nobbly niblets

Is this file worth a look at?

C:\WINDOWS\SYSTEM32\DRIVERS\_003269_.tmp.dll

MBGraphics

Ok, here is the log from SDFix:



SDFix: Version 1.228
Run by chevy on Tue 09/23/2008 at 04:12 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\Documents and Settings\chevy\Desktop\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\WINDOWS\system32\eiytiugwtrfxaxske.exe - Deleted





Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-23 16:23:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\T DSSserv]
"start"=dword:00000001
"type"=dword:00000001
"imagepath"=str(2):"\systemroot\system32\drivers\T DSSserv.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\T DSSserv]
"start"=dword:00000001
"type"=dword:00000001
"imagepath"=str(2):"\systemroot\system32\drivers\T DSSserv.sys"

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"="C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) "
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjou r"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files :


File Backups: - C:\DOCUME~1\chevy\Desktop\SDFix\backups\backups.zi p

Files with Hidden Attributes :


Finished!

__________________
Mike Pics of my rig HERE
Case:Lian Li with Swiftek apogee watercooling
CPU: Intel Q6600 (2.4 GHz)
Video: NVIDIA GeForce 8800GTX BFG OC Edition. LG 23" 1080HD and Sharp 19"
RAM/Storage:4GB Kingston Hyper X DDR2/320GB(7,200RPM) an 160GB(10,000 RPM) internals, and 320GB External
Sound Card: Creative X-Fi XtremeGamer Fatality
OS: Windows Vista Home Premium (64-bit)
M-B-Photos
Winner of Photo Tournaments: Automobiles and Birds

MBGraphics

Here is the ComboFix Log:


ComboFix 08-09-20.05 - chevy 2008-09-23 16:34:48.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2387 [GMT -7:00]
Running from: G:\ComboFix.exe
Command switches used :: C:\Documents and Settings\chevy\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-08-23 to 2008-09-23 )))))))))))))))))))))))))))))))
.

2008-09-23 16:05 . 2008-09-23 16:05 577,536 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\user32.dll
2008-09-23 16:03 . 2008-09-23 16:03 <DIR> d-------- C:\WINDOWS\ERUNT
2008-09-23 15:47 . 2008-09-22 01:35 <DIR> d-------- C:\SDFix
2008-09-20 15:03 . 2008-09-20 15:03 65 --a------ C:\WINDOWS\SYSTEM32\c0c2a076
2008-09-20 14:43 . 2008-09-20 14:43 355 --a------ C:\955.bat
2008-09-20 13:13 . 2008-09-20 13:13 71 --a------ C:\Documents and Settings\chevy\1359.bat
2008-09-20 12:35 . 2008-09-20 12:35 71 --a------ C:\Documents and Settings\chevy\4742.bat
2008-09-20 12:26 . 2008-09-20 12:26 355 --a------ C:\421.bat
2008-09-19 16:57 . 2008-09-19 16:57 71 --a------ C:\Documents and Settings\chevy\3480.bat
2008-09-19 16:01 . 2008-09-19 16:01 34,816 --a------ C:\WINDOWS\SYSTEM32\tuvWmJdb.dll
2008-09-19 16:01 . 2008-09-19 16:01 355 --a------ C:\356.bat
2008-09-17 19:49 . 2008-09-17 19:49 1,001,023 --ahs---- C:\WINDOWS\SYSTEM32\WEKTCJlm.tmp
2008-09-17 19:02 . 2008-09-17 19:02 (2) -rahs-ot- C:\WINDOWS\winstart.bat
2008-09-17 19:00 . 2008-09-17 19:49 <DIR> d-------- C:\Program Files\UnHackMe
2008-09-17 16:37 . 2008-09-17 16:37 121 --ahs---- C:\WINDOWS\SYSTEM32\BIRsAJlm.tmp
2008-09-17 16:02 . 2008-09-17 16:02 147,456 --a------ C:\WINDOWS\SYSTEM32\vbzip10.dll
2008-09-17 15:59 . 2008-09-17 18:23 <DIR> d--hs---- C:\WINDOWS\Y2hldnk
2008-09-17 15:58 . 2008-09-17 18:20 <DIR> d-------- C:\WINDOWS\SYSTEM32\wp
2008-09-17 15:58 . 2008-09-17 15:58 <DIR> d-------- C:\WINDOWS\SYSTEM32\RES
2008-09-17 15:58 . 2008-09-17 18:21 <DIR> d-------- C:\WINDOWS\SYSTEM32\np5
2008-09-17 15:58 . 2008-09-17 15:58 <DIR> d-------- C:\WINDOWS\SYSTEM32\mC02
2008-09-17 15:58 . 2008-09-17 15:58 <DIR> d-------- C:\Temp\mtc2
2008-09-17 15:58 . 2008-09-20 18:02 <DIR> d-------- C:\Temp
2008-09-05 17:28 . 2008-09-05 17:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ZoomBrowser
2008-08-29 05:11 . 2008-08-29 05:11 166,400 --a------ C:\WINDOWS\SYSTEM32\dcftwsccwjivny.dll
2008-08-27 14:03 . 2008-08-27 14:03 42,320 --a------ C:\WINDOWS\SYSTEM32\xfcodec.dll
2008-08-27 13:35 . 2007-02-28 02:08 2,147,840 --a------ C:\WINDOWS\SYSTEM32\ntoskrnl.exe
2008-08-26 23:08 . 2008-08-26 23:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Fugazo
2008-08-26 23:07 . 2008-08-26 23:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trymedia
2008-08-26 19:50 . 2008-08-27 13:48 <DIR> d-------- C:\WINDOWS\SYSTEM32\scripting
2008-08-26 19:50 . 2008-08-27 13:48 <DIR> d-------- C:\WINDOWS\SYSTEM32\en
2008-08-26 19:50 . 2008-08-27 13:48 <DIR> d-------- C:\WINDOWS\SYSTEM32\bits
2008-08-26 19:50 . 2008-08-27 13:48 <DIR> d-------- C:\WINDOWS\l2schemas
2008-08-26 19:45 . 2004-08-10 03:00 71,040 --------- C:\WINDOWS\SYSTEM32\DRIVERS\_003269_.tmp.dll
2008-08-26 19:07 . 2008-04-13 17:11 2,843,136 --a------ C:\WINDOWS\SYSTEM32\SET961.tmp
2008-08-26 18:46 . 2008-08-28 09:43 <DIR> d-------- C:\WINDOWS\SYSTEM32\CatRoot_bak
2008-08-23 19:59 . 2008-08-23 19:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Winferno

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-09-21 19:36 --------- d-----w C:\Documents and Settings\chevy\Application Data\Xfire
2008-09-20 23:54 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-19 03:41 --------- d-s---w C:\Program Files\Xfire
2008-09-19 01:02 --------- d-----w C:\Documents and Settings\chevy\Application Data\ZoomBrowser EX
2008-09-18 03:00 --------- d-----w C:\Program Files\LimeWire
2008-09-17 22:57 --------- d-----w C:\Documents and Settings\chevy\Application Data\Azureus
2008-09-16 03:35 139,128 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-09-16 03:35 111,928 ----a-w C:\WINDOWS\SYSTEM32\PnkBstrB.exe
2008-09-06 00:54 --------- d-----w C:\Program Files\Canon
2008-09-06 00:26 --------- d-----w C:\Program Files\Common Files\Canon
2008-08-27 21:12 --------- d-----w C:\Program Files\Ascentive
2008-08-27 05:59 --------- d-----w C:\Documents and Settings\chevy\Application Data\gtk-2.0
2008-08-27 03:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-24 03:07 --------- d-----w C:\Program Files\Bonjour
2008-08-24 03:03 --------- d-----w C:\Program Files\Speeditup Free
2008-08-24 03:02 --------- d-----w C:\Program Files\MySpace
2008-08-21 05:06 --------- d-----w C:\Program Files\Free Offers from Freeze.com
2008-08-21 05:06 --------- d-----w C:\Program Files\AWS
2008-08-21 05:06 --------- d-----w C:\Documents and Settings\chevy\Application Data\WeatherBug
2008-08-20 07:49 --------- d-----w C:\Program Files\Flickr Uploadr
2008-08-20 01:02 --------- d-----w C:\Program Files\HD Tune
2008-08-13 21:58 --------- d-----w C:\Documents and Settings\chevy\Application Data\BearShare
2008-08-12 05:50 --------- d-----w C:\Program Files\BearShare Applications
2008-08-12 02:23 32,778 ----a-w C:\WINDOWS\Fonts\thematrix.zip
2008-08-12 02:07 81,312 ----a-w C:\WINDOWS\Fonts\fontz_1120_miltownmatrix.zip
2008-08-11 05:03 --------- d-----w C:\Documents and Settings\chevy\Application Data\Flickr
2008-08-09 23:09 --------- d-----w C:\Program Files\GIMP-2.0
2008-08-04 22:27 --------- d-----w C:\Program Files\UltraMon
2008-08-04 22:27 --------- d-----w C:\Program Files\Common Files\Realtime Soft
2008-08-04 22:27 --------- d-----w C:\Documents and Settings\chevy\Application Data\Realtime Soft
2008-08-04 22:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Realtime Soft
2008-08-04 22:15 --------- d-----w C:\Program Files\Common Files\Stardock
2008-07-23 08:17 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-07-19 05:10 94,920 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\cdm.dll
2008-07-19 05:10 94,920 ----a-w C:\WINDOWS\SYSTEM32\cdm.dll
2008-07-19 05:10 53,448 ----a-w C:\WINDOWS\SYSTEM32\wuauclt.exe
2008-07-19 05:10 53,448 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wuauclt.exe
2008-07-19 05:10 45,768 ----a-w C:\WINDOWS\SYSTEM32\wups2.dll
2008-07-19 05:10 36,552 ----a-w C:\WINDOWS\SYSTEM32\wups.dll
2008-07-19 05:10 36,552 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wups.dll
2008-07-19 05:09 563,912 ----a-w C:\WINDOWS\SYSTEM32\wuapi.dll
2008-07-19 05:09 563,912 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wuapi.dll
2008-07-19 05:09 325,832 ----a-w C:\WINDOWS\SYSTEM32\wucltui.dll
2008-07-19 05:09 325,832 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wucltui.dll
2008-07-19 05:09 205,000 ----a-w C:\WINDOWS\SYSTEM32\wuweb.dll
2008-07-19 05:09 205,000 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wuweb.dll
2008-07-19 05:09 1,811,656 ----a-w C:\WINDOWS\SYSTEM32\wuaueng.dll
2008-07-19 05:09 1,811,656 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wuaueng.dll
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\SYSTEM32\es.dll
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\es.dll
2008-06-25 01:12 295,936 ----a-w C:\WINDOWS\SYSTEM32\wmpeffects.dll
2008-06-24 17:57 3,592,192 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\SYSTEM32\mscms.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mscms.dll
2008-06-23 09:20 70,656 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ie4uinit.exe
2008-06-23 09:20 625,664 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iexplore.exe
2008-06-23 09:20 13,824 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe
2007-12-25 17:58 22,328 ----a-w C:\Documents and Settings\chevy\Application Data\PnkBstrK.sys
2007-10-06 21:22 1,066,496 -csha-w C:\Program Files\ehthumbs.db
2005-08-06 06:54 211,952 ----a-w C:\Program Files\new.sc3
2005-08-06 03:55 164,538 -c--a-w C:\Program Files\new city.sc3
2005-07-29 22:52 56,192 ----a-w C:\Program Files\New City69.sc3
2005-07-07 23:07 251 ----a-w C:\Program Files\wt3d.ini
2003-05-27 03:08 8,964,958 ----a-w C:\Documents and Settings\chevy\SCXE26Setup.exe
2003-05-05 22:59 436,224 ----a-w C:\Documents and Settings\chevy\SCXEDirectoryFix.exe
2003-04-19 22:34 467,968 ----a-w C:\Documents and Settings\chevy\SCXEUpd.exe
.

------- Sigcheck -------

2005-03-01 17:36 2056832 d8aba3eab509627e707a3b14f00fbb6b C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
2006-12-19 09:12 2059392 ba4b97c00a437c1cc3da365d93ee1e9d C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe
2007-02-28 02:15 2059392 4d3dbdccbf97f5ba1e74f322b155c3ba C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
2004-08-03 20:59 2015232 fb142b7007ca2eea76966c6c5cc12150 C:\WINDOWS\$NtUninstallKB890859$\ntkrnlpa.exe
2005-03-01 17:34 2015232 3cd941e472ddf3534e53038535719771 C:\WINDOWS\$NtUninstallKB929338$\ntkrnlpa.exe
2006-12-19 05:55 2015744 bbb2322eb14ad9ad55b1024ffd4d88bf C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe
2007-02-28 01:38 2057600 515d30e2c90a3665a2739309334c9283 C:\WINDOWS\Driver Cache\I386\ntkrnlpa.exe
2008-04-13 11:31 2065792 109f8e3e3c82e337bb71b6bc9b895d61 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193 501484cf5e6884fa1d22f9e\ntkrnlpa.exe
2007-02-28 01:38 2027520 54a8b9806027049f8b19f1274a63c7b4 C:\WINDOWS\SYSTEM32\ntkrnlpa.exe
2007-02-28 01:38 2015744 a58ac1c6199ef34228abee7fc057ae09 C:\WINDOWS\SYSTEM32\VITrans\ntkrnlpa.exe

2005-03-01 18:04 2179456 28187802b7c368c0d3aef7d4c382aabb C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
2006-12-19 09:51 2182016 cef243f6defd20be4adde26c7ecacb54 C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe
2007-02-28 02:55 2182144 5a5c8db4aa962c714c8371fbdf189fc9 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
2004-08-03 21:18 2148352 626309040459c3915997ef98ec1c8d40 C:\WINDOWS\$NtUninstallKB890859$\ntoskrnl.exe
2005-03-01 17:57 2135552 48b3e89af7074cee0314a3e0c7faffdb C:\WINDOWS\$NtUninstallKB929338$\ntoskrnl.exe
2006-12-19 07:15 2136064 8318ed54797f3e513fd5817a1d4bbd18 C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe
2007-02-28 02:10 2180352 582a8dbaa58c3b1f176eb2817daee77c C:\WINDOWS\Driver Cache\I386\ntoskrnl.exe
2008-04-13 12:27 2188928 0c89243c7c3ee199b96fcc16990e0679 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193 501484cf5e6884fa1d22f9e\ntoskrnl.exe
2007-02-28 02:08 2147840 5fb20cabc9a81baaabbe63f30ffc5284 C:\WINDOWS\SYSTEM32\ntoskrnl.exe
2007-02-28 02:08 2136064 1220faf071dea8653ee21de7dcda8bfd C:\WINDOWS\SYSTEM32\VITrans\ntoskrnl.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 15360]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]
"Rainlendar2"="C:\Program Files\Rainlendar2\Rainlendar2.exe" [2007-12-30 1365504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [X]
"IAAnotif"="C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-03-23 135168]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 339968]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 221184]
"CTSysVol"="C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"CTDVDDET"="C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE" [2003-06-17 45056]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-10 90112]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\I SUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2002-09-10 368706]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.ex e" [2006-07-21 129536]
"Motive SmartBridge"="C:\PROGRA~1\SBCSEL~1\SMARTB~1\Motive SB.exe" [2003-12-10 380928]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2003-05-15 163840]
"IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 124520]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-05-31 122941]
"YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [2006-07-21 407032]
"StxTrayMenu"="C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe" [2007-01-04 187496]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 202544]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 116040]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-10 289064]
"{88263159-d7ea-a00a-302d-778d20c39157}"="C:\WINDOWS\system32\dcftwsccwjivny .dll" [2008-08-29 166400]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2007-07-19 5361464]
"CTHelper"="CTHELPER.EXE" [2004-03-11 C:\WINDOWS\SYSTEM32\CTHELPER.EXE]

C:\Documents and Settings\chevy\Start Menu\Programs\Startup\
AutoBackup Launcher.lnk - C:\Program Files\Memeo\AutoBackup\MemeoLauncher.exe [2006-12-14 214520]
PowerReg Scheduler V3.exe [2005-08-09 225280]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
UltraMon.lnk - C:\WINDOWS\Installer\{AF0FA6D7-96F3-468A-ABB7-28BE006EA8E9}\IcoUltraMon.ico [2008-08-04 29310]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"=hex(2):76,69,73,74,61,75,69,2e,65,78,65,0 0

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=xwvexa.dll gxnotq.dll dfhnhc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.iv41"= IR41_32.DLL
"VIDC.XFR1"= xfcodec.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ImageMixer for HDD Camcorder.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ImageMixer for HDD Camcorder.lnk
backup=C:\WINDOWS\pss\ImageMixer for HDD Camcorder.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SBC Self Support Tool.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SBC Self Support Tool.lnk
backup=C:\WINDOWS\pss\SBC Self Support Tool.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^chevy^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\chevy\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^chevy^Start Menu^Programs^Startup^Stardock ObjectDock.lnk]
path=C:\Documents and Settings\chevy\Start Menu\Programs\Startup\Stardock ObjectDock.lnk
backup=C:\WINDOWS\pss\Stardock ObjectDock.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-10 03:00 15360 C:\WINDOWS\SYSTEM32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
--a------ 2007-03-15 11:09 460784 C:\Program Files\DellSupport\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
--a------ 2007-11-15 10:23 202544 C:\Program Files\Dell Support Center\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
--a------ 2007-11-15 10:24 16384 C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
--------- 2005-02-23 14:19 53248 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
--a------ 2005-08-05 14:56 64512 C:\WINDOWS\EHOME\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2006-05-09 17:24 50760 C:\Program Files\Common Files\AOL\1154645544\ee\aolsoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ink Monitor]
--------- 2002-05-29 01:23 258118 C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-07-10 10:51 289064 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LClock]
--a------ 2004-09-20 02:27 65536 C:\Program Files\LClock\LClock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2005-06-28 21:51 26112 C:\Program Files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
--a------ 2007-07-19 22:54 5361464 C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-12-14 04:42 144784 C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViOrb]
--a------ 2007-11-19 14:01 163840 C:\Program Files\ViOrb\ViOrb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vista Sidebar]
--a------ 2007-11-20 14:51 524288 C:\Program Files\Vista Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViStart]
--a------ 2007-11-26 20:27 593920 C:\Program Files\ViStart\ViStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 18:43 4670704 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\system32\\sessmgr.exe"=

R0 SSFS0BB8;Spy Sweeper File System Filer Driver: 0BB8;C:\WINDOWS\system32\Drivers\SSFS0BB8.SYS [2007-07-19 20280]
R2 UltraMonUtility;UltraMon Utility Driver;C:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [2006-09-24 11776]
R3 UltraMonMirror;UltraMonMirror;C:\WINDOWS\system32\ DRIVERS\UltraMonMirror.sys [2006-09-24 3584]
S1 agp4400;agp4400;C:\WINDOWS\system32\drivers\agp440 0.sys [ ]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;C:\WINDOWS\system32\drivers\ScreamingBAudio. sys [ ]
.
Contents of the 'Scheduled Tasks' folder
.

************************************************** ************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-23 16:42:55
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


************************************************** ************************
.
Completion time: 2008-09-23 16:48:05
ComboFix-quarantined-files.txt 2008-09-23 23:46:44
ComboFix2.txt 2008-09-21 01:43:26
ComboFix3.txt 2008-02-14 23:15:33
ComboFix4.txt 2008-02-14 02:37:11

Pre-Run: 179,494,264,832 bytes free
Post-Run: 179,457,556,480 bytes free

277 --- E O F --- 2008-09-10 22:01:21

__________________
Mike Pics of my rig HERE
Case:Lian Li with Swiftek apogee watercooling
CPU: Intel Q6600 (2.4 GHz)
Video: NVIDIA GeForce 8800GTX BFG OC Edition. LG 23" 1080HD and Sharp 19"
RAM/Storage:4GB Kingston Hyper X DDR2/320GB(7,200RPM) an 160GB(10,000 RPM) internals, and 320GB External
Sound Card: Creative X-Fi XtremeGamer Fatality
OS: Windows Vista Home Premium (64-bit)
M-B-Photos
Winner of Photo Tournaments: Automobiles and Birds

MBGraphics

And the HiJack This Log:



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:51:39 PM, on 9/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Memeo\AutoBackup\MemeoBackup.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://members.freewebs.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1;*.local
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn5\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn5\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - (no file)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn5\yt.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [IntelMeM] "C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe"
O4 - HKLM\..\Run: [CTSysVol] "C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" /r
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe " -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [BJCFD] "C:\Program Files\BroadJump\Client Foundation\CFD.exe"
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [IPHSend] "C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [YOP] "C:\PROGRA~1\Yahoo!\YOP\yop.exe" /autostart
O4 - HKLM\..\Run: [UserFaultCheck] C:\WINDOWS\system32\dumprep 0 -u
O4 - HKLM\..\Run: [StxTrayMenu] "C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [AppleSyncNotifier] "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [{88263159-d7ea-a00a-302d-778d20c39157}] "C:\WINDOWS\System32\Rundll32.exe" "C:\WINDOWS\system32\dcftwsccwjivny.dll" DllStub
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Rainlendar2] "C:\Program Files\Rainlendar2\Rainlendar2.exe"
O4 - Startup: AutoBackup Launcher.lnk = C:\Program Files\Memeo\AutoBackup\MemeoLauncher.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: UltraMon.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1136011116468
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/4...l/gtdownls.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.114.44 85.255.112.180
O20 - AppInit_DLLs: xwvexa.dll gxnotq.dll dfhnhc.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AutoBackup (BMUService) - Memeo - C:\Program Files\Memeo\AutoBackup\MemeoService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE

--
End of file - 11912 bytes

__________________
Mike Pics of my rig HERE
Case:Lian Li with Swiftek apogee watercooling
CPU: Intel Q6600 (2.4 GHz)
Video: NVIDIA GeForce 8800GTX BFG OC Edition. LG 23" 1080HD and Sharp 19"
RAM/Storage:4GB Kingston Hyper X DDR2/320GB(7,200RPM) an 160GB(10,000 RPM) internals, and 320GB External
Sound Card: Creative X-Fi XtremeGamer Fatality
OS: Windows Vista Home Premium (64-bit)
M-B-Photos
Winner of Photo Tournaments: Automobiles and Birds

MBGraphics

Ok, here is the ComboFix log:

ComboFix 08-09-20.05 - chevy 2008-09-23 18:19:34.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2328 [GMT -7:00]
Running from: G:\ComboFix.exe
Command switches used :: C:\Documents and Settings\chevy\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\356.bat
C:\421.bat
C:\955.bat
C:\Documents and Settings\chevy\1359.bat
C:\Documents and Settings\chevy\3480.bat
C:\Documents and Settings\chevy\4742.bat
C:\Documents and Settings\chevy\Incomplete\T-3545425-boats hoes.mp3
C:\Documents and Settings\chevy\Incomplete\T-3545425-true sound basshunter.mp3
C:\Documents and Settings\chevy\Incomplete\T-5745425-boats hoes.mp3
C:\Documents and Settings\chevy\Incomplete\T-5745425-nex episode snoop dog.mp3
C:\Documents and Settings\chevy\Incomplete\T-5745425-Skee Lo -i wish.mp3
C:\Documents and Settings\chevy\Local Settings\Application Data\Opera\Opera\profile\cache4\temporary_download \Antivirus_Protection_Setup.exe
C:\Documents and Settings\chevy\Shared\eminem - Sing for the Moment.mp3
C:\Documents and Settings\chevy\Shared\souljah boy hardcore cute girl has orgasm on webcam.mp3
C:\WINDOWS\SYSTEM32\BIRsAJlm.tmp
C:\WINDOWS\SYSTEM32\c0c2a076
C:\WINDOWS\SYSTEM32\dcftwsccwjivny.dll
C:\WINDOWS\SYSTEM32\eiytiugwtrfxaxske.exe
C:\WINDOWS\SYSTEM32\filekiller.dll
C:\WINDOWS\SYSTEM32\tuvWmJdb.dll
C:\WINDOWS\SYSTEM32\WEKTCJlm.tmp
H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\Preview-T-3545425-anthum 2.mp3
H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\Preview-T-3545425-full throttle.mp3
H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\Preview-T-3545425-sleepin all day stayin up.mp3
H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\Preview-T-3545425-sleepin all day.mp3
H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\Preview-T-3545425-souljah boy hardcore.mp3
H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\Preview-T-3566386-06 Track 6 (hardcore).wma
H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\Preview-T-460090-solja boy harcore version cute girl has orgasm on webcam.mp3
H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\Preview-T-460090-solja boy harcore version cute girl has orgasm on webcam@2008-03-17T22;12;06.mp3
H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\Preview-T-5745425-full throttle.mp3
H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\T-1932750-Wicked Remix.wma
H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\T-3545425-full throttle.mp3
H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\T-3545425-full throttle@2008-06-19T06;11;20.mp3
H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\T-3545425-nizlopi.mp3
H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\T-3545425-souljah boy hardcore.mp3
H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\T-3566386-06 Track 6 (hardcore).wma
H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\T-460090-solja boy harcore version cute girl has orgasm on webcam.mp3
H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Shared\eminem - Sing for the Moment.mp3
H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Shared\souljah boy hardcore cute girl has orgasm on webcam.mp3
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\356.bat
C:\421.bat
C:\955.bat
C:\Documents and Settings\chevy\1359.bat
C:\Documents and Settings\chevy\3480.bat
C:\Documents and Settings\chevy\4742.bat
C:\Documents and Settings\chevy\Cookies\chevy@ad.yieldmanager[2].txt
C:\Documents and Settings\chevy\Cookies\chevy@trafficmp[2].txt
C:\Documents and Settings\chevy\Incomplete\T-3545425-boats hoes.mp3
C:\Documents and Settings\chevy\Incomplete\T-3545425-true sound basshunter.mp3
C:\Documents and Settings\chevy\Incomplete\T-5745425-boats hoes.mp3
C:\Documents and Settings\chevy\Incomplete\T-5745425-nex episode snoop dog.mp3
C:\Documents and Settings\chevy\Incomplete\T-5745425-Skee Lo -i wish.mp3
C:\Documents and Settings\chevy\Local Settings\Application Data\Opera\Opera\profile\cache4\temporary_download \Antivirus_Protection_Setup.exe
C:\Documents and Settings\chevy\Shared\eminem - Sing for the Moment.mp3
C:\Documents and Settings\chevy\Shared\souljah boy hardcore cute girl has orgasm on webcam.mp3
C:\Temp
C:\Temp\mtc2\h5v.log
C:\WINDOWS\SYSTEM32\BIRsAJlm.tmp
C:\WINDOWS\SYSTEM32\c0c2a076
C:\WINDOWS\SYSTEM32\dcftwsccwjivny.dll
C:\WINDOWS\SYSTEM32\filekiller.dll
C:\WINDOWS\SYSTEM32\mC02
C:\WINDOWS\SYSTEM32\mC02\mC022328.exe
C:\WINDOWS\SYSTEM32\np5
C:\WINDOWS\SYSTEM32\RES
C:\WINDOWS\SYSTEM32\RES\comec130t.exe
C:\WINDOWS\SYSTEM32\tuvWmJdb.dll
C:\WINDOWS\SYSTEM32\WEKTCJlm.tmp
C:\WINDOWS\SYSTEM32\wp
C:\WINDOWS\Y2hldnk
H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\Preview-T-3545425-anthum 2.mp3
H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\Preview-T-3545425-full throttle.mp3
H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\Preview-T-3545425-sleepin all day stayin up.mp3
H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\Preview-T-3545425-sleepin all day.mp3
H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\Preview-T-3545425-souljah boy hardcore.mp3
H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\Preview-T-3566386-06 Track 6 (hardcore).wma
H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\Preview-T-460090-solja boy harcore version cute girl has orgasm on webcam.mp3
H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\Preview-T-460090-solja boy harcore version cute girl has orgasm on webcam@2008-03-17T22;12;06.mp3
H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\Preview-T-5745425-full throttle.mp3
H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\T-1932750-Wicked Remix.wma
H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\T-3545425-full throttle.mp3
H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\T-3545425-full throttle@2008-06-19T06;11;20.mp3
H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\T-3545425-nizlopi.mp3
H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\T-3545425-souljah boy hardcore.mp3
H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\T-3566386-06 Track 6 (hardcore).wma
H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\T-460090-solja boy harcore version cute girl has orgasm on webcam.mp3
H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Shared\eminem - Sing for the Moment.mp3
H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Shared\souljah boy hardcore cute girl has orgasm on webcam.mp3

.
((((((((((((((((((((((((( Files Created from 2008-08-24 to 2008-09-24 )))))))))))))))))))))))))))))))
.

2008-09-23 16:05 . 2008-09-23 16:05 577,536 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\user32.dll
2008-09-23 16:03 . 2008-09-23 16:03 <DIR> d-------- C:\WINDOWS\ERUNT
2008-09-23 15:47 . 2008-09-22 01:35 <DIR> d-------- C:\SDFix
2008-09-17 19:02 . 2008-09-17 19:02 (2) -rahs-ot- C:\WINDOWS\winstart.bat
2008-09-17 19:00 . 2008-09-17 19:49 <DIR> d-------- C:\Program Files\UnHackMe
2008-09-17 16:02 . 2008-09-17 16:02 147,456 --a------ C:\WINDOWS\SYSTEM32\vbzip10.dll
2008-09-05 17:28 . 2008-09-05 17:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ZoomBrowser
2008-08-27 14:03 . 2008-08-27 14:03 42,320 --a------ C:\WINDOWS\SYSTEM32\xfcodec.dll
2008-08-27 13:35 . 2007-02-28 02:08 2,147,840 --a------ C:\WINDOWS\SYSTEM32\ntoskrnl.exe
2008-08-26 23:08 . 2008-08-26 23:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Fugazo
2008-08-26 23:07 . 2008-08-26 23:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trymedia
2008-08-26 19:50 . 2008-08-27 13:48 <DIR> d-------- C:\WINDOWS\SYSTEM32\scripting
2008-08-26 19:50 . 2008-08-27 13:48 <DIR> d-------- C:\WINDOWS\SYSTEM32\en
2008-08-26 19:50 . 2008-08-27 13:48 <DIR> d-------- C:\WINDOWS\SYSTEM32\bits
2008-08-26 19:50 . 2008-08-27 13:48 <DIR> d-------- C:\WINDOWS\l2schemas
2008-08-26 19:45 . 2004-08-10 03:00 71,040 --------- C:\WINDOWS\SYSTEM32\DRIVERS\_003269_.tmp.dll
2008-08-26 19:07 . 2008-04-13 17:11 2,843,136 --a------ C:\WINDOWS\SYSTEM32\SET961.tmp
2008-08-26 18:46 . 2008-08-28 09:43 <DIR> d-------- C:\WINDOWS\SYSTEM32\CatRoot_bak

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-09-21 19:36 --------- d-----w C:\Documents and Settings\chevy\Application Data\Xfire
2008-09-20 23:54 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-19 03:41 --------- d-s---w C:\Program Files\Xfire
2008-09-19 01:02 --------- d-----w C:\Documents and Settings\chevy\Application Data\ZoomBrowser EX
2008-09-18 03:00 --------- d-----w C:\Program Files\LimeWire
2008-09-17 22:57 --------- d-----w C:\Documents and Settings\chevy\Application Data\Azureus
2008-09-16 03:35 139,128 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-09-16 03:35 111,928 ----a-w C:\WINDOWS\SYSTEM32\PnkBstrB.exe
2008-09-06 00:54 --------- d-----w C:\Program Files\Canon
2008-09-06 00:26 --------- d-----w C:\Program Files\Common Files\Canon
2008-08-27 21:12 --------- d-----w C:\Program Files\Ascentive
2008-08-27 05:59 --------- d-----w C:\Documents and Settings\chevy\Application Data\gtk-2.0
2008-08-27 03:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-24 03:07 --------- d-----w C:\Program Files\Bonjour
2008-08-24 03:03 --------- d-----w C:\Program Files\Speeditup Free
2008-08-24 03:02 --------- d-----w C:\Program Files\MySpace
2008-08-24 02:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Winferno
2008-08-21 05:06 --------- d-----w C:\Program Files\Free Offers from Freeze.com
2008-08-21 05:06 --------- d-----w C:\Program Files\AWS
2008-08-21 05:06 --------- d-----w C:\Documents and Settings\chevy\Application Data\WeatherBug
2008-08-20 07:49 --------- d-----w C:\Program Files\Flickr Uploadr
2008-08-20 01:02 --------- d-----w C:\Program Files\HD Tune
2008-08-13 21:58 --------- d-----w C:\Documents and Settings\chevy\Application Data\BearShare
2008-08-12 05:50 --------- d-----w C:\Program Files\BearShare Applications
2008-08-12 02:23 32,778 ----a-w C:\WINDOWS\Fonts\thematrix.zip
2008-08-12 02:07 81,312 ----a-w C:\WINDOWS\Fonts\fontz_1120_miltownmatrix.zip
2008-08-11 05:03 --------- d-----w C:\Documents and Settings\chevy\Application Data\Flickr
2008-08-09 23:09 --------- d-----w C:\Program Files\GIMP-2.0
2008-08-04 22:27 --------- d-----w C:\Program Files\UltraMon
2008-08-04 22:27 --------- d-----w C:\Program Files\Common Files\Realtime Soft
2008-08-04 22:27 --------- d-----w C:\Documents and Settings\chevy\Application Data\Realtime Soft
2008-08-04 22:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Realtime Soft
2008-08-04 22:15 --------- d-----w C:\Program Files\Common Files\Stardock
2008-07-19 05:10 94,920 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\cdm.dll
2008-07-19 05:10 94,920 ----a-w C:\WINDOWS\SYSTEM32\cdm.dll
2008-07-19 05:10 53,448 ----a-w C:\WINDOWS\SYSTEM32\wuauclt.exe
2008-07-19 05:10 53,448 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wuauclt.exe
2008-07-19 05:10 45,768 ----a-w C:\WINDOWS\SYSTEM32\wups2.dll
2008-07-19 05:10 36,552 ----a-w C:\WINDOWS\SYSTEM32\wups.dll
2008-07-19 05:10 36,552 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wups.dll
2008-07-19 05:09 563,912 ----a-w C:\WINDOWS\SYSTEM32\wuapi.dll
2008-07-19 05:09 563,912 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wuapi.dll
2008-07-19 05:09 325,832 ----a-w C:\WINDOWS\SYSTEM32\wucltui.dll
2008-07-19 05:09 325,832 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wucltui.dll
2008-07-19 05:09 205,000 ----a-w C:\WINDOWS\SYSTEM32\wuweb.dll
2008-07-19 05:09 205,000 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wuweb.dll
2008-07-19 05:09 1,811,656 ----a-w C:\WINDOWS\SYSTEM32\wuaueng.dll
2008-07-19 05:09 1,811,656 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wuaueng.dll
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\SYSTEM32\es.dll
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\es.dll
2008-06-25 01:12 295,936 ----a-w C:\WINDOWS\SYSTEM32\wmpeffects.dll
2008-06-24 17:57 3,592,192 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\SYSTEM32\mscms.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mscms.dll
2007-12-25 17:58 22,328 ----a-w C:\Documents and Settings\chevy\Application Data\PnkBstrK.sys
2007-10-06 21:22 1,066,496 -csha-w C:\Program Files\ehthumbs.db
2005-08-06 06:54 211,952 ----a-w C:\Program Files\new.sc3
2005-08-06 03:55 164,538 -c--a-w C:\Program Files\new city.sc3
2005-07-29 22:52 56,192 ----a-w C:\Program Files\New City69.sc3
2005-07-07 23:07 251 ----a-w C:\Program Files\wt3d.ini
2003-05-27 03:08 8,964,958 ----a-w C:\Documents and Settings\chevy\SCXE26Setup.exe
2003-05-05 22:59 436,224 ----a-w C:\Documents and Settings\chevy\SCXEDirectoryFix.exe
2003-04-19 22:34 467,968 ----a-w C:\Documents and Settings\chevy\SCXEUpd.exe
.

------- Sigcheck -------

2005-03-01 17:36 2056832 d8aba3eab509627e707a3b14f00fbb6b C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
2006-12-19 09:12 2059392 ba4b97c00a437c1cc3da365d93ee1e9d C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe
2007-02-28 02:15 2059392 4d3dbdccbf97f5ba1e74f322b155c3ba C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
2004-08-03 20:59 2015232 fb142b7007ca2eea76966c6c5cc12150 C:\WINDOWS\$NtUninstallKB890859$\ntkrnlpa.exe
2005-03-01 17:34 2015232 3cd941e472ddf3534e53038535719771 C:\WINDOWS\$NtUninstallKB929338$\ntkrnlpa.exe
2006-12-19 05:55 2015744 bbb2322eb14ad9ad55b1024ffd4d88bf C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe
2007-02-28 01:38 2057600 515d30e2c90a3665a2739309334c9283 C:\WINDOWS\Driver Cache\I386\ntkrnlpa.exe
2008-04-13 11:31 2065792 109f8e3e3c82e337bb71b6bc9b895d61 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193 501484cf5e6884fa1d22f9e\ntkrnlpa.exe
2007-02-28 01:38 2027520 54a8b9806027049f8b19f1274a63c7b4 C:\WINDOWS\SYSTEM32\ntkrnlpa.exe
2007-02-28 01:38 2015744 a58ac1c6199ef34228abee7fc057ae09 C:\WINDOWS\SYSTEM32\VITrans\ntkrnlpa.exe

2005-03-01 18:04 2179456 28187802b7c368c0d3aef7d4c382aabb C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
2006-12-19 09:51 2182016 cef243f6defd20be4adde26c7ecacb54 C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe
2007-02-28 02:55 2182144 5a5c8db4aa962c714c8371fbdf189fc9 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
2004-08-03 21:18 2148352 626309040459c3915997ef98ec1c8d40 C:\WINDOWS\$NtUninstallKB890859$\ntoskrnl.exe
2005-03-01 17:57 2135552 48b3e89af7074cee0314a3e0c7faffdb C:\WINDOWS\$NtUninstallKB929338$\ntoskrnl.exe
2006-12-19 07:15 2136064 8318ed54797f3e513fd5817a1d4bbd18 C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe
2007-02-28 02:10 2180352 582a8dbaa58c3b1f176eb2817daee77c C:\WINDOWS\Driver Cache\I386\ntoskrnl.exe
2008-04-13 12:27 2188928 0c89243c7c3ee199b96fcc16990e0679 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193 501484cf5e6884fa1d22f9e\ntoskrnl.exe
2007-02-28 02:08 2147840 5fb20cabc9a81baaabbe63f30ffc5284 C:\WINDOWS\SYSTEM32\ntoskrnl.exe
2007-02-28 02:08 2136064 1220faf071dea8653ee21de7dcda8bfd C:\WINDOWS\SYSTEM32\VITrans\ntoskrnl.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 15360]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]
"Rainlendar2"="C:\Program Files\Rainlendar2\Rainlendar2.exe" [2007-12-30 1365504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [X]
"IAAnotif"="C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-03-23 135168]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 339968]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 221184]
"CTSysVol"="C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"CTDVDDET"="C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE" [2003-06-17 45056]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-10 90112]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\I SUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2002-09-10 368706]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.ex e" [2006-07-21 129536]
"Motive SmartBridge"="C:\PROGRA~1\SBCSEL~1\SMARTB~1\Motive SB.exe" [2003-12-10 380928]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2003-05-15 163840]
"IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 124520]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-05-31 122941]
"YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [2006-07-21 407032]
"StxTrayMenu"="C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe" [2007-01-04 187496]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 202544]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 116040]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-10 289064]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2007-07-19 5361464]
"CTHelper"="CTHELPER.EXE" [2004-03-11 C:\WINDOWS\SYSTEM32\CTHELPER.EXE]

C:\Documents and Settings\chevy\Start Menu\Programs\Startup\
AutoBackup Launcher.lnk - C:\Program Files\Memeo\AutoBackup\MemeoLauncher.exe [2006-12-14 214520]
PowerReg Scheduler V3.exe [2005-08-09 225280]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
UltraMon.lnk - C:\WINDOWS\Installer\{AF0FA6D7-96F3-468A-ABB7-28BE006EA8E9}\IcoUltraMon.ico [2008-08-04 29310]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"=hex(2):76,69,73,74,61,75,69,2e,65,78,65,0 0

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.iv41"= IR41_32.DLL
"VIDC.XFR1"= xfcodec.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ImageMixer for HDD Camcorder.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ImageMixer for HDD Camcorder.lnk
backup=C:\WINDOWS\pss\ImageMixer for HDD Camcorder.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SBC Self Support Tool.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SBC Self Support Tool.lnk
backup=C:\WINDOWS\pss\SBC Self Support Tool.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^chevy^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\chevy\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^chevy^Start Menu^Programs^Startup^Stardock ObjectDock.lnk]
path=C:\Documents and Settings\chevy\Start Menu\Programs\Startup\Stardock ObjectDock.lnk
backup=C:\WINDOWS\pss\Stardock ObjectDock.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-10 03:00 15360 C:\WINDOWS\SYSTEM32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
--a------ 2007-03-15 11:09 460784 C:\Program Files\DellSupport\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
--a------ 2007-11-15 10:23 202544 C:\Program Files\Dell Support Center\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
--a------ 2007-11-15 10:24 16384 C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
--------- 2005-02-23 14:19 53248 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
--a------ 2005-08-05 14:56 64512 C:\WINDOWS\EHOME\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2006-05-09 17:24 50760 C:\Program Files\Common Files\AOL\1154645544\ee\aolsoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ink Monitor]
--------- 2002-05-29 01:23 258118 C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-07-10 10:51 289064 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LClock]
--a------ 2004-09-20 02:27 65536 C:\Program Files\LClock\LClock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2005-06-28 21:51 26112 C:\Program Files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
--a------ 2007-07-19 22:54 5361464 C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-12-14 04:42 144784 C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViOrb]
--a------ 2007-11-19 14:01 163840 C:\Program Files\ViOrb\ViOrb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vista Sidebar]
--a------ 2007-11-20 14:51 524288 C:\Program Files\Vista Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViStart]
--a------ 2007-11-26 20:27 593920 C:\Program Files\ViStart\ViStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 18:43 4670704 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\system32\\sessmgr.exe"=

R0 SSFS0BB8;Spy Sweeper File System Filer Driver: 0BB8;C:\WINDOWS\system32\Drivers\SSFS0BB8.SYS [2007-07-19 20280]
R2 UltraMonUtility;UltraMon Utility Driver;C:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [2006-09-24 11776]
R3 UltraMonMirror;UltraMonMirror;C:\WINDOWS\system32\ DRIVERS\UltraMonMirror.sys [2006-09-24 3584]
S1 agp4400;agp4400;C:\WINDOWS\system32\drivers\agp440 0.sys [ ]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;C:\WINDOWS\system32\drivers\ScreamingBAudio. sys [ ]
.
Contents of the 'Scheduled Tasks' folder
.

************************************************** ************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-23 18:29:40
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


************************************************** ************************
.
Completion time: 2008-09-23 18:34:13
ComboFix-quarantined-files.txt 2008-09-24 01:32:59
ComboFix2.txt 2008-09-23 23:48:07
ComboFix3.txt 2008-09-21 01:43:26
ComboFix4.txt 2008-02-14 23:15:33
ComboFix5.txt 2008-09-24 01:18:41

Pre-Run: 179,333,509,120 bytes free
Post-Run: 179,293,990,912 bytes free

345 --- E O F --- 2008-09-10 22:01:21

__________________
Mike Pics of my rig HERE
Case:Lian Li with Swiftek apogee watercooling
CPU: Intel Q6600 (2.4 GHz)
Video: NVIDIA GeForce 8800GTX BFG OC Edition. LG 23" 1080HD and Sharp 19"
RAM/Storage:4GB Kingston Hyper X DDR2/320GB(7,200RPM) an 160GB(10,000 RPM) internals, and 320GB External
Sound Card: Creative X-Fi XtremeGamer Fatality
OS: Windows Vista Home Premium (64-bit)
M-B-Photos
Winner of Photo Tournaments: Automobiles and Birds

MBGraphics

when i put in this command: notepad C:\WINDOWS\winstart.bat
into the RUN, just a blank notepad pops up.

__________________
Mike Pics of my rig HERE
Case:Lian Li with Swiftek apogee watercooling
CPU: Intel Q6600 (2.4 GHz)
Video: NVIDIA GeForce 8800GTX BFG OC Edition. LG 23" 1080HD and Sharp 19"
RAM/Storage:4GB Kingston Hyper X DDR2/320GB(7,200RPM) an 160GB(10,000 RPM) internals, and 320GB External
Sound Card: Creative X-Fi XtremeGamer Fatality
OS: Windows Vista Home Premium (64-bit)
M-B-Photos
Winner of Photo Tournaments: Automobiles and Birds

cohen

Just a tip, clear out your incomplete folder for either limewire or frostwire.

It is located here - C:\Documents and Settings\chevy\Incomplete

__________________
Cohen

ceewi1

That's fine, if the file is empty there is no problem. It looks like ComboFix has done its job this time, just a couple more things I'd like to check.

Please go to http://www.virustotal.com/, click on Browse, and upload the following file for analysis:

C:\WINDOWS\SYSTEM32\DRIVERS\_003269_.tmp.dll

Then click Send File. Allow the file to be scanned, and then please copy and paste the results here for me to see.

Please repeat the process for the following file:

C:\WINDOWS\SYSTEM32\SET961.tmp

If that scanner is busy, please use this one: http://virusscan.jotti.org

Please also post a new HijackThis log and an update on how your system is running now.

__________________

Cheap PSUs - 2% of system costs, responsible for 28% of system deaths

MBGraphics

C:\WINDOWS\SYSTEM32\DRIVERS\_003269_.tmp.dll
Results: 0/36

C:\WINDOWS\SYSTEM32\SET961.tmp
Results: 0/36


And the HiJack This log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:12:30 PM, on 9/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Memeo\AutoBackup\MemeoService.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Memeo\AutoBackup\MemeoBackup.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Xfire\Xfire.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://members.freewebs.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1;*.local
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn5\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn5\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - (no file)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn5\yt.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [IntelMeM] "C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe"
O4 - HKLM\..\Run: [CTSysVol] "C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" /r
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe " -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [BJCFD] "C:\Program Files\BroadJump\Client Foundation\CFD.exe"
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [IPHSend] "C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [YOP] "C:\PROGRA~1\Yahoo!\YOP\yop.exe" /autostart
O4 - HKLM\..\Run: [UserFaultCheck] C:\WINDOWS\system32\dumprep 0 -u
O4 - HKLM\..\Run: [StxTrayMenu] "C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [AppleSyncNotifier] "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Rainlendar2] "C:\Program Files\Rainlendar2\Rainlendar2.exe"
O4 - Startup: AutoBackup Launcher.lnk = C:\Program Files\Memeo\AutoBackup\MemeoLauncher.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: UltraMon.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1136011116468
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/4...l/gtdownls.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.114.44 85.255.112.180
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AutoBackup (BMUService) - Memeo - C:\Program Files\Memeo\AutoBackup\MemeoService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE

--
End of file - 11794 bytes




The computer is running MUCH better now

Thank you all for the help!

__________________
Mike Pics of my rig HERE
Case:Lian Li with Swiftek apogee watercooling
CPU: Intel Q6600 (2.4 GHz)
Video: NVIDIA GeForce 8800GTX BFG OC Edition. LG 23" 1080HD and Sharp 19"
RAM/Storage:4GB Kingston Hyper X DDR2/320GB(7,200RPM) an 160GB(10,000 RPM) internals, and 320GB External
Sound Card: Creative X-Fi XtremeGamer Fatality
OS: Windows Vista Home Premium (64-bit)
M-B-Photos
Winner of Photo Tournaments: Automobiles and Birds

ceewi1

OK, still one more malicious entry, although it's likely that the infection behind it has already been removed.

Please download FixWareout.

Save it to your desktop and run it. Click Next, then Install, make sure Run fixit is checked and click Finish.
The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

Please post the text that will open (report.txt) in your next reply.

Please run HijackThis and choose Do a system scan only.

Place a check next to the following entries (where still present):

• R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
• O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - (no file)
• O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.114.44 85.255.112.180
  

Optionally, you may also check the following entry:

• O4 - Startup: PowerReg Scheduler V3.exe
  This is a registration reminder that is used by a number of different companies. It is not needed and some people think that it reports back to the company about your computer, so I suggest fixing it

Please close all open windows except for HijackThis and choose Fix checked

Please post a new HijackThis log along with the FixWareout report

__________________

Cheap PSUs - 2% of system costs, responsible for 28% of system deaths