| hi
hope you can help.
vundo keeps returning on my computer. hope the logs are correct had some trouble getting superantispyware running.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:35, on 2008-08-27
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
C:\Program Files\SimpleCenter\bin\win\sclauncher.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\Program Files\ntl\broadband medic\bin\mpbtn.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\hjt\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.comR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local> O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O4 - HKLM\..\Run: [RecSche] C:\TV Capture Card\RecSche.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup O4 - HKLM\..\Run: [sclauncher] C:\Program Files\SimpleCenter\bin\win\sclauncher.exe O4 - HKLM\..\Run: [BullGuard] "C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe" -boot O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog O4 - HKCU\..\Run: [BullGuard] "C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe" O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: broadband medic.lnk = C:\Program Files\ntl\broadband medic\bin\matcli.exe O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE O4 - Global Startup: Image Transfer.lnk = C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} - http://www.lizardtech.com/download/files/win/djvuplugin/en_US/DjVuControl_en_US.cabO16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1219481784146O20 - AppInit_DLLs: dlfnwh.dll ugdisa.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: BullGuard LiveUpdate (BgLiveSvc) - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe O23 - Service: BGRaSvc - BullGuard - C:\Program Files\BullGuard Ltd\BullGuard\support\bgrasvc.exe O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe --
End of file - 6159 bytes
Generated 08/27/2008 at 02:20 PM
Application Version : 4.20.1046
Core Rules Database Version : 3549
Trace Rules Database Version: 1537
Scan type : Complete Scan
Total Scan Time : 00:44:20
Memory items scanned : 471
Memory threats detected : 0
Registry items scanned : 5184
Registry threats detected : 1
File items scanned : 15944
File threats detected : 30
Adware.Tracking Cookie
C:\Documents and Settings\paul\Cookies\paul@doubleclick[1].txt
C:\Documents and Settings\paul\Cookies\paul@kontera[2].txt
C:\Documents and Settings\paul\Cookies\paul@atdmt[2].txt
C:\Documents and Settings\paul\Cookies\paul@xiti[1].txt
C:\Documents and Settings\paul\Cookies\paul@mediaplex[2].txt
C:\Documents and Settings\paul\Cookies\paul@media.adrevolver[1].txt
C:\Documents and Settings\paul\Cookies\paul@ad.yieldmanager[1].txt
C:\Documents and Settings\paul\Cookies\paul@revsci[1].txt
C:\Documents and Settings\paul\Cookies\paul@richmedia.yahoo[1].txt
C:\Documents and Settings\paul\Cookies\paul@tribalfusion[1].txt
C:\Documents and Settings\paul\Cookies\paul@adrevolver[2].txt
C:\Documents and Settings\paul\Cookies\paul@apmebf[1].txt
C:\Documents and Settings\paul\Cookies\paul@chitika[1].txt
C:\Documents and Settings\paul\Cookies\paul@indextools[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@indextools[3].txt
C:\Documents and Settings\Administrator\Cookies\administrator@indextools[2].txt
C:\Documents and Settings\internet.PAUL-521D52609F\Cookies\internet@atdmt[1].txt
C:\Documents and Settings\internet.PAUL-521D52609F\Cookies\internet@tradedoubler[2].txt
C:\Documents and Settings\internet.PAUL-521D52609F\Cookies\internet@media.adrevolver[2].txt
C:\Documents and Settings\internet.PAUL-521D52609F\Cookies\internet@msnportal.112.2o7[1].txt
C:\Documents and Settings\internet.PAUL-521D52609F\Cookies\internet@adrevolver[2].txt
C:\Documents and Settings\internet.PAUL-521D52609F\Cookies\internet@richmedia.yahoo[2].txt
C:\Documents and Settings\internet.PAUL-521D52609F\Cookies\internet@ad.yieldmanager[2].txt
Rogue.Win AntiVir 2008
HKU\S-1-5-21-1417001333-1606980848-854245398-1003\Software\Win Antivir 2008
C:\Documents and Settings\paul\Application Data\Win Antivir 2008\base.dat
C:\Documents and Settings\paul\Application Data\Win Antivir 2008\base2.dat
C:\Documents and Settings\paul\Application Data\Win Antivir 2008\Desc.dat
C:\Documents and Settings\paul\Application Data\Win Antivir 2008\spline.dat
C:\Documents and Settings\paul\Application Data\Win Antivir 2008\Win Antivir 2008.ini
C:\Documents and Settings\paul\Application Data\Win Antivir 2008
Trojan.Unknown Origin
C:\WINDOWS\AGPQLRFM.EXE
ComboFix 08-08-26.03 - paul 2008-08-27 14:31:41.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.555 [GMT 1:00]
Running from: C:\Documents and Settings\paul\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((( Files Created from 2008-07-27 to 2008-08-27 )))))))))))))))))))))))))))))))
.
2008-08-27 13:32 . 2008-08-27 13:32 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-08-27 13:32 . 2008-08-27 13:32 <DIR> d-------- C:\Documents and Settings\paul\Application Data\SUPERAntiSpyware.com
2008-08-27 13:32 . 2008-08-27 13:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-08-27 13:06 . 2008-08-27 13:08 <DIR> d-------- C:\hjt
2008-08-27 12:43 . 2008-08-27 12:43 <DIR> d-------- C:\VundoFix Backups
2008-08-27 12:27 . 2008-08-27 12:27 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-08-27 12:21 . 2008-08-27 12:21 <DIR> d-------- C:\Program Files\CCleaner
2008-08-24 14:06 . 2008-08-24 14:06 <DIR> d-------- C:\Documents and Settings\internet.PAUL-521D52609F\Application Data\Windows Desktop Search
2008-08-23 18:56 . 2008-08-23 18:56 <DIR> d-------- C:\Documents and Settings\paul\Application Data\Windows Desktop Search
2008-08-23 18:55 . 2008-08-23 18:55 <DIR> d-------- C:\Program Files\Windows Desktop Search
2008-08-23 18:42 . 2008-03-07 18:02 192,000 -----c--- C:\WINDOWS\system32\dllcache\offfilt.dll
2008-08-23 18:42 . 2008-03-07 18:02 98,304 -----c--- C:\WINDOWS\system32\dllcache\nlhtml.dll
2008-08-23 18:42 . 2008-03-07 18:02 29,696 -----c--- C:\WINDOWS\system32\dllcache\mimefilt.dll
2008-08-23 18:39 . 2008-07-22 15:45 1,214,526 -----c--- C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-08-23 18:39 . 2008-07-22 15:45 790,846 -----c--- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-08-23 18:39 . 2008-07-22 15:45 9,696 -----c--- C:\WINDOWS\system32\dllcache\drvmain.sdb
2008-08-23 16:43 . 2008-06-23 17:57 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-08-23 16:43 . 2007-04-17 10:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-08-23 16:43 . 2007-03-08 06:10 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-08-23 16:43 . 2008-06-23 17:57 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-08-23 16:43 . 2008-06-23 17:57 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-08-23 16:43 . 2008-05-01 15:33 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-23 16:43 . 2008-06-23 17:57 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-08-23 16:43 . 2008-06-23 17:57 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-08-23 16:43 . 2008-06-23 17:57 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-08-23 16:43 . 2008-06-23 10:20 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-08-23 16:42 . 2008-04-11 20:04 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-23 15:40 . 2008-08-23 15:40 <DIR> d-------- C:\Documents and Settings\internet.PAUL-521D52609F\Application Data\Yahoo!
2008-08-23 15:39 . 2008-08-23 15:39 <DIR> d-------- C:\Documents and Settings\internet.PAUL-521D52609F\Application Data\PC Suite
2008-08-23 15:38 . 2008-08-24 14:44 <DIR> d-------- C:\Documents and Settings\internet.PAUL-521D52609F\Application Data\BullGuard
2008-08-23 12:34 . 2008-06-13 12:05 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-08-23 12:01 . 2008-08-23 12:01 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-08-23 12:01 . 2008-08-23 12:01 <DIR> d-------- C:\WINDOWS\system32\en
2008-08-23 12:01 . 2008-08-23 12:01 <DIR> d-------- C:\WINDOWS\system32\bits
2008-08-23 12:01 . 2008-08-23 12:01 <DIR> d-------- C:\WINDOWS\l2schemas
2008-08-23 11:52 . 2008-08-23 11:52 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-08-23 11:03 . 2008-04-14 01:12 4,274,816 --------- C:\WINDOWS\system32\nv4_disp.dll
2008-08-23 11:02 . 2008-04-14 01:11 397,312 --------- C:\WINDOWS\system32\mmcex.dll
2008-08-23 11:01 . 2008-04-14 01:11 1,888,992 --------- C:\WINDOWS\system32\ati3duag.dll
2008-08-23 09:38 . 2008-08-23 09:38 1,374 --a------ C:\WINDOWS\system32\wpa.bak
2008-08-23 09:04 . 2004-08-04 13:00 28,288 --a--c--- C:\WINDOWS\system32\dllcache\xjis.nls
2008-08-23 09:02 . 2004-08-04 13:00 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex
2008-08-23 09:01 . 2008-04-14 01:09 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-08-23 09:00 . 2004-08-04 13:00 1,677,824 --a--c--- C:\WINDOWS\system32\dllcache\chsbrkr.dll
2008-08-23 08:57 . 2008-08-23 08:57 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-08-23 08:57 . 2008-08-23 08:57 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-08-23 08:57 . 2008-08-23 08:57 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-08-23 08:57 . 2008-08-23 08:57 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest
2008-08-23 08:57 . 2008-08-23 08:57 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-08-23 08:57 . 2008-08-23 08:57 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-08-23 08:41 . 2004-08-04 13:00 1,086,058 -ra------ C:\WINDOWS\SET4F.tmp
2008-08-23 08:41 . 2004-08-04 13:00 1,042,903 -ra------ C:\WINDOWS\SET4C.tmp
2008-08-23 08:41 . 2004-08-04 13:00 13,753 -ra------ C:\WINDOWS\SET5B.tmp
2008-08-23 08:22 . 2008-08-23 08:22 <DIR> d-------- C:\Documents and Settings\internet.PAUL-521D52609F
2008-08-23 08:10 . 2004-08-04 13:00 16,384 --a--c--- C:\WINDOWS\system32\dllcache\isignup.exe
2008-08-21 08:55 . 2004-08-04 13:00 1,086,058 -ra------ C:\WINDOWS\SETF2.tmp
2008-08-21 08:55 . 2004-08-04 13:00 1,042,903 -ra------ C:\WINDOWS\SETEF.tmp
2008-08-21 08:55 . 2004-08-04 13:00 13,753 -ra------ C:\WINDOWS\SETFE.tmp
2008-08-21 08:29 . 2008-08-23 18:55 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-08-19 13:35 . 2008-08-19 13:35 <DIR> d-------- C:\Documents and Settings\internet\Application Data\Yahoo!
2008-08-19 13:33 . 2008-08-19 13:33 <DIR> d-------- C:\Documents and Settings\internet\Application Data\PC Suite
2008-08-19 13:32 . 2008-08-19 13:32 <DIR> d-------- C:\Documents and Settings\internet\Application Data\BullGuard
2008-08-19 13:31 . 2008-08-19 13:31 <DIR> d-------- C:\Documents and Settings\internet
2008-08-18 15:19 . 2008-08-19 08:11 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\BullGuard
2008-08-18 15:18 . 2008-08-18 16:00 52,560 --a------ C:\WINDOWS\system32\drivers\BdFileSpy.sys
2008-08-18 15:17 . 2008-08-18 15:17 <DIR> d-------- C:\Program Files\BullGuard Ltd
2008-08-18 15:17 . 2008-08-27 14:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BullGuard
2008-08-18 14:57 . 2008-08-27 12:23 <DIR> d-------- C:\Documents and Settings\Administrator
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-23 17:16 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-08-18 15:01 14,152 ----a-w C:\WINDOWS\system32\client_cc.dll
2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:43 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 16:57 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2007-05-17 17:53 56 --sha-w C:\Documents and Settings\All Users\Application Data\dc64vg9.sys
.
((((((((((((((((((((((((((((( snapshot@2008-08-27_12.39.44.56 ))))))))))))))))))))))))))))))))))))))))) . + 2008-08-27 12:32:56 18,944 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe + 2008-08-27 12:32:56 65,024 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 01:12 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-14 01:12 1695232]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 16:21 1449984]
"BullGuard"="C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe" [2008-08-18 15:59 304456]
"TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" [2008-05-06 09:42 202088]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05 204288]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-08-19 23:34 1576176]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RecSche"="C:\TV Capture Card\RecSche.exe" [2002-01-16 07:23 159744]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 00:46 57344]
"NSLauncher"="C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe" [2006-11-28 01:12 2658304]
"sclauncher"="C:\Program Files\SimpleCenter\bin\win\sclauncher.exe" [2007-01-30 11:40 94208]
"BullGuard"="C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe" [2008-08-18 15:59 304456]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 01:12 15360]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]
broadband medic.lnk - C:\Program Files\ntl\broadband medic\bin\matcli.exe [2005-10-17 15:47:34 217088]
EPSON Status Monitor 3 Environment Check 2.lnk - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [2005-06-27 20:49:46 128000]
Image Transfer.lnk - C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe [2005-09-10 15:41:37 73728]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 21:05:56 65588]
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 22:19:14 123904]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 22:19 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=dlfnwh.dll ugdisa.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BgMainSvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winxb03.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\SimpleCenter\\Home Media Server.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
R0 sonyhcb;Sony Digital Imaging Base;C:\WINDOWS\system32\DRIVERS\sonyhcb.sys [2001-11-05 10:23]
R2 BdFileSpy;BullGuard File Monitor Driver;C:\WINDOWS\system32\drivers\BdFileSpy.sys [2008-08-18 16:00]
R2 BsFileScan;BullGuard File Scan Service;C:\WINDOWS\System32\svchost.exe [2008-04-14 01:12]
R2 BsFire;BullGuard Firewall Service;C:\WINDOWS\System32\svchost.exe [2008-04-14 01:12]
R2 Cap7134;TV Capture Card WDM Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2002-01-08 05:00]
R2 PhTVTune;TV Capture Card WDM TV Tuner;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys [2002-01-08 05:00]
R3 afw;Agnitum firewall driver;C:\WINDOWS\system32\DRIVERS\afw.sys [2007-11-28 11:42]
R3 Reconn;BullGuard Email Monitor;C:\Program Files\BullGuard Ltd\BullGuard\Reconn.sys [2007-10-29 09:08]
S0 Winxb03;Winxb03;C:\WINDOWS\system32\Drivers\Winxb03.sys []
S3 BGRaSvc;BGRaSvc;C:\Program Files\BullGuard Ltd\BullGuard\support\bgrasvc.exe [2008-08-18 16:02]
S3 NtApm;NT Apm/Legacy Interface Driver;C:\WINDOWS\system32\DRIVERS\NtApm.sys [2004-08-04 13:00]
S3 sonyhcs;Sony Digital Imaging Video;C:\WINDOWS\system32\DRIVERS\sonyhcs.sys [2001-11-05 10:23]
S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 19:47]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
BullGuard REG_MULTI_SZ BgMainSvc BsFileScan BsMailProxy BsFire
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://uk.yahoo.com/
R1 -: HKCU-Internet Settings,ProxyOverride = 127.0.0.1;<local>
R1 -: HKCU-SearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-08-27 14:34:03 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\OMSCAN]
"ImagePath"="\Sys"
.
Completion time: 2008-08-27 14:35:58
ComboFix-quarantined-files.txt 2008-08-27 13:35:47
ComboFix2.txt 2008-08-27 11:40:18
ComboFix3.txt 2008-08-23 14:26:26
Pre-Run: 27,346,014,208 bytes free
Post-Run: 27,359,256,576 bytes free
185 --- E O F --- 2008-08-23 13:24:24
| 
|