hi DragonMaster Jay, thanks for your quick reply. And here's the Combo fix log:
ComboFix 10-07-20.03 - Constrak69 21/07/2010 20:03:23.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1526 [GMT 10:00]
Running from: c:\documents and settings\Constrak69\desktop\combo-fix.exe
Command switches used :: /stepdel
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Outpost Firewall *enabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Constrak69\Local Settings\Application Data\{E1260299-62F4-453E-BD3B-8F26CE191F4C}
c:\documents and settings\Constrak69\Local Settings\Application Data\{E1260299-62F4-453E-BD3B-8F26CE191F4C}\chrome.manifest
c:\documents and settings\Constrak69\Local Settings\Application Data\{E1260299-62F4-453E-BD3B-8F26CE191F4C}\chrome\content\_cfg.js
c:\documents and settings\Constrak69\Local Settings\Application Data\{E1260299-62F4-453E-BD3B-8F26CE191F4C}\chrome\content\overlay.xul
c:\documents and settings\Constrak69\Local Settings\Application Data\{E1260299-62F4-453E-BD3B-8F26CE191F4C}\install.rdf
c:\documents and settings\Constrak69\Local Settings\Application Data\Kosong.Bron.Tok.txt
Infected copy of c:\windows\system32\drivers\intelppm.sys was found and disinfected
Restored copy from - Kitty had a snack :p
.
((((((((((((((((((((((((( Files Created from 2010-06-21 to 2010-07-21 )))))))))))))))))))))))))))))))
.
2010-07-21 09:43 . 2010-07-21 09:43 -------- d-----w- C:\$AVG
2010-07-21 09:40 . 2010-07-21 09:40 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-21 09:40 . 2010-07-21 09:40 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-21 09:40 . 2010-07-21 09:40 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-21 09:40 . 2010-07-21 09:40 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-07-21 09:39 . 2010-07-21 09:42 -------- d-----w- c:\windows\system32\drivers\Avg
2010-07-21 09:36 . 2010-07-21 09:36 -------- d-----w- c:\program files\AVG
2010-07-21 09:36 . 2010-07-21 10:01 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-07-21 09:21 . 2010-07-21 09:21 388096 ----a-r- c:\documents and settings\Constrak69\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-07-21 09:06 . 2010-07-21 09:06 503808 ----a-w- c:\documents and settings\Constrak69\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7d16978d-n\msvcp71.dll
2010-07-21 09:06 . 2010-07-21 09:06 499712 ----a-w- c:\documents and settings\Constrak69\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7d16978d-n\jmc.dll
2010-07-21 09:06 . 2010-07-21 09:06 348160 ----a-w- c:\documents and settings\Constrak69\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7d16978d-n\msvcr71.dll
2010-07-21 09:06 . 2010-07-21 09:06 61440 ----a-w- c:\documents and settings\Constrak69\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-2ff764b4-n\decora-sse.dll
2010-07-21 09:06 . 2010-07-21 09:06 12800 ----a-w- c:\documents and settings\Constrak69\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-2ff764b4-n\decora-d3d.dll
2010-07-21 09:06 . 2010-07-21 09:06 -------- d-----w- c:\program files\Common Files\Java
2010-07-21 09:06 . 2010-06-21 18:36 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-21 03:21 . 2010-07-21 03:21 63488 ----a-w- c:\documents and settings\Constrak69\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-07-21 03:21 . 2010-07-21 03:21 52224 ----a-w- c:\documents and settings\Constrak69\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-07-21 03:21 . 2010-07-21 03:21 117760 ----a-w- c:\documents and settings\Constrak69\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-07-21 02:56 . 2010-07-21 02:56 -------- d-----w- c:\program files\CCleaner
2010-07-21 01:55 . 2010-07-21 02:50 -------- d-----w- c:\program files\Trojan Remover
2010-07-20 12:28 . 2010-07-20 12:28 2815 ----a-w- c:\windows\Ymifofikahasafox.dat
2010-07-19 23:58 . 2010-07-21 02:17 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\scnnptacb
2010-07-19 23:48 . 2010-07-19 23:48 -------- d-----w- c:\documents and settings\Constrak69\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2010-07-19 23:48 . 2010-07-19 23:48 -------- d-----w- c:\documents and settings\Constrak69\Application Data\Adobe Mini Bridge CS5
2010-07-19 02:08 . 2010-07-19 02:08 -------- d-s---w- c:\documents and settings\NetworkService\UserData
2010-07-19 00:25 . 2010-07-20 12:07 768000 ----a-w- c:\windows\system32\drivers\gronxeei.sys
2010-07-19 00:25 . 2010-07-21 05:36 -------- d-----w- c:\documents and settings\Constrak69\Local Settings\Application Data\qlwgqhmry
2010-07-13 21:18 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-06-22 00:49 . 2010-06-22 00:49 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\DVDVideoSoftTB
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-21 09:07 . 2008-08-21 00:47 -------- d-----w- c:\program files\Java
2010-07-21 03:19 . 2009-07-18 06:59 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-07-21 03:19 . 2009-07-18 06:59 -------- d-----w- c:\documents and settings\Constrak69\Application Data\SUPERAntiSpyware.com
2010-07-21 03:01 . 2008-05-24 07:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-07-21 03:01 . 2008-07-17 21:26 -------- d-----w- c:\documents and settings\Constrak69\Application Data\Media Player Classic
2010-07-21 02:53 . 2010-03-11 14:44 -------- d-----w- c:\program files\Easy MPEG AVI DIVX WMV RM to DVD
2010-07-21 02:50 . 2008-06-28 00:41 -------- d-----w- c:\program files\Sony
2010-07-21 02:10 . 2008-12-14 09:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-21 02:09 . 2008-06-28 05:47 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-07-19 02:11 . 2008-09-10 23:50 -------- d-----w- c:\program files\DVDVideoSoft
2010-07-19 02:11 . 2008-09-10 23:50 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-07-19 02:07 . 2010-07-19 10:05 170884 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1033.dat
2010-07-19 00:42 . 2009-11-18 16:09 -------- d-----w- c:\documents and settings\Constrak69\Application Data\uTorrent
2010-07-17 14:52 . 2008-05-26 19:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-07-12 23:13 . 2008-05-23 21:24 98624 ----a-w- c:\documents and settings\Constrak69\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-06 01:34 . 2009-07-29 12:20 -------- d-----w- c:\documents and settings\Constrak69\Application Data\Skype
2010-07-06 01:19 . 2009-07-29 12:20 -------- d-----w- c:\documents and settings\Constrak69\Application Data\skypePM
2010-06-23 03:58 . 2010-05-19 05:12 77560 ---ha-w- c:\windows\system32\mlfcache.dat
2010-06-18 02:10 . 2010-06-01 12:37 -------- d-----w- c:\program files\DVDVideoSoftTB
2010-06-14 14:31 . 2008-05-19 18:23 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-11 06:51 . 2010-06-11 06:51 3055600 ----a-w- c:\documents and settings\Constrak69\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
2010-06-11 06:36 . 2010-06-11 06:36 275952 ----a-w- c:\documents and settings\Constrak69\Application Data\Mozilla\plugins\npgoogletalk.dll
2010-06-01 12:37 . 2010-06-01 12:37 -------- d-----w- c:\program files\Conduit
2010-06-01 12:37 . 2010-06-01 12:37 52224 ----a-w- c:\documents and settings\Constrak69\Application Data\Mozilla\Firefox\Profiles\8h39o0la.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components\FFExternalAlert.dll
2010-06-01 12:37 . 2010-06-01 12:37 101376 ----a-w- c:\documents and settings\Constrak69\Application Data\Mozilla\Firefox\Profiles\8h39o0la.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components\RadioWMPCore.dll
2010-06-01 12:27 . 2010-06-01 12:27 -------- d-----w- c:\documents and settings\Constrak69\Application Data\DVDVideoSoftIEHelpers
2010-05-31 06:58 . 2008-10-20 22:05 -------- d-----w- c:\documents and settings\Constrak69\Application Data\Apple Computer
2010-05-02 05:22 . 2004-08-04 05:17 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 05:39 . 2008-12-14 09:12 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 05:39 . 2008-12-14 09:12 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2008-08-18 18:05 . 2008-08-16 23:21 14 --sh--w- c:\windows\system32\.pif
.
------- Sigcheck -------
[-] 2009-11-19 . CBEEBEB899E31EF52B962CB31FC8CA5C . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\TCPIP.SYS
[-] 2009-11-19 . CBEEBEB899E31EF52B962CB31FC8CA5C . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\TCPIP.SYS
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\TCPIP.SYS
[7] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\tbDVD1.dll" [2010-07-05 2736736]
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2010-07-05 14:54 2736736 ----a-w- c:\program files\DVDVideoSoftTB\tbDVD1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\tbDVD1.dll" [2010-07-05 2736736]
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\program files\DVDVideoSoftTB\tbDVD1.dll" [2010-07-05 2736736]
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Constrak69\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-10-14 133104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"="SkyTel.EXE" [2006-07-18 2879488]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2006-07-18 53248]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2008-05-22 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2008-05-22 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2008-05-22 118784]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-04-29 766041]
"AGRSMMSG"="AGRSMMSG.exe" [2008-05-22 88204]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Acer ePresentation HPD"="c:\acer\Empowering Technology\ePresentation\ePresentation.exe" [2006-06-08 208896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-11-12 1236992]
"RTHDCPL"="RTHDCPL.EXE" [2006-07-18 16248320]
"OutpostMonitor"="c:\progra~1\Agnitum\OUTPOS~1\op_mon.exe" [2009-04-14 2374464]
"OutpostFeedBack"="c:\program files\Agnitum\Outpost Firewall\feedback.exe" [2009-04-14 428032]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-25 142120]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-05 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-21 406992]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-21 2065760]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acer Empowering Technology.lnk - c:\acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2008-5-24 45056]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-21 09:40 12536 ----a-w- c:\windows\system32\avgrsstx.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\skcbgm.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Documents and Settings\\Constrak69\\My Documents\\utorrent.exe"=
"c:\\Documents and Settings\\Constrak69\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Constrak69\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7072:TCP"= 7072:TCP:BitComet 7072 TCP
"7072:UDP"= 7072:UDP:BitComet 7072 UDP
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [21/07/2010 7:40 PM 216400]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [21/07/2010 7:40 PM 243024]
R1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [21/07/2009 3:32 PM 704384]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [18/02/2010 4:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [11/05/2010 4:41 AM 67656]
R2 acssrv;Agnitum Client Security Service;c:\progra~1\Agnitum\OUTPOS~1\acs.exe [21/07/2009 3:30 PM 1195008]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [21/07/2010 7:38 PM 308136]
R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [21/07/2009 3:30 PM 31128]
R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [21/07/2009 3:32 PM 257432]
S0 gronxeei;gronxeei;c:\windows\system32\drivers\gronxeei.sys [19/07/2010 10:25 AM 768000]
S3 NetDirect;TAP-Win32 NetDirect Adapter;c:\windows\system32\DRIVERS\NetDirect.sys --> c:\windows\system32\DRIVERS\NetDirect.sys [?]
S3 SBOLicMgr;SAP Businesss One License Mgr;c:\program files\SAP Manage\SAP Business One\License Server\License.exe --> c:\program files\SAP Manage\SAP Business One\License Server\License.exe [?]
S3 Slnt7554;USB Soft Modem Driver;c:\windows\system32\drivers\slnt7554.sys [18/01/2009 7:49 AM 129535]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19/02/2010 1:37 PM 517096]
S3 TTM57SLUsb;TTM 57SL USB driver;c:\windows\system32\drivers\TTM57SLUsb.sys [10/03/2006 1:49 AM 34944]
S3 VMC403;Vimicro Camera Service VMC403;c:\windows\system32\Drivers\VMC403.sys --> c:\windows\system32\Drivers\VMC403.sys [?]
S3 vvftc403;Vimicro Camera Filter Service VMC403;c:\windows\system32\drivers\vvftc403.sys --> c:\windows\system32\drivers\vvftc403.sys [?]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
2010-07-18 c:\windows\Tasks\AdobeAAMUpdater-1.0-CONSTRAK-Constrak69.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-05-22 17:44]
2010-07-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
2010-07-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-879983540-725345543-1003Core.job
- c:\documents and settings\Constrak69\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-14 06:31]
2010-07-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-879983540-725345543-1003UA.job
- c:\documents and settings\Constrak69\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-14 06:31]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5643
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube to Mp3 Converter - c:\documents and settings\Constrak69\Application Data\DVDVideoSoftIEHelpers\youtubetomp3.htm
DPF: {7FA319FB-FFB9-4089-87EB-63179244E6E6} - hxxps://wlan-pta.uws.edu.au/nortel_cacheable/NetDirect.cab
DPF: {8DC067B8-911D-473A-90F1-1171B887CDE0} - hxxp://cyimg7.cyworld.com/ImageUpload/CyPictureU1233.cab?20081124
DPF: {ACDB1787-986D-434D-9857-2172CDB2108D} - hxxps://wlan-pta.uws.edu.au/nortel_cacheable/punblock.cab
DPF: {CB5C683C-416A-4701-B018-0F1B21D64D6B} - hxxp://cyimg7.cyworld.com/cymusic/package/skcinst.cab
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-Rfesahukuruboh - c:\windows\spdAR7.dll
HKLM-Run-Hkiwohehucucaqiq - c:\windows\eviworucatofoke.dll
AddRemove-uTorrent - h:\\uTorrent.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-07-21 20:17
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\|"|w*]
"AB141C35E9F4BF344B9FC010BB17F68A"="02:\\Software\\Adobe\\FeatureSubscriptions\\DVAAdobeDocMeta\\{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}\\Registered"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1160)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
- - - - - - - > 'explorer.exe'(3436)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\SUPERAntiSpyware\SASSEH.DLL
c:\progra~1\SPYBOT~1\SDHelper.dll
c:\program files\Microsoft Office\Office12\1033\GrooveIntlResource.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\program files\Illustrate\dBpoweramp\dBShell.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Juniper Networks\Common Files\dsNcService.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\windows\AGRSMMSG.exe
c:\windows\RTHDCPL.EXE
c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
c:\documents and settings\Constrak69\Local Settings\Application Data\Google\Update\1.2.183.29\GoogleCrashHandler.exe
c:\windows\system32\wbem\unsecapp.exe
c:\docume~1\CONSTR~1\LOCALS~1\Temp\RtkBtMnt.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
.
**************************************************************************
.
Completion time: 2010-07-21 20:22:40 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-21 10:22
Pre-Run: 8,628,318,208 bytes free
Post-Run: 8,712,359,936 bytes free
- - End Of File - - CABA76CAF6BA88E1C9018593CED6E912