SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/02/2008 at 09:11 AM

Application Version : 4.1.1046

Core Rules Database Version : 3472
Trace Rules Database Version: 1463

Scan type       : Quick Scan
Total Scan Time : 00:16:59

Memory items scanned      : 482
Memory threats detected   : 8
Registry items scanned    : 422
Registry threats detected : 95
File items scanned        : 11470
File threats detected     : 213

Adware.webHancer
 C:\PROGRAM FILES\WEBHANCER\PROGRAMS\WEBHDLL.DLL
 C:\PROGRAM FILES\WEBHANCER\PROGRAMS\WEBHDLL.DLL
 C:\PROGRAM FILES\WEBHANCER\PROGRAMS\WHAGENT.EXE
 C:\PROGRAM FILES\WEBHANCER\PROGRAMS\WHAGENT.EXE
 C:\PROGRAM FILES\WEBHANCER\PROGRAMS\WHIEHLPR.DLL
 C:\PROGRAM FILES\WEBHANCER\PROGRAMS\WHIEHLPR.DLL
 HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c900b400-cdfe-11d3-976a-00e02913a9e0}
 HKCR\CLSID\{C900B400-CDFE-11D3-976A-00E02913A9E0}
 HKCR\CLSID\{C900B400-CDFE-11D3-976A-00E02913A9E0}
 HKCR\CLSID\{C900B400-CDFE-11D3-976A-00E02913A9E0}\InprocServer32
 HKCR\CLSID\{C900B400-CDFE-11D3-976A-00E02913A9E0}\InprocServer32#ThreadingModel
 HKCR\CLSID\{C900B400-CDFE-11D3-976A-00E02913A9E0}\ProgID
 HKCR\CLSID\{C900B400-CDFE-11D3-976A-00E02913A9E0}\Programmable
 HKCR\CLSID\{C900B400-CDFE-11D3-976A-00E02913A9E0}\VersionIndependentProgID
 SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001
 SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002
 SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003
 SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004
 SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000024
 HKCR\WhIeHelperObj.WhIeHelperObj
 HKCR\WhIeHelperObj.WhIeHelperObj\CurVer
 HKCR\WhIeHelperObj.WhIeHelperObj.1
 HKCR\WhIeHelperObj.WhIeHelperObj.1\CLSID
 HKCR\Interface\{C89435B0-CDFE-11D3-976A-00E02913A9E0}
 HKCR\Interface\{C89435B0-CDFE-11D3-976A-00E02913A9E0}\ProxyStubClsid
 HKCR\Interface\{C89435B0-CDFE-11D3-976A-00E02913A9E0}\ProxyStubClsid32
 HKCR\Interface\{C89435B0-CDFE-11D3-976A-00E02913A9E0}\TypeLib
 HKCR\Interface\{C89435B0-CDFE-11D3-976A-00E02913A9E0}\TypeLib#Version
 HKCR\TypeLib\{C8CB3870-CDFE-11D3-976A-00E02913A9E0}
 HKCR\TypeLib\{C8CB3870-CDFE-11D3-976A-00E02913A9E0}\1.0
 HKCR\TypeLib\{C8CB3870-CDFE-11D3-976A-00E02913A9E0}\1.0\0
 HKCR\TypeLib\{C8CB3870-CDFE-11D3-976A-00E02913A9E0}\1.0\0\win32
 HKCR\TypeLib\{C8CB3870-CDFE-11D3-976A-00E02913A9E0}\1.0\FLAGS
 HKCR\TypeLib\{C8CB3870-CDFE-11D3-976A-00E02913A9E0}\1.0\HELPDIR
 HKLM\Software\WebHancer
 HKLM\Software\WebHancer#BaseDir
 HKLM\Software\WebHancer\CC
 HKLM\Software\WebHancer\CC#DistTag
 HKLM\Software\WebHancer\CC#DWLLTM
 HKLM\Software\WebHancer\CC#SLNTIND
 HKLM\Software\WebHancer\CC#ACCPTPS
 HKLM\Software\WebHancer\CC#id
 HKLM\Software\WebHancer\ESO
 HKLM\Software\WebHancer\ESO#aa
 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webHancer Agent
 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webHancer Agent#UninstallString
 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webHancer Agent#DisplayName
 C:\Program Files\WEBHANCER\Programs\license.txt
 C:\Program Files\WEBHANCER\Programs\readme.txt
 C:\Program Files\WEBHANCER\Programs\sporder.dll
 C:\Program Files\WEBHANCER\Programs\whagent.ini
 C:\Program Files\WEBHANCER\Programs\whinstaller.exe
 C:\Program Files\WEBHANCER\Programs
 C:\Program Files\WEBHANCER
 HKLM\Software\Microsoft\Windows\CurrentVersion\Run#webHancer Agent [ C:\Program Files\webHancer\Programs\whagent.exe ]
 C:\WINDOWS\Prefetch\WHAGENT.EXE-268E9140.pf

Trojan.Downloader-Gen/MROFIN
 C:\WINDOWS\MROFINU72.EXE
 C:\WINDOWS\MROFINU72.EXE
 C:\WINDOWS\Prefetch\MROFINU72.EXE-3330D4C1.pf

Trojan.Downloader-Winlogon/FAS
 C:\WINDOWS\WINLOGON.EXE
 C:\WINDOWS\WINLOGON.EXE
 C:\WINDOWS\Prefetch\WINLOGON.EXE-0BF37AE5.pf

Worm.Forbot-CE
 C:\WINDOWS\SYSTEM32\CSSRSS.EXE
 C:\WINDOWS\SYSTEM32\CSSRSS.EXE
 C:\WINDOWS\Prefetch\CSSRSS.EXE-12ADB8EF.pf

Trojan.Unclassified/NVCOI
 C:\PROGRAM FILES\NVCOI\NVCOI.EXE
 C:\PROGRAM FILES\NVCOI\NVCOI.EXE
 [nvcoi] C:\PROGRAM FILES\NVCOI\NVCOI.EXE
 C:\Program Files\CPV
 C:\Program Files\nvcoi\mst.stt
 C:\Program Files\nvcoi
 C:\Program Files\Temporary\InsiDERInst.exe
 C:\Program Files\Temporary
 C:\WINDOWS\Prefetch\NVCOI.EXE-0898A637.pf

Adware.AdSponsor/ISM
 C:\PROGRAM FILES\QDRPACK\QDRPACK15.EXE
 C:\PROGRAM FILES\QDRPACK\QDRPACK15.EXE
 [QdrPack15] C:\PROGRAM FILES\QDRPACK\QDRPACK15.EXE
 [Aim6] C:\PROGRAM FILES\QDRPACK\QDRPACK15.EXE
 HKU\S-1-5-21-2464896051-1699915445-3241765075-1008\Software\QdrModule
 HKU\S-1-5-21-2464896051-1699915445-3241765075-1008\Software\QdrPack
 HKU\S-1-5-21-2464896051-1699915445-3241765075-1008\Software\Microsoft\Windows\CurrentVersion\Run#QdrPack15 [ "C:\Program Files\QdrPack\QdrPack15.exe" ]
 C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Internet Speed Monitor\Check Now.lnk
 C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Internet Speed Monitor\Uninstall.lnk
 C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Internet Speed Monitor
 C:\Program Files\QDRMODULE\dic.gz
 C:\Program Files\QDRMODULE\dicer.gz
 C:\Program Files\QDRMODULE\dicy.gz
 C:\Program Files\QDRMODULE\kwd.gz
 C:\Program Files\QDRMODULE\pckrer.dat
 C:\Program Files\QDRMODULE\QdrModule15.exe
 C:\Program Files\QDRMODULE\QdrModule17.exe
 C:\Program Files\QDRMODULE\softyadsupdate.exe
 C:\Program Files\QDRMODULE
 C:\Program Files\QDRPACK\dicts.gz
 C:\Program Files\QDRPACK\dictys.gz
 C:\Program Files\QDRPACK\trgts.gz
 C:\Program Files\QDRPACK
 C:\Program Files\QDRDRIVE\qdrloader.exe
 C:\Program Files\QDRDRIVE
 C:\WINDOWS\Prefetch\QDRMODULE15.EXE-35DE5E43.pf
 C:\WINDOWS\Prefetch\QDRMODULE17.EXE-0F76E3AE.pf
 C:\WINDOWS\Prefetch\QDRPACK15.EXE-11419BEE.pf
 C:\WINDOWS\Prefetch\SOFTYADSUPDATE.EXE-23BF6249.pf

Transponder Variant BHO
 HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000250-0320-4dd4-be4f-7566d2314352}

Unclassified.Unknown Origin
 HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{13197ace-6851-45c3-a7ff-c281324d5489}
 HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{15651c7c-e812-44a2-a9ac-b467a2233e7d}
 HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-BBBB-4146-86FD-A722E8AB3489}
 HKCR\CLSID\{FFFFFFFF-BBBB-4146-86FD-A722E8AB3489}
 HKCR\CLSID\{FFFFFFFF-BBBB-4146-86FD-A722E8AB3489}
 HKCR\CLSID\{FFFFFFFF-BBBB-4146-86FD-A722E8AB3489}\InprocServer32
 HKCR\CLSID\{FFFFFFFF-BBBB-4146-86FD-A722E8AB3489}\InprocServer32#ThreadingModel
 HKCR\CLSID\{FFFFFFFF-BBBB-4146-86FD-A722E8AB3489}\ProgID
 HKCR\CLSID\{FFFFFFFF-BBBB-4146-86FD-A722E8AB3489}\TypeLib
 C:\WINDOWS\SYSTEM32\SOCKINS32.DLL

Trojan.Unclassified/TestCPV
 HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{15421B84-3488-49A7-AD18-CBF84A3EFAF6}
 HKCR\CLSID\{15421B84-3488-49A7-AD18-CBF84A3EFAF6}
 HKCR\CLSID\{15421B84-3488-49A7-AD18-CBF84A3EFAF6}
 HKCR\CLSID\{15421B84-3488-49A7-AD18-CBF84A3EFAF6}#AppID
 HKCR\CLSID\{15421B84-3488-49A7-AD18-CBF84A3EFAF6}\InprocServer32
 HKCR\CLSID\{15421B84-3488-49A7-AD18-CBF84A3EFAF6}\InprocServer32#ThreadingModel
 HKCR\CLSID\{15421B84-3488-49A7-AD18-CBF84A3EFAF6}\ProgID
 HKCR\CLSID\{15421B84-3488-49A7-AD18-CBF84A3EFAF6}\Programmable
 HKCR\CLSID\{15421B84-3488-49A7-AD18-CBF84A3EFAF6}\TypeLib
 HKCR\CLSID\{15421B84-3488-49A7-AD18-CBF84A3EFAF6}\VersionIndependentProgID
 C:\PROGRAM FILES\CPV\CPV7.DLL

Adware.Vundo Variant
 HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2B0B59B4-55A3-4737-9FD5-B93C6430BF75}
 HKCR\CLSID\{2B0B59B4-55A3-4737-9FD5-B93C6430BF75}
 HKCR\CLSID\{2B0B59B4-55A3-4737-9FD5-B93C6430BF75}\InprocServer32
 HKCR\CLSID\{2B0B59B4-55A3-4737-9FD5-B93C6430BF75}\InprocServer32#ThreadingModel
 C:\WINDOWS\SYSTEM32\BTSAUGYY.DLL
 HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D7FD6C15-4927-4AAE-BF12-FBDABD287EB1}
 HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{D7FD6C15-4927-4AAE-BF12-FBDABD287EB1}
 HKCR\CLSID\{2B0B59B4-55A3-4737-9FD5-B93C6430BF75}

Adware.2020Search
 HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4e1075f4-eec4-4a86-add7-cd5f52858c31}
 HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4e7bd74f-2b8d-469e-92c6-ce7eb590a94d}

Adware.180solutions/SurfAssistant
 HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5dafd089-24b1-4c5e-bd42-8ca72550717b}

Adware.Second Thought
 HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{965a592f-8efa-4250-8630-7960230792f1}

Adware.Tracking Cookie
 C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.burstbeacon[1].txt
 C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@gomyron[3].txt
 C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@gomyron[1].txt
 C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@trustedprotection[1].txt
 C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@rotator.adjuggler[2].txt
 C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@adnetserver[1].txt
 C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@208.122.40[1].txt
 C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@indextools[2].txt
 C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ad.yieldmanager[2].txt
 C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@kjr72.bestrevenue[1].txt
 C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@mediatraffic[1].txt
 C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@clickbank[1].txt
 C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@burstnet[2].txt
 C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.burstnet[1].txt

Adware.180solutions/ZangoSearch
 C:\Program Files\Zango\zango.exe
 C:\Program Files\Zango

Trojan.Security Toolbar
 C:\Documents and Settings\All Users\Start Menu\Online Security Guide.url
 C:\Documents and Settings\All Users\Start Menu\Security Troubleshooting.url

Adware.180solutions/Seekmo
 C:\Program Files\Seekmo\seekmohook.dll
 C:\Program Files\Seekmo

Adware.ClickSpring/Outer Info Network
 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo
 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#Publisher
 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#DisplayName
 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#UninstallString
 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#HelpLink
 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#InstallLocation
 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#NoModify
 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#NoRepair
 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#DisplayVersion

Trojan.Downloader-Gen/RetAd
 HKLM\Software\Microsoft\Windows\CurrentVersion\Run#runner1 [ C:\WINDOWS\mrofinu72.exe 61A847B5BBF72815308B2B27128065E9C084320161C4661227A755E9C2933154389A284662E901F3D2933202228B28452DA545E9B1894E754BE54C29159A7DBE80DC744B6CDE3F546CAC59B6 ]

Rogue.SysCleaner
 HKU\S-1-5-21-2464896051-1699915445-3241765075-1008\Software\xInsiDERexe

Rogue.Installer/Trace
 C:\Program Files\180search assistant\180sa.exe
 C:\Program Files\180search assistant\sau.exe
 C:\Program Files\180search assistant
 C:\Program Files\180searchassistant\saap.exe
 C:\Program Files\180searchassistant\sac.exe
 C:\Program Files\180searchassistant
 C:\Program Files\180solutions\sais.exe
 C:\Program Files\180solutions
 C:\Program Files\stc\csv5p070.exe
 C:\Program Files\stc
 C:\Program Files\Sysmnt\Ssmgr.exe
 C:\Program Files\Sysmnt

Adware.Vundo Variant/Rel
 HKLM\SOFTWARE\Microsoft\aoprndtws
 HKLM\SOFTWARE\Microsoft\FCOVM
 HKLM\SOFTWARE\Microsoft\RemoveRP
 HKU\S-1-5-21-2464896051-1699915445-3241765075-1008\Software\Microsoft\aldd
 HKU\S-1-5-21-2464896051-1699915445-3241765075-1008\Software\Microsoft\rdfa
 C:\WINDOWS\SYSTEM32\QQSTV.INI

Trojan.Fake-Drop/Gen
 C:\WINDOWS\ATI2DVAA32.DLL
 C:\WINDOWS\2020SEARCH.DLL
 C:\WINDOWS\2020SEARCH2.DLL
 C:\WINDOWS\APPHELP32.DLL
 C:\WINDOWS\ASFERROR32.DLL
 C:\WINDOWS\ASYCFILT32.DLL
 C:\WINDOWS\ATHPRXY32.DLL
 C:\WINDOWS\ATI2DVAG32.DLL
 C:\WINDOWS\AUDIOSRV32.DLL
 C:\WINDOWS\AUTODISC32.DLL
 C:\WINDOWS\AVIFILE32.DLL
 C:\WINDOWS\AVISYNTHEX32.DLL
 C:\WINDOWS\AVIWRAP32.DLL
 C:\WINDOWS\BJAM.DLL
 C:\WINDOWS\BOKJA.EXE
 C:\WINDOWS\BROWSERAD.DLL
 C:\WINDOWS\CHANGEURL_30.DLL
 C:\WINDOWS\INSTALLER\ID53.EXE
 C:\WINDOWS\MSA64CHK.DLL
 C:\WINDOWS\MSAPASRC.DLL
 C:\WINDOWS\MSPPHE.DLL
 C:\WINDOWS\NTNUT.EXE
 C:\WINDOWS\SAIEMOD.DLL
 C:\WINDOWS\SALM.EXE
 C:\WINDOWS\SHDOCPE.DLL
 C:\WINDOWS\SHDOCPL.DLL
 C:\WINDOWS\STCLOADER.EXE
 C:\WINDOWS\SWIN32.DLL
 C:\WINDOWS\SYSTEM32\MSIXU.DLL
 C:\WINDOWS\SYSTEM32\MSNSA32.DLL
 C:\WINDOWS\SYSTEM32\SHDOCPE.DLL
 C:\WINDOWS\SYSTEM32\SIPSPI32.DLL
 C:\WINDOWS\SYSTEM32\WER8274.DLL
 C:\WINDOWS\UPDATETC.EXE
 C:\WINDOWS\VOICEIP.DLL
 C:\WINDOWS\WINSB.DLL

Trojan.FakeDrop-180AX
 C:\WINDOWS\180AX.EXE
 C:\WINDOWS\FLEOK\180AX.EXE

Trojan.Downloader-Gen/Bundle Installer
 C:\WINDOWS\B153.EXE
 C:\WINDOWS\B155.EXE

Trojan.FakeDrop-CDSM32
 C:\WINDOWS\CDSM32.DLL

Trojan.FakeDrop-MSSVR
 C:\WINDOWS\MSSVR.EXE

Adware.Vundo-Variant/Small-A
 C:\WINDOWS\SYSTEM32\ABPUKCTM.DLL
 C:\WINDOWS\SYSTEM32\ANUPMSMY.DLL
 C:\WINDOWS\SYSTEM32\BEYNIAGV.DLL
 C:\WINDOWS\SYSTEM32\CQVGWOUP.DLL
 C:\WINDOWS\SYSTEM32\CSAENBVM.DLL
 C:\WINDOWS\SYSTEM32\CSORSFJO.DLL
 C:\WINDOWS\SYSTEM32\DNPQMNKQ.DLL
 C:\WINDOWS\SYSTEM32\DRDITVFK.DLL
 C:\WINDOWS\SYSTEM32\ERAQRSPH.DLL
 C:\WINDOWS\SYSTEM32\EWGHIXYH.DLL
 C:\WINDOWS\SYSTEM32\FDFRVPYS.DLL
 C:\WINDOWS\SYSTEM32\FDNXUPPV.DLL
 C:\WINDOWS\SYSTEM32\FJLDKNCH.DLL
 C:\WINDOWS\SYSTEM32\GMJSXDIT.DLL
 C:\WINDOWS\SYSTEM32\HAOWQPMA.DLL
 C:\WINDOWS\SYSTEM32\HGIYQJBI.DLL
 C:\WINDOWS\SYSTEM32\HPFSQMJN.DLL
 C:\WINDOWS\SYSTEM32\HSJQFYXI.DLL
 C:\WINDOWS\SYSTEM32\IHRMAOSC.DLL
 C:\WINDOWS\SYSTEM32\IUOKTUTE.DLL
 C:\WINDOWS\SYSTEM32\KPVVMXFF.DLL
 C:\WINDOWS\SYSTEM32\LIBLMYQG.DLL
 C:\WINDOWS\SYSTEM32\LNXPCJAM.DLL
 C:\WINDOWS\SYSTEM32\LQJDKTGJ.DLL
 C:\WINDOWS\SYSTEM32\MSCNLXEQ.DLL
 C:\WINDOWS\SYSTEM32\NPPNHKWR.DLL
 C:\WINDOWS\SYSTEM32\NQIQAPQR.DLL
 C:\WINDOWS\SYSTEM32\NVYJJMSQ.DLL
 C:\WINDOWS\SYSTEM32\PRSOGMQM.DLL
 C:\WINDOWS\SYSTEM32\QPNKDJHT.DLL
 C:\WINDOWS\SYSTEM32\SEAAHCAF.DLL
 C:\WINDOWS\SYSTEM32\SGDBUQOQ.DLL
 C:\WINDOWS\SYSTEM32\SITKCUHJ.DLL
 C:\WINDOWS\SYSTEM32\SKCMQWKV.DLL
 C:\WINDOWS\SYSTEM32\TBHUOQYE.DLL
 C:\WINDOWS\SYSTEM32\TMNTUKDT.DLL
 C:\WINDOWS\SYSTEM32\TSSKPSWX.DLL
 C:\WINDOWS\SYSTEM32\UBSXCELK.DLL
 C:\WINDOWS\SYSTEM32\UGEBMVFI.DLL
 C:\WINDOWS\SYSTEM32\UIGJFHMA.DLL
 C:\WINDOWS\SYSTEM32\VCLUGFPL.DLL
 C:\WINDOWS\SYSTEM32\VDQQXTIS.DLL
 C:\WINDOWS\SYSTEM32\VFPUREEV.DLL
 C:\WINDOWS\SYSTEM32\VHRDHYTB.DLL
 C:\WINDOWS\SYSTEM32\VMFQMOVL.DLL
 C:\WINDOWS\SYSTEM32\VPERYNDO.DLL
 C:\WINDOWS\SYSTEM32\WDJRQNVW.DLL
 C:\WINDOWS\SYSTEM32\WEHYBIHQ.DLL
 C:\WINDOWS\SYSTEM32\WFFGRFRE.DLL
 C:\WINDOWS\SYSTEM32\WKSTTKOF.DLL
 C:\WINDOWS\SYSTEM32\WTRDEIVB.DLL
 C:\WINDOWS\SYSTEM32\WUNCAHPS.DLL
 C:\WINDOWS\SYSTEM32\WUTUGACI.DLL
 C:\WINDOWS\SYSTEM32\XDGJINJR.DLL
 C:\WINDOWS\SYSTEM32\XKRRKWPF.DLL
 C:\WINDOWS\SYSTEM32\YMDVUGAK.DLL
 C:\WINDOWS\SYSTEM32\YMJMOWJG.DLL
 C:\WINDOWS\SYSTEM32\YVOXCMQY.DLL

Trojan.Unclassified/Dropper-B
 C:\WINDOWS\SYSTEM32\AOMNUWMK.DLL
 C:\WINDOWS\SYSTEM32\GHKEPJNO.DLL
 C:\WINDOWS\SYSTEM32\JMNBVMBQ.DLL
 C:\WINDOWS\SYSTEM32\KQQYOEUR.DLL
 C:\WINDOWS\SYSTEM32\OFJWBIWH.DLL
 C:\WINDOWS\SYSTEM32\OWTVSAOQ.DLL
 C:\WINDOWS\SYSTEM32\VMGEGAJP.DLL
 C:\WINDOWS\SYSTEM32\WWRLJDLR.DLL
 C:\WINDOWS\SYSTEM32\YFMLEONU.DLL

Trojan.Vundo-Variant/F
 C:\WINDOWS\SYSTEM32\BBAGRDME.DLL
 C:\WINDOWS\SYSTEM32\BLHIEYCK.DLL
 C:\WINDOWS\SYSTEM32\CFNIRQXE.DLL
 C:\WINDOWS\SYSTEM32\CNUTWAKK.DLL
 C:\WINDOWS\SYSTEM32\FDCYTPRY.DLL
 C:\WINDOWS\SYSTEM32\HFUBYPOW.DLL
 C:\WINDOWS\SYSTEM32\MXKTIAVH.DLL
 C:\WINDOWS\SYSTEM32\OPNLMNO.DLL
 C:\WINDOWS\SYSTEM32\PDSJNIXC.DLL
 C:\WINDOWS\SYSTEM32\PIEWUTJT.DLL
 C:\WINDOWS\SYSTEM32\POYVFMSJ.DLL
 C:\WINDOWS\SYSTEM32\QQVSHKAY.DLL
 C:\WINDOWS\SYSTEM32\SBGWAKJT.DLL
 C:\WINDOWS\SYSTEM32\SFASJKLQ.DLL
 C:\WINDOWS\SYSTEM32\SMLJNHHK.DLL
 C:\WINDOWS\SYSTEM32\TMPTSTOQ.DLL
 C:\WINDOWS\SYSTEM32\TPOYSHUM.DLL
 C:\WINDOWS\SYSTEM32\WGXSJKNR.DLL
 C:\WINDOWS\SYSTEM32\XYWIOQRY.DLL

Trojan.Unclassified/NTNut32
 C:\WINDOWS\SYSTEM32\NTNUT32.EXEComboFix 08-06-01.6 - HP_Administrator 2008-06-02 11:44:28.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.446 [GMT -5:00]
Running from: C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe
 * Created a new restore point
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Rabio
C:\Program Files\ISM
C:\Program Files\ISM\ism.exe
C:\Program Files\ISM\Uninstall.exe
C:\Program Files\RcvSystem
C:\Program Files\RcvSystem\httpdchk.dll
C:\WINDOWS\123messenger.per
C:\WINDOWS\BM477d1965.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\default.htm
C:\WINDOWS\didduid.ini
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\FLEOK
C:\WINDOWS\Fonts\acrsecB.fon
C:\WINDOWS\index.html
C:\WINDOWS\licencia.txt
C:\WINDOWS\mainms.vpi
C:\WINDOWS\megavid.cdt
C:\WINDOWS\muotr.so
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\[u]0[/u]00070.exe
C:\WINDOWS\system32\adrgxmsk.ini
C:\WINDOWS\system32\aewdpmqw.ini
C:\WINDOWS\system32\ahgnhdlq.ini
C:\WINDOWS\system32\cmglnsos.ini
C:\WINDOWS\system32\ctoyspyi.ini
C:\WINDOWS\system32\ebxgebrc.ini
C:\WINDOWS\system32\epmsexgi.ini
C:\WINDOWS\system32\fdqbhwso.ini
C:\WINDOWS\system32\fhxfnehw.ini
C:\WINDOWS\system32\fokttskw.ini
C:\WINDOWS\system32\givmvnrb.ini
C:\WINDOWS\system32\gmqpiewo.ini
C:\WINDOWS\system32\hcygqbhe.ini
C:\WINDOWS\system32\hdbqtrrv.ini
C:\WINDOWS\system32\hgletwwr.ini
C:\WINDOWS\system32\hjqcljnu.ini
C:\WINDOWS\system32\icagutuw.ini
C:\WINDOWS\system32\icvuekmn.ini
C:\WINDOWS\system32\iivtyjcm.ini
C:\WINDOWS\system32\ijdvounh.ini
C:\WINDOWS\system32\iqbyowhp.ini
C:\WINDOWS\system32\ithgksqk.ini
C:\WINDOWS\system32\jxsvscoo.ini
C:\WINDOWS\system32\kjusmhbn.ini
C:\WINDOWS\system32\laruavhl.ini
C:\WINDOWS\system32\lfsiuiah.ini
C:\WINDOWS\system32\lgsakmom.ini
C:\WINDOWS\system32\lt.res
C:\WINDOWS\system32\lwueneyq.ini
C:\WINDOWS\system32\majcpxnl.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mipkoous.ini
C:\WINDOWS\system32\mlvvaacw.ini
C:\WINDOWS\system32\mqmgosrp.ini
C:\WINDOWS\system32\mxkuhxks.ini
C:\WINDOWS\system32\nbvksqpj.ini
C:\WINDOWS\system32\nhlfyfdq.ini
C:\WINDOWS\system32\nyyhfwva.ini
C:\WINDOWS\system32\olovdrmn.ini
C:\WINDOWS\system32\ppytugua.ini
C:\WINDOWS\system32\puhpdplb.ini
C:\WINDOWS\system32\pxomcpwr.ini
C:\WINDOWS\system32\pynqavlb.ini
C:\WINDOWS\system32\qdswvyle.ini
C:\WINDOWS\system32\qdyydsen.ini
C:\WINDOWS\system32\qjnirycb.ini
C:\WINDOWS\system32\qoqubdgs.ini
C:\WINDOWS\system32\qqstv.ini2
C:\WINDOWS\system32\rqdmicku.ini
C:\WINDOWS\system32\rsjyjuhw.ini
C:\WINDOWS\system32\smigpjku.ini
C:\WINDOWS\system32\sn.txt
C:\WINDOWS\system32\uptraqmf.ini
C:\WINDOWS\system32\vfqlfrxb.ini
C:\WINDOWS\system32\wfpvjfqu.ini
C:\WINDOWS\system32\winfrun32.bin
C:\WINDOWS\system32\wwsmmbvx.ini
C:\WINDOWS\system32\xdfrdrsy.ini
C:\WINDOWS\system32\ygjwwlpl.ini
C:\WINDOWS\telefonos.txt
C:\WINDOWS\textos.txt
D:\Autorun.inf

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NTNDIS
-------\Service_ntndis

(((((((((((((((((((((((((   Files Created from 2008-05-02 to 2008-06-02  )))))))))))))))))))))))))))))))
.

2008-06-02 08:53 . 2008-06-02 08:53 4,672 --a------ C:\WINDOWS\system32\3Xa4Uh.syz
2008-06-02 08:48 . 2008-06-02 08:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-02 08:46 . 2008-06-02 08:46 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-06-02 08:46 . 2008-06-02 08:46 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\SUPERAntiSpyware.com
2008-06-02 08:45 . 2008-06-02 08:45 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-02 08:30 . 2008-06-02 08:30 4,672 --a------ C:\WINDOWS\system32\awtHQS.syz
2008-06-02 08:26 . 2008-06-02 08:26 <DIR> d-------- C:\Program Files\AIM6
2008-06-02 08:24 . 2008-06-02 08:24 <DIR> d-------- C:\Program Files\Webroot
2008-06-02 08:24 . 2008-06-02 08:24 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Webroot
2008-06-02 08:23 . 2008-06-02 08:23 <DIR> d-------- C:\Program Files\Common Files\aolshare
2008-06-02 08:23 . 2008-06-02 08:32 <DIR> d-------- C:\Program Files\Bat
2008-06-02 08:23 . 2008-06-02 08:23 <DIR> d-------- C:\Program Files\America Online 9.0
2008-05-19 09:45 . 2008-06-02 08:23 <DIR> d-------- C:\Program Files\Webroot(2)
2008-05-19 09:45 . 2008-06-02 08:23 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Webroot(2)
2008-05-13 19:25 . 2008-06-02 08:44 179 --a-s---- C:\WINDOWS\system32\3136112071.dat
2008-05-13 19:24 . 2008-05-13 19:24 4,672 --a------ C:\WINDOWS\system32\AnDukh.syz
2008-05-11 17:10 . 2008-05-11 17:10 4,672 --a------ C:\WINDOWS\system32\W9Grwq.syz
2008-05-11 12:00 . 2008-05-11 12:00 4,672 --a------ C:\WINDOWS\system32\sIPLTQ.syz
2008-05-09 21:37 . 2008-05-09 21:37 4,672 --a------ C:\WINDOWS\system32\8ANpiB.syz
2008-05-06 08:12 . 2008-05-06 08:12 4,672 --a------ C:\WINDOWS\system32\8qiKk6.syz
2008-05-05 19:00 . 2008-05-05 19:00 4,672 --a------ C:\WINDOWS\system32\V46nQj.syz
2008-05-05 14:57 . 2008-05-05 14:57 4,672 --a------ C:\WINDOWS\system32\TViEji.syz
2008-05-05 13:37 . 2008-06-02 08:26 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-05-05 11:12 . 2008-05-05 11:12 4,672 --a------ C:\WINDOWS\system32\3gbxdC.syz
2008-05-05 09:51 . 2008-05-05 09:51 4,672 --a------ C:\WINDOWS\system32\6aBqKU.syz
2008-05-02 19:21 . 2008-05-02 19:21 4,672 --a------ C:\WINDOWS\system32\YIOuA0.syz

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-02 14:21 --------- d-----w C:\Program Files\Common Files\AOL
2008-06-02 14:21 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\AOL
2008-06-02 14:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-06-02 13:26 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Move Networks
2008-06-02 13:26 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Aim
2008-05-31 15:05 --------- d-----w C:\Program Files\Pure Networks
2008-05-05 14:56 --------- d-----w C:\Program Files\AIM
2008-04-25 01:14 701,440 ----a-w C:\WINDOWS\system32\msxml2.dll.tmp
2008-04-24 01:58 41,984 --sh--r C:\WINDOWS\system32\actmovies.exe
2008-04-23 00:49 22,016 --sha-w C:\WINDOWS\system32\advpacktz.dll
2008-04-23 00:49 20,480 --sha-w C:\WINDOWS\system32\aaaamonf.dll
2008-04-23 00:48 41,984 --sh--r C:\WINDOWS\system32\advpackt.exe
2008-04-18 04:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-04-18 04:01 --------- d-----w C:\Program Files\Viewpoint
2008-04-18 04:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-03-31 22:57 35,957,032 ------w C:\Program Files\BullGuard_80.exe
2008-03-31 22:31 2,751,368 ------w C:\Program Files\ccsetup206.exe
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\dllcache\msjint40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys
2007-06-26 17:22 2,719,216 ------w C:\Program Files\ccsetup140.exe
2007-05-25 15:25 9,833,952 ------w C:\Program Files\deskUNPDF_Setup.exe
2007-05-24 16:14 0 ----a-w C:\Documents and Settings\HP_Administrator\Application Data\wklnhst.dat
2007-05-09 02:57 9,389,672 ------w C:\Program Files\winzip111.exe
.

------- Sigcheck -------

2005-03-14 03:17  359936  6129e70f3d2f1e60860c930ebeaf92c2 C:\WINDOWS\$hf_mig$\KB893066\SP2QFE\tcpip.sys
2006-04-20 07:18  360576  b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 11:53  360832  64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2005-05-25 14:04  359808  88763a98a4c26c409741b4aa162720c9 C:\WINDOWS\SoftwareDistribution\Download\bc2e08df13ade612507748ca3eefdc83\sp2gdr\tcpip.sys
2005-05-25 14:07  359936  63fdfea54eb53de2d863ee454937ce1e C:\WINDOWS\SoftwareDistribution\Download\bc2e08df13ade612507748ca3eefdc83\sp2qfe\tcpip.sys
2007-10-30 12:20  360064  ecf02439fd31bbd0dbc2ec05600cf08a C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-30 12:20  360064  ecf02439fd31bbd0dbc2ec05600cf08a C:\WINDOWS\system32\drivers\tcpip.sys
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{63F7460B-C831-4142-A4AA-5EC303EC4343}]
2008-03-07 21:15 413696 --a------ C:\Program Files\Bat\Bat.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C613CE22-151C-4331-94FF-F113A153F66D}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 07:00 15360]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-13 12:43 1510640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2004-08-10 21:04 59392]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-08 02:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
"SMSERIAL"="sm56hlpr.exe" [2005-01-24 04:56 544768 C:\WINDOWS\sm56hlpr.exe]

C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\
Bat - Auto Update.lnk - C:\Program Files\Bat\Bat.exe [2008-03-15 02:22:51 178419]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 08:23:26 282624]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-06-21 23:56:14 282624]
Updates from HP.lnk - C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe [2005-09-27 23:48:48 36903]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcdefc]
efcdefc.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk
backup=C:\WINDOWS\pss\KODAK Software Updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\Program Files\AIM\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ManaBookWatchWord]
C:\Program Files\ManaBook\ManaBookSentinel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2007-04-12 01:43 1661304 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YBrowser]
--a------ 2006-07-21 19:19 129536 C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YOP]
--a------ 2006-07-21 10:43 407032 C:\PROGRA~1\Yahoo!\YOP\yop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\WINDOWS\\system32\\mshta.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\America Online 9.0\\waol.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"C:\\Program Files\\Common Files\\AOL\\1198005111\\EE\\AOLServiceHost.exe"=
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=

R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 16:38]
S2 DhcpThemes;DHCP Client DhcpThemes;C:\WINDOWS\system32\advpackt.exe [2008-04-22 19:48]
S2 NetlogonCAISafe;Net Logon NetlogonCAISafe;C:\WINDOWS\system32\actmovies.exe [2008-04-23 20:58]

.
Contents of the 'Scheduled Tasks' folder
"2008-05-08 21:33:01 C:\WINDOWS\Tasks\EasyShare Registration Task.job"
- C:\WINDOWS\system32\rundll32.exelC:\DOCUME~1\ALLUSE~1\APPLIC~1\Kodak\EasyShareSetup\$REGIS~1\Registration_7.4.30.2.sxt _RegistrationOffer@16
"2008-06-02 16:53:31 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-05-03 00:52:00 C:\WINDOWS\Tasks\Uniblue SpyEraser Nag.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
"2007-05-23 23:55:18 C:\WINDOWS\Tasks\Uniblue SpyEraser.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-02 11:51:10
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Yahoo!\Antivirus\iSafe.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Bat\X_Bat.exe
.
**************************************************************************
.Logfile of HijackThis v1.99.1
Scan saved at 11:42:14 AM, on 6/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\Program Files\Bat\X_Bat.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Documents and Settings\HP_Administrator\Desktop\alternativ.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://c:/windows/homepage.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file://c:/windows/homepage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://c:/windows/homepage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = file://c:/windows/homepage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://c:/windows/homepage.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = file://c:/windows/homepage.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {58A2758D-3FED-4CC6-AE40-B04C8480E382} - (no file)
O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
O2 - BHO: BatBHO - {63F7460B-C831-4142-A4AA-5EC303EC4343} - C:\Program Files\Bat\Bat.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
O2 - BHO: (no name) - {C613CE22-151C-4331-94FF-F113A153F66D} - error (file missing)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Bat - Auto Update.lnk = C:\Program Files\Bat\Bat.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (file missing)
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1176859411406
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1176859618921
O18 - Filter: text/html - {07851C6A-1C43-41d9-8319-BC89154A8C00} - C:\Program Files\RcvSystem\httpdchk.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: efcdefc - efcdefc.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WebProxy - {66186F05-BBBB-4a39-864F-72D84615C679} - sockins32.dll (file missing)
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: DHCP Client DhcpThemes (DhcpThemes) - Unknown owner - C:\WINDOWS\system32\advpackt.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: Net Logon NetlogonCAISafe (NetlogonCAISafe) - Unknown owner - C:\WINDOWS\system32\actmovies.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

Completion time: 2008-06-02 11:55:11 - machine was rebooted
ComboFix-quarantined-files.txt  2008-06-02 16:54:42

Pre-Run: 166,903,431,168 bytes free
Post-Run: 166,972,698,624 bytes free

286 --- E O F --- 2008-06-02 15:51:40

 

Trojan.Downloader-Gen
 C:\WINDOWS\SYSTEM32\SFT.RES

 

 

 

 

---