Hello all :)
I've had a fair few errors with my PC and fixed problems here and there but still think theres more i havn't covered because of poor performance running.
You're help will be much appreciated
Here are both ComboFix and HiJackThis logs
ComboFix 08-03-01.3 - Ilkkan 2008-03-02 15:48:32.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.61 [GMT 11:00]
Running from: C:\Documents and Settings\Ilkkan\desktop\ComboFix.exe
Command switches used :: /KillAll
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data\storageprotector
C:\Documents and Settings\All Users\Application Data\storageprotector\Data\ac
C:\Documents and Settings\All Users\Application Data\storageprotector\Data\em
C:\Documents and Settings\All Users\Application Data\storageprotector\Data\oid
C:\Documents and Settings\All Users\Application Data\storageprotector\Data\StorageProtector.exe.cer
C:\Documents and Settings\All Users\Application Data\storageprotector\Data\user
C:\Program Files\Helper
C:\Program Files\Helper\1204097894.dll
C:\Program Files\Helper\1204097919.dll
C:\Program Files\Helper\1204098199.dll
C:\Program Files\StorageProtector
C:\Program Files\StorageProtector\License.rtf
C:\Program Files\StorageProtector\Readme.rtf
C:\Program Files\StorageProtector\rm.url
C:\Program Files\StorageProtector\sr.log
C:\Program Files\StorageProtector\swupd.log
C:\Program Files\StorageProtector\SysRep.exe.Log
C:\Program Files\StorageProtector\SysRep.exe.xml
C:\Program Files\StorageProtector\SysRep.url
C:\Program Files\StorageProtector\unins000.dat
C:\WINDOWS\system32\cbxxxuv.dll
C:\WINDOWS\system32\gxtjoawm.ini
C:\WINDOWS\system32\jqybxrfq.dll
C:\WINDOWS\system32\jqybxrfq.dllbox
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\windows
.
((((((((((((((((((((((((( Files Created from 2008-02-02 to 2008-03-02 )))))))))))))))))))))))))))))))
.
2008-03-02 14:49 . 2008-03-02 15:20 <DIR> d-------- C:\Program Files\RegCure
2008-03-02 09:43 . 2008-03-02 11:44 <DIR> d-------- C:\VundoFix Backups
2008-03-01 20:15 . 2008-03-01 20:15 <DIR> d-------- C:\WINDOWS\LocalSSL
2008-03-01 20:12 . 2008-03-01 20:13 <DIR> d-------- C:\WINDOWS\LastGood.Tmp
2008-03-01 20:12 . 2007-10-27 01:51 138,512 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-03-01 20:12 . 2007-10-27 01:51 52,496 --a------ C:\WINDOWS\system32\drivers\tmactmon.sys
2008-03-01 20:12 . 2007-10-27 01:51 52,368 --a------ C:\WINDOWS\system32\drivers\tmevtmgr.sys
2008-03-01 20:08 . 2008-03-01 20:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro
2008-03-01 20:02 . 2008-03-01 20:14 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-01 19:47 . 2008-03-01 19:47 <DIR> d-------- C:\Program Files\SoftwareDoctor
2008-03-01 14:51 . 2008-03-01 14:51 99,436 --a------ C:\WINDOWS\BMcbeeee84.xml
2008-03-01 14:51 . 2008-03-01 22:29 22 --a------ C:\WINDOWS\pskt.ini
2008-03-01 12:41 . 2008-03-01 12:41 <DIR> d-------- C:\Documents and Settings\Ilkkan\Application Data\Media Player Classic
2008-03-01 12:41 . 2007-08-18 18:54 380,928 --a------ C:\WINDOWS\system32\ac3filter.acm
2008-03-01 12:40 . 2008-03-01 13:46 <DIR> d-------- C:\Program Files\XP Codec Pack
2008-03-01 12:38 . 2008-03-01 13:46 <DIR> d-------- C:\Program Files\Xvid
2008-03-01 05:39 . 2008-03-01 14:33 <DIR> d-------- C:\Program Files\Maxthon
2008-02-28 22:20 . 2008-02-28 22:20 <DIR> d-------- C:\Documents and Settings\Ilkkan\Application Data\Nokia
2008-02-28 12:21 . 2008-03-01 13:46 <DIR> d-------- C:\Documents and Settings\Ilkkan\Phone Browser
2008-02-28 12:21 . 2008-02-28 22:21 <DIR> d-------- C:\Documents and Settings\Ilkkan\Application Data\Nokia N95
2008-02-28 12:21 . 2008-02-28 12:21 <DIR> d-------- C:\Documents and Settings\Ilkkan\Application Data\Datalayer
2008-02-28 12:13 . 2008-02-28 12:13 <DIR> d-------- C:\Documents and Settings\Ilkkan\Application Data\PC Suite
2008-02-28 12:12 . 2008-02-28 12:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Suite
2008-02-28 12:11 . 2008-03-01 13:46 <DIR> d-------- C:\Program Files\Nokia
2008-02-28 12:11 . 2008-03-01 13:46 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2008-02-28 09:45 . 2008-03-01 13:46 <DIR> d-------- C:\Program Files\WinAce
2008-02-27 18:38 . 2008-02-27 18:38 54,764 --a------ C:\WINDOWS\system\hipsrv.mm
2008-02-27 18:37 . 2008-02-27 18:37 29,184 --a------ C:\WINDOWS\system32\drivers\smss.exe
2008-02-27 18:28 . 2008-02-27 18:28 <DIR> d-------- C:\Documents and Settings\Ilkkan\Application Data\Sony
2008-02-27 18:25 . 2008-02-27 18:25 <DIR> d-------- C:\Program Files\Sony
2008-02-27 18:25 . 2001-10-19 15:40 1,683,792 --a------ C:\WINDOWS\system32\wmvcore2.dll
2008-02-27 18:25 . 2001-10-19 15:40 665,424 --a------ C:\WINDOWS\system32\wmv8dmoe.dll
2008-02-27 18:25 . 2002-10-09 13:21 566,272 --a------ C:\WINDOWS\system32\wmvdmoe.dll
2008-02-27 18:25 . 2001-10-19 15:40 438,608 --a------ C:\WINDOWS\system32\wmv8dmod.dll
2008-02-27 18:25 . 2001-10-19 03:05 285,184 --a------ C:\WINDOWS\system32\wmidx2.ocx
2008-02-27 18:25 . 2008-02-27 18:25 156,910 --a------ C:\WINDOWS\WMSysPr8.prx
2008-02-27 18:24 . 2008-02-27 18:24 <DIR> d-------- C:\Program Files\Sony Setup
2008-02-27 18:12 . 2008-02-27 18:20 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-02-27 18:02 . 2008-02-28 16:36 <DIR> d-------- C:\Documents and Settings\Ilkkan\Application Data\Ahead
2008-02-27 18:00 . 2008-02-27 18:00 <DIR> d-------- C:\Program Files\Nero
2008-02-27 18:00 . 2008-02-27 18:01 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-02-27 18:00 . 2008-02-27 18:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-02-27 16:30 . 2008-02-27 18:37 <DIR> d-------- C:\Program Files\Winamp
2008-02-27 10:41 . 2008-02-27 10:41 <DIR> d-------- C:\WINDOWS\Application Data
2008-02-27 08:35 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-02-27 08:35 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-02-26 17:04 . 2008-02-26 17:12 <DIR> d-------- C:\Program Files\MagicISO
2008-02-26 14:41 . 2008-02-26 14:41 14,848 --a------ C:\WINDOWS\system32\kbdlt132.dll
2008-02-26 13:53 . 2008-02-26 13:53 <DIR> d-------- C:\Documents and Settings\Ilkkan\Contacts
2008-02-26 13:47 . 2008-02-28 12:15 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-02-26 13:47 . 2008-02-27 18:53 <DIR> d-------- C:\Program Files\uTorrent
2008-02-26 13:47 . 2008-03-02 15:45 <DIR> d-------- C:\Documents and Settings\Ilkkan\Application Data\uTorrent
2008-02-26 13:41 . 2008-02-26 13:47 <DIR> d-------- C:\Program Files\Windows Live
2008-02-26 13:41 . 2008-02-26 13:46 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-02-26 13:41 . 2008-02-26 13:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-26 13:40 . 2007-12-07 13:21 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-02-26 13:36 . 2008-02-26 13:36 <DIR> d-------- C:\Program Files\Qualcomm
2008-02-26 13:36 . 2008-02-26 13:36 <DIR> d-------- C:\Program Files\Netscape
2008-02-26 13:36 . 2008-02-26 13:36 9,728 --a------ C:\WINDOWS\system32\rnaph.dll
2008-02-26 13:30 . 2003-01-08 04:32 15,400 -ra------ C:\WINDOWS\system32\drivers\NetMotCM.sys
2008-02-21 21:35 . 2008-02-26 16:13 169 --a------ C:\WINDOWS\RtlRack.ini
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-01 08:47 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-07 02:21 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{12571B96-2F31-4E29-9C13-AE010605C2E3}]
2008-02-26 14:41 14848 --a------ C:\WINDOWS\system32\kbdlt132.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{E7620C98-FCCC-40E5-92EC-C7685D2E1E40}
[HKEY_CLASSES_ROOT\clsid\{e7620c98-fccc-40e5-92ec-c7685d2e1e40}]
[HKEY_CLASSES_ROOT\TSToolbar.TSProtectorBar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EC525605-2266-4775-8F78-A68A6446465C}]
[HKEY_CLASSES_ROOT\TSToolbar.TSProtectorBar]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" [2007-10-27 01:47 1393928]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACU]
--a------ 2005-01-31 09:05 253952 C:\Program Files\Atheros\ACU.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2006-11-16 19:04 139264 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMcbeeee84]
C:\WINDOWS\system32\budumgmu.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c8dddd18]
C:\WINDOWS\system32\mwaojtxg.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 00:56 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-14 03:24 1694208 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\MsnMsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 15:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2007-07-25 10:38 77824 C:\WINDOWS\SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
R3 HSFHWSIS;HSFHWSIS;C:\WINDOWS\system32\DRIVERS\HSFHWSIS.sys [2007-07-24 18:18]
R3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51;C:\WINDOWS\system32\DRIVERS\sisnicxp.sys [2004-11-05 17:43]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\NokiaInstaller.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-03-02 04:54:18 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-03-02 03:50:03 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-02 15:55:58
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFCommander.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe
.
**************************************************************************
.
Completion time: 2008-03-02 15:59:49 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-02 04:59:44
.
2008-02-26 16:00:40 --- E O F ---
----------------------------------------------------------------------------------------------
----------------------------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 16:24, on 2008-03-02
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFCommander.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe
C:\Program Files\Maxthon\Maxthon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\hijackthis\hijackthis v2.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ncable.net.au
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {12571B96-2F31-4E29-9C13-AE010605C2E3} - C:\WINDOWS\system32\kbdlt132.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: TransactionProtector BHO - {C1656CCA-D2EA-4A32-94AE-AE0B180E6449} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll
O3 - Toolbar: Transaction Protector - {E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1203995854000
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
--
End of file - 4060 bytes