Options
help with trojan.dialer.premium
hello guys hope some one can help me been trying to remove this dialer. what i have done to remove it is down loaded sysdump,Atf-cleaner,killbox,cleanup,combofix ,also downloaed hijackthis. I will post the logs from hijackthis and combofix. I tryed to run everything in safe mode as well. here is the hijackthis log:
Logfile of HijackThis v1.99.1
Scan saved at 10:35:08, on 06/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\BullGuard Software\BullGuard\BullGuardUpdate.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Eraser\eraser.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\StkSrv2K.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
F2 - REG:system.ini: Shell=explorer.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5556EFF5-CF91-ED9D-CA2D-09562C546C18} - C:\WINDOWS\system32\yefjsd.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\Spyware Doctor\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\Spyware Doctor\tools\iesdpb.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [BGNewsAgent] "C:\Program Files\BullGuard Software\BullGuard\BgNewsUI.exe"
O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe -hide
O4 - HKCU\..\Run: [BullGuard] "C:\Program Files\BullGuard Software\BullGuard\bullguard.exe"
O4 - HKCU\..\Run: ["C:\Program Files\Common Files\{B08CD799-0AE9-2057-0525-05102005002c}\Update.exe" /startup] "C:\Program Files\Common Files\{B08CD799-0AE9-2057-0525-05102005002c}\Update.exe" /startup
O4 - HKCU\..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\Load.exe
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\Spyware Doctor\tools\iesdpb.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\cavemlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cavemlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cavemlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cavemlsp.dll
O16 - DPF: wcloader_cab - http://download.paltalk.com/wcloader/wcloader.cab
O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} (MALPlaybackCtrl Class) - http://musicstore.connect.com/XSL/mb_us/html/activexplayer/SMALStreaming.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1153442500828
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1153442493859
O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://support.f-secure.com/ols/fscax.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - (no file)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - (no file)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winzzc32 - C:\WINDOWS\SYSTEM32\winzzc32.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BullGuard LiveUpdate (BGLiveSvc) - BullGuard Software - C:\Program Files\BullGuard Software\BullGuard\BullGuardUpdate.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Syntek DC-112X Service (StkSSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkSrv2K.exe
here is the combofix log:
Administrator - 06-10-06 10:24:07.73 Service Pack 2
ComboFix 06.09.28 - Running from: "C:\Documents and Settings\Administrator\Desktop"
((((((((((((((((((((((((((((((( Files Created from 2006-09-06 to 2006-10-06 ))))))))))))))))))))))))))))))))))
2006-10-05 22:53 24,576 --a
C:\WINDOWS\system32\StkSrv2k.exe
2006-10-05 22:49 94,132 --a
C:\WINDOWS\system32\drivers\usbVM31b.sys
2006-10-05 22:49 61,440 --a
C:\WINDOWS\system32\VM31bSTI.dll
2006-10-05 22:49 53,248 --a
C:\WINDOWS\StillCap.exe
2006-10-05 22:49 49,152 --a
C:\WINDOWS\amcap.exe
2006-10-05 22:49 45,056 --a
C:\WINDOWS\system32\camprp.dll
2006-10-05 22:49 40,960 --a
C:\WINDOWS\Vm_sti.exe
2006-10-05 22:49 307,200 --a
C:\WINDOWS\vidcap32.Exe
2006-10-05 22:49 147,456 --a
C:\WINDOWS\VMCap.exe
2006-10-05 22:49 111,304 --a
C:\WINDOWS\system32\drivers\usbcam.sys
2006-10-05 21:19 0 ---hs---- C:\WINDOWS\system32\gebbyvu.dll
2006-10-05 15:49 51,072 --a
C:\WINDOWS\system32\drivers\ikhlayer.sys
2006-10-05 15:49 30,592 --a
C:\WINDOWS\system32\drivers\ikhfile.sys
2006-10-05 15:12 28,966 --a
C:\Undo DAMIAN-B0A476A7 20061005 151257.Reg
2006-10-05 13:46 93,696 --a
C:\WINDOWS\system32\yfaijnf.dll
2006-10-05 13:46 72,704 --a
C:\WINDOWS\system32\yefjsd.dll
2006-10-05 13:46 18,432 --a
C:\WINDOWS\system32\winzzc32.dll
2006-10-05 09:24 55,888 --a
C:\WINDOWS\system32\drivers\Teefer.sys
2006-10-05 09:24 18,515 --a
C:\WINDOWS\system32\drivers\wpsdrvnt.sys
2006-10-05 09:24 11,914 --a
C:\WINDOWS\system32\drivers\wg3n.sys
2006-10-04 23:41 29,306 --a
C:\Undo DAMIAN-B0A476A7 20061004 234115.Reg
2006-10-03 23:45 72,466 --a
C:\Undo DAMIAN-B0A476A7 20061003 234534.Reg
2006-10-03 18:15 952 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2006-10-03 18:03 610,304 --a
C:\WINDOWS\system32\eraser.dll
2006-10-03 18:03 282,624 --a
C:\WINDOWS\system32\erasext.dll
2006-10-03 18:03 233,472 --a
C:\WINDOWS\system32\eraserl.exe
2006-10-02 07:12 73,728 --a
C:\WINDOWS\system32\CavEmLSP.dll
2006-10-02 07:11 55,424 --a
C:\WINDOWS\system32\drivers\cavasm.sys
2006-10-02 02:07 77,824 --a
C:\WINDOWS\system32\LLClientMiddleWare3.dll
2006-10-02 02:07 40,960 --a
C:\WINDOWS\system32\coreEncryptDecrypt.dll
2006-10-02 02:07 40,448 --a
C:\WINDOWS\system32\regobj.dll
2006-10-02 02:07 36,864 --a
C:\WINDOWS\system32\LLInstances3.dll
2006-10-02 02:07 32,768 --a
C:\WINDOWS\system32\XLLDFRequest3.dll
2006-10-02 02:07 32,768 --a
C:\WINDOWS\system32\LLClasses3.dll
2006-10-02 02:07 28,672 --a
C:\WINDOWS\system32\setupEncryptDecrypt.dll
2006-10-02 02:07 24,576 --a
C:\WINDOWS\system32\GUID.dll
2006-10-02 02:07 151,552 --a
C:\WINDOWS\system32\LLHttpsUpload2.dll
2006-10-01 15:05 499,712 --a
C:\WINDOWS\system32\msvcp71.dll
2006-10-01 02:30 69,668 --a
C:\Undo DAMIAN-B0A476A7 20061001 023041.Reg
2006-09-27 22:20 69,632 --a
C:\WINDOWS\system32\lfgif13n.dll
2006-09-27 22:20 57,344 --a
C:\WINDOWS\system32\lfbmp13n.dll
2006-09-27 22:20 462,848 --a
C:\WINDOWS\system32\ltkrn13n.dll
2006-09-27 22:20 450,560 --a
C:\WINDOWS\system32\ltimg13n.dll
2006-09-27 22:20 401,408 --a
C:\WINDOWS\system32\lfcmp13n.dll
2006-09-27 22:20 299,008 --a
C:\WINDOWS\system32\ltdis13n.dll
2006-09-27 22:20 206,336 --a
C:\WINDOWS\system32\ltefx13n.dll
2006-09-27 22:20 163,840 --a
C:\WINDOWS\system32\ltfil13n.dll
2006-09-25 00:48 413,760 --a
C:\WINDOWS\system32\MPG4c32.dll
2006-09-25 00:48 1,700,352 --a
C:\WINDOWS\system32\gdiplus.dll
2006-09-24 19:23 302,592 --a
C:\WINDOWS\mauninst.exe
2006-09-24 18:43 200,704 C:\WINDOWS\system32Serif MediaPlus.scr
2006-09-24 18:31 63,488 --a
C:\WINDOWS\system32\unam4ie.exe
2006-09-24 18:31 4,608 --a
C:\WINDOWS\system32\w95inf32.dll
2006-09-24 18:31 38,160 --a
C:\WINDOWS\system32\LMRTREND.dll
2006-09-24 18:31 21,008
C:\WINDOWS\system32\CTL3D.DLL
2006-09-24 18:31 2,272 --a
C:\WINDOWS\system32\w95inf16.dll
2006-09-24 18:31 194,320 --a
C:\WINDOWS\system32\qcut.dll
2006-09-24 18:31 182,032 --a
C:\WINDOWS\system32\dxtmsft3.dll
2006-09-24 18:31 10,240 --a
C:\WINDOWS\system32\vidx16.dll
2006-09-23 00:55 87,040 --a
C:\WINDOWS\system32\wiafbdrv.dll
2006-09-23 00:55 32,768 --a
C:\WINDOWS\system32\hpgtmcro.dll
2006-09-23 00:55 15,104 --a
C:\WINDOWS\system32\drivers\usbscan.sys
2006-09-23 00:55 126,976 --a
C:\WINDOWS\system32\hpgt34tk.dll
2006-09-23 00:55 101,376 --a
C:\WINDOWS\system32\hpgt34.dll
2006-09-20 01:20 423,784 --a
C:\WINDOWS\system32\XceedBkp.dll
2006-09-17 22:55 92,160 --a
C:\WINDOWS\system32\evntwin.exe
2006-09-17 22:55 8,704 --a
C:\WINDOWS\system32\snmptrap.exe
2006-09-17 22:55 6,144 --a
C:\WINDOWS\system32\snmpmib.dll
2006-09-17 22:55 39,936 --a
C:\WINDOWS\system32\hostmib.dll
2006-09-17 22:55 33,792 --a
C:\WINDOWS\system32\lmmib2.dll
2006-09-17 22:55 32,768 --a
C:\WINDOWS\system32\snmp.exe
2006-09-17 22:55 24,064 --a
C:\WINDOWS\system32\evntcmd.exe
2006-09-17 22:55 22,528 --a
C:\WINDOWS\system32\lpdsvc.dll
2006-09-17 22:55 18,944 --a
C:\WINDOWS\system32\lprmon.dll
2006-09-17 22:55 101,888 --a
C:\WINDOWS\system32\evntagnt.dll
2006-09-15 14:46 47,360 --a
C:\WINDOWS\system32\drivers\pcouffin.sys
2006-09-14 10:34 48,424 --a
C:\WINDOWS\system32\sirenacm.dll
2006-09-12 17:28 856,064 --a
C:\WINDOWS\system32\xvidcore.dll
2006-09-12 17:28 77,824 --a
C:\WINDOWS\system32\mplaw7.dll
2006-09-12 17:28 77,824 --a
C:\WINDOWS\system32\mplaa6.dll
2006-09-12 17:28 65,536 --a
C:\WINDOWS\system32\mplapx.dll
2006-09-12 17:28 65,536 --a
C:\WINDOWS\system32\mplam6.dll
2006-09-12 17:28 630,784 --a
C:\WINDOWS\system32\vp7vfw.dll
2006-09-12 17:28 594,450 --a
C:\WINDOWS\system32\x264vfw.dll
2006-09-12 17:28 438,272 --a
C:\WINDOWS\system32\vp6vfw.dll
2006-09-12 17:28 39,936 --a
C:\WINDOWS\system32\huffyuv.dll
2006-09-12 17:28 217,088 --a
C:\WINDOWS\system32\yv12vfw.dll
2006-09-12 17:28 217,088 --a
C:\WINDOWS\system32\xvidvfw.dll
2006-09-12 17:28 217,088 --a
C:\WINDOWS\system32\i420vfw.dll
2006-09-12 17:28 200,704 --a
C:\WINDOWS\system32\ssldivx.dll
2006-09-12 17:28 144,384 --a
C:\WINDOWS\system32\Iacenc.dll
2006-09-12 17:28 1,415,680 --a
C:\WINDOWS\system32\WMV9VCM.dll
2006-09-12 17:27 90,112 --a
C:\WINDOWS\system32\dpl100.dll
2006-09-12 17:27 620,180 --a
C:\WINDOWS\system32\divx.dll
2006-09-12 17:27 348,160 --a
C:\WINDOWS\system32\msvcr71.dll
2006-09-12 17:27 3,596,288 --a
C:\WINDOWS\system32\qt-dx331.dll
2006-09-12 17:27 200,704 --a
C:\WINDOWS\system32\dtu100.dll
2006-09-12 17:27 19,968 --a
C:\WINDOWS\system32\cpuinf32.dll
2006-09-12 17:27 1,044,480 --a
C:\WINDOWS\system32\libdivx.dll
2006-09-10 15:07 98,304 --a
C:\WINDOWS\system32\asrupdate.exe
2006-09-06 22:25 104,221 C:\WINDOWSRapishare Free Account Check Uninstaller.exe
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-10-06 08:53
d
C:\Documents and Settings\Administrator\Application Data\Ahead
2006-10-06 08:52
d
C:\Program Files\Common Files\Ahead
2006-10-06 08:33
d
C:\Program Files\Eraser
2006-10-05 22:54
d
C:\Program Files\videoview
2006-10-05 22:49
d--h
C:\Program Files\InstallShield Installation Information
2006-10-05 22:49
d
C:\Program Files\ZSMC
2006-10-05 22:49
d
C:\Program Files\Vimicro
2006-10-05 21:54
d
C:\Program Files\Common Files
2006-10-05 21:31
d
C:\Documents and Settings\Administrator\Application Data\BullGuard
2006-10-05 19:12
d
C:\Program Files\Advanced Spyware Remover
2006-10-05 19:07
d
C:\Program Files\Spyware Doctor
2006-10-05 18:13
d
C:\Program Files\RegToy
2006-10-05 15:21
d
C:\Documents and Settings\Administrator\Application Data\PC Tools
2006-10-05 15:18
d
C:\Program Files\Google
2006-10-05 09:26 14416 --a
C:\WINDOWS\system32\client_cc.dll
2006-10-05 09:26 13904 --a
C:\WINDOWS\system32\lccl.dll
2006-10-05 09:24
d
C:\Program Files\BullGuard Software
2006-10-04 23:52
d
C:\Program Files\Dedaulus SC EN
2006-10-04 10:27
d
C:\Program Files\Paltalk Web Client
2006-10-03 20:49
d
C:\Documents and Settings\Administrator\Application Data\Corel
2006-10-03 18:15
d
C:\Program Files\Corel
2006-10-03 18:15
d
C:\Program Files\Common Files\Corel
2006-10-03 13:41
d
C:\Documents and Settings\Administrator\Application Data\Google
2006-10-02 21:29 41 --a--c--- C:\Documents and Settings\Administrator\Application Data\sversion.ini
2006-10-02 07:51 164146 ---h-c--- C:\Documents and Settings\Administrator\Application Data\TurboLaunch_IconCache.dat
2006-10-02 07:51
d
C:\Program Files\a-squared Free
2006-10-02 07:21
d
C:\Program Files\CleanUp!
2006-10-02 07:12
d
C:\Program Files\Trustix
2006-10-02 07:06
d
C:\Program Files\Arovax AntiSpyware
2006-10-02 04:04
d
C:\Program Files\BulletProofSoft.com
2006-10-02 03:52
d
C:\Documents and Settings\Administrator\Application Data\BullGuard(2)
2006-10-02 02:16
d
C:\Documents and Settings\Administrator\Application Data\Zeon
2006-10-02 02:08
d
C:\Program Files\Common Files\InstallShield
2006-10-02 02:06
d
C:\Program Files\Common Files\Download Manager
2006-10-01 02:04
d
C:\Program Files\Nsasoft
2006-09-29 21:55
d
C:\Program Files\MSN Messenger
2006-09-29 21:55
d
C:\Program Files\DIFX
2006-09-29 21:53
d
C:\Program Files\Messenger
2006-09-28 23:28
d
C:\Program Files\Zg cd extractor
2006-09-28 10:48
d
C:\Program Files\Amazing Planet
2006-09-27 22:57
d
C:\Documents and Settings\Administrator\Application Data\Azureus
2006-09-25 00:53
d
C:\Program Files\Video Capture Convert Split Merge Burn Studio
2006-09-25 00:45 81920 --a
C:\Documents and Settings\Administrator\Application Data\ezpinst.exe
2006-09-25 00:45 7176 --a
C:\Documents and Settings\Administrator\Application Data\pcouffin.cat
2006-09-25 00:45 47360 --a
C:\Documents and Settings\Administrator\Application Data\pcouffin.sys
2006-09-25 00:45 33 --a
C:\Documents and Settings\Administrator\Application Data\pcouffin.log
2006-09-25 00:45 1144 --a
C:\Documents and Settings\Administrator\Application Data\pcouffin.inf
2006-09-25 00:45
d
C:\Program Files\VSO
2006-09-25 00:45
d
C:\Documents and Settings\Administrator\Application Data\Vso
2006-09-24 19:21
d
C:\Program Files\Focus Select
2006-09-24 18:44
d
C:\Documents and Settings\Administrator\Application Data\Serif
2006-09-24 18:43
d
C:\Program Files\Serif
2006-09-24 18:31
d
C:\Program Files\Windows Media Player
2006-09-23 01:53
d
C:\Program Files\DVDFab Platinum 3
2006-09-21 23:27
d
C:\Program Files\Babble
2006-09-21 20:57
d
C:\Program Files\Paltalk Messenger
2006-09-21 20:39
d
C:\Documents and Settings\Administrator\Application Data\Paltalk
2006-09-20 01:17
d
C:\Program Files\Opera
2006-09-18 22:32
d
C:\Program Files\Azureus Ultra Accelerator
2006-09-15 14:48
d
C:\Program Files\WinRAR
2006-09-15 10:37
d
C:\Program Files\QuickTime
2006-09-15 10:34
d
C:\Program Files\Apple Software Update
2006-09-15 01:58
d
C:\Program Files\Virtual DJ Studio
2006-09-15 01:47
d
C:\Documents and Settings\Administrator\Application Data\Opera
2006-09-15 01:46
d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2006-09-14 10:24
d
C:\Documents and Settings\Administrator\Application Data\Real
2006-09-13 20:08
d
C:\Program Files\Amaya-9.52
2006-09-12 22:47
d
C:\Program Files\Elecard
2006-09-12 22:41
d
C:\Program Files\DVD Shrink
2006-09-12 22:35
d
C:\Documents and Settings\Administrator\Application Data\Media Player Classic
2006-09-12 17:29
d
C:\Program Files\Codec Pack - All In 1
2006-09-12 17:28
d
C:\Program Files\K-Lite Codec Pack
2006-09-12 00:31
d
C:\Documents and Settings\Administrator\Application Data\Download Manager
2006-09-12 00:28
d
C:\Program Files\SpamNullifier
2006-09-07 23:15
d
C:\Program Files\Gmail Notifier GPL
2006-09-06 22:25 104221 --a
C:\WINDOWS\Rapishare Free Account Check Uninstaller.exe
2006-09-06 22:25
d
C:\Program Files\Rapishare Free Account Check
2006-09-05 14:36
d
C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2006-09-05 10:01 1212928 --a
C:\WINDOWS\system32\Incinerator.dll
2006-09-03 20:53
d
C:\Program Files\Hazard Perception Training 2004-2005
2006-09-03 20:51
d
C:\Program Files\Driving Test Success 2004-2005
2006-09-03 19:33
d
C:\Program Files\Microsoft Works
2006-09-03 19:33
d
C:\Program Files\Common Files\Microsoft Shared
2006-09-03 17:23
d
C:\Program Files\POPFile
2006-09-02 22:16
d
C:\Program Files\MSBuild
2006-09-02 22:12
d
C:\Program Files\Reference Assemblies
2006-09-01 20:19
d
C:\Program Files\TryFastMessenger
2006-09-01 20:04
d
C:\Program Files\eGames
2006-08-30 23:40
d
C:\Documents and Settings\Administrator\Application Data\Apple Computer
2006-08-30 23:39
d
C:\Program Files\iTunes
2006-08-30 23:39
d
C:\Program Files\iPod
2006-08-30 15:25
d---s---- C:\Program Files\Common Files\Teknum Systems
2006-08-30 10:05
d
C:\Program Files\ffdshow
2006-08-30 09:39
d
C:\Program Files\Rockstar Games
2006-08-26 09:58
d
C:\Program Files\DCI
2006-08-26 09:58
d
C:\Program Files\Common Files\Designer
2006-08-25 19:04
d
C:\Program Files\SysShield Tools
2006-08-25 19:00
d
C:\Program Files\HandyBits
2006-08-25 18:59 26624 --a
C:\WINDOWS\system32\ssmenu.dll
2006-08-25 18:50
d
C:\Documents and Settings\Administrator\Application Data\scar5
2006-08-24 16:48
d
C:\Program Files\SpyPry
2006-08-24 16:37
d
C:\Documents and Settings\Administrator\Application Data\WinPatrol
2006-08-24 08:49
d
C:\Program Files\Sunbelt Software
2006-08-23 01:59 9480 --a
C:\WINDOWS\system32\icardres.dll
2006-08-23 01:59 76800 --a
C:\WINDOWS\system32\infocardapi.dll
2006-08-23 01:59 546568 --a
C:\WINDOWS\system32\icardagt.exe
2006-08-22 20:23
d
C:\Program Files\Azureus
2006-08-22 20:16
d
C:\Program Files\BitComet
2006-08-21 13:21 16896 --a
C:\WINDOWS\system32\fltlib.dll
2006-08-21 10:14 23040 --a
C:\WINDOWS\system32\fltmc.exe
2006-08-21 10:14 128896 --a
C:\WINDOWS\system32\drivers\fltmgr.sys
2006-08-19 23:44
d
C:\Program Files\RFA Platinum
2006-08-17 23:59
d
C:\Program Files\Internet Explorer
2006-08-15 18:08 768816 --a
C:\WINDOWS\system32\PresentationNative_v0300.dll
2006-08-15 18:08 472368 --a
C:\WINDOWS\system32\evr.dll
2006-08-15 18:08 1957168 --a
C:\WINDOWS\system32\milcore.dll
2006-08-15 18:07 69424 --a
C:\WINDOWS\system32\dxva2.dll
2006-08-15 18:07 19760 --a
C:\WINDOWS\system32\PresentationHostProxy.dll
2006-08-15 18:07 186160 --a
C:\WINDOWS\system32\PresentationHost.exe
2006-08-15 18:07 158000 --a
C:\WINDOWS\system32\UIAutomationCore.dll
2006-08-15 18:07 104240 --a
C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2006-08-15 13:22
d
C:\Program Files\Nero
2006-08-14 11:20
d
C:\Program Files\CCleaner
2006-08-13 10:07 408576
c--- C:\WINDOWS\system32\photometadatahandler.dll
2006-08-13 10:07 273920
c--- C:\WINDOWS\system32\WMPhoto.dll
2006-08-13 10:06 706560
c--- C:\WINDOWS\system32\WindowsCodecs.dll
2006-08-13 10:06 349696
c--- C:\WINDOWS\system32\WindowsCodecsExt.dll
2006-08-12 23:16
d
C:\Program Files\Yahoo!
2006-08-12 22:51
d
C:\Program Files\ICQLite
2006-08-12 22:50
d
C:\Documents and Settings\Administrator\Application Data\ICQLite
2006-08-12 21:23
d
C:\Program Files\CounterPath
2006-08-12 21:23
d
C:\Program Files\Common Files\Intel
2006-08-11 18:58
d
C:\Program Files\directx
2006-08-11 18:58
d
C:\Program Files\Common Files\gst
2006-08-11 18:57
d
C:\Program Files\green label
2006-08-08 13:36
d
C:\Program Files\Windows X
2006-07-28 16:49 69632 --a--c--- C:\WINDOWS\uinst001.exe
2006-07-28 09:30 62744 --a--c--- C:\WINDOWS\system32\xinput1_2.dll
2006-07-28 09:30 236824 --a--c--- C:\WINDOWS\system32\xactengine2_3.dll
2006-07-27 14:24 679424 --a--c--- C:\WINDOWS\system32\inetcomm.dll
2006-07-24 00:15 164352 --a--c--- C:\WINDOWS\system32\SpoonUninstall.exe
2006-07-24 00:15 159744 --a--c--- C:\WINDOWS\Talking Time Keeper.scr
2006-07-24 00:09 14848 --a--c--- C:\WINDOWS\system32\BASSMOD.dll
2006-07-21 09:24 72704 --a--c--- C:\WINDOWS\system32\hlink.dll
2006-07-21 08:37 0 -rahs---- C:\MSDOS.SYS
2006-07-21 08:37 0 -rahs---- C:\IO.SYS
2006-07-21 08:37 0 --a
C:\CONFIG.SYS
2006-07-21 08:37 0 --a
C:\AUTOEXEC.BAT
2006-07-21 01:28 62 --ahsc--- C:\Documents and Settings\Administrator\Application Data\desktop.ini
2006-07-14 17:29 966656 --a
C:\WINDOWS\UNRecode.exe
2006-07-14 17:29 966656 --a
C:\WINDOWS\UNNeroVision.exe
2006-07-14 17:29 966656 --a
C:\WINDOWS\UNNeroShowTime.exe
2006-07-14 17:29 966656 --a
C:\WINDOWS\UNNeroMediaHome.exe
2006-07-14 17:29 966656 --a
C:\WINDOWS\UNNeroBackItUp.exe
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BGNewsAgent"="\"C:\\Program Files\\BullGuard Software\\BullGuard\\BgNewsUI.exe\""
"Eraser"="C:\\Program Files\\Eraser\\eraser.exe -hide"
"BullGuard"="\"C:\\Program Files\\BullGuard Software\\BullGuard\\bullguard.exe\""
"\"C:\\Program Files\\Common Files\\{B08CD799-0AE9-2057-0525-05102005002c}\\Update.exe\" /startup"="\"C:\\Program Files\\Common Files\\{B08CD799-0AE9-2057-0525-05102005002c}\\Update.exe\" /startup"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Runonce]
"NeroHomeFirstStart"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NMFirstStart.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"DiskeeperSystray"="\"C:\\Program Files\\Diskeeper Corporation\\Diskeeper\\DkIcon.exe\""
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\\Program Files\\Google\\Gmail Notifier\\gnotify.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"NeroFilterCheck"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,e2,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,e2,03,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,e2,03,\
00,00,01,00,00,00
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spyware Doctor"=""
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spyware Doctor"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoActiveDesktop"=hex:00,00,00,00
"NoSaveSettings"=hex:00,00,00,00
"ClearRecentDocsOnExit"=dword:00000000
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"VerboseStatus"=dword:00000001
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Azureus Ultra Accelerator.lnk]
"path"=""
"location"="Startup"
"command"="C:\\PROGRA~1\\Azureus Ultra Accelerator\\Azureus Ultra Accelerator.exe "
"item"="Azureus Ultra Accelerator"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Undelete 5.0 Registration.lnk]
"location"="Startup"
"command"="C:\\PROGRA~1\\DISKEE~1\\DISKEE~1\\ESIREG~1.EXE /remind /language=ENG /PRNM=\"Undelete 5.0\""
"item"="Undelete 5.0 Registration"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^palstart.exe]
"location"="Common Startup"
"item"="palstart"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PalStart.lnk]
"location"="Common Startup"
"command"="C:\\PROGRA~1\\PALTAL~1\\palstart.exe "
"item"="PalStart"
"path"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
"location"="Common Startup"
"command"="C:\\PROGRA~1\\WinZip\\WZQKPICK.EXE "
"item"="WinZip Quick Pick"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\asrupdate.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="asrupdate"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\asrupdate.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MySpaceIM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MySpaceIM"
"hkey"="HKCU"
"command"="C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\NeroFilterCheck]
"hkey"="HKLM"
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"command"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\rfagent]
"hkey"="HKLM"
"key"="Software\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="rfagent"
"command"="\"C:\\Program Files\\RFA Platinum\\rfagent.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SMSystemAnalyzer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SMSystemAnalyzer"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\iolo\\System Mechanic Professional 6\\SMSystemAnalyzer.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SpywareTerminator]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SpywareTerminatorShield"
"hkey"="HKLM"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Program Files\\Java\\jre1.5.0_07\\bin\\jusched.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SunServer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="sunserver"
"hkey"="HKLM"
"command"="C:\\Program Files\\Sunbelt Software\\CounterSpy\\Consumer\\sunserver.exe"
"inimapping"="0"
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winzzc32
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
Completion time: 06/10/2006 10:24:40.17
ComboFix.txt
ComboFix2.txt
ComboFix3.txt
hope you can help. just to let you know i might have to go out for a bit so if i dont respond i will be back trust me on that. thanks in advance for anyone that does help.
Logfile of HijackThis v1.99.1
Scan saved at 10:35:08, on 06/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\BullGuard Software\BullGuard\BullGuardUpdate.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Eraser\eraser.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\StkSrv2K.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
F2 - REG:system.ini: Shell=explorer.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5556EFF5-CF91-ED9D-CA2D-09562C546C18} - C:\WINDOWS\system32\yefjsd.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\Spyware Doctor\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\Spyware Doctor\tools\iesdpb.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [BGNewsAgent] "C:\Program Files\BullGuard Software\BullGuard\BgNewsUI.exe"
O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe -hide
O4 - HKCU\..\Run: [BullGuard] "C:\Program Files\BullGuard Software\BullGuard\bullguard.exe"
O4 - HKCU\..\Run: ["C:\Program Files\Common Files\{B08CD799-0AE9-2057-0525-05102005002c}\Update.exe" /startup] "C:\Program Files\Common Files\{B08CD799-0AE9-2057-0525-05102005002c}\Update.exe" /startup
O4 - HKCU\..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\Load.exe
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\Spyware Doctor\tools\iesdpb.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\cavemlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cavemlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cavemlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cavemlsp.dll
O16 - DPF: wcloader_cab - http://download.paltalk.com/wcloader/wcloader.cab
O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} (MALPlaybackCtrl Class) - http://musicstore.connect.com/XSL/mb_us/html/activexplayer/SMALStreaming.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1153442500828
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1153442493859
O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://support.f-secure.com/ols/fscax.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - (no file)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - (no file)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winzzc32 - C:\WINDOWS\SYSTEM32\winzzc32.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BullGuard LiveUpdate (BGLiveSvc) - BullGuard Software - C:\Program Files\BullGuard Software\BullGuard\BullGuardUpdate.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Syntek DC-112X Service (StkSSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkSrv2K.exe
here is the combofix log:
Administrator - 06-10-06 10:24:07.73 Service Pack 2
ComboFix 06.09.28 - Running from: "C:\Documents and Settings\Administrator\Desktop"
((((((((((((((((((((((((((((((( Files Created from 2006-09-06 to 2006-10-06 ))))))))))))))))))))))))))))))))))
2006-10-05 22:53 24,576 --a
C:\WINDOWS\system32\StkSrv2k.exe
2006-10-05 22:49 94,132 --a
C:\WINDOWS\system32\drivers\usbVM31b.sys
2006-10-05 22:49 61,440 --a
C:\WINDOWS\system32\VM31bSTI.dll
2006-10-05 22:49 53,248 --a
C:\WINDOWS\StillCap.exe
2006-10-05 22:49 49,152 --a
C:\WINDOWS\amcap.exe
2006-10-05 22:49 45,056 --a
C:\WINDOWS\system32\camprp.dll
2006-10-05 22:49 40,960 --a
C:\WINDOWS\Vm_sti.exe
2006-10-05 22:49 307,200 --a
C:\WINDOWS\vidcap32.Exe
2006-10-05 22:49 147,456 --a
C:\WINDOWS\VMCap.exe
2006-10-05 22:49 111,304 --a
C:\WINDOWS\system32\drivers\usbcam.sys
2006-10-05 21:19 0 ---hs---- C:\WINDOWS\system32\gebbyvu.dll
2006-10-05 15:49 51,072 --a
C:\WINDOWS\system32\drivers\ikhlayer.sys
2006-10-05 15:49 30,592 --a
C:\WINDOWS\system32\drivers\ikhfile.sys
2006-10-05 15:12 28,966 --a
C:\Undo DAMIAN-B0A476A7 20061005 151257.Reg
2006-10-05 13:46 93,696 --a
C:\WINDOWS\system32\yfaijnf.dll
2006-10-05 13:46 72,704 --a
C:\WINDOWS\system32\yefjsd.dll
2006-10-05 13:46 18,432 --a
C:\WINDOWS\system32\winzzc32.dll
2006-10-05 09:24 55,888 --a
C:\WINDOWS\system32\drivers\Teefer.sys
2006-10-05 09:24 18,515 --a
C:\WINDOWS\system32\drivers\wpsdrvnt.sys
2006-10-05 09:24 11,914 --a
C:\WINDOWS\system32\drivers\wg3n.sys
2006-10-04 23:41 29,306 --a
C:\Undo DAMIAN-B0A476A7 20061004 234115.Reg
2006-10-03 23:45 72,466 --a
C:\Undo DAMIAN-B0A476A7 20061003 234534.Reg
2006-10-03 18:15 952 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2006-10-03 18:03 610,304 --a
C:\WINDOWS\system32\eraser.dll
2006-10-03 18:03 282,624 --a
C:\WINDOWS\system32\erasext.dll
2006-10-03 18:03 233,472 --a
C:\WINDOWS\system32\eraserl.exe
2006-10-02 07:12 73,728 --a
C:\WINDOWS\system32\CavEmLSP.dll
2006-10-02 07:11 55,424 --a
C:\WINDOWS\system32\drivers\cavasm.sys
2006-10-02 02:07 77,824 --a
C:\WINDOWS\system32\LLClientMiddleWare3.dll
2006-10-02 02:07 40,960 --a
C:\WINDOWS\system32\coreEncryptDecrypt.dll
2006-10-02 02:07 40,448 --a
C:\WINDOWS\system32\regobj.dll
2006-10-02 02:07 36,864 --a
C:\WINDOWS\system32\LLInstances3.dll
2006-10-02 02:07 32,768 --a
C:\WINDOWS\system32\XLLDFRequest3.dll
2006-10-02 02:07 32,768 --a
C:\WINDOWS\system32\LLClasses3.dll
2006-10-02 02:07 28,672 --a
C:\WINDOWS\system32\setupEncryptDecrypt.dll
2006-10-02 02:07 24,576 --a
C:\WINDOWS\system32\GUID.dll
2006-10-02 02:07 151,552 --a
C:\WINDOWS\system32\LLHttpsUpload2.dll
2006-10-01 15:05 499,712 --a
C:\WINDOWS\system32\msvcp71.dll
2006-10-01 02:30 69,668 --a
C:\Undo DAMIAN-B0A476A7 20061001 023041.Reg
2006-09-27 22:20 69,632 --a
C:\WINDOWS\system32\lfgif13n.dll
2006-09-27 22:20 57,344 --a
C:\WINDOWS\system32\lfbmp13n.dll
2006-09-27 22:20 462,848 --a
C:\WINDOWS\system32\ltkrn13n.dll
2006-09-27 22:20 450,560 --a
C:\WINDOWS\system32\ltimg13n.dll
2006-09-27 22:20 401,408 --a
C:\WINDOWS\system32\lfcmp13n.dll
2006-09-27 22:20 299,008 --a
C:\WINDOWS\system32\ltdis13n.dll
2006-09-27 22:20 206,336 --a
C:\WINDOWS\system32\ltefx13n.dll
2006-09-27 22:20 163,840 --a
C:\WINDOWS\system32\ltfil13n.dll
2006-09-25 00:48 413,760 --a
C:\WINDOWS\system32\MPG4c32.dll
2006-09-25 00:48 1,700,352 --a
C:\WINDOWS\system32\gdiplus.dll
2006-09-24 19:23 302,592 --a
C:\WINDOWS\mauninst.exe
2006-09-24 18:43 200,704 C:\WINDOWS\system32Serif MediaPlus.scr
2006-09-24 18:31 63,488 --a
C:\WINDOWS\system32\unam4ie.exe
2006-09-24 18:31 4,608 --a
C:\WINDOWS\system32\w95inf32.dll
2006-09-24 18:31 38,160 --a
C:\WINDOWS\system32\LMRTREND.dll
2006-09-24 18:31 21,008
C:\WINDOWS\system32\CTL3D.DLL
2006-09-24 18:31 2,272 --a
C:\WINDOWS\system32\w95inf16.dll
2006-09-24 18:31 194,320 --a
C:\WINDOWS\system32\qcut.dll
2006-09-24 18:31 182,032 --a
C:\WINDOWS\system32\dxtmsft3.dll
2006-09-24 18:31 10,240 --a
C:\WINDOWS\system32\vidx16.dll
2006-09-23 00:55 87,040 --a
C:\WINDOWS\system32\wiafbdrv.dll
2006-09-23 00:55 32,768 --a
C:\WINDOWS\system32\hpgtmcro.dll
2006-09-23 00:55 15,104 --a
C:\WINDOWS\system32\drivers\usbscan.sys
2006-09-23 00:55 126,976 --a
C:\WINDOWS\system32\hpgt34tk.dll
2006-09-23 00:55 101,376 --a
C:\WINDOWS\system32\hpgt34.dll
2006-09-20 01:20 423,784 --a
C:\WINDOWS\system32\XceedBkp.dll
2006-09-17 22:55 92,160 --a
C:\WINDOWS\system32\evntwin.exe
2006-09-17 22:55 8,704 --a
C:\WINDOWS\system32\snmptrap.exe
2006-09-17 22:55 6,144 --a
C:\WINDOWS\system32\snmpmib.dll
2006-09-17 22:55 39,936 --a
C:\WINDOWS\system32\hostmib.dll
2006-09-17 22:55 33,792 --a
C:\WINDOWS\system32\lmmib2.dll
2006-09-17 22:55 32,768 --a
C:\WINDOWS\system32\snmp.exe
2006-09-17 22:55 24,064 --a
C:\WINDOWS\system32\evntcmd.exe
2006-09-17 22:55 22,528 --a
C:\WINDOWS\system32\lpdsvc.dll
2006-09-17 22:55 18,944 --a
C:\WINDOWS\system32\lprmon.dll
2006-09-17 22:55 101,888 --a
C:\WINDOWS\system32\evntagnt.dll
2006-09-15 14:46 47,360 --a
C:\WINDOWS\system32\drivers\pcouffin.sys
2006-09-14 10:34 48,424 --a
C:\WINDOWS\system32\sirenacm.dll
2006-09-12 17:28 856,064 --a
C:\WINDOWS\system32\xvidcore.dll
2006-09-12 17:28 77,824 --a
C:\WINDOWS\system32\mplaw7.dll
2006-09-12 17:28 77,824 --a
C:\WINDOWS\system32\mplaa6.dll
2006-09-12 17:28 65,536 --a
C:\WINDOWS\system32\mplapx.dll
2006-09-12 17:28 65,536 --a
C:\WINDOWS\system32\mplam6.dll
2006-09-12 17:28 630,784 --a
C:\WINDOWS\system32\vp7vfw.dll
2006-09-12 17:28 594,450 --a
C:\WINDOWS\system32\x264vfw.dll
2006-09-12 17:28 438,272 --a
C:\WINDOWS\system32\vp6vfw.dll
2006-09-12 17:28 39,936 --a
C:\WINDOWS\system32\huffyuv.dll
2006-09-12 17:28 217,088 --a
C:\WINDOWS\system32\yv12vfw.dll
2006-09-12 17:28 217,088 --a
C:\WINDOWS\system32\xvidvfw.dll
2006-09-12 17:28 217,088 --a
C:\WINDOWS\system32\i420vfw.dll
2006-09-12 17:28 200,704 --a
C:\WINDOWS\system32\ssldivx.dll
2006-09-12 17:28 144,384 --a
C:\WINDOWS\system32\Iacenc.dll
2006-09-12 17:28 1,415,680 --a
C:\WINDOWS\system32\WMV9VCM.dll
2006-09-12 17:27 90,112 --a
C:\WINDOWS\system32\dpl100.dll
2006-09-12 17:27 620,180 --a
C:\WINDOWS\system32\divx.dll
2006-09-12 17:27 348,160 --a
C:\WINDOWS\system32\msvcr71.dll
2006-09-12 17:27 3,596,288 --a
C:\WINDOWS\system32\qt-dx331.dll
2006-09-12 17:27 200,704 --a
C:\WINDOWS\system32\dtu100.dll
2006-09-12 17:27 19,968 --a
C:\WINDOWS\system32\cpuinf32.dll
2006-09-12 17:27 1,044,480 --a
C:\WINDOWS\system32\libdivx.dll
2006-09-10 15:07 98,304 --a
C:\WINDOWS\system32\asrupdate.exe
2006-09-06 22:25 104,221 C:\WINDOWSRapishare Free Account Check Uninstaller.exe
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-10-06 08:53
d
C:\Documents and Settings\Administrator\Application Data\Ahead
2006-10-06 08:52
d
C:\Program Files\Common Files\Ahead
2006-10-06 08:33
d
C:\Program Files\Eraser
2006-10-05 22:54
d
C:\Program Files\videoview
2006-10-05 22:49
d--h
C:\Program Files\InstallShield Installation Information
2006-10-05 22:49
d
C:\Program Files\ZSMC
2006-10-05 22:49
d
C:\Program Files\Vimicro
2006-10-05 21:54
d
C:\Program Files\Common Files
2006-10-05 21:31
d
C:\Documents and Settings\Administrator\Application Data\BullGuard
2006-10-05 19:12
d
C:\Program Files\Advanced Spyware Remover
2006-10-05 19:07
d
C:\Program Files\Spyware Doctor
2006-10-05 18:13
d
C:\Program Files\RegToy
2006-10-05 15:21
d
C:\Documents and Settings\Administrator\Application Data\PC Tools
2006-10-05 15:18
d
C:\Program Files\Google
2006-10-05 09:26 14416 --a
C:\WINDOWS\system32\client_cc.dll
2006-10-05 09:26 13904 --a
C:\WINDOWS\system32\lccl.dll
2006-10-05 09:24
d
C:\Program Files\BullGuard Software
2006-10-04 23:52
d
C:\Program Files\Dedaulus SC EN
2006-10-04 10:27
d
C:\Program Files\Paltalk Web Client
2006-10-03 20:49
d
C:\Documents and Settings\Administrator\Application Data\Corel
2006-10-03 18:15
d
C:\Program Files\Corel
2006-10-03 18:15
d
C:\Program Files\Common Files\Corel
2006-10-03 13:41
d
C:\Documents and Settings\Administrator\Application Data\Google
2006-10-02 21:29 41 --a--c--- C:\Documents and Settings\Administrator\Application Data\sversion.ini
2006-10-02 07:51 164146 ---h-c--- C:\Documents and Settings\Administrator\Application Data\TurboLaunch_IconCache.dat
2006-10-02 07:51
d
C:\Program Files\a-squared Free
2006-10-02 07:21
d
C:\Program Files\CleanUp!
2006-10-02 07:12
d
C:\Program Files\Trustix
2006-10-02 07:06
d
C:\Program Files\Arovax AntiSpyware
2006-10-02 04:04
d
C:\Program Files\BulletProofSoft.com
2006-10-02 03:52
d
C:\Documents and Settings\Administrator\Application Data\BullGuard(2)
2006-10-02 02:16
d
C:\Documents and Settings\Administrator\Application Data\Zeon
2006-10-02 02:08
d
C:\Program Files\Common Files\InstallShield
2006-10-02 02:06
d
C:\Program Files\Common Files\Download Manager
2006-10-01 02:04
d
C:\Program Files\Nsasoft
2006-09-29 21:55
d
C:\Program Files\MSN Messenger
2006-09-29 21:55
d
C:\Program Files\DIFX
2006-09-29 21:53
d
C:\Program Files\Messenger
2006-09-28 23:28
d
C:\Program Files\Zg cd extractor
2006-09-28 10:48
d
C:\Program Files\Amazing Planet
2006-09-27 22:57
d
C:\Documents and Settings\Administrator\Application Data\Azureus
2006-09-25 00:53
d
C:\Program Files\Video Capture Convert Split Merge Burn Studio
2006-09-25 00:45 81920 --a
C:\Documents and Settings\Administrator\Application Data\ezpinst.exe
2006-09-25 00:45 7176 --a
C:\Documents and Settings\Administrator\Application Data\pcouffin.cat
2006-09-25 00:45 47360 --a
C:\Documents and Settings\Administrator\Application Data\pcouffin.sys
2006-09-25 00:45 33 --a
C:\Documents and Settings\Administrator\Application Data\pcouffin.log
2006-09-25 00:45 1144 --a
C:\Documents and Settings\Administrator\Application Data\pcouffin.inf
2006-09-25 00:45
d
C:\Program Files\VSO
2006-09-25 00:45
d
C:\Documents and Settings\Administrator\Application Data\Vso
2006-09-24 19:21
d
C:\Program Files\Focus Select
2006-09-24 18:44
d
C:\Documents and Settings\Administrator\Application Data\Serif
2006-09-24 18:43
d
C:\Program Files\Serif
2006-09-24 18:31
d
C:\Program Files\Windows Media Player
2006-09-23 01:53
d
C:\Program Files\DVDFab Platinum 3
2006-09-21 23:27
d
C:\Program Files\Babble
2006-09-21 20:57
d
C:\Program Files\Paltalk Messenger
2006-09-21 20:39
d
C:\Documents and Settings\Administrator\Application Data\Paltalk
2006-09-20 01:17
d
C:\Program Files\Opera
2006-09-18 22:32
d
C:\Program Files\Azureus Ultra Accelerator
2006-09-15 14:48
d
C:\Program Files\WinRAR
2006-09-15 10:37
d
C:\Program Files\QuickTime
2006-09-15 10:34
d
C:\Program Files\Apple Software Update
2006-09-15 01:58
d
C:\Program Files\Virtual DJ Studio
2006-09-15 01:47
d
C:\Documents and Settings\Administrator\Application Data\Opera
2006-09-15 01:46
d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2006-09-14 10:24
d
C:\Documents and Settings\Administrator\Application Data\Real
2006-09-13 20:08
d
C:\Program Files\Amaya-9.52
2006-09-12 22:47
d
C:\Program Files\Elecard
2006-09-12 22:41
d
C:\Program Files\DVD Shrink
2006-09-12 22:35
d
C:\Documents and Settings\Administrator\Application Data\Media Player Classic
2006-09-12 17:29
d
C:\Program Files\Codec Pack - All In 1
2006-09-12 17:28
d
C:\Program Files\K-Lite Codec Pack
2006-09-12 00:31
d
C:\Documents and Settings\Administrator\Application Data\Download Manager
2006-09-12 00:28
d
C:\Program Files\SpamNullifier
2006-09-07 23:15
d
C:\Program Files\Gmail Notifier GPL
2006-09-06 22:25 104221 --a
C:\WINDOWS\Rapishare Free Account Check Uninstaller.exe
2006-09-06 22:25
d
C:\Program Files\Rapishare Free Account Check
2006-09-05 14:36
d
C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2006-09-05 10:01 1212928 --a
C:\WINDOWS\system32\Incinerator.dll
2006-09-03 20:53
d
C:\Program Files\Hazard Perception Training 2004-2005
2006-09-03 20:51
d
C:\Program Files\Driving Test Success 2004-2005
2006-09-03 19:33
d
C:\Program Files\Microsoft Works
2006-09-03 19:33
d
C:\Program Files\Common Files\Microsoft Shared
2006-09-03 17:23
d
C:\Program Files\POPFile
2006-09-02 22:16
d
C:\Program Files\MSBuild
2006-09-02 22:12
d
C:\Program Files\Reference Assemblies
2006-09-01 20:19
d
C:\Program Files\TryFastMessenger
2006-09-01 20:04
d
C:\Program Files\eGames
2006-08-30 23:40
d
C:\Documents and Settings\Administrator\Application Data\Apple Computer
2006-08-30 23:39
d
C:\Program Files\iTunes
2006-08-30 23:39
d
C:\Program Files\iPod
2006-08-30 15:25
d---s---- C:\Program Files\Common Files\Teknum Systems
2006-08-30 10:05
d
C:\Program Files\ffdshow
2006-08-30 09:39
d
C:\Program Files\Rockstar Games
2006-08-26 09:58
d
C:\Program Files\DCI
2006-08-26 09:58
d
C:\Program Files\Common Files\Designer
2006-08-25 19:04
d
C:\Program Files\SysShield Tools
2006-08-25 19:00
d
C:\Program Files\HandyBits
2006-08-25 18:59 26624 --a
C:\WINDOWS\system32\ssmenu.dll
2006-08-25 18:50
d
C:\Documents and Settings\Administrator\Application Data\scar5
2006-08-24 16:48
d
C:\Program Files\SpyPry
2006-08-24 16:37
d
C:\Documents and Settings\Administrator\Application Data\WinPatrol
2006-08-24 08:49
d
C:\Program Files\Sunbelt Software
2006-08-23 01:59 9480 --a
C:\WINDOWS\system32\icardres.dll
2006-08-23 01:59 76800 --a
C:\WINDOWS\system32\infocardapi.dll
2006-08-23 01:59 546568 --a
C:\WINDOWS\system32\icardagt.exe
2006-08-22 20:23
d
C:\Program Files\Azureus
2006-08-22 20:16
d
C:\Program Files\BitComet
2006-08-21 13:21 16896 --a
C:\WINDOWS\system32\fltlib.dll
2006-08-21 10:14 23040 --a
C:\WINDOWS\system32\fltmc.exe
2006-08-21 10:14 128896 --a
C:\WINDOWS\system32\drivers\fltmgr.sys
2006-08-19 23:44
d
C:\Program Files\RFA Platinum
2006-08-17 23:59
d
C:\Program Files\Internet Explorer
2006-08-15 18:08 768816 --a
C:\WINDOWS\system32\PresentationNative_v0300.dll
2006-08-15 18:08 472368 --a
C:\WINDOWS\system32\evr.dll
2006-08-15 18:08 1957168 --a
C:\WINDOWS\system32\milcore.dll
2006-08-15 18:07 69424 --a
C:\WINDOWS\system32\dxva2.dll
2006-08-15 18:07 19760 --a
C:\WINDOWS\system32\PresentationHostProxy.dll
2006-08-15 18:07 186160 --a
C:\WINDOWS\system32\PresentationHost.exe
2006-08-15 18:07 158000 --a
C:\WINDOWS\system32\UIAutomationCore.dll
2006-08-15 18:07 104240 --a
C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2006-08-15 13:22
d
C:\Program Files\Nero
2006-08-14 11:20
d
C:\Program Files\CCleaner
2006-08-13 10:07 408576
c--- C:\WINDOWS\system32\photometadatahandler.dll
2006-08-13 10:07 273920
c--- C:\WINDOWS\system32\WMPhoto.dll
2006-08-13 10:06 706560
c--- C:\WINDOWS\system32\WindowsCodecs.dll
2006-08-13 10:06 349696
c--- C:\WINDOWS\system32\WindowsCodecsExt.dll
2006-08-12 23:16
d
C:\Program Files\Yahoo!
2006-08-12 22:51
d
C:\Program Files\ICQLite
2006-08-12 22:50
d
C:\Documents and Settings\Administrator\Application Data\ICQLite
2006-08-12 21:23
d
C:\Program Files\CounterPath
2006-08-12 21:23
d
C:\Program Files\Common Files\Intel
2006-08-11 18:58
d
C:\Program Files\directx
2006-08-11 18:58
d
C:\Program Files\Common Files\gst
2006-08-11 18:57
d
C:\Program Files\green label
2006-08-08 13:36
d
C:\Program Files\Windows X
2006-07-28 16:49 69632 --a--c--- C:\WINDOWS\uinst001.exe
2006-07-28 09:30 62744 --a--c--- C:\WINDOWS\system32\xinput1_2.dll
2006-07-28 09:30 236824 --a--c--- C:\WINDOWS\system32\xactengine2_3.dll
2006-07-27 14:24 679424 --a--c--- C:\WINDOWS\system32\inetcomm.dll
2006-07-24 00:15 164352 --a--c--- C:\WINDOWS\system32\SpoonUninstall.exe
2006-07-24 00:15 159744 --a--c--- C:\WINDOWS\Talking Time Keeper.scr
2006-07-24 00:09 14848 --a--c--- C:\WINDOWS\system32\BASSMOD.dll
2006-07-21 09:24 72704 --a--c--- C:\WINDOWS\system32\hlink.dll
2006-07-21 08:37 0 -rahs---- C:\MSDOS.SYS
2006-07-21 08:37 0 -rahs---- C:\IO.SYS
2006-07-21 08:37 0 --a
C:\CONFIG.SYS
2006-07-21 08:37 0 --a
C:\AUTOEXEC.BAT
2006-07-21 01:28 62 --ahsc--- C:\Documents and Settings\Administrator\Application Data\desktop.ini
2006-07-14 17:29 966656 --a
C:\WINDOWS\UNRecode.exe
2006-07-14 17:29 966656 --a
C:\WINDOWS\UNNeroVision.exe
2006-07-14 17:29 966656 --a
C:\WINDOWS\UNNeroShowTime.exe
2006-07-14 17:29 966656 --a
C:\WINDOWS\UNNeroMediaHome.exe
2006-07-14 17:29 966656 --a
C:\WINDOWS\UNNeroBackItUp.exe
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BGNewsAgent"="\"C:\\Program Files\\BullGuard Software\\BullGuard\\BgNewsUI.exe\""
"Eraser"="C:\\Program Files\\Eraser\\eraser.exe -hide"
"BullGuard"="\"C:\\Program Files\\BullGuard Software\\BullGuard\\bullguard.exe\""
"\"C:\\Program Files\\Common Files\\{B08CD799-0AE9-2057-0525-05102005002c}\\Update.exe\" /startup"="\"C:\\Program Files\\Common Files\\{B08CD799-0AE9-2057-0525-05102005002c}\\Update.exe\" /startup"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Runonce]
"NeroHomeFirstStart"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NMFirstStart.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"DiskeeperSystray"="\"C:\\Program Files\\Diskeeper Corporation\\Diskeeper\\DkIcon.exe\""
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\\Program Files\\Google\\Gmail Notifier\\gnotify.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"NeroFilterCheck"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,e2,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,e2,03,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,e2,03,\
00,00,01,00,00,00
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spyware Doctor"=""
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spyware Doctor"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoActiveDesktop"=hex:00,00,00,00
"NoSaveSettings"=hex:00,00,00,00
"ClearRecentDocsOnExit"=dword:00000000
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"VerboseStatus"=dword:00000001
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Azureus Ultra Accelerator.lnk]
"path"=""
"location"="Startup"
"command"="C:\\PROGRA~1\\Azureus Ultra Accelerator\\Azureus Ultra Accelerator.exe "
"item"="Azureus Ultra Accelerator"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Undelete 5.0 Registration.lnk]
"location"="Startup"
"command"="C:\\PROGRA~1\\DISKEE~1\\DISKEE~1\\ESIREG~1.EXE /remind /language=ENG /PRNM=\"Undelete 5.0\""
"item"="Undelete 5.0 Registration"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^palstart.exe]
"location"="Common Startup"
"item"="palstart"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PalStart.lnk]
"location"="Common Startup"
"command"="C:\\PROGRA~1\\PALTAL~1\\palstart.exe "
"item"="PalStart"
"path"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
"location"="Common Startup"
"command"="C:\\PROGRA~1\\WinZip\\WZQKPICK.EXE "
"item"="WinZip Quick Pick"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\asrupdate.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="asrupdate"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\asrupdate.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MySpaceIM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MySpaceIM"
"hkey"="HKCU"
"command"="C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\NeroFilterCheck]
"hkey"="HKLM"
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"command"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\rfagent]
"hkey"="HKLM"
"key"="Software\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="rfagent"
"command"="\"C:\\Program Files\\RFA Platinum\\rfagent.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SMSystemAnalyzer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SMSystemAnalyzer"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\iolo\\System Mechanic Professional 6\\SMSystemAnalyzer.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SpywareTerminator]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SpywareTerminatorShield"
"hkey"="HKLM"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Program Files\\Java\\jre1.5.0_07\\bin\\jusched.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SunServer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="sunserver"
"hkey"="HKLM"
"command"="C:\\Program Files\\Sunbelt Software\\CounterSpy\\Consumer\\sunserver.exe"
"inimapping"="0"
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winzzc32
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
Completion time: 06/10/2006 10:24:40.17
ComboFix.txt
ComboFix2.txt
ComboFix3.txt
hope you can help. just to let you know i might have to go out for a bit so if i dont respond i will be back trust me on that. thanks in advance for anyone that does help.
0
Comments
Logfile of HijackThis v1.99.1
Scan saved at 13:57:33, on 06/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Eraser\eraser.exe
C:\Program Files\BullGuard Software\BullGuard\bullguard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\BullGuard Software\BullGuard\BullGuardUpdate.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\StkSrv2K.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
F2 - REG:system.ini: Shell=explorer.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5556EFF5-CF91-ED9D-CA2D-09562C546C18} - C:\WINDOWS\system32\yefjsd.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\Spyware Doctor\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\Spyware Doctor\tools\iesdpb.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [BGNewsAgent] "C:\Program Files\BullGuard Software\BullGuard\BgNewsUI.exe"
O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe -hide
O4 - HKCU\..\Run: [BullGuard] "C:\Program Files\BullGuard Software\BullGuard\bullguard.exe"
O4 - HKCU\..\Run: ["C:\Program Files\Common Files\{B08CD799-0AE9-2057-0525-05102005002c}\Update.exe" /startup] "C:\Program Files\Common Files\{B08CD799-0AE9-2057-0525-05102005002c}\Update.exe" /startup
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\Load.exe
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\Spyware Doctor\tools\iesdpb.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\cavemlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cavemlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cavemlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cavemlsp.dll
O16 - DPF: wcloader_cab - http://download.paltalk.com/wcloader/wcloader.cab
O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} (MALPlaybackCtrl Class) - http://musicstore.connect.com/XSL/mb_us/html/activexplayer/SMALStreaming.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1153442500828
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1153442493859
O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://support.f-secure.com/ols/fscax.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - (no file)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - (no file)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winzzc32 - winzzc32.dll (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BullGuard LiveUpdate (BGLiveSvc) - BullGuard Software - C:\Program Files\BullGuard Software\BullGuard\BullGuardUpdate.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Syntek DC-112X Service (StkSSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkSrv2K.exe