21:20 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-09-26 20:59 . 2010-10-06 21:37 -------- d-----w- c:\programdata\PC Tools
2010-09-26 20:54 . 2010-09-26 20:54 -------- d-----w- C:\!KillBox
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-05 21:55 . 2009-09-24 15:12 66560 ----a-w- c:\windows\system32\drivers\smb.sys
2010-09-22 06:46 . 2010-09-22 06:45 3446576 ----a-w- c:\users\sorgalim\errorfix.exe
2010-09-19 06:04 . 2010-09-19 06:04 4227960 ----a-w- c:\users\sorgalim\WRCFree.exe
2010-09-19 05:27 . 2010-09-19 05:27 5057776 ----a-w- c:\users\sorgalim\ParetoLogic PC Health Advisor.exe
2010-09-16 04:17 . 2010-09-16 07:12 133582520 ----a-w- c:\users\sorgalim\Ad-AwareInstall.exe
2010-09-08 22:04 . 2010-09-08 22:02 14985616 ----a-w- c:\users\sorgalim\mpas-fe.exe
2010-09-08 16:08 . 2010-09-08 19:24 15395728 ----a-w- c:\users\sorgalim\fel.exe
2010-08-24 19:57 . 2010-04-15 07:57 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-08-24 19:57 . 2010-04-15 07:55 84264 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-08-24 19:57 . 2010-04-15 07:55 64304 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2010-08-24 19:57 . 2010-04-15 07:55 164808 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2010-08-24 19:57 . 2010-04-15 07:55 386712 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-08-24 19:57 . 2010-04-15 07:55 312904 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-08-24 19:57 . 2010-04-15 07:55 95600 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-08-24 19:57 . 2010-04-15 07:55 55840 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-08-24 19:57 . 2009-01-14 00:29 52104 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-08-24 19:57 . 2009-01-14 00:29 152992 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-08-07 05:48 . 2010-08-07 05:48 8558288 ----a-w- c:\users\sorgalim\FCTBSetup.exe
2010-08-07 05:39 . 2010-08-07 05:38 12839035 ----a-w- c:\users\sorgalim\FreeSoundRecorder.exe
2010-08-07 05:33 . 2010-08-07 05:32 1405456 ----a-w- c:\users\sorgalim\AAudioSetup.exe
2010-08-07 05:17 . 2010-08-07 05:17 1686016 ----a-w- c:\users\sorgalim\ACamSetup.exe
.
------- Sigcheck -------
[7] 2010-06-26 . F05B3A2C6CB319DD1377AD566CF5ECE5 . 638232 . . [8.00.6001.18702] . . c:\windows\SoftwareDistribution\Download\084425f324bab37637b0082391287093\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23040_none_12a958f24909fe6f\iexplore.exe
[7] 2010-06-26 . 7420BE0E7D3D1320054F7ACA0594953D . 638232 . . [8.00.6001.18702] . . c:\windows\SoftwareDistribution\Download\084425f324bab37637b0082391287093\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18943_none_1222e6c92fe9748f\iexplore.exe
[7] 2010-05-04 . 48A6109E8DF0365195298CC527B7426A . 638232 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23019_none_12d2cb5048e98eab\iexplore.exe
[7] 2010-05-04 . 5C9B1062EA7A44E8F6BFDE994B68C7AA . 638232 . . [8.00.6001.18702] . . c:\windows\ERDNT\cache\iexplore.exe
[-] 2010-05-04 06:00 . !HASH: COULD NOT OPEN FILE !!!!! . 638232 . . [------] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18928_none_123d88132fd4bb60\iexplore.exe
[7] 2010-02-23 . 25DB705A7DC85C208B3CF2D20F118AA7 . 638232 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22995_none_127872a6492dd595\iexplore.exe
[7] 2010-02-23 . 9F52FBE99C749E3F32C75124F09F1B03 . 638232 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18904_none_124f26c32fc81e22\iexplore.exe
[7] 2010-01-02 . 3D8DA00B028DEA9517066F1CECBFC4A2 . 638216 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22973_none_128c11ea491f6b05\iexplore.exe
[7] 2010-01-02 . 88BD42DAE7CFFEB256CA7145A15E4843 . 638216 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18882_none_11f6a4e9300acdd5\iexplore.exe
[7] 2009-11-21 . E7F8DF50E483D165BB01F367D3519AA7 . 638232 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22956_none_12a4b2a0490c7f28\iexplore.exe
[7] 2009-11-21 . 1B6362BB14FCEB9E76BCF9A953B04788 . 638232 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18865_none_120f459f2ff7e1f8\iexplore.exe
[7] 2009-08-27 . 7DD482E4A2E3CBB0A72F718C342F5B75 . 638216 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22918_none_12d1f2e448ea4212\iexplore.exe
[7] 2009-08-27 . 2E48756F12C21F46895036AC089AAD97 . 638232 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18828_none_123d862d2fd4be39\iexplore.exe
[7] 2009-07-22 . 4B5AEA50CE77FBA4C2D169622DC9B489 . 638232 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22903_none_12d7c15e48e6a76e\iexplore.exe
[7] 2009-07-21 . C33BD196A0301F9B23D9A003D30ED8B0 . 638216 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18813_none_124354a72fd12395\iexplore.exe
[7] 2009-07-18 . 1D8163DBFECAEDB9C48C5F55084BC491 . 634648 . . [7.00.6001.18294] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18294_none_2f04b5b11a43dbec\iexplore.exe
[7] 2009-07-18 . 1D5A01AA2DE47C052AF46D7EBCB003A3 . 634648 . . [7.00.6000.16890] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16890_none_2d1a75e31d20e59f\iexplore.exe
[7] 2009-07-18 . 7FCF4E704A48D95202F3E7A1E1A21412 . 634648 . . [7.00.6000.21089] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.21089_none_2db7bd56362e80c9\iexplore.exe
[7] 2009-07-18 . EBEE9E4421F35CD861107DDA0266FBB1 . 634648 . . [7.00.6001.22475] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22475_none_2fa4f48433505a52\iexplore.exe
[7] 2009-04-24 . 1F44940EF1D07D0BDAF80E55853DFBD0 . 634648 . . [7.00.6000.16851] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16851_none_2d46b5dd1cff8f32\iexplore.exe
[7] 2009-04-24 . F294D8EEB05C835EC44A12CE0A1DFE7A . 634632 . . [7.00.6001.18248] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18248_none_2f3ec6751a17b593\iexplore.exe
[7] 2009-04-24 . D5271AC4A06AD9D1E2EA0151B79B2657 . 634648 . . [7.00.6000.21046] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.21046_none_2ddffc283610c500\iexplore.exe
[7] 2009-04-24 . D6157423C117F24D24695866A1D0A93F . 634648 . . [7.00.6001.22418] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22418_none_2fe8d4ea331cfeb1\iexplore.exe
[7] 2009-04-11 . 2C5168C856455CC43C4B4E1CC1920001 . 636080 . . [7.00.6002.18005] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6002.18005_none_314d791517204c15\iexplore.exe
[7] 2009-03-08 . B60DDDD2D63CE41CB8C487FCFBB6419E . 638816 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18702_none_124d22632fc9f126\iexplore.exe
[7] 2009-03-03 . 9E6C1527D9A2C64BFD780AA23075380F . 636072 . . [7.00.6001.18226] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18226_none_2f5265b91a094b03\iexplore.exe
[7] 2009-03-03 . 8BA2B7A05F88BE0D45237A0994AD8366 . 636072 . . [7.00.6001.22389] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22389_none_2f9e23da3354de78\iexplore.exe
[7] 2009-03-03 . EA4BE33726155F89D89A3FE7142878E0 . 636072 . . [7.00.6000.16830] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16830_none_2d5b556b1cf03df9\iexplore.exe
[7] 2009-03-03 . 1DD66A2851DACDEC32EAE8F9A8865ABD . 636072 . . [7.00.6000.21023] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.21023_none_2df29b2236034119\iexplore.exe
[7] 2009-01-15 . F0B1CA517977BA2FF6DA33F1B966C488 . 634024 . . [7.00.6000.20996] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20996_none_2daa146a36391d73\iexplore.exe
[7] 2009-01-15 . 0844F5B9CB3BB85A917D347EF1565B6C . 634024 . . [7.00.6000.16809] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16809_none_2d84c7c91ccfce35\iexplore.exe
[7] 2008-10-16 . D762642A109433EEDCD332B0A9511137 . 634024 . . [7.00.6000.16764] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16764_none_2d3ee4e91d04fa01\iexplore.exe
[7] 2008-10-16 . 4CBA2F58668F2D5F3259CBE73E227F25 . 634024 . . [7.00.6000.20937] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20937_none_2debf43c36078f24\iexplore.exe
[7] 2008-10-02 . 19403B64906C9EAC627E3C10847B0FDA . 633632 . . [7.00.6000.16757] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16757_none_2d4cb5b31cfa2a15\iexplore.exe
[7] 2008-10-02 . 6655B851D9EEF7C83395EE52D551B448 . 633632 . . [7.00.6000.20927] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20927_none_2df6c42835ff7333\iexplore.exe
[7] 2008-09-09 . 157F8DE991396C536820D7FA5C8DCF7D . 625664 . . [7.00.6000.16711] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16711_none_2d71f3a71cdf2247\iexplore.exe
[7] 2008-09-09 . 4DBD95312B1C96C5285D38F1D748CD4D . 625664 . . [7.00.6000.20868] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20868_none_2dcc82dc361eff27\iexplore.exe
[7] 2008-01-19 . 5B92133D3E7FB2644677686305E29E81 . 625664 . . [7.00.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18000_none_2f62000919fe80c9\iexplore.exe
[7] 2007-08-26 . 9B3516C1F30DA17ADD3818573047D63C . 625152 . . [7.00.6000.20583] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20583_none_2db1dbe03633c0e1\iexplore.exe
[7] 2007-08-26 . 10BDB55982586A432A3951EB19A26009 . 625152 . . [7.00.6000.16473] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16473_none_2d330f011d0e0526\iexplore.exe
[7] 2006-11-02 . 8308F01F27DF839E0010B0F72F855E35 . 623616 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16386_none_2d2b3e0d1d136ff5\iexplore.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AOLOverlayIcon]
@="{AB0C8BE3-041C-47d6-8195-E089D32B38DD}"
[HKEY_CLASSES_ROOT\CLSID\{AB0C8BE3-041C-47d6-8195-E089D32B38DD}]
2007-08-15 16:42 303104 ------w- c:\ddi\OverIcon.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2007-06-25 4489216]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-29 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-29 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-29 133656]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-06-08 118784]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2007-06-12 317560]
"DXM6Patch_981116"="c:\windows\p_981116.exe" [1998-12-01 497376]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2008-07-10 29984]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2008-07-10 46368]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"Skytel"="Skytel.exe" [2007-06-25 1826816]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-06-25 1193848]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2009-01-19 1150976]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2009-01-09 114688]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-07-25 02:26 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk
backup=c:\windows\pss\Adobe Acrobat Synchronizer.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Reality Fusion GameCam SE.lnk]
backup=c:\windows\pss\Reality Fusion GameCam SE.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^Users^sorgalim^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
backup=c:\windows\pss\LimeWire On Startup.lnkStartup
[HKLM\~\startupfolder\C:^Users^sorgalim^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 07:38 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW6]
2008-06-10 21:18 785520 ------w- c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-29 00:30 28672 ----a-w- c:\windows\System32\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2008-09-09 23:24 20480 ----a-w- c:\program files\Real\RealPlayer\realplay.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-08-26 21:43 77824 ----a-w- c:\program files\Java\jre1.6.0\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Center Access Bar]
2007-06-21 23:54 53248 ----a-w- c:\program files\Sony\VAIO Center Access Bar\VCAB.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIOSurvey]
2007-07-20 22:30 577536 ----a-w- c:\program files\Sony\VAIO Survey\Vista VAIO Survey.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VWLASU]
2007-07-12 18:31 45056 ----a-w- c:\program files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [x]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-08-24 84264]
R3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\Sony\VAIO Media Integrated Server\UCLS.exe [2007-01-10 745472]
R3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2007-06-20 397312]
R3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-06-20 1089536]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2007-07-13 292152]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2007-07-06 79736]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2008-01-19 16896]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2010-08-24 64304]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-08-24 164808]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2010-05-20 88176]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-08-24 188136]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-08-24 141792]
S2 NSUService;NSUService;c:\program files\Sony\Network Utility\NSUService.exe [2007-06-29 200704]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-08-24 55840]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-08-24 312904]
S3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2007-06-05 812544]
--- Other Services/Drivers In Memory ---
*Deregistered* - mfeavfk01
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
2010-10-26 c:\windows\Tasks\User_Feed_Synchronization-{382E0E8B-2C6E-4DCA-975D-AE0DA868DC1C}.job
- c:\windows\system32\msfeedssync.exe [2010-06-13 04:30]
2010-10-26 c:\windows\Tasks\User_Feed_Synchronization-{5AEE247A-956D-47E6-9D9E-512F81518B73}.job
- c:\windows\system32\msfeedssync.exe [2010-06-13 04:30]
2010-09-11 c:\windows\Tasks\User_Feed_Synchronization-{71175874-2CFD-4E43-8EED-DFC87258B26B}.job
- c:\windows\system32\msfeedssync.exe [2010-06-13 04:30]
2010-10-26 c:\windows\Tasks\User_Feed_Synchronization-{EB2E239E-B845-49C6-9F1A-E479D6E8659C}.job
- c:\windows\system32\msfeedssync.exe [2010-06-13 04:30]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/def ... earch.html
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 4.0\resources\en-US\local\search.html
IE: &Google Search - c:\program files\Google\googletoolbar.dll/cmsearch.html
IE: Backward &Links - c:\program files\Google\googletoolbar.dll/cmbacklinks.html
IE: Cac&hed Snapshot of Page - c:\program files\Google\googletoolbar.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Si&milar Pages - c:\program files\Google\googletoolbar.dll/cmsimilar.html
IE: Translate into English - c:\program files\Google\googletoolbar.dll/cmtrans.html
Trusted Zone: convergysworkathome.com\www
Trusted Zone: internet
Trusted Zone: kidzui.com\www
Trusted Zone: mcafee.com
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-26 00:37
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'Explorer.exe'(5512)
c:\progra~1\mcafee\SITEAD~1\saHook.dll
c:\ddi\overicon.dll
c:\windows\system32\btneighborhood.dll
c:\windows\system32\wbtapi.dll
c:\windows\system32\btwpimif.dll
c:\windows\system32\btosif.dll
c:\windows\system32\btrez.dll
c:\windows\system32\CSH.dll
c:\windows\system32\BtXpPanel.Dll
c:\windows\system32\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\OGAExec.exe
c:\program files\Sony\VAIO Service Utility\VAIO-SUTOOL.exe
c:\program files\Sony\VAIO Update 3\VAIOUpdt.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\windows\system32\rundll32.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\program files\Sony\VAIO Event Service\VESMgrSub.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Common Files\McAfee\SystemCore\mfefire.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
c:\program files\Sony\VAIO Power Management\SPMgr.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Common Files\McAfee\Core\mchost.exe
.
**************************************************************************
.
Completion time: 2010-10-26 00:50:02 - machine was rebooted
ComboFix-quarantined-files.txt 2010-10-26 05:49
ComboFix2.txt 2010-10-23 07:09
ComboFix3.txt 2010-10-08 06:48
ComboFix4.txt 2010-10-07 04:54
ComboFix5.txt 2010-10-26 03:38
Pre-Run: 53,618,790,400 bytes free
Post-Run: 52,741,750,784 bytes free
- - End Of File - - F9759071A15B94896E721B68781073FC
###############################################################################
###############################################################################
Malwarebytes' Anti-Malware 1.46
http://www.malwarebytes.org
Database version: 4993
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18928
10/29/2010 9:05:26 PM
mbam-log-2010-10-29 (21-05-26).txt
Scan type: Full scan (C:\|D:\|E:\|F:\|)
Objects scanned: 353709
Time elapsed: 2 hour(s), 51 minute(s), 58 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{fe4c2c37-edc8-4c00-b864-3c38cf3ba834} (Adware.Adshot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\10DPP6O2VE (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ZE18MW23GY (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\HostOL.MailAnim (Adware.Hotbar) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\TDSSKiller_Quarantine\05.10.2010_17.42.10\susp0000\svc0000\tsk0000.dta (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\05.10.2010_20.04.17\susp0000\svc0000\tsk0000.dta (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\06.10.2010_16.21.53\susp0000\svc0000\tsk0000.dta (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\Users\sorgalim\Feeding Frenzy 2.4.2.3 (GameHouse)\FeedingFrenzy_kg.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.