as requested:
ComboFix 08-03-24.2 - Owner 2008-03-25 13:40:08.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.166 [GMT 0:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Owner\Application Data\inst.exe
C:\WINDOWS\system32\gebxvvv.dll
.
((((((((((((((((((((((((( Files Created from 2008-02-25 to 2008-03-25 )))))))))))))))))))))))))))))))
.
2008-03-25 12:52 . 2008-03-25 12:52 <DIR> d-------- C:\Program Files\Photo Story 3 for Windows
2008-03-25 11:21 . 2008-03-25 11:21 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-24 20:29 . 2008-03-24 20:29 <DIR> d-------- C:\Program Files\Lavasoft
2008-03-24 20:29 . 2008-03-24 20:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-24 20:25 . 2008-03-24 20:25 <DIR> d-------- C:\Program Files\real
2008-03-24 17:07 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2008-03-24 17:07 . 2008-03-24 17:10 51,355 --a------ C:\WINDOWS\system32\muzika.xm
2008-03-24 15:49 . 2008-03-24 16:34 <DIR> d-------- C:\Documents and Settings\Owner\.housecall6.6
2008-03-24 11:15 . 2008-03-24 11:15 277 --a------ C:\WINDOWS\wininit.ini
2008-03-23 18:11 . 2008-03-23 18:11 2,368 --a------ C:\WINDOWS\system32\SVKP.sys
2008-03-23 18:10 . 2008-03-23 18:11 <DIR> d-------- C:\Program Files\Allok 3GP PSP MP4 iPod Video Converter
2008-03-23 18:10 . 2006-09-26 13:57 28,672 --a------ C:\WINDOWS\system32\AVEQ.dll
2008-03-23 16:14 . 2008-03-23 16:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-03-23 16:13 . 2008-03-23 17:01 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-03-23 16:13 . 2008-03-23 16:13 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2008-03-23 11:49 . 2008-02-28 13:26 1,414,440 --a------ C:\WINDOWS\system32\ShellManager310E2D762.dll
2008-03-23 11:49 . 2008-02-28 13:01 774,144 --a------ C:\WINDOWS\system32\NEROINSTAEC43759.DB
2008-03-23 11:46 . 2008-03-23 11:46 0 --a------ C:\WINDOWS\Irremote.ini
2008-03-22 17:44 . 2008-03-22 17:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-03-22 13:20 . 2008-03-22 13:21 <DIR> d-------- C:\Program Files\Five-A-Side Football
2008-03-22 13:20 . 2008-03-22 13:20 <DIR> d-------- C:\Documents and Settings\Owner\WINDOWS
2008-03-22 13:20 . 1997-03-24 17:42 314,368 --a------ C:\WINDOWS\IsUninst.exe
2008-03-21 18:59 . 2008-03-21 18:59 715,248 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-03-21 17:03 . 2004-05-04 11:53 1,645,320 --a------ C:\WINDOWS\gdiplus.dll
2008-03-21 17:03 . 2006-05-20 16:16 1,184,984 --a------ C:\WINDOWS\system32\wvc1dmod.dll
2008-03-21 17:03 . 2006-05-11 19:21 626,688 --a------ C:\WINDOWS\system32\vp7vfw.dll
2008-03-21 17:03 . 2007-03-18 20:37 65,602 --a------ C:\WINDOWS\system32\cook3260.dll
2008-03-21 16:05 . 2008-03-21 16:05 <DIR> d-------- C:\Documents and Settings\Owner\Bluetooth Software
2008-03-21 16:02 . 2008-03-21 16:02 <DIR> d-------- C:\Program Files\WIDCOMM
2008-03-21 16:02 . 2006-11-13 10:41 862,922 --a------ C:\WINDOWS\system32\drivers\btkrnl.sys
2008-03-21 16:02 . 2006-10-30 10:52 329,901 --a------ C:\WINDOWS\system32\drivers\btaudio.sys
2008-03-21 16:02 . 2006-10-30 10:51 149,123 --a------ C:\WINDOWS\system32\drivers\btwdndis.sys
2008-03-21 16:02 . 2006-10-30 10:52 106,557 --a------ C:\WINDOWS\system32\btw_ci.dll
2008-03-21 16:02 . 2006-10-30 10:51 67,672 --a------ C:\WINDOWS\system32\drivers\btwusb.sys
2008-03-21 16:02 . 2006-10-30 10:51 47,875 --a------ C:\WINDOWS\system32\drivers\btwhid.sys
2008-03-21 16:02 . 2006-10-30 10:51 30,459 --a------ C:\WINDOWS\system32\drivers\btport.sys
2008-03-21 15:34 . 2005-08-30 01:49 94,000 --a------ C:\WINDOWS\system32\drivers\ssm_mdm.sys
2008-03-21 15:34 . 2005-08-30 01:47 58,320 --a------ C:\WINDOWS\system32\drivers\ssm_bus.sys
2008-03-21 15:34 . 2005-08-30 01:49 8,336 --a------ C:\WINDOWS\system32\drivers\ssm_mdfl.sys
2008-03-21 15:34 . 2005-08-30 01:49 6,176 --a------ C:\WINDOWS\system32\drivers\ssm_cmnt.sys
2008-03-21 15:34 . 2005-08-30 01:49 6,176 --a------ C:\WINDOWS\system32\drivers\ssm_cm.sys
2008-03-21 15:34 . 2005-08-30 01:47 5,840 --a------ C:\WINDOWS\system32\drivers\ssm_whnt.sys
2008-03-21 15:34 . 2005-08-30 01:47 5,840 --a------ C:\WINDOWS\system32\drivers\ssm_wh.sys
2008-03-21 15:21 . 2008-03-21 15:21 <DIR> d-------- C:\Program Files\Sony Ericsson
2008-03-21 15:21 . 2008-03-21 15:22 <DIR> d-------- C:\Program Files\Common Files\Teleca Shared
2008-03-21 15:21 . 2008-03-21 15:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Teleca
2008-03-21 15:21 . 2008-03-21 15:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2008-03-19 20:43 . 2008-03-19 20:43 28,876 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-03-18 13:17 . 2008-03-18 13:17 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\FaxCtr
2008-03-16 18:29 . 2008-03-16 18:29 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\FUJIFILM
2008-03-16 17:36 . 2003-09-04 01:45 274,432 --a------ C:\WINDOWS\system32\FFTIFF16.dll
2008-03-16 17:36 . 2004-07-24 12:28 155,648 --a------ C:\WINDOWS\system32\FFRAFLIB.DLL
2008-03-16 17:35 . 2008-03-16 17:36 <DIR> d-------- C:\Program Files\FinePixViewer
2008-03-16 17:34 . 2001-11-25 11:11 81,924 --------- C:\WINDOWS\system32\drivers\VC4CB104.SYS
2008-03-16 17:34 . 2002-02-05 16:33 69,632 --------- C:\WINDOWS\system32\FREGSHEX.DLL
2008-03-16 17:34 . 2002-02-27 11:27 65,536 --------- C:\WINDOWS\system32\FINFCHECK.dll
2008-03-16 17:34 . 2002-06-25 10:06 45,056 --------- C:\WINDOWS\system32\FINFCOPY.dll
2008-03-16 17:34 . 2002-02-13 10:00 45,056 --------- C:\WINDOWS\system32\FCLKBTN.DLL
2008-03-15 16:22 . 2008-03-15 16:22 <DIR> d-------- C:\Program Files\NeroInstall.bak
2008-03-15 16:17 . 2008-03-23 11:53 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-03-15 13:49 . 2008-03-15 13:49 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Nero
2008-03-15 13:42 . 2008-03-23 11:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-03-15 10:48 . 2008-03-15 10:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\vsosdk
2008-03-15 10:48 . 2008-03-23 18:32 2,392 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-03-15 09:20 . 2008-03-15 09:20 376 --a------ C:\WINDOWS\ODBC.INI
2008-03-15 09:17 . 2008-03-15 09:17 <DIR> d-------- C:\WINDOWS\ShellNew
2008-03-15 09:16 . 2008-03-15 09:16 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Microsoft Web Folders
2008-03-14 14:19 . 2008-03-14 14:19 <DIR> d-------- C:\Program Files\iTunes
2008-03-11 20:42 . 2000-01-18 23:45 69,632 --a------ C:\WINDOWS\system32\CrcCtrl.ocx
2008-03-10 20:52 . 2008-03-10 20:53 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\VideoEgg
2008-03-09 21:01 . 2008-03-10 11:28 <DIR> d-------- C:\Program Files\Google
2008-03-06 19:49 . 2008-03-06 19:49 <DIR> d-------- C:\Program Files\Xilisoft
2008-03-06 19:49 . 2005-11-21 05:48 45,056 --a------ C:\WINDOWS\system32\WNASPI32.DLL
2008-03-06 19:49 . 2005-11-21 05:48 16,512 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS
2008-03-06 12:38 . 2008-03-06 12:38 307,968 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-03-06 12:38 . 2008-02-27 13:15 28,416 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-03-06 12:36 . 2008-03-22 17:44 <DIR> d-------- C:\Program Files\TuneUp Utilities 2008
2008-03-06 12:36 . 2008-03-24 20:28 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-05 21:41 . 2008-03-10 22:27 189 --a------ C:\WINDOWS\system32\temp_0000_65-15.aok
2008-03-05 21:27 . 2008-03-06 10:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kontiki
2008-03-05 21:26 . 2008-03-05 21:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Channel4
2008-03-01 11:46 . 2008-03-01 11:47 <DIR> d-------- C:\Program Files\PPLive
2008-02-29 20:07 . 2008-02-29 20:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-02-29 17:39 . 2008-03-21 15:57 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Samsung
2008-02-29 17:38 . 2006-05-03 22:53 174,592 --a------ C:\WINDOWS\system32\framedyn.dll
2008-02-29 17:36 . 2006-07-24 16:05 5,632 --a------ C:\WINDOWS\system32\drivers\StarOpen.sys
2008-02-29 17:20 . 2005-08-13 05:06 22,486 -ra------ C:\WINDOWS\system32\UnInstall_Sample.ico
2008-02-29 17:19 . 2008-03-21 15:33 <DIR> d-------- C:\WINDOWS\system32\Samsung PC Studio Codecs
2008-02-29 17:19 . 2005-08-28 20:51 766 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-02-29 17:18 . 2006-03-21 15:49 2,729,472 --a------ C:\WINDOWS\system32\fun_avcodec.dll
2008-02-29 17:18 . 2006-04-18 16:32 684,032 --a------ C:\WINDOWS\system32\fun_mp4_enc.dll
2008-02-29 17:18 . 2006-04-11 16:49 671,744 --a------ C:\WINDOWS\system32\FunDecFilter.ax
2008-02-29 17:18 . 2006-04-11 13:13 532,480 --a------ C:\WINDOWS\system32\FunEncFilter.ax
2008-02-29 17:18 . 2006-04-06 11:28 77,824 --a------ C:\WINDOWS\system32\fun_mp4_dec.dll
2008-02-29 17:17 . 2008-02-29 17:37 <DIR> d-------- C:\WINDOWS\system32\Samsung_USB_Drivers
2008-02-29 17:17 . 2008-03-21 15:33 <DIR> d-------- C:\Program Files\Samsung
2008-02-29 17:17 . 2005-08-13 05:06 22,486 -ra------ C:\WINDOWS\system32\UnInstall_Driver.ico
2008-02-28 13:38 . 2008-02-28 13:38 <DIR> d-------- C:\Program Files\MSBuild
2008-02-28 09:51 . 2008-03-04 19:53 <DIR> d-------- C:\Program Files\Abbyy FineReader 6.0 Sprint
2008-02-28 09:50 . 2008-02-28 09:51 <DIR> d-------- C:\Program Files\Lexmark Fax Solutions
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-18 08:54 --------- d-----w C:\Program Files\ESET
2008-03-25 13:36 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-25 13:33 --------- d-----w C:\Program Files\FrostWire
2008-03-25 13:09 --------- d-----w C:\Documents and Settings\Owner\Application Data\Vso
2008-03-25 10:02 --------- d-----w C:\Documents and Settings\Owner\Application Data\Ahead
2008-03-24 20:31 --------- d-----w C:\Documents and Settings\Owner\Application Data\uTorrent
2008-03-24 17:23 --------- d-----w C:\Program Files\Nero
2008-03-24 15:24 --------- d-----w C:\Program Files\Java
2008-03-23 14:58 --------- d-----w C:\Documents and Settings\Owner\Application Data\VersionTracker Pro
2008-03-23 12:05 --------- d-----w C:\Program Files\Common Files\Ahead
2008-03-22 14:41 --------- d-----w C:\Program Files\PPMate
2008-03-21 17:03 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2008-03-21 17:03 47,360 ----a-w C:\Documents and Settings\Owner\Application Data\pcouffin.sys
2008-03-21 17:03 --------- d-----w C:\Program Files\VSO
2008-03-21 15:55 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-21 15:33 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-21 14:49 --------- d-----w C:\Documents and Settings\Owner\Application Data\Sony
2008-03-21 14:20 --------- d-----w C:\Documents and Settings\Owner\Application Data\FrostWire
2008-03-20 15:40 --------- d-----w C:\Program Files\M3 Ringtones
2008-03-19 20:27 --------- d-----w C:\Documents and Settings\Owner\Application Data\Apple Computer
2008-03-19 20:25 --------- d-----w C:\Program Files\DAP Premium
2008-03-15 09:15 --------- d-----w C:\Program Files\microsoft frontpage
2008-03-14 14:19 --------- d-----w C:\Program Files\iPod
2008-03-11 19:40 2,608 ----a-w C:\Documents and Settings\Owner\Application Data\wklnhst.dat
2008-03-06 20:55 --------- d-----w C:\Documents and Settings\Owner\Application Data\dvdcss
2008-03-05 15:40 --------- d-----w C:\Documents and Settings\Owner\Application Data\eBookPro6
2008-03-01 13:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-28 12:23 --------- d-----w C:\Program Files\Lexmark 4300 Series
2008-02-27 10:05 --------- d-----w C:\Program Files\Common Files\Real
2008-02-24 16:13 --------- d-----w C:\Program Files\QuickTime
2008-02-24 16:10 --------- d-----w C:\Program Files\Apple Software Update
2008-02-24 15:08 --------- d-----w C:\Program Files\PPStream
2008-02-24 09:59 --------- d-----w C:\Program Files\TVUPlayer
2008-02-24 09:59 --------- d-----w C:\Documents and Settings\Owner\Application Data\TVU networks
2008-02-24 09:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\TVU networks
2008-02-24 09:17 --------- d-----w C:\Program Files\TVAnts
2008-02-22 16:35 --------- d-----w C:\Program Files\Hide IP Platinum
2008-02-15 22:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\{732094A9-8D45-41EB-B8CC-4EBAADD7808E}
2008-02-15 22:25 --------- d-----w C:\Documents and Settings\Owner\Application Data\URSoft
2008-02-13 20:36 --------- d-----w C:\Program Files\Common Files\Synacast
2008-02-13 20:36 --------- d-----w C:\Documents and Settings\Owner\Application Data\PPMate
2008-02-10 17:03 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-10 13:44 --------- d-----w C:\Program Files\Real Desktop
2008-02-09 10:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony
2008-02-09 10:44 --------- d-----w C:\Program Files\Sony Setup
2008-01-29 22:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-01-29 22:19 --------- d-----w C:\Documents and Settings\Owner\Application Data\Media Player Classic
2008-01-28 20:36 --------- d-----w C:\Program Files\Sky Broadband
2008-01-28 20:26 --------- d-----w C:\Documents and Settings\Owner\Application Data\Azureus
.
- Code: Select all
<pre>
----a-w 7,019,335 2008-01-05 00:34:16 C:\Documents and Settings\Owner\My Documents\software\Download Accelerator Plus 8.6.1.4 Final\DAP Premium .exe
</pre>
------- Sigcheck -------
2006-04-20 11:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\$hf_mig$\KB917953\SP2GDR\tcpip.sys
2006-04-20 12:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 16:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2006-04-20 11:38 340480 b8158e2a6112c0a5ca67bc158fc70218 C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
2004-08-04 06:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
2008-02-24 09:55 360064 01307b76a916a8f6d1f1452744ba7ad6 C:\WINDOWS\system32\backup\tcpip.sys
2007-10-30 17:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-30 17:20 360064 34a663e7f74ae8b2c992c2513343477e C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{24F06550-65E3-4D1C-8CFE-839C296B5530}]
2007-06-28 17:25 57344 --------- C:\Program Files\real\IEeREAD.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6A19C29D-ED45-4483-8999-9F939C8161F2}]
2008-02-01 10:20 57224 --------- C:\Program Files\real\WebHook.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-19 08:59 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-19 08:59 126976]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-12-29 23:04 917504]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-31 23:13 385024]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 07:56 15360]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableChangePassword"= 0 (0x0)
"DisableLockWorkstation"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoCommonGroups"= 0 (0x0)
"NoNetConnectDisconnect"= 1 (0x1)
"NoFileSharing"= 0 (0x0)
"NoPrintSharing"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\DAP Premium\\DAP.exe"=
"C:\\Program Files\\PPMate\\ppmate.exe"=
"C:\\Program Files\\PPStream\\PPStream.exe"=
"C:\\Program Files\\TVAnts\\Tvants.exe"=
"C:\\Program Files\\PPStream\\PPSAP.exe"=
"C:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"C:\\Program Files\\PPLive\\PPLive.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\real\\eREAD_Cookcase.exe"=
R2 SVKP;SVKP;C:\WINDOWS\system32\SVKP.sys [2008-03-23 18:11]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-04 07:56]
R3 KeyScrambler;KeyScrambler;C:\WINDOWS\system32\drivers\keyscrambler.sys [2007-12-29 14:35]
S3 ggflt;SEMC USB Flash Driver Filter;C:\WINDOWS\system32\DRIVERS\ggflt.sys [2008-01-16 19:48]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-03-06 12:38]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
"2008-03-25 13:47:23 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
"2008-03-19 20:26:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-03-25 13:47:39
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
.
**************************************************************************
.
Completion time: 2008-03-25 13:50:21 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-25 13:50:17
.
2008-02-23 15:27:43 --- E O F ---
And Hijack file:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:54:45, on 25/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.skybroadband.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://skybroadband.com/portal/site/skybbR3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AddTask Class - {24F06550-65E3-4D1C-8CFE-839C296B5530} - C:\Program Files\real\IEeREAD.dll
O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O2 - BHO: AddTask Class - {6A19C29D-ED45-4483-8999-9F939C8161F2} - C:\Program Files\real\WebHook.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP Premium\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP Premium\dapextie.htm
O8 - Extra context menu item: Customize Menu -
file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP Premium\dapextie2.htm
O8 - Extra context menu item: Fill Forms -
file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar -
file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms -
file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} -
http://www.skybroadband.com (file missing)
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} -
file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} -
file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} -
file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} -
file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra 'Tools' menuitem: &KeyScrambler... - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} -
file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} -
file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://www.update.microsoft.com/windows ... 8946681359O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) -
http://download.divx.com/player/DivXBrowserPlugin.cabO16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) -
http://www.crucial.com/controls/cpcScanner.cabO16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) -
http://update.videoegg.com/Install/Wind ... lisher.exeO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/get/s ... wflash.cabO16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) -
http://drmlicense.one.microsoft.com/crl ... crlocx.ocxO20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
--
End of file - 9108 bytes