thanks, here are the logs
Hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:16:53, on 30/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\SiteAdvisor\6066\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Download\HiJackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://gfx1.mail.live.com/mail/w1/resou ... NPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.microsoft.com/microsoftup ... 1775593296
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: vturo - C:\WINDOWS\system32\vturo.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6066\SAService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
--
End of file - 10031 bytes
Vundofix:
VundoFix V6.5.6
Checking Java version...
Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.
Scan started at 23:58:44 29/07/2007
Listing files found while scanning....
No infected files were found.
and combofix:
"Matt" - 2007-07-30 0:12:36 - ComboFix 07-07-23.6 - Service Pack 2 NTFS
Command switches used :: C:\Documents and Settings\Matt\Desktop\CFScript.txt
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\fxmorguc.dll
C:\WINDOWS\system32\hnhhowtq.dll
C:\WINDOWS\system32\orutv.bak1
C:\WINDOWS\system32\orutv.bak2
C:\WINDOWS\system32\orutv.ini2
C:\WINDOWS\system32\ylbgtovr.dll
((((((((((((((((((((((((( Files Created from 2007-06-28 to 2007-07-29 )))))))))))))))))))))))))))))))
2007-07-29 17:36 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-29 16:47 <DIR> d-------- C:\VundoFix Backups
2007-07-27 15:37 <DIR> d-------- C:\Program Files\SiteAdvisor
2007-07-27 15:37 <DIR> d-------- C:\DOCUME~1\Matt\APPLIC~1\SiteAdvisor
2007-07-27 15:37 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\SiteAdvisor
2007-07-27 15:37 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SiteAdvisor
2007-07-27 15:36 143,360 --a------ C:\WINDOWS\system32\dunzip32.dll
2007-07-27 15:07 <DIR> d-------- C:\Program Files\Lavasoft
2007-07-27 15:07 <DIR> d-------- C:\DOCUME~1\Matt\APPLIC~1\Lavasoft
2007-07-27 15:06 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-07-26 10:45 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-07-26 10:23 1,156 --a------ C:\WINDOWS\mozver.dat
2007-07-25 23:33 0 --a------ C:\WINDOWS\nsreg.dat
2007-07-24 16:03 <DIR> d-------- C:\Program Files\Global Star Software
2007-07-24 14:24 4,733,440 --a------ C:\WINDOWS\3D Fish School 3.scr
2007-07-24 14:24 118,784 --a------ C:\WINDOWS\dx7ogl32.dll
2007-07-24 14:24 <DIR> d-------- C:\Program Files\3D Fish School 3
2007-07-21 02:07 <DIR> d-------- C:\DOCUME~1\Matt\Guest
2007-07-20 22:39 92,208 --a------ C:\WINDOWS\system\WING.DLL
2007-07-20 22:39 27,136 --a------ C:\WINDOWS\system\WAVMIX16.DLL
2007-07-20 22:39 188,960 --a------ C:\WINDOWS\system\WINGDE.DLL
2007-07-20 22:39 12,800 --a------ C:\WINDOWS\system\WING32.DLL
2007-07-20 22:39 <DIR> d-------- C:\SIMTOWER
2007-07-20 22:39 <DIR> d-------- C:\DOCUME~1\Matt\WINDOWS
2007-07-20 22:06 <DIR> d-------- C:\Program Files\100proof
2007-07-19 16:35 <DIR> d-------- C:\DOCUME~1\Matt\APPLIC~1\EPSON
2007-07-18 13:53 <DIR> d-------- C:\Program Files\ABBYY FineReader 6.0 Sprint
2007-07-18 13:31 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\UDL
2007-07-18 13:30 92,240 --a------ C:\WINDOWS\system32\EPPICPrinterDB.dat
2007-07-18 13:30 65,536 --a------ C:\WINDOWS\system32\EPPicMgr.dll
2007-07-18 13:30 479,232 --a------ C:\WINDOWS\system32\PICSDK.dll
2007-07-18 13:30 4,943 --a------ C:\WINDOWS\system32\EPPICPattern6.dat
2007-07-18 13:30 26,154 --a------ C:\WINDOWS\system32\EPPICPattern1.dat
2007-07-18 13:30 24,903 --a------ C:\WINDOWS\system32\EPPICPattern3.dat
2007-07-18 13:30 21,390 --a------ C:\WINDOWS\system32\EPPICPattern5.dat
2007-07-18 13:30 20,148 --a------ C:\WINDOWS\system32\EPPICPattern2.dat
2007-07-18 13:30 114,688 --a------ C:\WINDOWS\system32\EpPicPrt.dll
2007-07-18 13:30 11,811 --a------ C:\WINDOWS\system32\EPPICPattern4.dat
2007-07-18 13:30 1,146 --a------ C:\WINDOWS\system32\EPPICPresetData_DU.dat
2007-07-18 13:30 1,139 --a------ C:\WINDOWS\system32\EPPICPresetData_PT.dat
2007-07-18 13:30 1,139 --a------ C:\WINDOWS\system32\EPPICPresetData_BP.dat
2007-07-18 13:30 1,136 --a------ C:\WINDOWS\system32\EPPICPresetData_ES.dat
2007-07-18 13:30 1,129 --a------ C:\WINDOWS\system32\EPPICPresetData_FR.dat
2007-07-18 13:30 1,129 --a------ C:\WINDOWS\system32\EPPICPresetData_CF.dat
2007-07-18 13:30 1,120 --a------ C:\WINDOWS\system32\EPPICPresetData_IT.dat
2007-07-18 13:30 1,107 --a------ C:\WINDOWS\system32\EPPICPresetData_GE.dat
2007-07-18 13:30 1,104 --a------ C:\WINDOWS\system32\EPPICPresetData_EN.dat
2007-07-18 13:29 79,679 --a------ C:\WINDOWS\system32\E_FLMACE.DLL
2007-07-18 13:29 64,000 --a------ C:\WINDOWS\system32\E_FBCBACE.DLL
2007-07-18 13:29 49,152 --a------ C:\WINDOWS\system32\E_DCINST.DLL
2007-07-18 13:29 34,304 --a------ C:\WINDOWS\system32\E_FBCHACE.DLL
2007-07-18 13:29 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-07-18 13:28 46,080 --a------ C:\WINDOWS\system32\escimgd.dll
2007-07-18 13:28 29,696 --a------ C:\WINDOWS\system32\escwiad.dll
2007-07-18 13:28 22,016 --a------ C:\WINDOWS\system32\esccmd.dll
2007-07-18 13:28 <DIR> d-------- C:\Program Files\epson
2007-07-18 12:33 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2007-07-18 12:33 42,752 -ra------ C:\WINDOWS\system32\drivers\ser2pl.sys
2007-07-18 12:33 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-07-18 12:33 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-07-18 12:33 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2007-07-17 02:11 <DIR> d-------- C:\Program Files\Oxin's Style!
2007-07-16 23:48 <DIR> d-------- C:\Program Files\Atari
2007-07-16 23:36 <DIR> d-------- C:\Program Files\Infogrames
2007-07-16 00:30 <DIR> d-------- C:\Program Files\DAEMON Tools
2007-07-16 00:27 682,232 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-07-07 23:46 108,144 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-07-07 23:42 <DIR> d-------- C:\Program Files\GameShadow
2007-07-07 23:41 68,888 --a------ C:\WINDOWS\system32\xinput1_3.dll
2007-07-07 23:41 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2007-07-07 23:41 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll
2007-07-07 23:41 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
2007-07-07 23:41 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2007-07-07 23:41 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2007-07-07 23:41 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll
2007-07-07 22:28 <DIR> d-------- C:\Program Files\Battlestations Midway
2007-07-02 20:30 <DIR> d-------- C:\DOCUME~1\Matt\APPLIC~1\Leadertech
2007-06-29 14:01 <DIR> d-------- C:\Program Files\Common Files\xing shared
2007-06-29 14:00 <DIR> d-------- C:\Program Files\Real
2007-06-29 14:00 <DIR> d-------- C:\Program Files\Common Files\Real
2007-06-29 14:00 <DIR> d-------- C:\DOCUME~1\Matt\APPLIC~1\Real
2007-06-29 13:55 <DIR> d-------- C:\My Downloads
2007-06-22 00:45 <DIR> d-------- C:\DOCUME~1\Matt\APPLIC~1\uTorrent
2007-06-22 00:44 <DIR> d-------- C:\Program Files\uTorrent
2007-06-19 14:50 <DIR> d-------- C:\Program Files\horseExpress
2007-06-14 13:39 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll
2007-06-14 13:39 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll
2007-06-14 13:39 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll
2007-06-14 13:39 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll
2007-06-14 13:39 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll
2007-06-14 13:39 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll
2007-06-14 13:39 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll
2007-06-14 13:39 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll
2007-06-14 01:45 397,312 --a------ C:\WINDOWS\system32\GPhotoShow.scr
2007-06-14 01:44 <DIR> d-------- C:\Program Files\gPhotoshow
2007-06-14 01:42 194,560 --a------ C:\WINDOWS\system32\Sailboats_Screensaver.scr
2007-06-14 01:42 <DIR> d-------- C:\WINDOWS\system32\Sailboats_Screensaver dir
2007-06-14 01:42 <DIR> d-------- C:\Screensavers.com
2007-06-14 01:41 89,088 --a------ C:\WINDOWS\system32\Unzdll.dll
2007-06-14 01:41 1,600,799 --a------ C:\WINDOWS\system32\sailing.scr
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-06-12 22:58:38 5 ----a-w C:\WINDOWS\system32\drivers\DELL_INS_1501.MRK
2007-06-12 22:58:38 5 ----a-w C:\WINDOWS\system32\drivers\1028_DELL_INS_1501.MRK
2007-05-31 06:45:07 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-05-31 06:44:55 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-05-31 06:44:54 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-05-31 06:44:54 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-05-31 06:44:54 740,442 ----a-w C:\WINDOWS\system32\DivX.dll
2007-05-21 18:36:16 524,288 ----a-w C:\WINDOWS\opuc.dll
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 19:12]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 20:48]
"SigmatelSysTrayApp"="stsystra.exe" [2006-07-27 22:19 C:\WINDOWS\stsystra.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2006-08-24 00:14]
"MskAgentexe"="C:\Program Files\McAfee\MSK\MskAgent.exe" [2007-01-18 00:30]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 17:41]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-02 00:51]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 11:06]
"@"="" []
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-27 01:17]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 07:46]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 23:40]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-05 02:40]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6066\SiteAdv.exe" [2007-04-10 19:35]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 12:00]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 20:54]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-01-16 00:14]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-03 23:29]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 09:15:54]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ClearRecentDocsOnExit"=01000000
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vturo]
C:\WINDOWS\system32\vturo.dll
R0 atiide;atiide;C:\WINDOWS\system32\DRIVERS\atiide.sys
R1 AmdK8;AMD Processor Driver;C:\WINDOWS\system32\DRIVERS\AmdK8.sys
R1 APPDRV;APPDRV;C:\WINDOWS\system32\DRIVERS\APPDRV.SYS
R1 MPFP;MPFP;C:\WINDOWS\system32\Drivers\Mpfp.sys
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI;C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
R2 ehRecvr;Media Center Receiver Service;C:\WINDOWS\eHome\ehRecvr.exe
R2 ehSched;Media Center Scheduler Service;C:\WINDOWS\eHome\ehSched.exe
R2 McrdSvc;Media Center Extender Service;C:\WINDOWS\ehome\mcrdsvc.exe
R3 AX88772;ASIX AX88772 USB2.0 to Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\ax88772.sys
R3 HidUsb;Microsoft HID Class Driver;C:\WINDOWS\system32\DRIVERS\hidusb.sys
R3 HSF_DPV;HSF_DPV;C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys
R3 HSXHWAZL;HSXHWAZL;C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys
R3 rimmptsk;rimmptsk;C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
R3 sdbus;sdbus;C:\WINDOWS\system32\DRIVERS\sdbus.sys
R3 STHDA;SigmaTel High Definition Audio CODEC;C:\WINDOWS\system32\drivers\sthda.sys
R3 SynTP;Synaptics TouchPad Driver;C:\WINDOWS\system32\DRIVERS\SynTP.sys
R3 usbaudio;USB Audio Driver (WDM);C:\WINDOWS\system32\drivers\usbaudio.sys
R3 usbccgp;Microsoft USB Generic Parent Driver;C:\WINDOWS\system32\DRIVERS\usbccgp.sys
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver;C:\WINDOWS\system32\DRIVERS\usbehci.sys
R3 usbhub;Microsoft USB Standard Hub Driver;C:\WINDOWS\system32\DRIVERS\usbhub.sys
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver;C:\WINDOWS\system32\DRIVERS\usbohci.sys
R3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys
S0 cercsr6;cercsr6;C:\WINDOWS\system32\drivers\cercsr6.sys
S3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver;C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
S3 DCamUSBNovatek;ViviCam X325 Digital Camera;C:\WINDOWS\system32\Drivers\nvtcam.sys
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0;C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
S3 idsvc;Windows CardSpace;"C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"
S3 MHN;MHN;C:\WINDOWS\System32\svchost.exe -k netsvcs
S3 MHNDRV;MHN driver;C:\WINDOWS\system32\DRIVERS\mhndrv.sys
S3 s116bus;Sony Ericsson Device 116 driver (WDM);C:\WINDOWS\system32\DRIVERS\s116bus.sys
S3 s116mdfl;Sony Ericsson Device 116 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s116mdfl.sys
S3 s116mdm;Sony Ericsson Device 116 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s116mdm.sys
S3 s116mgmt;Sony Ericsson Device 116 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s116mgmt.sys
S3 s116nd5;Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (NDIS);C:\WINDOWS\system32\DRIVERS\s116nd5.sys
S3 s116obex;Sony Ericsson Device 116 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s116obex.sys
S3 s116unic;Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (WDM);C:\WINDOWS\system32\DRIVERS\s116unic.sys
S3 sffdisk;SFF Storage Class Driver;C:\WINDOWS\system32\DRIVERS\sffdisk.sys
S3 sffp_sd;SFF Storage Protocol Driver for SDBus;C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
S3 UIUSys;Conexant Setup API;C:\WINDOWS\system32\DRIVERS\UIUSYS.SYS
S3 usbscan;USB Scanner Driver;C:\WINDOWS\system32\DRIVERS\usbscan.sys
S3 USBSTOR;USB Mass Storage Driver;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service;"C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe"
*Newly Created Service* - CATCHME
Contents of the 'Scheduled Tasks' folder
2007-06-12 23:50:24 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-06-12 23:22:14 C:\WINDOWS\tasks\McDefragTask.job
2007-06-12 23:22:12 C:\WINDOWS\tasks\McQcTask.job
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2007-07-30 00:14:46
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Reinstall\\24\n\21]
"DisplayName"="\x5938\x74d\x5938\x74d\1"
"DeviceDesc"="\x5938\x74d\x5938\x74d\1"
"ProviderName"="\x27d4\21\xee18\x7c90\x2844\21\b"
"MFG"="\x54c"
"ReinstallString"="C:\WINDOWS\System32\ReinstallBackups\\xa14\21\x80\xc010\DriverFiles\.INF"
"DeviceInstanceIds"=str(7):"c:\dell\drivers\r134875\smbus\smbusati.inf"
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-07-30 0:15:33
C:\ComboFix-quarantined-files.txt ... 2007-07-30 00:15
--- E O F ---