Hi Loophole. Thanks for your help! Just after running the ComboFix file and saving the log I got a TrendMicro warning of a new nasty it calls Troj VB.BDQ and I sent it to quarantine. Also I forgot to mention in my initial post that I can not turn on the XP firewall or any of the XP Security Suite items as at the top of the Security Suite control window it says these functions are controlled by "group policy" and the buttons are grayed out. I'm guessing one of these nasties has buggered it up. I'm going to be out of town on Friday until late in the afternoon or early evening. I won't be ignoring you, I'll be at the hospital having some tests done.
======================================
Here's the original HJT log with wrapping off (Sorry about that!):
Logfile of HijackThis v1.99.1
Scan saved at 10:39:57 PM, on 8/30/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\svsnet.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\WINDOWS\system32\dior4f4gyodtjy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Jacob Vasser\Desktop\Downloads\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://red.clientapp...//www.yahoo.comR3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: Search Using Copernic Agent - C:\Program Files\Copernic Agent\Web\SearchExt.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} -
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} -
O16 - DPF: {1EB17D1C-141D-4D9D-91CB-24D99215851D} -
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} -
O16 - DPF: {7EB15626-CB8E-4174-8A72-C055B12B4310} -
http://smartdownload...m/installer.dllO16 - DPF: {8522F9B3-0000-0000-0000-000000000000} -
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} -
O16 - DPF: {FA13A9FA-CA9B-11D2-9780-00104B242EA3} -
O20 - Winlogon Notify: SMDEn - C:\WINDOWS\
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Print Spooler Service (SpoolSvc220) - Unknown owner - C:\WINDOWS\system32\dior4f4gyodtjy.exe
O23 - Service: Secondary .NET Framework (SVSNET) - Unknown owner - C:\WINDOWS\system32\svsnet.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
===============================
Here's the ComboFix log from about 1 hour ago:
Jacob Vasser - 06-08-31 9:55:23.56
ComboFix 06.08.30BT - Running from: C:\Documents and Settings\Jacob Vasser\Desktop\Downloads
((((((((((((((((((((((((((((((((((((((((((((( Look2Me's Log ))))))))))))))))))))))))))))))))))))))))))))))))))
REGISTRY ENTRIES REMOVED:
[HKEY_CLASSES_ROOT\CLSID\{E096E14C-3901-490A-B5D0-485FBD9A987A}]
@=""
"IDEx"="ADDR"
[HKEY_CLASSES_ROOT\CLSID\{E096E14C-3901-490A-B5D0-485FBD9A987A}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{E096E14C-3901-490A-B5D0-485FBD9A987A}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{E096E14C-3901-490A-B5D0-485FBD9A987A}\InprocServer32]
@="C:\\WINDOWS\\system32\\uweg.dll"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\CLSID\{E384B31D-D57B-4FFC-85D9-73172A511EA1}]
@=""
"IDEx"="ADDR"
[HKEY_CLASSES_ROOT\CLSID\{E384B31D-D57B-4FFC-85D9-73172A511EA1}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{E384B31D-D57B-4FFC-85D9-73172A511EA1}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{E384B31D-D57B-4FFC-85D9-73172A511EA1}\InprocServer32]
@="C:\\WINDOWS\\system32\\aimeter.dll"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\CLSID\{2130F7AF-90A0-405F-9111-428C8D76930F}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{2130F7AF-90A0-405F-9111-428C8D76930F}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{2130F7AF-90A0-405F-9111-428C8D76930F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{2130F7AF-90A0-405F-9111-428C8D76930F}\InprocServer32]
@="C:\\WINDOWS\\system32\\oKkley.dll"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\CLSID\{D7FF4DE9-422D-4EB6-A3E2-22576F9AF486}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{D7FF4DE9-422D-4EB6-A3E2-22576F9AF486}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{D7FF4DE9-422D-4EB6-A3E2-22576F9AF486}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{D7FF4DE9-422D-4EB6-A3E2-22576F9AF486}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\CLSID\{CE918CB7-AAD2-4C90-901D-6F4FCC8DF998}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{CE918CB7-AAD2-4C90-901D-6F4FCC8DF998}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{CE918CB7-AAD2-4C90-901D-6F4FCC8DF998}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{CE918CB7-AAD2-4C90-901D-6F4FCC8DF998}\InprocServer32]
@="C:\\WINDOWS\\system32\\oabc32.dll"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\CLSID\{A064DAA1-C2A3-403F-BC79-9731BF4E83A8}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{A064DAA1-C2A3-403F-BC79-9731BF4E83A8}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{A064DAA1-C2A3-403F-BC79-9731BF4E83A8}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{A064DAA1-C2A3-403F-BC79-9731BF4E83A8}\InprocServer32]
@="C:\\WINDOWS\\system32\\tBpi.dll"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\CLSID\{9D853E4E-8EFB-4A7D-8052-AE06D4CA9CA1}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{9D853E4E-8EFB-4A7D-8052-AE06D4CA9CA1}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{9D853E4E-8EFB-4A7D-8052-AE06D4CA9CA1}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{9D853E4E-8EFB-4A7D-8052-AE06D4CA9CA1}\InprocServer32]
@="C:\\WINDOWS\\system32\\wgnhttp.dll"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\CLSID\{309E44BC-EAA4-4B6F-AAF8-E6065ADF2776}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{309E44BC-EAA4-4B6F-AAF8-E6065ADF2776}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{309E44BC-EAA4-4B6F-AAF8-E6065ADF2776}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{309E44BC-EAA4-4B6F-AAF8-E6065ADF2776}\InprocServer32]
@="C:\\WINDOWS\\system32\\mahtmled.dll"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\CLSID\{A21E7FF0-E4A4-43AF-8A3F-8172515FD917}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{A21E7FF0-E4A4-43AF-8A3F-8172515FD917}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{A21E7FF0-E4A4-43AF-8A3F-8172515FD917}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{A21E7FF0-E4A4-43AF-8A3F-8172515FD917}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\CLSID\{36DED134-700B-45D7-A86A-4C11FE8986F4}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{36DED134-700B-45D7-A86A-4C11FE8986F4}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{36DED134-700B-45D7-A86A-4C11FE8986F4}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{36DED134-700B-45D7-A86A-4C11FE8986F4}\InprocServer32]
@="C:\\WINDOWS\\system32\\rychost.dll"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\CLSID\{A6D8D545-0653-470A-B157-F6B6220BC0B4}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{A6D8D545-0653-470A-B157-F6B6220BC0B4}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{A6D8D545-0653-470A-B157-F6B6220BC0B4}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{A6D8D545-0653-470A-B157-F6B6220BC0B4}\InprocServer32]
@="C:\\WINDOWS\\system32\\lRprxy.dll"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\CLSID\{F1F3386D-CF12-4F6E-B330-B0B01F09FF0C}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{F1F3386D-CF12-4F6E-B330-B0B01F09FF0C}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{F1F3386D-CF12-4F6E-B330-B0B01F09FF0C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{F1F3386D-CF12-4F6E-B330-B0B01F09FF0C}\InprocServer32]
@="C:\\WINDOWS\\system32\\kwdbu.dll"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\CLSID\{CBA42506-7860-4EEE-B9F0-E092CD88EEA1}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{CBA42506-7860-4EEE-B9F0-E092CD88EEA1}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{CBA42506-7860-4EEE-B9F0-E092CD88EEA1}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{CBA42506-7860-4EEE-B9F0-E092CD88EEA1}\InprocServer32]
@="C:\\WINDOWS\\system32\\mhhcp.dll"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\CLSID\{00A31DD8-0398-4A1E-9B7A-24A3321F5309}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{00A31DD8-0398-4A1E-9B7A-24A3321F5309}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{00A31DD8-0398-4A1E-9B7A-24A3321F5309}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{00A31DD8-0398-4A1E-9B7A-24A3321F5309}\InprocServer32]
@="C:\\WINDOWS\\system32\\cyrpol.dll"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\CLSID\{1CC7EA0C-26AB-4FF3-9382-66E5CBE8FD27}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{1CC7EA0C-26AB-4FF3-9382-66E5CBE8FD27}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{1CC7EA0C-26AB-4FF3-9382-66E5CBE8FD27}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{1CC7EA0C-26AB-4FF3-9382-66E5CBE8FD27}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\CLSID\{58B3809F-0CC4-4306-84E4-7DB7C8D5222C}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{58B3809F-0CC4-4306-84E4-7DB7C8D5222C}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{58B3809F-0CC4-4306-84E4-7DB7C8D5222C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{58B3809F-0CC4-4306-84E4-7DB7C8D5222C}\InprocServer32]
@="C:\\WINDOWS\\system32\\xLctsrv.dll"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\CLSID\{9893FBC4-9891-4ACE-807B-6AE64C08CC6C}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{9893FBC4-9891-4ACE-807B-6AE64C08CC6C}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{9893FBC4-9891-4ACE-807B-6AE64C08CC6C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
FILES REMOVED:
C:\WINDOWS\system32\djdmoprp.dll
C:\WINDOWS\system32\p8n8li5u18.dll
Granting sedebugprivilege to Administrators ... successful
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\keyboard1.dat
C:\kybrdff_11a.exe
C:\deskbar.exe
C:\Program Files\Deskbar
C:\Program Files\Common Files\{2C968400-07CA-1033-1114-011005010001}
((((((((((((((((((((((((((((((( Files Created from 2006-07-31 to 2006-08-31 ))))))))))))))))))))))))))))))))))
2006-08-31 09:48 88,064 --a------ C:\WINDOWS\system32\mlsdf8hgyndsiyoeu.exe
2006-08-30 21:48 88,064 --a------ C:\WINDOWS\system32\dior4f4gyodtjy.exe
2006-08-30 21:48 144,300 --a------ C:\ccpt.com
2006-08-30 18:27 171,008 --a------ C:\WINDOWS\system32\LXAESUI.DLL
2006-08-19 17:18 214,752 --a------ C:\Setup100.exe
2006-08-19 17:16 286 --a------ C:\WINDOWS\autoupdate.bat
2006-08-19 17:16 138,862 --a------ C:\WINDOWS\aupdate32.exe
2006-08-19 17:15 232,277 --a------ C:\windr32.exe
2006-08-19 14:03 2,292 --a------ C:\regfile.pif
2006-08-18 21:50 48,128 -r-hs---- C:\WINDOWS\system32\svsnet.exe
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-08-31 10:00 -------- d-------- C:\Program Files\Common Files
2006-08-31 09:49 -------- d-------- C:\Program Files\Mozilla Firefox
2006-08-28 14:52 -------- d-------- C:\Program Files\ewido anti-spyware 4.0
2006-08-26 17:16 -------- d-------- C:\Program Files\QuickTime
2006-08-26 17:16 -------- d-------- C:\Program Files\InstallShield Installation Information
2006-08-21 15:45 -------- d-------- C:\Program Files\LimeWire
2006-08-19 20:15 -------- d-------- C:\Program Files\Windows NT
2006-08-19 17:50 -------- d-------- C:\Program Files\Project64 1.6
2006-08-18 22:02 -------- d-------- C:\Program Files\Common Files\Adobe
2006-08-16 17:20 31248 --a------ C:\WINDOWS\system32\drivers\tmpreflt.sys
2006-08-16 17:20 197648 --a------ C:\WINDOWS\system32\drivers\tmxpflt.sys
2006-08-16 16:51 1051456 --a------ C:\WINDOWS\system32\drivers\VsapiNT.sys
2006-08-14 18:02 -------- d-------- C:\Program Files\Internet Explorer
2006-08-08 19:50 -------- d-------- C:\Program Files\iTunes
2006-07-27 09:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-21 04:24 72704 --a------ C:\WINDOWS\system32\hlink.dll
2006-06-10 13:51 59296 --a--c--- C:\Documents and Settings\Jacob Vasser\Application Data\GDIPFONTCACHEV1.DAT
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!ewido"="\"C:\\Program Files\\ewido anti-spyware 4.0\\ewido.exe\" /minimized"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"AIM"="C:\\Program Files\\AIM\\aim.exe -cnetwait.odl"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=hex:91,00,00,00
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,3a,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,12,03,00,00,23,00,00,00,dc,00,00,00,d2,00,\
00,00,01,00,00,00
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NVMCTRAY.DLL,NvTaskbarInit"
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]
"{2C968400-07CA-1033-1114-011005010001}"="\"C:\\Program Files\\Common Files\\{2C968400-07CA-1033-1114-011005010001}\\Update.exe\" mc-110-12-0000488"
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NVMCTRAY.DLL,NvTaskbarInit"
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]
"{2C968400-07CA-1033-1114-011005010001}"="\"C:\\Program Files\\Common Files\\{2C968400-07CA-1033-1114-011005010001}\\Update.exe\" mc-110-12-0000488"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\Time
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Symantec NetDetect.job
Completion time: Thu 08/31/2006 10:01:48.92
ComboFix.txt
====================================
HERE'S THE NEW HJT LOG from about 10 minutes ago:
Logfile of HijackThis v1.99.1
Scan saved at 10:47:22 AM, on 8/31/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\svsnet.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Jacob Vasser\Desktop\Downloads\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://red.clientapp...//www.yahoo.comR3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: Search Using Copernic Agent - C:\Program Files\Copernic Agent\Web\SearchExt.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} -
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} -
O16 - DPF: {1EB17D1C-141D-4D9D-91CB-24D99215851D} -
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} -
O16 - DPF: {7EB15626-CB8E-4174-8A72-C055B12B4310} -
http://smartdownload...m/installer.dllO16 - DPF: {8522F9B3-0000-0000-0000-000000000000} -
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} -
O16 - DPF: {FA13A9FA-CA9B-11D2-9780-00104B242EA3} -
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Print Spooler Service (SpoolSvc220) - Unknown owner - C:\WINDOWS\system32\dior4f4izpeu.exe
O23 - Service: Secondary .NET Framework (SVSNET) - Unknown owner - C:\WINDOWS\system32\svsnet.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
================================
Thanks in advance for any help!
Regards,
Dave