ComboFix 08-04-16.2 - Anthony 2008-04-16 18:55:03.4 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.1.1252.1.1033.18.85 [GMT -7:00]
Running from: C:\DOCUME~1\Anthony\Desktop\ComboFix.exe
 * Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Anthony\Start Menu\Programs\Startup\Deewoo.lnk
C:\Program Files\180search assistant
C:\Program Files\180search assistant\180sa.exe
C:\Program Files\180search assistant\sau.exe
C:\Program Files\180searchassistant
C:\Program Files\180searchassistant\saap.exe
C:\Program Files\180searchassistant\sac.exe
C:\Program Files\180solutions
C:\Program Files\180solutions\sais.exe
C:\Program Files\PC-Cleaner
C:\Program Files\seekmo
C:\Program Files\seekmo\seekmohook.dll
C:\Program Files\stc
C:\Program Files\stc\csv5p070.exe
C:\Program Files\Sysmnt
C:\Program Files\Sysmnt\Ssmgr.exe
C:\Program Files\zango
C:\Program Files\zango\zango.exe
C:\WINDOWS\123messenger.per
C:\WINDOWS\180ax.exe
C:\WINDOWS\2020search.dll
C:\WINDOWS\2020search2.dll
C:\WINDOWS\apphelp32.dll
C:\WINDOWS\asferror32.dll
C:\WINDOWS\asycfilt32.dll
C:\WINDOWS\athprxy32.dll
C:\WINDOWS\ati2dvaa32.dll
C:\WINDOWS\ati2dvag32.dll
C:\WINDOWS\audiosrv32.dll
C:\WINDOWS\autodisc32.dll
C:\WINDOWS\avifile32.dll
C:\WINDOWS\avisynthex32.dll
C:\WINDOWS\aviwrap32.dll
C:\WINDOWS\bjam.dll
C:\WINDOWS\bokja.exe
C:\WINDOWS\browserad.dll
C:\WINDOWS\cdsm32.dll
C:\WINDOWS\changeurl_30.dll
C:\WINDOWS\didduid.ini
C:\WINDOWS\FLEOK
C:\WINDOWS\FLEOK\180ax.exe
C:\WINDOWS\Installer\id53.exe
C:\WINDOWS\licencia.txt
C:\WINDOWS\msa64chk.dll
C:\WINDOWS\msapasrc.dll
C:\WINDOWS\mspphe.dll
C:\WINDOWS\mssvr.exe
C:\WINDOWS\ntnut.exe
C:\WINDOWS\saiemod.dll
C:\WINDOWS\salm.exe
C:\WINDOWS\shdocpe.dll
C:\WINDOWS\shdocpl.dll
C:\WINDOWS\stcloader.exe
C:\WINDOWS\swin32.dll
C:\WINDOWS\system32\msixu.dll
C:\WINDOWS\system32\MSNSA32.dll
C:\WINDOWS\system32\ntnut32.exe
C:\WINDOWS\system32\shdocpe.dll
C:\WINDOWS\system32\SIPSPI32.dll
C:\WINDOWS\system32\wer8274.dll
C:\WINDOWS\system32\wmsdkns.exe
C:\WINDOWS\system32\zxdnt3d.cfg
C:\WINDOWS\telefonos.txt
C:\WINDOWS\TEMP\salm.exe
C:\WINDOWS\textos.txt
C:\WINDOWS\updatetc.exe
C:\WINDOWS\voiceip.dll
C:\WINDOWS\winsb.dll

.
(((((((((((((((((((((((((   Files Created from 2008-03-17 to 2008-04-17  )))))))))))))))))))))))))))))))
.

2008-04-16 18:55 . 2002-08-28 20:41	113,664	--a------	C:\WINDOWS\system32\etfqtjta.drv
2008-04-09 10:52 . 2002-08-28 20:41	113,664	--a------	C:\WINDOWS\system32\jqhedrgrlbc.dll
2008-04-08 18:26 . 2008-04-08 18:26	<DIR>	d--------	C:\Program Files\Trend Micro
2008-04-07 21:51 . 2008-04-07 21:51	<DIR>	d--------	C:\Program Files\Panda Security
2008-04-07 19:22 . 2002-08-28 20:41	113,664	--a------	C:\WINDOWS\system32\lpecakkacoh.nls
2008-04-07 18:34 . 2008-04-07 18:34	<DIR>	d--------	C:\Documents and Settings\Anthony\Application Data\Grisoft
2008-04-07 17:58 . 2007-05-30 05:10	10,872	--a------	C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-04-06 19:54 . 2008-04-06 19:54	<DIR>	d--------	C:\Deckard
2008-04-06 18:48 . 2008-04-07 16:06	<DIR>	d--------	C:\Program Files\RogueRemover FREE
2008-04-06 18:04 . 2008-04-06 19:40	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\wxklifgz
2008-04-06 16:00 . 2008-04-08 17:22	2,484	--a------	C:\WINDOWS\system32\tmp.reg
2008-04-06 15:59 . 2007-09-05 23:22	289,144	--a------	C:\WINDOWS\system32\VCCLSID.exe
2008-04-06 15:59 . 2006-04-27 16:49	288,417	--a------	C:\WINDOWS\system32\SrchSTS.exe
2008-04-06 15:59 . 2008-03-28 23:19	86,528	--a------	C:\WINDOWS\system32\VACFix.exe
2008-04-06 15:59 . 2008-03-26 08:50	82,432	--a------	C:\WINDOWS\system32\IEDFix.exe
2008-04-06 15:59 . 2003-06-05 20:13	53,248	--a------	C:\WINDOWS\system32\Process.exe
2008-04-06 15:59 . 2004-07-31 17:50	51,200	--a------	C:\WINDOWS\system32\dumphive.exe
2008-04-06 15:59 . 2007-10-03 23:36	25,600	--a------	C:\WINDOWS\system32\WS2Fix.exe
2008-04-06 15:32 . 2008-04-06 18:04	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\tgpajopg
2008-04-06 15:18 . 2008-04-06 15:32	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\xilobsjy
2008-04-06 14:50 . 2008-04-06 15:18	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\dcrwlijg
2008-04-06 13:56 . 2007-08-01 16:47	102,664	--a------	C:\WINDOWS\system32\drivers\tmcomm.sys
2008-04-06 13:52 . 2008-04-07 16:06	<DIR>	d--------	C:\WINDOWS\system32\HouseCall 6.6
2008-04-06 13:20 . 2008-04-06 14:50	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\ghczmnwd
2008-04-06 13:16 . 2008-04-06 13:20	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\knybudcb
2008-04-06 12:26 . 2008-04-06 12:26	<DIR>	d--------	C:\Documents and Settings\Administrator
2008-04-06 12:11 . 2008-04-06 13:17	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\fkvipwfg
2008-04-06 12:04 . 2008-04-06 12:11	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\levipovc
2008-04-06 12:04 . 2008-04-06 12:04	196,672	--a------	C:\WINDOWS\system32\lcntkldn.exe
2008-04-06 12:04 . 2008-04-06 14:52	937	--a------	C:\WINDOWS\system32\winpfz33.sys
2008-04-06 11:57 . 2008-04-06 12:05	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\wlypotil
2008-04-06 11:55 . 2008-04-06 11:55	16,612	--ahs----	C:\Documents and Settings\LocalService\cftmon.exe
2008-04-06 11:53 . 2008-04-06 11:53	90,112	--a------	C:\WINDOWS\system32\crehcjid.dll
2008-04-06 11:50 . 2008-04-06 11:50	58,880	--a------	C:\lilsesn.exe
2008-04-06 11:50 . 2008-04-06 11:50	29,090	--a------	C:\gjtxc.exe
2008-04-06 11:50 . 2008-04-06 11:50	6,656	--a------	C:\xbgme.exe
2008-04-06 11:50 . 2008-04-06 11:50	54	--a------	C:\smp.bat
2008-04-06 11:50 . 2008-04-06 11:51	2	--a------	C:\-1737500906
2008-04-06 11:48 . 2008-04-06 13:19	160,256	--a------	C:\WINDOWS\system32\blackster.scr
2008-04-06 11:46 . 2008-04-06 13:18	40,315	--ahs----	C:\Documents and Settings\Anthony\cftmon.exe
2008-04-06 11:46 . 2008-04-06 11:46	12,800	--a------	C:\iW8.exe
2008-04-06 11:36 . 2008-04-06 11:37	<DIR>	d--------	C:\WINDOWS\uoif
2008-04-06 11:36 . 2008-04-06 11:40	<DIR>	d--------	C:\Program Files\Common Files\uoif
2008-04-06 11:10 . 2008-04-16 18:55	1,906	--a------	C:\WINDOWS\system32\default.htm
2008-04-06 11:03 . 2008-04-06 11:03	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Rabio
2008-04-06 11:00 . 2008-04-06 11:00	<DIR>	d--------	C:\WINDOWS\uprjiefj
2008-04-06 11:00 . 2008-04-06 11:58	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\tgvabops
2008-04-06 11:00 . 2008-04-06 11:00	67,584	--a------	C:\WINDOWS\pelulkfu.dll
2008-04-06 11:00 . 2008-04-06 11:00	67,584	--a------	C:\Documents and Settings\All Users\Application Data\qhofkfcd.dll
2008-04-03 19:59 . 2002-08-29 02:32	21,760	--a--c---	C:\WINDOWS\system32\dllcache\usbstor.sys

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-17 01:52	---------	d-----w	C:\Program Files\SUPERAntiSpyware
2008-04-17 01:52	---------	d-----w	C:\Documents and Settings\Anthony\Application Data\SUPERAntiSpyware.com
2008-04-07 23:07	---------	d-----w	C:\Program Files\Real
2008-04-06 18:47	15,872	----a-w	C:\WINDOWS\system32\svchost.exe
2008-04-06 18:21	10	----a-w	C:\Program Files\.autoreg
2008-02-24 15:54	6,029,648	----a-w	C:\Program Files\Firefox Setup 2.0.0.12.exe
2008-02-24 15:54	278,793	----a-w	C:\WINDOWS\system32\LAE1F.tmp
2008-02-24 13:47	---------	d-----w	C:\Program Files\Google
2008-02-24 04:52	---------	d-----w	C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-02-24 04:51	5,797,152	----a-w	C:\Program Files\SUPERAntiSpyware.exe
2008-02-24 03:19	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-24 02:44	278,793	----a-w	C:\WINDOWS\system32\LE6F9.tmp
2008-02-23 03:04	---------	d-----w	C:\Documents and Settings\Anthony\Application Data\Talkback
2008-02-23 03:03	---------	d-----w	C:\Program Files\Common Files\xing shared
2008-02-23 03:02	499,712	----a-w	C:\WINDOWS\system32\msvcp71.dll
2008-02-23 03:02	348,160	----a-w	C:\WINDOWS\system32\msvcr71.dll
2008-02-23 03:02	---------	d-----w	C:\Program Files\Common Files\Real
2008-02-17 17:32	---------	d-----w	C:\Program Files\Common Files\Adobe
.

------- Sigcheck -------

2008-04-06 11:47  15872  7dd246dc611e3cb9dd4610158cf55628	C:\WINDOWS\system32\svchost.exe

2002-08-28 20:41  520704  8811476cae5bb640d46d3cb9f03307c1	C:\WINDOWS\system32\winlogon.exe

2002-08-28 20:41  1007104  12769b8ecf9a77eaba22f1c80c0462d2	C:\WINDOWS\explorer.exe
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-09 17:36 68856]
"Dcna"="C:\PROGRA~1\COMMON~1\PPPATC~1\mshta.exe" [ ]
"Bpvne"="C:\WINDOWS\??sks\n?pdb.exe" [ ]
"Nhxsckkf"="C:\Documents and Settings\Anthony\Application Data\??mantec\n?lookup.exe" [ ]
"uoif"="C:\PROGRA~1\COMMON~1\uoif\uoifm.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 12:09 63712]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-02-22 20:02 185896]
"AntiVirusPro"="C:\Program Files\AntiVirusPro\AntiVirusPro.exe" [ ]
"g]eeV\mWhjlnspB"="C:\WINDOWS\system32\lcntkldn.exe" [2008-04-06 12:04 196672]
"!AVG Anti-Spyware"="C:\PROGRA~1\Grisoft\AVGANT~1.5\avgas.exe" [2007-06-11 02:25 6731312]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"mhsnepsf"= rundll32.exe "C:\WINDOWS\System32\sqmisoe.nls" WLEntryPoint

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"xLjDQvSTVpwf"= {986FD717-32C5-7DBD-81E6-9EDE95CDEE5D} - C:\WINDOWS\system32\fpr.dll [ ]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

R3 cwbmidi_device;Crystal WDM MPU-401 UART Driver;C:\WINDOWS\System32\drivers\cwbmidi.sys [2001-08-17 05:19]
R3 cwbwdm_device;Crystal WDM Audio Codec Driver;C:\WINDOWS\System32\drivers\cwbwdm.sys [2001-08-17 05:19]
S3 NtApm;NT Apm/Legacy Interface Driver;C:\WINDOWS\System32\DRIVERS\NtApm.sys [2001-08-17 06:47]

.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-16 18:56:59
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
"g]eeV\\mWhjlnspB"="C:\\WINDOWS\\system32\\lcntkldn.exe DWram"
.
Completion time: 2008-04-16 18:57:48
ComboFix-quarantined-files.txt  2008-04-17 01:57:45
ComboFix2.txt  2008-04-07 01:13:59
ComboFix3.txt  2008-04-06 21:52:39
ComboFix4.txt  2008-02-28 03:09:49

Pre-Run: 156,254,367,744 bytes free
Post-Run: 156,535,877,632 bytes free