Banner Ads Hijacked by VIMAX

I saw previous postings and answers for this. I have run COMBOFIX already. Here is the log....
These VIMAX ads are obnoxious.....
Thanks Mark

ComboFix 08-12-09.03 - Mark 2008-12-10 23:54:11.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1089 [GMT -5:00]
Running from: c:\users\Mark\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\postnet bar code\_INSTALL.exe
c:\windows\system32\dfcmjngi.ini
c:\windows\System32\GfegPXbc.ini
c:\windows\System32\GfegPXbc.ini2
c:\windows\system32\hcvmbeii.ini
c:\windows\system32\iayepidi.ini
c:\windows\system32\lwqymqix.ini
c:\windows\system32\nkfmenav.ini
c:\windows\system32\pffgdaap.ini
c:\windows\system32\rmseeqev.ini
c:\windows\system32\taeytkea.ini
c:\windows\system32\tuvDJTwa.ini
c:\windows\System32\tuvDJTwa.ini2
c:\windows\system32\uamvveus.ini
c:\windows\system32\uwpmewlh.ini
c:\windows\System32\VCbdcMoq.ini
c:\windows\System32\VCbdcMoq.ini2
c:\windows\system32\vebdkvlh.ini
c:\windows\system32\x64

.
((((((((((((((((((((((((( Files Created from 2008-11-11 to 2008-12-11 )))))))))))))))))))))))))))))))
.

2008-12-10 03:04 . 2008-10-21 20:22 2,048 --a------ c:\windows\System32\tzres.dll
2008-12-09 23:03 . 2008-10-31 20:21 4,240,384 --a------ c:\windows\System32\GameUXLegacyGDFs.dll
2008-12-09 23:03 . 2008-10-21 00:25 296,960 --a------ c:\windows\System32\gdi32.dll
2008-12-09 23:03 . 2008-10-31 22:44 28,672 --a------ c:\windows\System32\Apphlpdm.dll
2008-12-09 08:31 . 2008-12-09 08:31 <DIR> d-------- c:\program files\Verizon Wireless
2008-12-04 01:08 . 2008-12-04 01:08 2,507,050 --a------ C:\3.wmv
2008-12-04 01:06 . 2008-12-04 01:06 925,700 --a------ C:\mov03.mpeg
2008-12-04 01:03 . 2008-12-04 01:03 1,949,512 --a------ C:\4.wmv
2008-12-03 17:44 . 2008-12-03 17:44 <DIR> d-------- C:\RolandPC60
2008-12-03 16:09 . 2008-12-03 16:09 334,873 --a------ C:\pc60_31.zip
2008-11-26 11:54 . 2008-10-21 22:57 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
2008-11-26 11:53 . 2008-10-21 00:25 1,645,568 --a------ c:\windows\System32\connect.dll
2008-11-26 11:53 . 2008-08-27 22:40 712,704 --a------ c:\windows\System32\WindowsCodecs.dll
2008-11-26 11:53 . 2008-08-27 22:40 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll
2008-11-26 11:53 . 2008-08-27 22:40 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll
2008-11-25 22:03 . 2008-11-25 22:03 <DIR> d-------- c:\program files\Microsoft Silverlight
2008-11-25 11:00 . 2008-08-21 22:47 32,803 --a------ c:\windows\System32\tudou.swf
2008-11-25 10:56 . 2008-11-25 11:00 <DIR> d-------- c:\users\All Users\Storm
2008-11-25 10:56 . 2008-11-25 11:00 <DIR> d-------- c:\programdata\Storm
2008-11-25 10:56 . 2008-11-25 10:56 <DIR> d-------- c:\program files\Common Files\Real
2008-11-25 10:53 . 2008-12-04 18:34 <DIR> d-------- c:\program files\StormII
2008-11-24 17:05 . 2008-11-24 17:04 410,976 --a------ c:\windows\System32\deploytk.dll
2008-11-24 16:16 . 2008-11-24 16:17 <DIR> d-------- c:\users\Mark\AppData\Roaming\Media Player Classic
2008-11-24 16:01 . 2008-11-24 16:01 <DIR> d-------- c:\program files\AVIcodec
2008-11-24 12:32 . 2008-11-24 12:32 <DIR> d-------- c:\program files\Microsoft Corporation
2008-11-24 11:31 . 2008-10-16 16:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll
2008-11-24 11:31 . 2008-10-16 15:56 1,524,736 --a------ c:\windows\System32\wucltux.dll
2008-11-24 11:31 . 2008-10-16 16:12 561,688 --a------ c:\windows\System32\wuapi.dll
2008-11-24 11:31 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll
2008-11-24 11:31 . 2008-10-16 15:55 83,456 --a------ c:\windows\System32\wudriver.dll
2008-11-24 11:31 . 2008-10-16 16:09 51,224 --a------ c:\windows\System32\wuauclt.exe
2008-11-24 11:31 . 2008-10-16 16:09 43,544 --a------ c:\windows\System32\wups2.dll
2008-11-24 11:31 . 2008-10-16 16:08 34,328 --a------ c:\windows\System32\wups.dll
2008-11-24 11:31 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe
2008-11-18 17:46 . 2008-11-18 17:45 1,004,507 --a------ C:\boxpackmail-shipto-12-16-2006.zip
2008-11-14 15:59 . 2008-11-14 15:59 149,795 --a------ C:\Alaska.zip
2008-11-14 15:40 . 2008-11-14 15:40 318 --a------ C:\OutOfTheBox.zip
2008-11-12 13:09 . 2008-09-09 22:40 1,334,272 --a------ c:\windows\System32\msxml6.dll
2008-11-12 13:09 . 2008-09-05 00:14 1,191,936 --a------ c:\windows\System32\msxml3.dll
2008-11-12 13:09 . 2008-08-26 20:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2008-11-11 22:45 . 2008-11-27 10:34 <DIR> d-------- c:\users\Mark\AppData\Roaming\SUPERAntiSpyware.com
2008-11-11 22:45 . 2008-11-11 22:45 <DIR> d-------- c:\users\All Users\SUPERAntiSpyware.com
2008-11-11 22:45 . 2008-11-11 22:45 <DIR> d-------- c:\programdata\SUPERAntiSpyware.com
2008-11-11 22:45 . 2008-11-27 10:34 <DIR> d-------- c:\program files\SUPERAntiSpyware

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-10 08:22 --------- d-----w c:\programdata\Google Updater
2008-12-10 08:14 --------- d-----w c:\program files\Windows Mail
2008-12-10 08:08 --------- d-----w c:\programdata\Microsoft Help
2008-12-09 13:32 --------- d-----w c:\program files\Kyocera Wireless Corp
2008-12-04 06:44 --------- d-----w c:\users\Mark\AppData\Roaming\LimeWire
2008-11-28 03:36 --------- d-----w c:\programdata\Symantec
2008-11-27 15:34 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-11-26 02:15 --------- d-----w c:\programdata\AOL
2008-11-24 22:04 --------- d-----w c:\program files\Java
2008-11-05 13:45 726,008 ----a-w c:\users\Mark\gotomypc_437.exe
2008-11-05 04:03 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2008-11-05 03:53 --------- d-----w c:\users\Mark\AppData\Roaming\Malwarebytes
2008-11-05 03:53 --------- d-----w c:\programdata\Malwarebytes
2008-11-05 03:52 2,372,472 ----a-w C:\mbam-setup.exe
2008-11-05 01:37 --------- d-----w c:\program files\Norton 360
2008-11-04 05:41 721,912 ----a-w c:\users\Mark\gotomypc_428.exe
2008-11-03 22:06 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2008-10-29 06:29 2,927,104 ----a-w c:\windows\explorer.exe
2008-10-28 05:34 --------- d-----w c:\programdata\WinZip
2008-10-28 03:39 --------- d-----w c:\programdata\Viewpoint
2008-10-28 03:39 --------- d-----w c:\program files\MetaStream
2008-10-26 16:08 --------- d-----w c:\program files\HP
2008-10-26 04:51 --------- d-----w c:\program files\Trend Micro
2008-10-22 21:10 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2008-10-22 21:10 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2008-10-16 04:47 827,392 ----a-w c:\windows\System32\wininet.dll
2008-10-11 01:03 --------- d-----w c:\programdata\VideoViewer
2008-10-11 00:57 17,408 ----a-w C:\psapi.dll
2008-09-30 21:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
2008-09-30 01:17 174 --sha-w c:\program files\desktop.ini
2008-09-29 21:37 82,432 ----a-w c:\windows\System32\axaltocm.dll
2008-09-29 21:37 101,888 ----a-w c:\windows\System32\ifxcardm.dll
2008-09-18 05:09 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe
2008-09-18 05:09 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe
2008-09-18 04:56 147,456 ----a-w c:\windows\System32\Faultrep.dll
2008-09-18 04:56 125,952 ----a-w c:\windows\System32\wersvc.dll
2008-09-18 02:16 2,032,640 ----a-w c:\windows\System32\win32k.sys
2008-09-10 04:04 13,012 ----a-w c:\users\Mark\Bubblets.dat
2007-12-11 13:12 1,132,112 ----a-w c:\users\All Users\pswi_preloaded.exe
2007-12-11 13:12 1,132,112 ----a-w c:\programdata\pswi_preloaded.exe
2008-03-12 05:30 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-03-12 05:30 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-03-12 05:30 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayExcluded]
@="{4433A54A-1AC8-432F-90FC-85F045CF383C}"
[HKEY_CLASSES_ROOT\CLSID\{4433A54A-1AC8-432F-90FC-85F045CF383C}]
2008-10-31 12:24 576352 --a------ c:\program files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayPending]
@="{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}"
[HKEY_CLASSES_ROOT\CLSID\{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}]
2008-10-31 12:24 576352 --a------ c:\program files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayProtected]
@="{476D0EA3-80F9-48B5-B70B-05E677C9C148}"
[HKEY_CLASSES_ROOT\CLSID\{476D0EA3-80F9-48B5-B70B-05E677C9C148}]
2008-10-31 12:24 576352 --a------ c:\program files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"AOL Fast Start"="c:\program files\AOL 9.0\AOL.EXE" [2006-11-10 50736]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-12-13 7766016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-12-13 81920]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2006-11-13 118784]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-24 136600]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"osCheck"="c:\program files\Norton 360\osCheck.exe" [2008-02-26 988512]

c:\users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2006-11-24 13:36 73728 c:\windows\System32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= c:\program files\Common Files\Sony Shared\VideoLib\sonydv.dll

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Mark^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
--a------ 2008-11-11 11:20 2356088 c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
--a------ 2006-11-10 07:12 50736 c:\program files\AOL 9.0\aol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CorelDRAW Graphics Suite 11b]
--a------ 2003-11-25 13:39 729088 c:\program files\Corel\Corel Graphics 12\Languages\EN\Programs\registration.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
--a------ 2008-01-19 02:33 125952 c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2006-09-25 19:52 50736 c:\program files\Common Files\AOL\1197465843\ee\aolsoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2006-11-14 13:38 106496 c:\windows\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2006-11-14 13:39 98304 c:\windows\System32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISBMgr.exe]
--a------ 2006-11-11 18:35 43128 c:\program files\Sony\ISB Utility\ISBMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 11:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
--a------ 2006-11-14 13:39 81920 c:\windows\System32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-02-16 10:54 282624 c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
--a------ 2008-01-19 02:33 1233920 c:\program files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Speech Recognition]
--a------ 2008-01-19 02:33 49664 c:\windows\Speech\Common\sapisvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-07-07 22:11 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIOCameraUtility]
--a------ 2006-11-14 13:46 411768 c:\program files\Sony\VAIO Camera Utility\VCUServe.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIOSecurity]
--a------ 2006-11-28 17:30 2150400 c:\program files\Sony\VAIO Security Center\VSC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIOSurvey]
--a------ 2006-12-06 20:08 577536 c:\program files\Sony Corporation\VAIO Survey\Vista VAIO Survey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2008-01-19 02:38 1008184 c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--a------ 2008-01-19 02:33 202240 c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{EB8B0133-D2AC-40C4-973D-9F27AE7F7E37}"= UDP:c:\program files\Common Files\AOL\acs\AOLDial.exe:AOL Connectivity Service Dialer
"{A155807D-21AC-426A-A2F5-ADA91576F946}"= TCP:c:\program files\Common Files\AOL\acs\AOLDial.exe:AOL Connectivity Service Dialer
"{8F6F7CEF-53DF-4A42-9E40-881C1F5EFCE8}"= UDP:c:\program files\Common Files\AOL\acs\AOLacsd.exe:AOL Connectivity Service
"{35713DC5-E44D-4101-93F7-2E09888F6741}"= TCP:c:\program files\Common Files\AOL\acs\AOLacsd.exe:AOL Connectivity Service
"{4D66DF88-4787-43A2-A267-C93BF362F499}"= UDP:c:\program files\AOL 9.0\waol.exe:AOL
"{60322066-0D4C-4B16-B2D7-BE3B5BDA72E6}"= TCP:c:\program files\AOL 9.0\waol.exe:AOL
"{9AC2FF1C-A33D-4BE8-A307-1E7005C571A1}"= UDP:c:\program files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
"{B25862F7-80FF-4EA5-8F34-C41B66E06E7F}"= TCP:c:\program files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
"{C7C04E4F-DA3E-4E14-9ACF-AE7225D8B7DD}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{4BE2A3A2-D5C0-4124-B5E3-924C54A9865A}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{020110AE-24CF-4469-A45F-FBBA8DBBF493}"= UDP:c:\program files\Common Files\AOL\System Information\sinf.exe:AOL System Information
"{9BBB18D7-FB13-4761-91B7-40418B9446BB}"= TCP:c:\program files\Common Files\AOL\System Information\sinf.exe:AOL System Information
"{4A18C055-9124-4FB9-A90C-016CF6E6A2E4}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{8BD43223-8C91-4E3C-BF88-C6944BC8CDE3}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{A546BD88-6FA9-439F-B2A2-69054BAEA2DC}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{03603DE2-1B70-4651-9CB6-6B26C6C3A587}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{34A3CA93-3D3E-4F3F-8F0C-4DEC235481AE}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{BE123A37-8FEE-4640-B2CF-0BA8866EED1D}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{F049A599-DA75-40C5-89A6-455C6551CC07}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\HP1006MC.EXE:SMLMProxy Module - HP1006MC.EXE
"{F092392B-2E9B-493E-84E3-7EB2232FAFDC}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\HP1006MC.EXE:SMLMProxy Module - HP1006MC.EXE
"{4EA3910A-D15C-41CA-8FEA-14FFD02084EF}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{44108874-46CD-43FA-9BCF-1AE1062A072C}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{54CA6991-671F-4113-B27A-0FE6372DCEBE}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{01B726FC-A47F-495B-BCF2-30BF354A4555}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{36D83CA7-0E71-4385-9D64-528330963000}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 IDSvix86;Symantec Intrusion Prevention Driver;\??\c:\progra~2\Symantec\DEFINI~1\SymcData\ipsdefs\20081204.003\IDSvix86.sys [2008-12-05 270384]
R2 LiveUpdate Notice;LiveUpdate Notice;"c:\program files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [2008-02-18 149352]
R2 MSSQL$VAIO_VEDB;SQL Server (VAIO_VEDB);"c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sVAIO_VEDB [2008-02-26 29183504]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-09-29 99376]
R3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\system32\Drivers\R5U870FLx86.sys [2006-12-18 72704]
R3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\system32\Drivers\R5U870FUx86.sys [2006-12-18 43904]
R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\DRIVERS\SonyImgF.sys [2006-12-19 30976]
R3 SYMNDISV;SYMNDISV;c:\windows\system32\Drivers\SYMNDISV.SYS [2008-06-13 41008]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2006-12-19 227328]
S3 COH_Mon;COH_Mon;\??\c:\windows\system32\Drivers\COH_Mon.sys [2008-01-12 23888]
S3 kwkxusb;Kyocera CDMA Wireless Modem Driver;c:\windows\system32\DRIVERS\kwusb2k.sys [2007-08-28 191104]
S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\Sony\VAIO Media Integrated Server\UCLS.exe [2007-12-11 741376]
S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);"c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-UCLS-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\UCLS\HTTP" []
S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-12-11 1089536]
S4 ccosm;Contrl Center of Storm Media;c:\program files\StormII\stormliv.exe /asservice [2008-11-25 551008]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
bthsvcs REG_MULTI_SZ BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{28bc4260-737b-11dd-89d1-00038a000015}]
\shell\AutoRun\command - H:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{40e9596c-acc1-11dc-b528-00038a000015}]
\shell\AutoRun\command - E:\Setup.exe -auto

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{558c48bd-24e7-11dd-8488-00038a000015}]
\shell\AutoRun\command - D:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d1539f52-ae98-11dc-b979-00038a000015}]
\shell\AutoRun\command - D:\LaunchU3.exe -a

*Newly Created Service* - CATCHME
*Newly Created Service* - COMHOST
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder

2008-12-10 c:\windows\Tasks\User_Feed_Synchronization-{451DD426-9F4D-48BF-A54F-381B77BDDCF7}.job
- c:\windows\system32\msfeedssync.exe [2008-01-19 02:33]
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-Corel Photo Downloader - c:\program files\Corel\Corel Snapfire\Corel PhotoDownloader.exe
MSConfigStartUp-hpbdfawep - c:\program files\HP\Dfawep\bin\hpbdfawep.exe
MSConfigStartUp-NapsterShell - c:\program files\Napster\napster.exe

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.shiprite.net/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000

c:\windows\Downloaded Program Files\NetCamPlayerWeb.ocx - O16 -: {1D9EFA3B-4E85-41A8-9092-14012CD447C9}
hxxp://208.125.232.101:1024/img/NetCamPlayerWeb.ocx

c:\windows\System32\mfc42.dll - c:\windows\System32\msvcrt.dll
c:\windows\System32\olepro32.dll
c:\windows\vicodec.dll
c:\windows\Downloaded Program Files\DiskSpace.ocx
c:\windows\Downloaded Program Files\VIPCAM.ocx
O16 -: {2328F294-DD85-11D3-B4AF-00C04F2B300E}
hxxp://192.168.1.250/eng/activex/activex.CAB
c:\windows\Downloaded Program Files\VIPCAM.inf

c:\windows\Downloaded Program Files\NetCamPlayerWeb11g.ocx - O16 -: {4A026B12-94F3-4D2F-A468-96AA55DE20A5}
hxxp://74.71.39.207/img/NetCamPlayerWeb11g.ocx

c:\windows\Downloaded Program Files\EPUWALcontrol.dll - O16 -: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB}
hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab
c:\windows\Downloaded Program Files\EPUWALcontrol.inf

c:\windows\System32\NetCamPlayerWeb11gv2.ocx - O16 -: {D7208880-9B7A-43E1-AABB-8C888A5704F9}
hxxp://129.44.204.130:1024/NetCamPlayerWeb11gv2.cab
c:\windows\Downloaded Program Files\NetCamPlayerWeb11gv2.inf
FireFox -: Profile - c:\users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\epj767b6.default\
FF -: plugin - c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
FF -: plugin - c:\program files\StormII\Codec\Plugins\nppl3260.dll
FF -: plugin - c:\program files\StormII\Codec\Plugins\nprpjplug.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-10 23:58:53
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

c:\users\Mark\AppData\Local\Temp\catchme.dll 53248 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
Completion time: 2008-12-11 0:00:28
ComboFix-quarantined-files.txt 2008-12-11 05:00:25

Pre-Run: 30,702,305,280 bytes free
Post-Run: 30,708,240,384 bytes free

355 --- E O F --- 2008-12-10 08:08:17

#1
shippman

Posted 10 December 2008 - 11:20 PM

Advertisements

Similar Topics

0 user(s) are reading this topic

As Featured On:

Forums

Downloads

Members

Connect With Us