ComboFix 09-06-12.04 - saulav 13/06/2009 23:34.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.61.1033.18.1021.204 [GMT 10:00]
Running from: c:\users\saulav\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
SP: Kaspersky Internet Security *disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\video activex access
c:\users\saulav\AppData\Roaming\inst.exe

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_NPF


(((((((((((((((((((((((((   Files Created from 2009-05-13 to 2009-06-13  )))))))))))))))))))))))))))))))
.

2009-06-13 13:43 . 2009-06-13 13:52	--------	d-----w-	c:\users\saulav\AppData\Local\temp
2009-06-13 13:13 . 2009-06-13 13:13	1342151	----a-w-	C:\MGtools.exe
2009-06-13 08:13 . 2009-06-13 08:23	--------	d-----w-	c:\users\saulav\AppData\Local\Adobe
2009-06-13 06:13 . 2009-06-13 06:13	--------	d-----w-	c:\windows\Sun
2009-06-10 20:51 . 2009-04-21 11:55	2033152	----a-w-	c:\windows\system32\win32k.sys
2009-06-10 20:51 . 2009-04-23 12:42	636928	----a-w-	c:\windows\system32\localspl.dll
2009-06-10 20:51 . 2009-04-23 12:43	784896	----a-w-	c:\windows\system32\rpcrt4.dll
2009-06-09 03:41 . 2009-06-11 21:56	--------	d-----w-	c:\program files\PremierOpinion
2009-05-25 12:29 . 2009-05-25 12:29	--------	d-----w-	c:\program files\Common Files\xing shared
2009-05-25 12:28 . 2009-05-25 12:29	--------	d-----w-	c:\program files\Common Files\Real
2009-05-25 12:28 . 2009-05-25 12:28	--------	d-----w-	c:\program files\Real

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-13 13:49 . 2009-03-31 09:49	--------	d-----w-	c:\program files\Steam
2009-06-13 13:49 . 2007-09-07 02:36	--------	d-----w-	c:\programdata\Kaspersky Lab
2009-06-13 13:46 . 2009-01-22 08:01	811040	--sha-w-	c:\windows\system32\drivers\fidbox2.dat
2009-06-13 13:46 . 2009-01-22 08:01	4900	--sha-w-	c:\windows\system32\drivers\fidbox2.idx
2009-06-13 13:46 . 2009-01-22 08:01	4089376	--sha-w-	c:\windows\system32\drivers\fidbox.dat
2009-06-13 13:46 . 2009-01-22 08:01	35124	--sha-w-	c:\windows\system32\drivers\fidbox.idx
2009-06-13 13:45 . 2007-12-03 06:47	12	----a-w-	c:\windows\bthservsdp.dat
2009-06-13 13:20 . 2007-03-14 00:41	13072	----a-w-	c:\users\saulav\AppData\Roaming\nvModes.dat
2009-06-13 06:03 . 2007-03-13 08:40	1356	----a-w-	c:\users\saulav\AppData\Local\d3d9caps.dat
2009-06-13 04:42 . 2008-10-06 00:48	--------	d-----w-	c:\program files\DVDVideoSoft
2009-06-13 04:42 . 2008-10-06 00:48	--------	d-----w-	c:\program files\Common Files\DVDVideoSoft
2009-06-11 17:21 . 2009-03-31 09:49	--------	d-----w-	c:\program files\Common Files\Steam
2009-06-11 17:09 . 2007-03-13 09:25	--------	d-----w-	c:\programdata\Microsoft Help
2009-05-29 05:04 . 2008-12-25 01:10	--------	d-----w-	c:\users\saulav\AppData\Roaming\LimeWire
2009-05-14 00:02 . 2006-11-02 11:18	--------	d-----w-	c:\program files\Windows Mail
2009-05-06 10:27 . 2009-05-06 10:26	--------	d-----w-	c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-05-06 10:27 . 2009-05-06 10:26	--------	d-----w-	c:\program files\iTunes
2009-05-06 10:26 . 2009-05-06 10:26	--------	d-----w-	c:\program files\iPod
2009-05-06 10:26 . 2008-07-26 12:10	--------	d-----w-	c:\program files\Common Files\Apple
2009-05-06 10:19 . 2009-05-06 10:19	75048	----a-w-	c:\programdata\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2009-04-28 11:42 . 2009-04-28 11:42	--------	d-----w-	c:\program files\Photo Viewer V208G2
2009-04-24 16:05 . 2009-06-10 20:50	827904	----a-w-	c:\windows\system32\wininet.dll
2009-04-24 16:02 . 2009-06-10 20:50	78336	----a-w-	c:\windows\system32\ieencode.dll
2009-04-24 13:44 . 2009-06-10 20:50	26624	----a-w-	c:\windows\system32\ieUnatt.exe
2009-04-14 12:20 . 2009-04-14 11:14	22328	----a-w-	c:\windows\system32\drivers\PnkBstrK.sys
2009-04-14 12:20 . 2009-04-14 11:13	22328	----a-w-	c:\users\saulav\AppData\Roaming\PnkBstrK.sys
2009-04-14 12:20 . 2009-04-14 11:13	22328	----a-w-	c:\users\saulav\AppData\Roaming\PnkBstrK.sys
2009-04-14 12:20 . 2009-04-14 11:13	107832	----a-w-	c:\windows\system32\PnkBstrB.exe
2009-04-14 12:19 . 2009-04-14 11:13	2250024	----a-w-	c:\windows\system32\pbsvc.exe
2009-04-14 12:04 . 2009-04-14 11:20	107888	----a-w-	c:\windows\system32\CmdLineExt.dll
2009-04-14 11:13 . 2009-04-14 11:13	66872	----a-w-	c:\windows\system32\PnkBstrA.exe
2009-03-26 05:23 . 2009-03-26 05:23	36864	----a-w-	c:\windows\system32\drivers\usbaapl.sys
2009-03-26 05:23 . 2009-03-26 05:23	1900544	----a-w-	c:\windows\system32\usbaaplrc.dll
2009-03-19 06:32 . 2009-05-06 10:27	23400	----a-w-	c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-19 06:32 . 2009-03-19 06:32	23400	----a-w-	c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2009-03-17 03:38 . 2009-04-15 10:20	13824	----a-w-	c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-15 10:20	24064	----a-w-	c:\windows\system32\amxread.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2006-11-06 00:46	2854912	----a-w-	c:\program files\Protector Suite QL\farchns.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2006-11-06 00:46	2854912	----a-w-	c:\program files\Protector Suite QL\farchns.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Steam"="c:\program files\Steam\Steam.exe" [2009-06-11 1217784]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-27 815104]
"PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2006-11-06 49168]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2006-12-12 411768]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-07 55416]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2006-12-11 530552]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-23 33648]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2006-12-07 90191]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-12-07 7766016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-12-07 81920]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-02-04 201992]
"QuickTime Task"="c:\program files\K-Lite Codec Pack\QuickTime\QTTask.exe" [2009-01-05 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-08 148888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-05-25 198160]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2006-11-07 3772416]
"NDSTray.exe"="NDSTray.exe" [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"DisableCAD"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2006-11-06 00:34	52224	----a-w-	c:\windows\System32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd.dll c:\progra~1\KASPER~1\KASPER~1\adialhk.dll c:\progra~1\KASPER~1\KASPER~1\kloehk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages	REG_MULTI_SZ   	scecli psqlpwd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{8D9CBB99-1448-45BC-96D7-9C9F62A41653}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{5115A065-0EE7-4A78-ABB7-700D8F0C80C6}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{51FD3047-98D6-4844-9904-C5925DF4918A}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{CB7DC48D-1159-4AA8-B15E-B3CB9495860E}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{4BE8D8F9-84B4-406E-A341-B597A9BD17CB}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{5A8376ED-0A4D-4FC4-A48D-7DDEA966B6BE}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:msnmsgr
"{AF6CBE19-19B5-4498-AF05-E0BC2D3F8FE6}"= TCP:c:\program files\MSN Messenger\msnmsgr.exe:msnmsgr
"TCP Query User{800648BC-6936-46A8-845B-7DDC90D79171}c:\\stubinstaller.exe"= UDP:C:\stubinstaller.exe:LimeWire swarmed installer
"UDP Query User{D3CE212A-E0B6-4260-B6E5-EB2FEEC29A39}c:\\stubinstaller.exe"= TCP:C:\stubinstaller.exe:LimeWire swarmed installer
"{0160C99A-E1CA-433B-8BEC-90C8C832E79F}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{2B87CC29-0C50-4686-B9F1-D10C9FDE94A7}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{166C9208-6642-4A17-95D9-0120E8D947EF}c:\\program files\\azureus\\azureus.exe"= UDP:c:\program files\azureus\azureus.exe:Azureus
"UDP Query User{52C87412-BE27-468C-A266-B11E43D2521E}c:\\program files\\azureus\\azureus.exe"= TCP:c:\program files\azureus\azureus.exe:Azureus
"{B3A85734-8007-4DD7-A178-5A91AD6B4F46}"= UDP:40142:T
"TCP Query User{32A579CC-5FD4-4F64-9CF3-5879B152B497}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{889CD024-3D83-4479-8A52-80993C1D0C4F}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{417D13F3-7E25-46C3-AFE9-7B0CD475A60C}c:\\program files\\tightvnc\\vncviewer.exe"= UDP:c:\program files\tightvnc\vncviewer.exe:vncviewer
"UDP Query User{EE8EC68C-C98B-4065-87D3-78BA5E331567}c:\\program files\\tightvnc\\vncviewer.exe"= TCP:c:\program files\tightvnc\vncviewer.exe:vncviewer
"TCP Query User{329BCCE1-6E6C-422E-B0D6-2ACCE2D97328}c:\\program files\\tightvnc\\winvnc.exe"= UDP:c:\program files\tightvnc\winvnc.exe:TightVNC Win32 Server
"UDP Query User{1CDC3BA4-BB56-4619-A25D-314899986F2A}c:\\program files\\tightvnc\\winvnc.exe"= TCP:c:\program files\tightvnc\winvnc.exe:TightVNC Win32 Server
"TCP Query User{150D3CD0-5F73-45F8-97DC-3FFAC6CFA991}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{FBC56893-55CF-41EF-81FB-7D2C2E579671}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{5E9EDA15-887C-49AC-9528-2FE5642C50F9}c:\\program files\\logitech\\desktop messenger\\8876480\\program\\logitechdesktopmessenger.exe"= UDP:c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe:Logitech Desktop Messenger
"UDP Query User{4ED30FE4-6138-4298-AD0B-FA5C32136ABA}c:\\program files\\logitech\\desktop messenger\\8876480\\program\\logitechdesktopmessenger.exe"= TCP:c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe:Logitech Desktop Messenger
"TCP Query User{762AAD32-023D-4763-8C63-34FF046B8663}d:\\nsf mw\\speed.exe"= UDP:d:\nsf mw\speed.exe:speed
"UDP Query User{291B5868-4D8B-4E1E-B4BD-BF37C4E1922B}d:\\nsf mw\\speed.exe"= TCP:d:\nsf mw\speed.exe:speed
"TCP Query User{F82E55D7-FD67-4296-8A85-12EF4C6C1FCA}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{C10C8D01-6B96-4345-9EA2-E97E68D77415}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{D6EADB5A-B2FD-467B-8FD6-23B960CB529D}c:\\program files\\azureus\\azureus.exe"= UDP:c:\program files\azureus\azureus.exe:Azureus
"UDP Query User{804F9452-1776-4331-87FC-0A75328E4325}c:\\program files\\azureus\\azureus.exe"= TCP:c:\program files\azureus\azureus.exe:Azureus
"TCP Query User{D81711DA-F166-4112-9BE5-E99318186253}c:\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\program files\bittorrent\bittorrent.exe:bittorrent
"UDP Query User{FD2974F2-2EFA-4CFC-A959-43ACD44754BC}c:\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\program files\bittorrent\bittorrent.exe:bittorrent
"TCP Query User{799DB27F-6F0E-4383-867C-B0C36412BAFD}c:\\users\\saulav\\documents\\bitdownload\\bitdownload.exe"= UDP:c:\users\saulav\documents\bitdownload\bitdownload.exe:bitdownload.exe
"UDP Query User{9573C200-7479-4C18-8CA9-5A26AED86967}c:\\users\\saulav\\documents\\bitdownload\\bitdownload.exe"= TCP:c:\users\saulav\documents\bitdownload\bitdownload.exe:bitdownload.exe
"TCP Query User{4DD4365D-4EF2-4B59-8F7A-9AA128692D12}c:\\users\\saulav\\documents\\bitdownload\\bitdownload.exe"= UDP:c:\users\saulav\documents\bitdownload\bitdownload.exe:bitdownload.exe
"UDP Query User{48EAA48D-1BFD-45A6-8782-8C288D97A9A4}c:\\users\\saulav\\documents\\bitdownload\\bitdownload.exe"= TCP:c:\users\saulav\documents\bitdownload\bitdownload.exe:bitdownload.exe
"{56DB85FA-3CF5-4170-8117-6DF4338E6117}"= Disabled:UDP:c:\program files\M3\M3.exe:M3 - Movies & Music for your Mobile
"{962456D4-B9B9-41BD-B537-0EE5CD21057D}"= Disabled:TCP:c:\program files\M3\M3.exe:M3 - Movies & Music for your Mobile
"TCP Query User{9D76B84A-4A64-4747-9DD3-44170B2C2299}c:\\program files\\bitcomet\\bitcomet.exe"= UDP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{06660525-C484-4FF2-AB46-53B65DB17897}c:\\program files\\bitcomet\\bitcomet.exe"= TCP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"{64D9286C-0389-41E9-A8A9-21BC85DCF935}"= UDP:c:\program files\FrostWire\FrostWire.exe:FrostWire 4.17.2
"{508B5FB9-06C7-4FA5-9A00-913D8842549B}"= TCP:c:\program files\FrostWire\FrostWire.exe:FrostWire 4.17.2
"{D3BFC536-929E-40B6-9E5B-A1653EA9F9F7}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxbkpswx.exe:Printer Status Window
"{9645119A-8487-42B8-9829-07F08A6124D0}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxbkpswx.exe:Printer Status Window
"{EC5851DA-CF65-4E8E-A8FE-9F08D9FACB91}"= UDP:c:\windows\System32\lxbkcoms.exe:Lexmark Communications System
"{9EB68529-5082-4110-BAAE-C22FBC91EAE4}"= TCP:c:\windows\System32\lxbkcoms.exe:Lexmark Communications System
"{03B5C7CE-6328-418C-B9DD-56092239083C}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{C4194955-D456-446D-9D40-A4D9023C947F}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{81392AAA-1142-43A0-B850-1C684572266C}"= UDP:c:\program files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutLauncher.exe:Burnout(TM) Paradise The Ultimate Box
"{B2C42870-EB29-4B2B-8FF5-777F4AC92C5E}"= TCP:c:\program files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutLauncher.exe:Burnout(TM) Paradise The Ultimate Box
"{AEE39A19-53F6-4CA7-973B-20A873095201}"= UDP:c:\program files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutConfigTool.exe:Burnout(TM) Paradise The Ultimate Box
"{5B189E4F-1A01-4A3F-888E-C096E6E361E0}"= TCP:c:\program files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutConfigTool.exe:Burnout(TM) Paradise The Ultimate Box
"{CFA69475-0F1D-427A-ABFA-1721BA6BDB79}"= UDP:c:\program files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutParadise.exe:Burnout(TM) Paradise The Ultimate Box
"{8D8ED1AE-086C-4678-A296-4851223A7B4D}"= TCP:c:\program files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutParadise.exe:Burnout(TM) Paradise The Ultimate Box
"{22D5F632-2E07-47AF-9B89-06F4F0C62DF5}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{2065FBEB-92EA-42A8-BDEC-4A07F4B46535}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{424FE2BA-B630-4D14-BF67-9B60A810AE3E}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{580F416F-4E9E-46FA-8A57-A71405EE8D75}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{A6EF433B-CB4D-4A6F-B48B-802D18BDF3B2}"= UDP:c:\program files\Ubisoft\Far Cry 2\bin\FarCry2.exe:Far Cry 2
"{D99CBE5C-D8E5-4C77-8B9B-477EBFEDD107}"= TCP:c:\program files\Ubisoft\Far Cry 2\bin\FarCry2.exe:Far Cry 2
"{52C72176-AA53-425E-AD4C-E76DE4B802AA}"= UDP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:Far Cry 2 Updater
"{92E7F409-6599-4675-A9CF-59D0724B3C09}"= TCP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:Far Cry 2 Updater
"{77742CA7-C35C-4180-8799-EA68111FAC32}"= UDP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Editor.exe:Editor
"{2571ECF3-5758-4651-9198-B8754CE5FCF3}"= TCP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Editor.exe:Editor
"{D861937E-53B4-4731-AE24-1856761CF816}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{DA37D5F4-5BEA-473E-9DEA-D96615AA7315}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{187BB666-56EE-4043-9EF7-EF0313BEA56A}"= UDP:c:\windows\Temp\~osE61B.tmp\ossproxy.exe:ossproxy.exe
"{2F60FBBE-ACEF-4D8B-B69C-63B521E8FD50}"= UDP:c:\program files\PremierOpinion\pmropn.exe:pmropn.exe
"{F20502C0-20BD-4AB2-9AEF-6E0063E55228}"= TCP:c:\program files\PremierOpinion\pmropn.exe:pmropn.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-02-04 33808]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2008-03-26 20496]
S2 lxbk_device;lxbk_device;c:\windows\system32\lxbkcoms.exe [2008-02-18 537256]
S2 PremierOpinion;PremierOpinion;c:\program files\PremierOpinion\pmservice.exe [2009-03-30 45056]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
S3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs	REG_MULTI_SZ   	BthServ
WindowsMobile	REG_MULTI_SZ   	wcescomm rapimgr
LocalServiceRestricted	REG_MULTI_SZ   	WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder

2009-06-13 c:\windows\Tasks\User_Feed_Synchronization-{6C4AF668-2706-4DF4-B85F-42C96EA29050}.job
- c:\windows\system32\msfeedssync.exe [2008-06-18 07:33]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-PWRISOVM.EXE - c:\program files\PowerISO\PWRISOVM.EXE


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
uInternet Settings,ProxyOverride = *.local
Trusted Zone: mousebreaker.com\www
FF - ProfilePath - c:\users\saulav\AppData\Roaming\Mozilla\Firefox\Profiles\d3w9579b.default\
FF - component: c:\program files\PremierOpinion\components\pmxg.dll
FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin.dll
FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin3.dll
FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin4.dll
FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin5.dll
FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin6.dll
FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin7.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-13 23:53
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ... 

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2729310583-2630721808-537420161-1000\Software\SecuROM\License information*]
"datasecu"=hex:02,b8,6e,59,6d,a8,09,b6,53,29,7b,c5,55,97,b7,58,3d,fa,26,66,8f,
   9b,3a,34,bf,25,67,6e,d9,49,5b,81,f7,1c,cf,75,60,a4,6d,ac,a8,1a,4b,ff,d5,30,\
"rkeysecu"=hex:4b,73,64,c8,a5,e4,d8,58,6e,56,55,a7,72,bb,15,d4

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0[/u]000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(676)
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\homefus2.dll
c:\program files\Protector Suite QL\infra.dll

- - - - - - - > 'Explorer.exe'(5700)
c:\program files\PremierOpinion\pmls.dll
c:\program files\Protector Suite QL\farchns.dll
c:\program files\Protector Suite QL\infra.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\Protector Suite QL\upeksvr.exe
c:\windows\System32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Toshiba\ConfigFree\CFSvcs.exe
c:\windows\System32\PnkBstrA.exe
c:\windows\System32\PnkBstrB.exe
c:\windows\System32\TODDSrv.exe
c:\program files\Toshiba\Power Saver\TosCoSrv.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\System32\WUDFHost.exe
c:\windows\System32\CF22583.exe
c:\program files\Toshiba\ConfigFree\NDSTray.exe
c:\program files\Synaptics\SynTP\SynToshiba.exe
c:\program files\Protector Suite QL\psqltray.exe
c:\windows\System32\rundll32.exe
c:\windows\ehome\ehmsas.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\Windows Media Player\wmplayer.exe
c:\program files\Toshiba\ConfigFree\CFSwMgr.exe
c:\program files\PremierOpinion\pmropn.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2009-06-13  0:00 - machine was rebooted
ComboFix-quarantined-files.txt  2009-06-13 14:00

Pre-Run: 17,141,342,208 bytes free
Post-Run: 18,029,961,216 bytes free

311	--- E O F ---	2009-06-11 17:09