Thank you so much for your help.
This is the Combofix and the Hijack will follow.
################################
ComboFix 08-05-21.3 - Owner 2008-05-24 14:22:04.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.486 [GMT -5:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\FhiOYJlm.ini
C:\WINDOWS\system32\FhiOYJlm.ini2
C:\WINDOWS\system32\mlJYOihF.dll
.
((((((((((((((((((((((((( Files Created from 2008-04-24 to 2008-05-24 )))))))))))))))))))))))))))))))
.
2008-05-24 14:16 . 2008-05-24 14:16 <DIR> d--h----- C:\Documents and Settings\All Users\Application Data\CanonBJ
2008-05-24 14:16 . 2008-05-24 14:16 <DIR> d-------- C:\CanonMP
2008-05-24 14:16 . 2005-05-07 00:00 140,288 --a------ C:\WINDOWS\system32\CNMLM7M.DLL
2008-05-23 20:16 . 2008-05-23 20:16 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\SultansLabyrinth
2008-05-23 00:55 . 2008-05-23 00:55 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-23 00:55 . 2008-05-23 00:55 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-22 23:40 . 2008-05-22 23:40 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-05-22 22:20 . 2008-05-22 22:20 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Gaijin Ent
2008-05-21 22:43 . 2008-05-21 22:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Astar Games
2008-05-18 06:49 . 2008-05-18 06:49 <DIR> d-------- C:\ISeeYouXP
2008-05-18 06:49 . 2005-01-14 01:41 11,254 --a------ C:\WINDOWS\system32\locate.com
2008-05-18 06:41 . 2008-05-18 06:41 <DIR> d-------- C:\!KillBox
2008-05-18 06:39 . 2008-05-18 06:39 <DIR> d-------- C:\VundoFix Backups
2008-05-18 06:29 . 2008-05-18 06:55 <DIR> d-------- C:\Program Files\a-squared Free
2008-05-18 06:26 . 2008-05-18 06:26 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-17 22:59 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-05-17 22:59 . 2001-08-17 13:48 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2008-05-14 12:45 . 2008-05-14 12:55 354 ---hs---- C:\WINDOWS\system32\missspqw.ini
2008-05-14 10:46 . 2008-05-14 10:46 474 ---hs---- C:\WINDOWS\system32\qdjtdawn.ini
2008-05-14 10:39 . 2008-05-14 10:39 29,824 --a------ C:\WINDOWS\system32\ddcDuUMc.dll
2008-05-14 10:13 . 2008-05-13 17:48 90,112 --a------ C:\WINDOWS\oadkxrts.exe
2008-05-11 11:59 . 2008-05-24 00:53 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-08 22:07 . 2008-05-08 22:07 <DIR> d-------- C:\Program Files\BigJig
2008-05-06 08:28 . 2008-05-06 08:28 <DIR> d-------- C:\Program Files\Alwil Software
2008-05-04 14:11 . 2005-10-31 19:17 135,168 --------- C:\WINDOWS\system32\RtlCPAPI.dll
2008-05-04 12:31 . 2008-05-04 12:31 21 --a------ C:\WINDOWS\Status.mif
2008-05-01 14:13 . 2008-05-01 14:13 10 --a------ C:\usb002
2008-05-01 14:12 . 2008-05-01 14:12 3 --a------ C:\usb
2008-04-29 10:37 . 2008-04-29 10:37 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Media Player Classic
2008-04-29 09:35 . 2008-04-29 09:35 <DIR> d-------- C:\Program Files\Essentials Codec Pack
2008-04-28 08:43 . 2008-05-07 15:02 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\GlarySoft
2008-04-28 08:40 . 2008-04-28 08:40 <DIR> d-------- C:\Program Files\Glary Utilities
2008-04-28 07:57 . 2008-04-28 07:57 8,192 --a------ C:\WINDOWS\Rpoint.exe
2008-04-27 13:01 . 2008-04-27 13:01 <DIR> d-------- C:\Program Files\Musicnotes
2008-04-25 15:06 . 2008-04-26 00:51 <DIR> d-------- C:\Program Files\MediaCoder Audio Edition
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-24 18:39 --------- d-----w C:\Program Files\LimeWire
2008-05-24 05:53 --------- d-----w C:\Program Files\Jewel Quest II
2008-05-24 00:51 0 ----a-w C:\Program Files\temp01
2008-05-23 17:28 --------- d-----w C:\Program Files\Mystery Case Files - Madame Fate
2008-05-23 07:55 --------- d-----w C:\Program Files\PopCap Games
2008-05-23 07:55 --------- d-----w C:\Program Files\Jewel Quest Solitaire II
2008-05-23 05:43 --------- d-----w C:\Program Files\Jewel Quest Solitaire
2008-05-16 12:41 --------- d-----w C:\Documents and Settings\Owner\Application Data\iWin
2008-05-13 14:14 --------- d-----w C:\Program Files\HP
2008-05-13 12:36 --------- d-----w C:\Documents and Settings\Owner\Application Data\Big Fish Games
2008-05-11 16:13 --------- d-----w C:\Documents and Settings\Owner\Application Data\LimeWire
2008-05-11 15:49 --------- d-----w C:\Program Files\Jigs@w Puzzle 2
2008-05-11 15:49 --------- d-----w C:\Program Files\Elements
2008-05-11 15:49 --------- d-----w C:\Program Files\CCleaner
2008-05-11 15:49 --------- d-----w C:\Program Files\AceMoney
2008-05-11 15:49 --------- d-----w C:\Program Files\Accounts and Budget Free V5.0
2008-05-11 15:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Musicnotes
2008-05-09 15:21 --------- d-----w C:\Program Files\Java
2008-05-07 20:02 --------- d-----w C:\Program Files\Trillian
2008-05-07 20:02 --------- d-----w C:\Program Files\Google
2008-05-07 20:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-05-07 20:00 --------- d-----w C:\Documents and Settings\Owner\Application Data\stickies
2008-05-07 18:40 --------- d-----w C:\Program Files\Oberon Media
2008-05-04 20:50 --------- d-----w C:\Program Files\Canon
2008-05-04 20:29 --------- d-----w C:\Program Files\BigFishGames
2008-05-04 20:08 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-04 19:08 105,088 ----a-w C:\WINDOWS\system32\drivers\Rtnicxp.sys
2008-05-04 18:45 --------- d-----w C:\Program Files\ATI Technologies
2008-05-04 18:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\WildTangent
2008-05-04 18:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Friends Games
2008-04-28 13:54 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-04-28 13:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP
2008-04-28 13:46 --------- d-----w C:\Program Files\Trivial Pursuit Bring On The 90s
2008-04-22 00:13 --------- d-----w C:\Program Files\bfgclient
2008-04-16 13:59 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-04-16 05:39 --------- d-----w C:\Program Files\Auslogics
2008-04-16 05:36 --------- d-----w C:\Documents and Settings\Owner\Application Data\Auslogics
2008-04-12 16:09 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-11 12:34 --------- d-----w C:\Documents and Settings\Owner\Application Data\AlauxSoft
2008-04-11 04:04 --------- d-----w C:\Documents and Settings\Owner\Application Data\PlayFirst
2008-04-07 02:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\FireGlow
2008-04-03 20:16 --------- d-----w C:\Documents and Settings\Owner\Application Data\Image Zone Express
2008-03-26 13:20 --------- d-----w C:\Program Files\Mystery Case Files - Huntsville
2008-03-26 13:20 --------- d-----w C:\Documents and Settings\Owner\Application Data\OfficeUpdate12
2008-03-26 13:10 --------- d-----w C:\Program Files\Realtek
2008-03-26 13:10 --------- d-----w C:\Program Files\QuickTime
2008-03-26 13:10 --------- d-----w C:\Program Files\Picasa2
2008-03-25 15:42 --------- d-----w C:\Documents and Settings\Owner\Application Data\HP
2008-03-25 02:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\SugarGames
.
((((((((((((((((((((((((((((( snapshot@2008-05-23_11.25.20.48 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-22 21:37:09 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-24 19:25:00 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2005-10-21 01:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
- 2008-05-11 16:39:29 76,487 ----a-w C:\WINDOWS\pchealth\helpctr\OfflineCache\index.dat
+ 2008-05-23 17:13:30 76,487 ----a-w C:\WINDOWS\pchealth\helpctr\OfflineCache\index.dat
- 2008-05-11 16:39:29 2,378 ----a-w C:\WINDOWS\pchealth\helpctr\PackageStore\SkuStore.bin
+ 2008-05-23 17:13:30 2,378 ----a-w C:\WINDOWS\pchealth\helpctr\PackageStore\SkuStore.bin
- 2008-05-12 16:44:11 1,152,888 ----a-w C:\WINDOWS\system32\aswBoot.exe
+ 2008-05-15 23:24:43 1,152,888 ----a-w C:\WINDOWS\system32\aswBoot.exe
- 2008-05-12 16:32:02 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
+ 2008-05-15 23:12:36 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
- 2008-05-12 16:33:19 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
+ 2008-05-15 23:13:26 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
- 2008-05-12 16:38:45 20,560 ----a-w C:\WINDOWS\system32\drivers\aswFsBlk.sys
+ 2008-05-15 23:16:06 20,560 ----a-w C:\WINDOWS\system32\drivers\aswFsBlk.sys
- 2008-05-12 16:38:25 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
+ 2008-05-15 23:18:33 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
- 2008-05-12 16:34:42 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
+ 2008-05-15 23:15:29 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
- 2008-05-12 16:36:18 77,904 ----a-w C:\WINDOWS\system32\drivers\aswSP.sys
+ 2008-05-15 23:20:32 78,416 ----a-w C:\WINDOWS\system32\drivers\aswSP.sys
- 2008-05-12 16:33:38 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
+ 2008-05-15 23:14:11 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
+ 2005-05-07 05:00:00 274,944 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\CNMCB7M.DLL
+ 2005-05-07 05:00:00 100,352 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\CNMCP7M.DLL
+ 2005-05-07 05:00:00 151,552 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\CNMD57M.DLL
+ 2005-05-07 05:00:00 397,312 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\CNMDR7M.DLL
+ 2005-05-07 05:00:00 19,968 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\CNMFU7M.DLL
+ 2005-05-07 05:00:00 92,160 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\CNMLR7M.DLL
+ 2005-05-07 05:00:00 25,088 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\CNMOP7M.DLL
+ 2005-05-07 05:00:00 23,280 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\CNMP07M.DAT
+ 2005-05-07 05:00:00 27,140 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\CNMP17M.DAT
+ 2005-05-07 05:00:00 30,320 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\CNMP27M.DAT
+ 2005-05-07 05:00:00 7,168 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\CNMPI7M.DLL
+ 2005-05-07 05:00:00 89,088 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\CNMPV7M.DLL
+ 2005-05-07 05:00:00 223,744 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\CNMSB7M.DLL
+ 2005-05-07 05:00:00 39,936 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\CNMSD7M.DLL
+ 2005-05-07 05:00:00 194,048 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\CNMSM7M.DLL
+ 2005-05-07 05:00:00 39,424 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\CNMSQ7M.DLL
+ 2005-05-07 05:00:00 69,632 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\CNMSR7M.DLL
+ 2005-05-07 05:00:00 663,552 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\CNMUB7M.DLL
+ 2005-05-07 05:00:00 1,635,840 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\CNMUI7M.DLL
+ 2005-05-07 05:00:00 254,464 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\CNMUR7M.DLL
+ 2005-05-07 05:00:00 6,656 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\CNMW37M.DLL
+ 2005-05-07 05:00:00 274,944 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\canonmp800b2ef\CNMCB7M.DLL
+ 2005-05-07 05:00:00 100,352 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\canonmp800b2ef\CNMCP7M.DLL
+ 2005-05-07 05:00:00 151,552 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\canonmp800b2ef\CNMD57M.DLL
+ 2005-05-07 05:00:00 397,312 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\canonmp800b2ef\CNMDR7M.DLL
+ 2005-05-07 05:00:00 19,968 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\canonmp800b2ef\CNMFU7M.DLL
+ 2005-05-07 05:00:00 92,160 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\canonmp800b2ef\CNMLR7M.DLL
+ 2005-05-07 05:00:00 25,088 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\canonmp800b2ef\CNMOP7M.DLL
+ 2005-05-07 05:00:00 23,280 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\canonmp800b2ef\CNMP07M.DAT
+ 2005-05-07 05:00:00 27,140 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\canonmp800b2ef\CNMP17M.DAT
+ 2005-05-07 05:00:00 30,320 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\canonmp800b2ef\CNMP27M.DAT
+ 2005-05-07 05:00:00 7,168 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\canonmp800b2ef\CNMPI7M.DLL
+ 2005-05-07 05:00:00 89,088 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\canonmp800b2ef\CNMPV7M.DLL
+ 2005-05-07 05:00:00 223,744 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\canonmp800b2ef\CNMSB7M.DLL
+ 2005-05-07 05:00:00 39,936 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\canonmp800b2ef\CNMSD7M.DLL
+ 2005-05-07 05:00:00 194,048 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\canonmp800b2ef\CNMSM7M.DLL
+ 2005-05-07 05:00:00 39,424 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\canonmp800b2ef\CNMSQ7M.DLL
+ 2005-05-07 05:00:00 69,632 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\canonmp800b2ef\CNMSR7M.DLL
+ 2005-05-07 05:00:00 663,552 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\canonmp800b2ef\CNMUB7M.DLL
+ 2005-05-07 05:00:00 1,635,840 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\canonmp800b2ef\CNMUI7M.DLL
+ 2005-05-07 05:00:00 254,464 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\canonmp800b2ef\CNMUR7M.DLL
+ 2005-05-07 05:00:00 6,656 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\canonmp800b2ef\CNMW37M.DLL
+ 2008-05-24 19:25:04 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_5cc.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4D1277E3-AD9F-4677-A977-725C7E20602D}]
2008-05-14 10:39 29824 --a------ C:\WINDOWS\system32\ddcDuUMc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-03-08 05:54 16010240 C:\WINDOWS\RTHDCPL.exe]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{4D1277E3-AD9F-4677-A977-725C7E20602D}"= C:\WINDOWS\system32\ddcDuUMc.dll [2008-05-14 10:39 29824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcDuUMc]
ddcDuUMc.dll 2008-05-14 10:39 29824 C:\WINDOWS\system32\ddcDuUMc.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ose"=3 (0x3)
"gusvc"=3 (0x3)
"ATI Smart"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-15 18:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-15 18:16]
S3 Gcr432;Gcr432;C:\WINDOWS\system32\Drivers\gcr432.sys [2001-10-04 16:18]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{487c636c-b721-11dc-8164-00142ae4ba4d}]
\Shell\AutoRun\command - J:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder
"2008-05-24 19:25:16 C:\WINDOWS\Tasks\GlaryInitialize.job"
- C:\Program Files\Glary Utilities\initialize.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-05-24 14:25:45
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\ddcDuUMc.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\a-squared Free\a2service.exe
C:\WINDOWS\system32\clipsrv.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
.
**************************************************************************
.
Completion time: 2008-05-24 14:28:07 - machine was rebooted [Owner]
ComboFix-quarantined-files.txt 2008-05-24 19:28:02
ComboFix2.txt 2008-05-24 18:31:52
ComboFix3.txt 2008-05-24 18:23:55
ComboFix4.txt 2008-05-23 16:42:09
ComboFix5.txt 2008-05-23 16:25:58
Pre-Run: 12,270,891,008 bytes free
Post-Run: 12,197,220,352 bytes free
247 --- E O F --- 2008-05-14 08:03:32
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:30:03 PM, on 5/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\a-squared Free\a2service.exe
C:\WINDOWS\system32\clipsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 192.168.0.1
O2 - BHO: (no name) - {4D1277E3-AD9F-4677-A977-725C7E20602D} - C:\WINDOWS\system32\ddcDuUMc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=58813O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) -
http://www.musicnotes.com/download/mnviewer.cabO16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) -
http://h20270.www2.hp.com/ediags/gmn2/i ... ection.cabO16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) -
https://h20436.www2.hp.com/ediags/dex/s ... DEXAXO.cabO20 - Winlogon Notify: ddcDuUMc - C:\WINDOWS\SYSTEM32\ddcDuUMc.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
--
End of file - 3404 bytes