Hi KPaj,
I've installed the Combofix.exe and below is the logfile for both this and the HijackThis logfile.
Thanks
COMBOFIX LOGFILE:
06-08-30 20:54:10.79
ComboFix 06.08.30BT - Running from: C:\Documents and Settings\flamusmaximus\My Documents\My Received Files
((((((((((((((((((((((((((((((((((((((((((((( Look2Me's Log ))))))))))))))))))))))))))))))))))))))))))))))))))
REGISTRY ENTRIES REMOVED:
[HKEY_CLASSES_ROOT\CLSID\{F47D2795-9AF6-4B9E-B3E8-D1EB7297333B}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{F47D2795-9AF6-4B9E-B3E8-D1EB7297333B}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{F47D2795-9AF6-4B9E-B3E8-D1EB7297333B}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{F47D2795-9AF6-4B9E-B3E8-D1EB7297333B}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\CLSID\{9EF4A3F8-79BD-4337-811A-BD4FC4CDC76E}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{9EF4A3F8-79BD-4337-811A-BD4FC4CDC76E}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{9EF4A3F8-79BD-4337-811A-BD4FC4CDC76E}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{9EF4A3F8-79BD-4337-811A-BD4FC4CDC76E}\InprocServer32]
@="C:\\WINDOWS\\system32\\TKPI.DLL"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\CLSID\{F28D5668-F9E3-4098-AAF9-100AE3998DA3}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{F28D5668-F9E3-4098-AAF9-100AE3998DA3}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{F28D5668-F9E3-4098-AAF9-100AE3998DA3}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{F28D5668-F9E3-4098-AAF9-100AE3998DA3}\InprocServer32]
@="C:\\WINDOWS\\system32\\RpoMSCPS.dll"
"ThreadingModel"="Apartment"
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Granting sedebugprivilege to Administrators ... successful
((((((((((((((((((((((((((((((((((((((((((( E-Give / Ssk's Log )))))))))))))))))))))))))))))))))))))))))))))))))
C:\Documents and Settings\flamusmaximus\Application Data\Sskdmns.dll
* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\keyboard1.dat
C:\dfndrff_13.exe
C:\kybrdff_13.exe
C:\nwnmff_13.exe
C:\WINDOWS\system32\setup.exe.tmp
C:\Program Files\Deskbar
C:\Program Files\outlook
C:\Program Files\Common Files\{CCE44A8E-0A21-1033-0428-03062403002c}
C:\Program Files\Common Files\{CCE44A8E-0A22-1033-0428-03062403002c}
((((((((((((((((((((((((((((((( Files Created from 2006-07-30 to 2006-08-30 ))))))))))))))))))))))))))))))))))
2006-08-25 11:38 307,200 --a-s---- C:\WINDOWS\SYSTEM32\InterceptHelper.dll
2006-08-25 11:38 180,224 --a-s---- C:\WINDOWS\SYSTEM32\archlib.dll
2006-08-25 11:38 176,128 --a-s---- C:\WINDOWS\SYSTEM32\Interceptor.dll
2006-08-25 00:00 1,233 --a------ C:\WINDOWS\SYSTEM32\iwy80909.sys
2006-08-21 12:33 266,360 --a------ C:\WINDOWS\SYSTEM32\TweakUI.exe
2006-08-18 20:21 31,744 --a------ C:\WINDOWS\SYSTEM32\fxsroute.dll
2006-08-18 20:21 132,608 --a------ C:\WINDOWS\SYSTEM32\fxsclntR.dll
2006-08-18 20:21 111,104 --a------ C:\WINDOWS\SYSTEM32\fxscfgwz.dll
2006-08-18 20:21 11,264 --a------ C:\WINDOWS\SYSTEM32\fxssend.exe
2006-08-18 20:16 983,092 --a------ C:\WINDOWS\SYSTEM32\dlccgf.dll
2006-08-18 20:16 86,016 --a------ C:\WINDOWS\SYSTEM32\dlcccub.dll
2006-08-18 20:16 770,048 --a------ C:\WINDOWS\SYSTEM32\dlcchbn3.dll
2006-08-18 20:16 73,728 --a------ C:\WINDOWS\SYSTEM32\dlcccu.dll
2006-08-18 20:16 704,512 --a------ C:\WINDOWS\SYSTEM32\dlcccomc.dll
2006-08-18 20:16 65,536 --a------ C:\WINDOWS\SYSTEM32\dlcccfg.dll
2006-08-18 20:16 638,976 --a------ C:\WINDOWS\SYSTEM32\dlccpmui.dll
2006-08-18 20:16 491,520 --a------ C:\WINDOWS\SYSTEM32\dlcccoms.exe
2006-08-18 20:16 483,328 --a------ C:\WINDOWS\SYSTEM32\dlcclmpm.dll
2006-08-18 20:16 430,080 --a------ C:\WINDOWS\SYSTEM32\dlccutil.dll
2006-08-18 20:16 413,696 --a------ C:\WINDOWS\SYSTEM32\dlcccomm.dll
2006-08-18 20:16 372,736 --a------ C:\WINDOWS\SYSTEM32\dlccih.exe
2006-08-18 20:16 368,640 --a------ C:\WINDOWS\SYSTEM32\dlcccfg.exe
2006-08-18 20:16 36,864 --a------ C:\WINDOWS\SYSTEM32\dlcccur.dll
2006-08-18 20:16 176,128 --a------ C:\WINDOWS\SYSTEM32\dlccinsb.dll
2006-08-18 20:16 155,648 --a------ C:\WINDOWS\SYSTEM32\dlccprox.dll
2006-08-18 20:16 155,648 --a------ C:\WINDOWS\SYSTEM32\dlccins.dll
2006-08-18 20:16 131,072 --a------ C:\WINDOWS\SYSTEM32\dlccjswr.dll
2006-08-18 20:16 114,688 --a------ C:\WINDOWS\SYSTEM32\dlccpplc.dll
2006-08-18 20:16 106,496 --a------ C:\WINDOWS\SYSTEM32\dlccinsr.dll
2006-08-18 20:16 1,183,744 --a------ C:\WINDOWS\SYSTEM32\dlccserv.dll
2006-08-18 20:16 1,134,592 --a------ C:\WINDOWS\SYSTEM32\dlccusb1.dll
2006-08-16 15:44 73,728 --a------ C:\WINDOWS\SYSTEM32\FLKill.exe
2006-08-16 15:44 35,363 --a------ C:\WINDOWS\SYSTEM32\windrvNT.sys
2006-08-16 13:02 40,448 --a------ C:\WINDOWS\SYSTEM32\regobj.dll
2006-08-16 12:55 24,576 --a------ C:\WINDOWS\SYSTEM32\CoInst.dll
2006-08-16 12:55 12,288 --------- C:\WINDOWS\SYSTEM32\CplEng.dll
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-08-30 20:55 -------- d-------- C:\Program Files\Common Files
2006-08-30 20:47 -------- d-------- C:\Program Files\Mozilla Firefox
2006-08-28 16:24 -------- d-------- C:\Documents and Settings\flamusmaximus\Application Data\Sun
2006-08-28 11:32 -------- d-------- C:\Program Files\MSN Messenger
2006-08-27 18:43 -------- d-------- C:\Documents and Settings\flamusmaximus\Application Data\Real
2006-08-25 17:24 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-08-25 16:28 -------- d-------- C:\Program Files\HijackThis
2006-08-25 15:39 -------- d-------- C:\Program Files\Zone Labs
2006-08-25 15:28 -------- d-------- C:\Program Files\Java
2006-08-25 15:26 -------- d-------- C:\Program Files\Common Files\Java
2006-08-25 13:48 -------- d-------- C:\Program Files\Common Files\ookz
2006-08-25 13:48 -------- d-------- C:\Documents and Settings\flamusmaximus\Application Data\TrojanHunter
2006-08-25 13:26 -------- d-------- C:\Program Files\Dl_cats
2006-08-25 13:15 -------- d-------- C:\Program Files\TrojanHunter 4.5
2006-08-25 13:14 -------- d-------- C:\Documents and Settings\flamusmaximus\Application Data\Hole Comp Mode
2006-08-25 12:06 -------- d-------- C:\Documents and Settings\flamusmaximus\Application Data\Tenebril
2006-08-25 11:38 -------- d-------- C:\Program Files\SpyCatcher 2006
2006-08-25 00:26 -------- d-------- C:\Program Files\MSN Gaming Zone
2006-08-25 00:00 -------- d-------- C:\Program Files\Online Services
2006-08-24 14:28 -------- d-------- C:\Documents and Settings\flamusmaximus\Application Data\Secretmaker
2006-08-24 12:11 -------- d-------- C:\Program Files\Norton Internet Security
2006-08-24 12:11 -------- d-------- C:\Program Files\Folder Lock
2006-08-22 13:24 -------- d-------- C:\Documents and Settings\flamusmaximus\Application Data\AdobeUM
2006-08-21 14:47 -------- d-------- C:\Program Files\YourWare Solutions
2006-08-21 14:40 -------- d-------- C:\Program Files\WinEnhance
2006-08-21 11:46 -------- d-------- C:\Program Files\BT Broadband Basic Help
2006-08-21 10:30 -------- d-------- C:\Program Files\Jasc Software Inc
2006-08-21 09:44 -------- d-------- C:\Documents and Settings\flamusmaximus\Application Data\XTND_BTUIObjects
2006-08-21 08:42 -------- d---s---- C:\Documents and Settings\flamusmaximus\Application Data\Microsoft
2006-08-21 08:40 -------- d-------- C:\Program Files\Windows Media Player
2006-08-21 08:39 -------- d-------- C:\Program Files\Sports Interactive
2006-08-21 08:39 -------- d-------- C:\Program Files\Sony Ericsson
2006-08-21 08:39 -------- d-------- C:\Program Files\SECRETMAKER
2006-08-21 08:39 -------- d-------- C:\Program Files\Napster
2006-08-21 08:39 -------- d-------- C:\Program Files\Modem Helper
2006-08-21 08:39 -------- d-------- C:\Program Files\DivX
2006-08-21 08:38 -------- d-------- C:\Documents and Settings\flamusmaximus\Application Data\My Battle for Middle-earth Files
2006-08-21 08:38 -------- d-------- C:\Documents and Settings\flamusmaximus\Application Data\Creative
2006-08-21 08:38 -------- d-------- C:\Documents and Settings\flamusmaximus\Application Data\Adobe
2006-08-21 08:33 -------- d-------- C:\Program Files\CCleaner
2006-08-21 08:20 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-08-21 08:12 -------- d-------- C:\Program Files\MessengerPlus! 3
2006-08-21 08:03 -------- d-------- C:\Program Files\FreeMind
2006-08-21 07:37 -------- d-------- C:\Program Files\Lavasoft
2006-08-21 07:37 -------- d-------- C:\Documents and Settings\flamusmaximus\Application Data\Lavasoft
2006-08-21 07:15 -------- d-------- C:\Documents and Settings\flamusmaximus\Application Data\MSN6
2006-08-21 07:14 -------- d-------- C:\Program Files\EA GAMES
2006-08-21 07:07 -------- d-------- C:\Documents and Settings\flamusmaximus\Application Data\Talkback
2006-08-21 07:07 -------- d-------- C:\Documents and Settings\flamusmaximus\Application Data\Mozilla
2006-08-20 20:52 -------- d-------- C:\Program Files\BT Voyager 105 ADSL Modem
2006-08-19 08:12 -------- d-------- C:\Program Files\Dell Photo AIO Printer 924
2006-08-18 20:52 -------- d-------- C:\Program Files\Abbyy FineReader 6.0 Sprint
2006-08-18 20:24 -------- d-------- C:\Program Files\Common Files\Jasc Software Inc
2006-08-16 21:03 -------- d-------- C:\Program Files\Internet Explorer
2006-08-16 12:59 -------- d-------- C:\Program Files\Motive
2006-08-16 12:59 -------- d-------- C:\Program Files\Common Files\Motive
2006-07-29 19:32 48936 --a------ C:\WINDOWS\SYSTEM32\sirenacm.dll
2006-07-27 14:24 679424 --a------ C:\WINDOWS\SYSTEM32\inetcomm.dll
2006-07-21 09:24 72704 --a------ C:\WINDOWS\SYSTEM32\hlink.dll
2006-07-13 08:26 -------- d-------- C:\Program Files\jfuse
2006-07-13 08:20 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-07-12 09:11 98304 --a------ C:\WINDOWS\SYSTEM32\CmdLineExt.dll
2006-06-07 18:55 3753 --a------ C:\Program Files\Common Files\kyje.html
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCMSMMSG"="BCMSMMSG.exe"
"DVDSentry"="C:\\WINDOWS\\System32\\DSentry.exe"
"CTSysVol"="C:\\Program Files\\Creative\\SBAudigy2\\Surround Mixer\\CTSysVol.exe"
"CTDVDDet"="C:\\Program Files\\Creative\\SBAudigy2\\DVDAudio\\CTDVDDet.EXE"
"CTHelper"="CTHELPER.EXE"
"AsioReg"="REGSVR32.EXE /S CTASIO.DLL"
"UpdReg"="C:\\WINDOWS\\UpdReg.EXE"
"AdaptecDirectCD"="\"C:\\Program Files\\Roxio\\Easy CD Creator 5\\DirectCD\\DirectCD.exe\""
"LVCOMS"="C:\\Program Files\\Common Files\\Logitech\\QCDriver\\LVCOMS.EXE"
"iTunesHelper"="C:\\Program Files\\iTunes\\iTunesHelper.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"upload joy enc ante"="C:\\Documents and Settings\\All Users\\Application Data\\knoberroruploadjoy\\Uploadfast.exe"
"RemHelp"="remhelp.exe"
"ISUSPM Startup"="C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"ymetray"="\"C:\\Program Files\\Yahoo!\\Yahoo! Music Engine\\ymetray.exe\""
"BTUSRBDG"="BtUsrBdg.exe"
"BTSETBOOTKEY"="BTSetBootKey.exe"
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"DSLSTATEXE"="C:\\Program Files\\BT Voyager 105 ADSL Modem\\dslstat.exe icon"
"DSLAGENTEXE"="C:\\Program Files\\BT Voyager 105 ADSL Modem\\dslagent.exe"
"DLCCCATS"="rundll32 C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\DLCCtime.dll,_RunDLLEntry@16"
"dlccmon.exe"="\"C:\\Program Files\\Dell Photo AIO Printer 924\\dlccmon.exe\""
"seekbagsoncemix"="C:\\Documents and Settings\\All Users\\Application Data\\AXIS EXIT SEEK BAGS\\SOFTANTE.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"CoolSwitch"="C:\\WINDOWS\\system32\\taskswitch.exe"
"SpyCatcher Reminder"="\"C:\\Program Files\\SpyCatcher 2006\\SpyCatcher.exe\" reminder"
"THGuard"="\"C:\\Program Files\\TrojanHunter 4.5\\THGuard.exe\""
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_08\\bin\\jusched.exe\""
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Update Config"="winsl.exe"
"SB Audigy 2 Startup Menu"=" /L:ENG"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"MessengerPlus3"="\"C:\\Program Files\\Messenger Plus! 3\\MsgPlus.exe\" /WinStart"
"teamsave"="C:\\DOCUME~1\\FLAMUS~1\\APPLIC~1\\HOLECO~1\\1 Free.exe"
"Yahoo! Pager"="\"C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe\" -quiet"
"RealPlayer"="\"C:\\Program Files\\Real\\RealPlayer\\realplay.exe\" /RunUPGToolCommandReBoot"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=hex:91,00,00,00
"SpecifyDefaultButtons"=dword:00000000
"Btn_Search"=dword:00000000
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="C:\\Program Files\\Common Files\\kyje.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,e8,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=dword:40000001
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="C:\\Program Files\\Online Services\\hogyba.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,ea,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=dword:40000001
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\2]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,00,03,00,00,ec,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=dword:40000004
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"Microsoft Update Config"="winsl.exe"
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"Microsoft Update Config"="winsl.exe"
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AA23C51C91DC7EC8.job
C:\WINDOWS\tasks\Symantec NetDetect.job
Completion time: 30/08/2006 21:00:05.65
ComboFix.txt
----------------------------
HIJACKTHIS LOGFILE
Logfile of HijackThis v1.99.1
Scan saved at 21:01:57, on 30/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\RioMSC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe
C:\WINDOWS\system32\BtUsrBdg.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\TrojanHunter 4.5\THGuard.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Extended Systems\XTNDConnect Blue Manager\XTNDConnect Blue Manager\XCBluMgr.exe
C:\PROGRA~1\EXTEND~1\XTNDCO~1\XTNDCO~1\SUSHIM~1.EXE
C:\Program Files\Extended Systems\XTNDConnect Blue Manager\btprot.exe
C:\PROGRA~1\EXTEND~1\XTNDCO~1\XTNDCO~1\BTUI_M~1.EXE
C:\Program Files\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.euro.dell.com/countries/uk/e ... efault.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.guardian.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://red.clientapps.yahoo.com/customi ... .yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.guardian.c.uk
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://red.clientapps.yahoo.com/customi ... .yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://www.btbroadbandstart.com/
F2 - REG:system.ini: UserInit=userinit.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [upload joy enc ante] C:\Documents and Settings\All Users\Application Data\knoberroruploadjoy\Uploadfast.exe
O4 - HKLM\..\Run: [RemHelp] remhelp.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ymetray] "C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe"
O4 - HKLM\..\Run: [BTUSRBDG] BtUsrBdg.exe
O4 - HKLM\..\Run: [BTSETBOOTKEY] BTSetBootKey.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"
O4 - HKLM\..\Run: [seekbagsoncemix] C:\Documents and Settings\All Users\Application Data\AXIS EXIT SEEK BAGS\SOFTANTE.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [SpyCatcher Reminder] "C:\Program Files\SpyCatcher 2006\SpyCatcher.exe" reminder
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.5\THGuard.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [Microsoft Update Config] winsl.exe
O4 - HKCU\..\Run: [SB Audigy 2 Startup Menu] /L:ENG
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [teamsave] C:\DOCUME~1\FLAMUS~1\APPLIC~1\HOLECO~1\1 Free.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - Startup: Scheduler.lnk = C:\Program Files\SpyCatcher 2006\Scheduler daemon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: SpyCatcher Protector.lnk = C:\Program Files\SpyCatcher 2006\Protector.exe
O4 - Global Startup: Startup.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\npjpi150_08.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\npjpi150_08.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Pool 2 -
http://download.games.yahoo.com/games/c ... potd_x.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} -
http://software-dl.real.com/123b357caed ... xIE601.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} -
http://us.dl1.yimg.com/download.yahoo.c ... mplete.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: Interceptor.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: dlcc_device - Unknown owner - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe