Hi Loophole
Thanks for the swift reply
Here are the combo fix and hijack logs.
and all seems a lot better allready.
ComboFix 08-06-06.6 - duke8t 2008-06-07 15:14:07.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.800 [GMT 1:00]
Running from: C:\Users\duke8t\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Temp\vtmp2
C:\Windows\accesss.exe
C:\Windows\astctl32.ocx
C:\Windows\avpcc.dll
C:\Windows\clrssn.exe
C:\Windows\cpan.dll
C:\Windows\ctfmon32.exe
C:\Windows\ctrlpan.dll
C:\Windows\default.htm
C:\Windows\directx32.exe
C:\Windows\dnsrelay.dll
C:\Windows\Downloaded Program Files\setup.inf
C:\Windows\editpad.exe
C:\Windows\explore.exe
C:\Windows\explorer32.exe
C:\Windows\funniest.exe
C:\Windows\funny.exe
C:\Windows\gfmnaaa.dll
C:\Windows\helpcvs.exe
C:\Windows\iedll.exe
C:\Windows\iexplorer.exe
C:\Windows\inetinf.exe
C:\Windows\internet.exe
C:\Windows\loader.exe
C:\Windows\mainms.vpi
C:\Windows\megavid.cdt
C:\Windows\msconfd.dll
C:\Windows\msspi.dll
C:\Windows\mssys.exe
C:\Windows\msupdate.exe
C:\Windows\mswsc10.dll
C:\Windows\mswsc20.dll
C:\Windows\mtwirl32.dll
C:\Windows\muotr.so
C:\Windows\notepad32.exe
C:\Windows\olehelp.exe
C:\Windows\qttasks.exe
C:\Windows\quicken.exe
C:\Windows\rundll16.exe
C:\Windows\rundll32.vbe
C:\Windows\searchword.dll
C:\Windows\sistem.exe
C:\Windows\svchost32.exe
C:\Windows\svcinit.exe
C:\Windows\systeem.exe
C:\Windows\system32\alkycvrt.dll
C:\Windows\System32\EeOnXyay.ini
C:\Windows\System32\EeOnXyay.ini2
C:\Windows\system32\gfpotrkf.dll
C:\Windows\system32\gskiqiyj.dll
C:\Windows\system32\hljwugsf.bin
C:\Windows\system32\ibccccwo.dll
C:\Windows\system32\ivqvwhpd.dll
C:\Windows\system32\MSINET.oca
C:\Windows\system32\uddgpymp.dll
C:\Windows\system32\udyskfac.dll
C:\Windows\system32\winsusrm.dll
C:\Windows\system32\winsusrx.dll
C:\Windows\system32\xwvxxfng.dll
C:\Windows\systemcritical.exe
C:\Windows\time.exe
C:\Windows\users32.exe
C:\Windows\waol.exe
C:\Windows\win32e.exe
C:\Windows\win64.exe
C:\Windows\winajbm.dll
C:\Windows\window.exe
C:\Windows\winmgnt.exe
C:\Windows\x.exe
C:\Windows\xplugin.dll
C:\Windows\xxxvideo.hta
C:\Windows\y.exe
----- BITS: Possible infected sites -----
hxxp://theinstalls.com
.
((((((((((((((((((((((((( Files Created from 2008-05-07 to 2008-06-07 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-07 07:50 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-06-07 07:49 --------- d-----w C:\Users\duke8t\AppData\Roaming\SUPERAntiSpyware.com
2008-06-07 07:49 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-07 06:26 --------- d-----w C:\Users\duke8t\AppData\Roaming\Malwarebytes
2008-06-07 06:26 --------- d-----w C:\Users\duke8t\AppData\Roaming\Download Manager
2008-06-07 06:26 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-06-06 23:28 --------- d-----w C:\Program Files\Trend Micro
2008-06-06 21:53 55,808 ----a-w C:\Windows\portsv.exe
2008-06-06 20:50 87,511 ----a-w C:\Windows\System32\iftuyszv.exe
2008-06-06 20:45 --------- d-----w C:\Program Files\AVG
2008-06-06 15:44 --------- d-----w C:\Users\duke8t\AppData\Roaming\Xfire
2008-06-06 15:28 --------- d-----w C:\Program Files\WarRock
2008-06-06 15:28 --------- d-----w C:\Program Files\Guild Wars
2008-06-06 15:28 --------- d-----w C:\Program Files\CCleaner
2008-06-05 15:04 34,296 ----a-w C:\Windows\system32\drivers\mbamcatchme.sys
2008-06-05 15:04 15,864 ----a-w C:\Windows\system32\drivers\mbam.sys
2008-06-04 21:07 --------- d-----w C:\Users\duke8t\AppData\Roaming\PeerNetworking
2008-06-04 21:02 --------- d-----w C:\Users\duke8t\AppData\Roaming\LimeWire
2008-06-04 20:13 --------- d-----w C:\Users\duke8t\AppData\Roaming\uTorrent
2008-06-04 13:28 --------- d-----w C:\Program Files\Birmingham City - DNA
2008-05-31 06:38 --------- d-----w C:\Users\duke8t\AppData\Roaming\Roxio
2008-05-30 22:04 --------- d-----w C:\Program Files\Common Files\Research In Motion
2008-05-30 21:57 --------- d-----w C:\Users\duke8t\AppData\Roaming\Research In Motion
2008-05-30 21:51 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2008-05-30 21:51 --------- d-----w C:\Program Files\Common Files\PX Storage Engine
2008-05-30 21:50 --------- d-----w C:\Program Files\Roxio
2008-05-30 21:46 --------- d-----w C:\Program Files\Common Files\Roxio Shared
2008-05-30 21:40 --------- d-----w C:\Program Files\Research In Motion
2008-05-30 08:34 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys
2008-05-30 08:34 107,832 ----a-w C:\Windows\System32\PnkBstrB.exe
2008-05-29 21:38 --------- d-----w C:\Program Files\Eudemons Online
2008-05-29 19:57 141 ----a-w C:\Program Files\values.dat
2008-05-29 19:54 42,548 ----a-w C:\Program Files\warrock.exe
2008-05-29 19:46 --------- d-----w C:\Program Files\Xfire
2008-05-28 19:19 --------- d-----w C:\Program Files\MSXML 4.0
2008-05-23 22:14 --------- d-----w C:\Users\duke8t\AppData\Roaming\InstallShield
2008-05-14 13:12 --------- d-----w C:\Program Files\Windows Mail
2008-05-14 01:28 41,296 ----a-w C:\Windows\System32\xfcodec.dll
2008-05-13 19:56 --------- d-----w C:\Program Files\Common Files\INCA Shared
2008-05-13 15:15 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-13 15:15 --------- d-----w C:\Program Files\Triggersoft
2008-05-12 10:07 188,580,039 ----a-w C:\Destinator PN.zip
2008-05-09 21:07 --------- d-----w C:\Program Files\Yahoo!
2008-05-09 12:28 --------- d-----w C:\Users\duke8t\AppData\Roaming\Yahoo!
2008-04-24 14:51 --------- d-----w C:\Program Files\TiNControl
2008-04-24 14:43 --------- d-----w C:\Program Files\3-Clicks
2008-04-23 13:10 --------- d-----w C:\Program Files\NetObjects
2008-04-21 20:03 --------- d-----w C:\Users\duke8t\AppData\Roaming\Maxthon
2008-04-21 19:48 --------- d-----w C:\Program Files\Zoom Search Engine 5.1
2008-04-16 21:11 --------- d-----w C:\Program Files\Dragonfly
2008-04-08 09:50 --------- d-----w C:\Users\duke8t\AppData\Roaming\gamelab
2008-04-01 08:15 341,552 ----a-w C:\Windows\System32\npesLauncher.exe
2008-03-28 23:16 691,545 ----a-w C:\Windows\unins000.exe
2008-03-28 10:24 974,848 ----a-w C:\Windows\System32\npdownv.exe
2008-03-08 04:30 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-03-08 04:30 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-03-08 04:30 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-03-08 04:30 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-03-08 04:30 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-03-08 00:37 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-03-08 00:22 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2007-10-26 19:20 174 --sha-w C:\Program Files\desktop.ini
2007-10-26 19:30 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-10-26 19:30 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-10-26 19:30 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{70A51F76-EED9-4657-8DCA-3B9D107643A7}]
C:\Windows\system32\yayXnOeE.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2006-09-11 04:40 218032]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-11 21:38 1232896]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 04:40 218032]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 04:40 86960]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"eBayToolbar"="C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe" [2008-05-05 16:05 652528]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-12-11 18:06 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-12-11 18:06 8530464]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-12-11 18:06 81920]
"SoundMan"="SOUNDMAN.EXE" [2007-03-09 16:28 598016 C:\Windows\SOUNDMAN.EXE]
"Windows Mobile Device Center"="%windir%\WindowsMobile\wmdc.exe" [ ]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-08-16 08:56 236016]
C:\Users\duke8t\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Xfire.lnk - C:\Program Files\Xfire\xfire.exe [2008-05-14 02:28:16 3007824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-02-27 11:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4028478744-3637310691-4208235819-1000]
"EnableNotificationsRef"=dword:00000002
"EnableNotifications"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{86B7B104-02CA-491C-BAEA-7EC91A71282A}"= UDP:C:\Program Files\Eudemons Online\AutoPatch.exe:AutoPatch
"{F69D55F6-22CB-41FB-812B-BBCD39B49B31}"= TCP:C:\Program Files\Eudemons Online\AutoPatch.exe:AutoPatch
"TCP Query User{08C906EE-3FF9-46B6-BEA9-F6F71BF7C5F1}C:\\program files\\windows sidebar\\sidebar.exe"= UDP:C:\program files\windows sidebar\sidebar.exe:Windows Sidebar
"UDP Query User{28BC5929-9EDC-40A5-B639-7A8815C52BBF}C:\\program files\\windows sidebar\\sidebar.exe"= TCP:C:\program files\windows sidebar\sidebar.exe:Windows Sidebar
"TCP Query User{FCBA1E5C-514C-4481-8508-8825E16F9CFB}C:\\program files\\macromedia\\dreamweaver 8\\dreamweaver.exe"= UDP:C:\program files\macromedia\dreamweaver 8\dreamweaver.exe:Dreamweaver 8
"UDP Query User{15D190B8-E38F-4328-912F-F988461FE99D}C:\\program files\\macromedia\\dreamweaver 8\\dreamweaver.exe"= TCP:C:\program files\macromedia\dreamweaver 8\dreamweaver.exe:Dreamweaver 8
"TCP Query User{A357099E-B2AF-4DB7-B084-34ABBE246FA0}C:\\program files\\real\\realplayer\\realplay.exe"= UDP:C:\program files\real\realplayer\realplay.exe:RealPlayer
"UDP Query User{8F5078D9-38AC-4FBB-9084-3393C805FA0B}C:\\program files\\real\\realplayer\\realplay.exe"= TCP:C:\program files\real\realplayer\realplay.exe:RealPlayer
"{95C06DAE-BDDF-4F85-B141-F203860F0859}"= UDP:C:\Program Files\Flagship Studios\Hellgate London\Launcher.exe:Hellgate: London
"{50BCF2DE-1842-4FE7-9AD1-DED7247333CA}"= TCP:C:\Program Files\Flagship Studios\Hellgate London\Launcher.exe:Hellgate: London
"TCP Query User{B18BB192-8ECE-4A47-BAB2-8F2642574A17}C:\\program files\\firefly studios\\civcity rome\\civcity rome.exe"= UDP:C:\program files\firefly studios\civcity rome\civcity rome.exe:CivCity Rome
"UDP Query User{D371D34D-9BC5-4B58-BB85-2FE22E2B837B}C:\\program files\\firefly studios\\civcity rome\\civcity rome.exe"= TCP:C:\program files\firefly studios\civcity rome\civcity rome.exe:CivCity Rome
"TCP Query User{827F97D9-F38D-4D1B-9EF0-FB6F9488F631}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{F598810B-2664-43F9-A1FC-0316ADD713EA}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{92103D39-BBBB-472D-AFAC-9C16A26B1713}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{F7D4DBB0-0903-4502-9FC5-FBFF900EEA90}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"{BE043AC5-18AC-4A1B-A1BF-2D22A84287FB}"= UDP:C:\Program Files\Triggersoft\Rose Online Evolution\SRose launcher.exe:Speed Rose
"{1C1EF9D0-E914-4FE2-BEC4-EB5593CA955B}"= TCP:C:\Program Files\Triggersoft\Rose Online Evolution\SRose launcher.exe:Speed Rose
"{14AE2DB7-88E6-467D-9900-064A554FAEEE}"= UDP:C:\Program Files\Triggersoft\Rose Online Evolution\ROSEonline.exe:RoseOnlineEvolution
"{9DF876A2-D110-46D4-B9E4-2820F5D3F529}"= TCP:C:\Program Files\Triggersoft\Rose Online Evolution\ROSEonline.exe:RoseOnlineEvolution
"{71C14FD3-5A1D-406F-B289-BAFAEB97FDBD}"= UDP:C:\Program Files\Triggersoft\Rose Online Evolution\RoUpdate.exe:RoUpdate
"{13C7F76B-204F-4AA5-868E-224C7A4ABB69}"= TCP:C:\Program Files\Triggersoft\Rose Online Evolution\RoUpdate.exe:RoUpdate
"{7F72DE3B-5FBE-4E22-A445-A6F0F0224EBC}"= UDP:C:\Program Files\CCleaner\CCleaner.exe:CCleaner
"{4D22C72B-A61B-4F1D-8E39-B228AE0AD5D0}"= TCP:C:\Program Files\CCleaner\CCleaner.exe:CCleaner
"{F1FB5FD5-40D8-49A4-9906-EF3CA0E92D7D}"= UDP:C:\Program Files\Triggersoft\Rose Online Evolution\TRose.exe:TRose
"{905FA9EE-A077-4787-8337-FDDE4FE0BADA}"= TCP:C:\Program Files\Triggersoft\Rose Online Evolution\TRose.exe:TRose
"TCP Query User{932CF4FA-E5F7-4EE7-B60B-4C0A32FCC08F}C:\\program files\\roxio\\media manager 9\\mediamanager9.exe"= UDP:C:\program files\roxio\media manager 9\mediamanager9.exe:MediaManager9 Module
"UDP Query User{CE366C25-00F7-449D-9F41-9AA3778772BC}C:\\program files\\roxio\\media manager 9\\mediamanager9.exe"= TCP:C:\program files\roxio\media manager 9\mediamanager9.exe:MediaManager9 Module
"{F78032D6-8C54-42D2-AF56-7692B77CCCEE}"= UDP:C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe:RoxioUPnPRenderer9
"{BEFA0038-6447-4C95-B552-2F0BD153C710}"= TCP:C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe:RoxioUPnPRenderer9
"{E52E6B4D-B400-432C-BB57-B7E273BFB7D8}"= UDP:C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe:RoxioUpnpService9
"{BEDFA0C6-27AB-4845-9BA1-0D3C97833FCB}"= TCP:C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe:RoxioUpnpService9
"{082B7957-4F36-46B3-A056-BF18827DBB57}"= UDP:C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe:RoxioUPnPRenderer9
"{53ABE80D-6DA6-4DD1-8296-4491DF2FB398}"= TCP:C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe:RoxioUPnPRenderer9
"{2D10BA96-0E95-45D1-ACA8-8B5106335526}"= UDP:C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe:RoxioUpnpService9
"{72EC8ADA-BF6E-4A13-B756-C34F238ACD72}"= TCP:C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe:RoxioUpnpService9
"{8BAE31E9-B0C1-4FFF-ADBC-A410AE2E53E5}"= UDP:C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe:RoxLiveShare9
"{8E83955E-736B-468D-B7AD-4E4374F0D4C1}"= TCP:C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe:RoxLiveShare9
"{BCAE74B4-717F-4348-9229-BB64CFEB84E0}"= UDP:C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe:RoxLiveShare9
"{3C2313BC-3EC7-4164-A02E-00EFEEFA1E64}"= TCP:C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe:RoxLiveShare9
"{15215B40-1786-4F01-8042-03E7C9B6D916}"= UDP:C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe:RoxioUpnpService9
"{1A7B0C36-BF1D-4E3B-8D81-8A5C4589B1A3}"= TCP:C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe:RoxioUpnpService9
"{ADFADAD5-FF10-43EF-BC9D-19103BE448F0}"= UDP:C:\Program Files\Grisoft\AVG7\avginet.exe:avginet.exe
"{617A97FB-A0A5-4A28-B2AA-C58E6B1D4842}"= TCP:C:\Program Files\Grisoft\AVG7\avginet.exe:avginet.exe
"{AFA84DCF-C53B-414E-AF68-1ABE0A78C945}"= UDP:C:\Program Files\Grisoft\AVG7\avgamsvr.exe:avgamsvr.exe
"{37DD3005-5B0A-4DB9-BADC-7B85C03ED09D}"= TCP:C:\Program Files\Grisoft\AVG7\avgamsvr.exe:avgamsvr.exe
"{952BE327-BA2D-4402-AC0B-71C09D080498}"= UDP:C:\Program Files\Grisoft\AVG7\avgcc.exe:avgcc.exe
"{C04EDFA8-9CA8-408A-AFDF-0CA754F56E77}"= TCP:C:\Program Files\Grisoft\AVG7\avgcc.exe:avgcc.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
R2 PlugPlayRPC;Plug and Play (RPC);C:\Windows\portsv.exe service []
R2 RapiMgr;Windows Mobile-based device connectivity;C:\Windows\system32\svchost.exe [2006-11-02 10:45]
R2 WcesComm;Windows Mobile-2003-based device connectivity;C:\Windows\system32\svchost.exe [2006-11-02 10:45]
R3 ULI526X;ULi M526X 10/100 Ethernet Controller Driver;C:\Windows\system32\DRIVERS\ULIM526X.SYS [2006-12-18 17:36]
S3 ULI5261XP;ULi M526X Ethernet NT Driver;C:\Windows\system32\DRIVERS\ULILAN51.SYS [2005-03-22 20:36]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-06-07 15:20:54
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Windows\portsv.exe
C:\Windows\System32\PnkBstrA.exe
C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Windows\System32\rundll32.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\wbem\WMIADAP.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\System32\dllhost.exe
.
**************************************************************************
.
Completion time: 2008-06-07 15:26:24 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-07 14:26:13
The system cannot find message text for message number 0x2379 in the message file for Application.
The system cannot find message text for message number 0x2379 in the message file for Application.
289 --- E O F --- 2008-06-06 17:24:11
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:28:32, on 07/06/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Windows\System32\rundll32.exe
C:\Windows\SOUNDMAN.EXE
C:\Windows\WindowsMobile\wmdc.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.co.uk/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://uk.yahoo.comR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: (no name) - {70A51F76-EED9-4657-8DCA-3B9D107643A7} - C:\Windows\system32\yayXnOeE.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKCU\..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O8 - Extra context menu item: eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) -
http://downloads.ewi...oOnlineScan.cabO20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Plug and Play (RPC) (PlugPlayRPC) - Unknown owner - C:\Windows\portsv.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
--
End of file - 6099 bytes