Need help please(I may have a virus/adware)

[nobbly niblets]

Cohen, lol..... that's a ComboFix script to clean out the infected files for MBGraphics.

If you have a close look and compare to the Kaspersky scan performed you will find it lists the infected files.

Geez you're swift, I posted that not 2 minutes ago.

<EDIT> I refrained from giving detailed instructions on running the script.... Just thought it could save some one time</EDIT>

 

[cohen]

Cohen, lol..... that's a ComboFix script to clean out the infected files for MBGraphics.

If you have a close look and compare to the Kaspersky scan performed you will find it lists the infected files.

Geez you're swift, I posted that not 2 minutes ago.

<EDIT> I refrained from giving detailed instructions on running the script.... Just thought it could save some one time</EDIT>

Sorry, i just thought it was a hijackthis log.

Sorry.

 

[nobbly niblets]

That's cool... I'm not here often. Easy mistake to make. No harm, No Foul.

 

[nobbly niblets]

Here are alternative links to MBAM (MalwareBytes' Anti-Malware)

This one starts the downloader:

http://www.besttechie.net/tools/mbam-setup.exe

From Major Geeks:

http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html

 

[ceewi1]

As some of you have noticed, my activity here has been limited recently and is likely to stay that way for the foreseeable future. It's rather sad to see what's happening with these threads, though.

I notice you have the Freeze.com Toolbar installed. This is considered by many to be adware. See http://www.emsisoft.com/en/malware/?Adware.Win32.Freeze.com+Toolbar for more information. I suggest you remove it. To do so click on Start -> Control Panel -> Add or Remove Programs. If Freeze.com Toolbar appears, click on it and click Remove. Once done, delete the following folder:
C:\Program Files\Freeze.com Toolbar

Please download SDFix and save it to your Desktop but do not run it yet.

Please download ATF Cleaner by Atribune.

• Double-click ATF-Cleaner.exe to run the program.
• Under Main choose: Select All
• Click the Empty Selected button.

If you use Firefox browser

• Click Firefox at the top and choose: Select All
• Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

• Click Opera at the top and choose: Select All
• Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

Double click SDFix.exe and it will extract the files to C:\SDFix

You may wish to print out these instructions or copy them to a notepad document since you will be unable to access the Internet while in Safe Mode to read from this site.

Please then reboot your computer in Safe Mode (tap F8 just before Windows starts to load and select Safe Mode from the list).

• Open the extracted SDFix folder and double click RunThis.bat to start the script.
• Type Y to begin the cleanup process.
• It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
• Press any Key and it will restart the PC.
• When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
• Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
  (Report.txt will also be copied to Clipboard ready for posting back on the forum).
• Please paste the contents of the Report.txt back on the forum in your next reply.

Please plug drive H: into your system if it is an external drive.

• Open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
  
  

  File::
  C:\WINDOWS\SYSTEM32\c0c2a076
  C:\955.bat
  C:\Documents and Settings\chevy\1359.bat
  C:\Documents and Settings\chevy\4742.bat
  C:\421.bat
  C:\Documents and Settings\chevy\3480.bat
  C:\WINDOWS\SYSTEM32\tuvWmJdb.dll
  C:\356.bat
  C:\WINDOWS\SYSTEM32\WEKTCJlm.tmp
  C:\WINDOWS\SYSTEM32\BIRsAJlm.tmp
  C:\WINDOWS\SYSTEM32\eiytiugwtrfxaxske.exe
  C:\WINDOWS\SYSTEM32\dcftwsccwjivny.dll
  C:\Documents and Settings\chevy\Incomplete\T-3545425-boats hoes.mp3
  C:\Documents and Settings\chevy\Incomplete\T-3545425-true sound basshunter.mp3
  C:\Documents and Settings\chevy\Incomplete\T-5745425-boats hoes.mp3
  C:\Documents and Settings\chevy\Incomplete\T-5745425-nex episode snoop dog.mp3
  C:\Documents and Settings\chevy\Incomplete\T-5745425-Skee Lo -i wish.mp3
  C:\Documents and Settings\chevy\Local Settings\Application Data\Opera\Opera\profile\cache4\temporary_download\Antivirus_Protection_Setup.exe
  C:\Documents and Settings\chevy\Shared\eminem - Sing for the Moment.mp3
  C:\Documents and Settings\chevy\Shared\souljah boy hardcore cute girl has orgasm on webcam.mp3
  C:\WINDOWS\SYSTEM32\filekiller.dll
  H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\Preview-T-3545425-anthum 2.mp3
  H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\Preview-T-3545425-full throttle.mp3
  H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\Preview-T-3545425-sleepin all day stayin up.mp3
  H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\Preview-T-3545425-sleepin all day.mp3
  H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\Preview-T-3545425-souljah boy hardcore.mp3
  H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\Preview-T-3566386-06 Track 6 (hardcore).wma
  H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\Preview-T-460090-solja boy harcore version cute girl has orgasm on webcam.mp3
  H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\Preview-T-460090-solja boy harcore version cute girl has orgasm on webcam@2008-03-17T22;12;06.mp3
  H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\Preview-T-5745425-full throttle.mp3
  H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\T-1932750-Wicked Remix.wma
  H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\T-3545425-full throttle.mp3
  H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\T-3545425-full throttle@2008-06-19T06;11;20.mp3
  H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\T-3545425-nizlopi.mp3
  H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\T-3545425-souljah boy hardcore.mp3
  H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\T-3566386-06 Track 6 (hardcore).wma
  H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\T-460090-solja boy harcore version cute girl has orgasm on webcam.mp3
  H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Shared\eminem - Sing for the Moment.mp3 
  H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Shared\souljah boy hardcore cute girl has orgasm on webcam.mp3
  
  Folder::
  C:\Program Files\Antivirus Protection
  C:\WINDOWS\Y2hldnk
  C:\WINDOWS\SYSTEM32\wp
  C:\WINDOWS\SYSTEM32\RES
  C:\WINDOWS\SYSTEM32\np5
  C:\WINDOWS\SYSTEM32\mC02
  C:\Temp
  
  Registry::
  [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{18a44c72-d267-d443-1461-db8338bae54e}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
  "{88263159-d7ea-a00a-302d-778d20c39157}"=-
  [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
  "AppInit_DLLs"=""

• Save this as CFScript.txt and change the Save as type to All Files and place it on your desktop.
  
  
  
  
  
  
  
  
• Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
• ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
• When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply, along with a new HijackThis log.

CAUTION:
Do NOT mouse-click ComboFix's window while it is running. That may cause it to stall.
Also, please do NOT adjust your time format while ComboFix is running.

The name of the following file has not been completely displayed, presumably due to this forum's language filter. Please locate and delete it (the **** will correspond to a swear word):
C:\Documents and Settings\chevy\Incomplete\T-3545425-we dont give ****.mp3

Please click on Start -> Run. Type the following command and click OK:
notepad C:\WINDOWS\winstart.bat

This should popup a Notepad document showing the contents of winstart.bat. Please post the contents in your next reply.

Please post:

• The SDFix report
• The ComboFix log
• The contents of winstart.bat
• A new HijackThis log
• An update on how your system is running

 

[nobbly niblets]

Is this file worth a look at?

C:\WINDOWS\SYSTEM32\DRIVERS\_003269_.tmp.dll

 

[MBGraphics]

Ok, here is the log from SDFix:



SDFix: Version 1.228
Run by chevy on Tue 09/23/2008 at 04:12 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\Documents and Settings\chevy\Desktop\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\WINDOWS\system32\eiytiugwtrfxaxske.exe - Deleted





Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-23 16:23:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TDSSserv]
"start"=dword:00000001
"type"=dword:00000001
"imagepath"=str(2):"\systemroot\system32\drivers\TDSSserv.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\TDSSserv]
"start"=dword:00000001
"type"=dword:00000001
"imagepath"=str(2):"\systemroot\system32\drivers\TDSSserv.sys"

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"="C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) "
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"

Remaining Files :


File Backups: - C:\DOCUME~1\chevy\Desktop\SDFix\backups\backups.zip

Files with Hidden Attributes :


Finished!

 

[MBGraphics]

Here is the ComboFix Log:


ComboFix 08-09-20.05 - chevy 2008-09-23 16:34:48.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2387 [GMT -7:00]
Running from: G:\ComboFix.exe
Command switches used :: C:\Documents and Settings\chevy\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-08-23 to 2008-09-23 )))))))))))))))))))))))))))))))
.

2008-09-23 16:05 . 2008-09-23 16:05 577,536 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\user32.dll
2008-09-23 16:03 . 2008-09-23 16:03 <DIR> d-------- C:\WINDOWS\ERUNT
2008-09-23 15:47 . 2008-09-22 01:35 <DIR> d-------- C:\SDFix
2008-09-20 15:03 . 2008-09-20 15:03 65 --a------ C:\WINDOWS\SYSTEM32\c0c2a076
2008-09-20 14:43 . 2008-09-20 14:43 355 --a------ C:\955.bat
2008-09-20 13:13 . 2008-09-20 13:13 71 --a------ C:\Documents and Settings\chevy\1359.bat
2008-09-20 12:35 . 2008-09-20 12:35 71 --a------ C:\Documents and Settings\chevy\4742.bat
2008-09-20 12:26 . 2008-09-20 12:26 355 --a------ C:\421.bat
2008-09-19 16:57 . 2008-09-19 16:57 71 --a------ C:\Documents and Settings\chevy\3480.bat
2008-09-19 16:01 . 2008-09-19 16:01 34,816 --a------ C:\WINDOWS\SYSTEM32\tuvWmJdb.dll
2008-09-19 16:01 . 2008-09-19 16:01 355 --a------ C:\356.bat
2008-09-17 19:49 . 2008-09-17 19:49 1,001,023 --ahs---- C:\WINDOWS\SYSTEM32\WEKTCJlm.tmp
2008-09-17 19:02 . 2008-09-17 19:02 (2) -rahs-ot- C:\WINDOWS\winstart.bat
2008-09-17 19:00 . 2008-09-17 19:49 <DIR> d-------- C:\Program Files\UnHackMe
2008-09-17 16:37 . 2008-09-17 16:37 121 --ahs---- C:\WINDOWS\SYSTEM32\BIRsAJlm.tmp
2008-09-17 16:02 . 2008-09-17 16:02 147,456 --a------ C:\WINDOWS\SYSTEM32\vbzip10.dll
2008-09-17 15:59 . 2008-09-17 18:23 <DIR> d--hs---- C:\WINDOWS\Y2hldnk
2008-09-17 15:58 . 2008-09-17 18:20 <DIR> d-------- C:\WINDOWS\SYSTEM32\wp
2008-09-17 15:58 . 2008-09-17 15:58 <DIR> d-------- C:\WINDOWS\SYSTEM32\RES
2008-09-17 15:58 . 2008-09-17 18:21 <DIR> d-------- C:\WINDOWS\SYSTEM32\np5
2008-09-17 15:58 . 2008-09-17 15:58 <DIR> d-------- C:\WINDOWS\SYSTEM32\mC02
2008-09-17 15:58 . 2008-09-17 15:58 <DIR> d-------- C:\Temp\mtc2
2008-09-17 15:58 . 2008-09-20 18:02 <DIR> d-------- C:\Temp
2008-09-05 17:28 . 2008-09-05 17:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ZoomBrowser
2008-08-29 05:11 . 2008-08-29 05:11 166,400 --a------ C:\WINDOWS\SYSTEM32\dcftwsccwjivny.dll
2008-08-27 14:03 . 2008-08-27 14:03 42,320 --a------ C:\WINDOWS\SYSTEM32\xfcodec.dll
2008-08-27 13:35 . 2007-02-28 02:08 2,147,840 --a------ C:\WINDOWS\SYSTEM32\ntoskrnl.exe
2008-08-26 23:08 . 2008-08-26 23:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Fugazo
2008-08-26 23:07 . 2008-08-26 23:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trymedia
2008-08-26 19:50 . 2008-08-27 13:48 <DIR> d-------- C:\WINDOWS\SYSTEM32\scripting
2008-08-26 19:50 . 2008-08-27 13:48 <DIR> d-------- C:\WINDOWS\SYSTEM32\en
2008-08-26 19:50 . 2008-08-27 13:48 <DIR> d-------- C:\WINDOWS\SYSTEM32\bits
2008-08-26 19:50 . 2008-08-27 13:48 <DIR> d-------- C:\WINDOWS\l2schemas
2008-08-26 19:45 . 2004-08-10 03:00 71,040 --------- C:\WINDOWS\SYSTEM32\DRIVERS\_003269_.tmp.dll
2008-08-26 19:07 . 2008-04-13 17:11 2,843,136 --a------ C:\WINDOWS\SYSTEM32\SET961.tmp
2008-08-26 18:46 . 2008-08-28 09:43 <DIR> d-------- C:\WINDOWS\SYSTEM32\CatRoot_bak
2008-08-23 19:59 . 2008-08-23 19:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Winferno

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-21 19:36 --------- d-----w C:\Documents and Settings\chevy\Application Data\Xfire
2008-09-20 23:54 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-19 03:41 --------- d-s---w C:\Program Files\Xfire
2008-09-19 01:02 --------- d-----w C:\Documents and Settings\chevy\Application Data\ZoomBrowser EX
2008-09-18 03:00 --------- d-----w C:\Program Files\LimeWire
2008-09-17 22:57 --------- d-----w C:\Documents and Settings\chevy\Application Data\Azureus
2008-09-16 03:35 139,128 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-09-16 03:35 111,928 ----a-w C:\WINDOWS\SYSTEM32\PnkBstrB.exe
2008-09-06 00:54 --------- d-----w C:\Program Files\Canon
2008-09-06 00:26 --------- d-----w C:\Program Files\Common Files\Canon
2008-08-27 21:12 --------- d-----w C:\Program Files\Ascentive
2008-08-27 05:59 --------- d-----w C:\Documents and Settings\chevy\Application Data\gtk-2.0
2008-08-27 03:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-24 03:07 --------- d-----w C:\Program Files\Bonjour
2008-08-24 03:03 --------- d-----w C:\Program Files\Speeditup Free
2008-08-24 03:02 --------- d-----w C:\Program Files\MySpace
2008-08-21 05:06 --------- d-----w C:\Program Files\Free Offers from Freeze.com
2008-08-21 05:06 --------- d-----w C:\Program Files\AWS
2008-08-21 05:06 --------- d-----w C:\Documents and Settings\chevy\Application Data\WeatherBug
2008-08-20 07:49 --------- d-----w C:\Program Files\Flickr Uploadr
2008-08-20 01:02 --------- d-----w C:\Program Files\HD Tune
2008-08-13 21:58 --------- d-----w C:\Documents and Settings\chevy\Application Data\BearShare
2008-08-12 05:50 --------- d-----w C:\Program Files\BearShare Applications
2008-08-12 02:23 32,778 ----a-w C:\WINDOWS\Fonts\thematrix.zip
2008-08-12 02:07 81,312 ----a-w C:\WINDOWS\Fonts\fontz_1120_miltownmatrix.zip
2008-08-11 05:03 --------- d-----w C:\Documents and Settings\chevy\Application Data\Flickr
2008-08-09 23:09 --------- d-----w C:\Program Files\GIMP-2.0
2008-08-04 22:27 --------- d-----w C:\Program Files\UltraMon
2008-08-04 22:27 --------- d-----w C:\Program Files\Common Files\Realtime Soft
2008-08-04 22:27 --------- d-----w C:\Documents and Settings\chevy\Application Data\Realtime Soft
2008-08-04 22:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Realtime Soft
2008-08-04 22:15 --------- d-----w C:\Program Files\Common Files\Stardock
2008-07-23 08:17 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-07-19 05:10 94,920 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\cdm.dll
2008-07-19 05:10 94,920 ----a-w C:\WINDOWS\SYSTEM32\cdm.dll
2008-07-19 05:10 53,448 ----a-w C:\WINDOWS\SYSTEM32\wuauclt.exe
2008-07-19 05:10 53,448 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wuauclt.exe
2008-07-19 05:10 45,768 ----a-w C:\WINDOWS\SYSTEM32\wups2.dll
2008-07-19 05:10 36,552 ----a-w C:\WINDOWS\SYSTEM32\wups.dll
2008-07-19 05:10 36,552 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wups.dll
2008-07-19 05:09 563,912 ----a-w C:\WINDOWS\SYSTEM32\wuapi.dll
2008-07-19 05:09 563,912 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wuapi.dll
2008-07-19 05:09 325,832 ----a-w C:\WINDOWS\SYSTEM32\wucltui.dll
2008-07-19 05:09 325,832 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wucltui.dll
2008-07-19 05:09 205,000 ----a-w C:\WINDOWS\SYSTEM32\wuweb.dll
2008-07-19 05:09 205,000 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wuweb.dll
2008-07-19 05:09 1,811,656 ----a-w C:\WINDOWS\SYSTEM32\wuaueng.dll
2008-07-19 05:09 1,811,656 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wuaueng.dll
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\SYSTEM32\es.dll
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\es.dll
2008-06-25 01:12 295,936 ----a-w C:\WINDOWS\SYSTEM32\wmpeffects.dll
2008-06-24 17:57 3,592,192 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\SYSTEM32\mscms.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mscms.dll
2008-06-23 09:20 70,656 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ie4uinit.exe
2008-06-23 09:20 625,664 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iexplore.exe
2008-06-23 09:20 13,824 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe
2007-12-25 17:58 22,328 ----a-w C:\Documents and Settings\chevy\Application Data\PnkBstrK.sys
2007-10-06 21:22 1,066,496 -csha-w C:\Program Files\ehthumbs.db
2005-08-06 06:54 211,952 ----a-w C:\Program Files\new.sc3
2005-08-06 03:55 164,538 -c--a-w C:\Program Files\new city.sc3
2005-07-29 22:52 56,192 ----a-w C:\Program Files\New City69.sc3
2005-07-07 23:07 251 ----a-w C:\Program Files\wt3d.ini
2003-05-27 03:08 8,964,958 ----a-w C:\Documents and Settings\chevy\SCXE26Setup.exe
2003-05-05 22:59 436,224 ----a-w C:\Documents and Settings\chevy\SCXEDirectoryFix.exe
2003-04-19 22:34 467,968 ----a-w C:\Documents and Settings\chevy\SCXEUpd.exe
.

------- Sigcheck -------

2005-03-01 17:36 2056832 d8aba3eab509627e707a3b14f00fbb6b C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
2006-12-19 09:12 2059392 ba4b97c00a437c1cc3da365d93ee1e9d C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe
2007-02-28 02:15 2059392 4d3dbdccbf97f5ba1e74f322b155c3ba C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
2004-08-03 20:59 2015232 fb142b7007ca2eea76966c6c5cc12150 C:\WINDOWS\$NtUninstallKB890859$\ntkrnlpa.exe
2005-03-01 17:34 2015232 3cd941e472ddf3534e53038535719771 C:\WINDOWS\$NtUninstallKB929338$\ntkrnlpa.exe
2006-12-19 05:55 2015744 bbb2322eb14ad9ad55b1024ffd4d88bf C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe
2007-02-28 01:38 2057600 515d30e2c90a3665a2739309334c9283 C:\WINDOWS\Driver Cache\I386\ntkrnlpa.exe
2008-04-13 11:31 2065792 109f8e3e3c82e337bb71b6bc9b895d61 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ntkrnlpa.exe
2007-02-28 01:38 2027520 54a8b9806027049f8b19f1274a63c7b4 C:\WINDOWS\SYSTEM32\ntkrnlpa.exe
2007-02-28 01:38 2015744 a58ac1c6199ef34228abee7fc057ae09 C:\WINDOWS\SYSTEM32\VITrans\ntkrnlpa.exe

2005-03-01 18:04 2179456 28187802b7c368c0d3aef7d4c382aabb C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
2006-12-19 09:51 2182016 cef243f6defd20be4adde26c7ecacb54 C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe
2007-02-28 02:55 2182144 5a5c8db4aa962c714c8371fbdf189fc9 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
2004-08-03 21:18 2148352 626309040459c3915997ef98ec1c8d40 C:\WINDOWS\$NtUninstallKB890859$\ntoskrnl.exe
2005-03-01 17:57 2135552 48b3e89af7074cee0314a3e0c7faffdb C:\WINDOWS\$NtUninstallKB929338$\ntoskrnl.exe
2006-12-19 07:15 2136064 8318ed54797f3e513fd5817a1d4bbd18 C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe
2007-02-28 02:10 2180352 582a8dbaa58c3b1f176eb2817daee77c C:\WINDOWS\Driver Cache\I386\ntoskrnl.exe
2008-04-13 12:27 2188928 0c89243c7c3ee199b96fcc16990e0679 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ntoskrnl.exe
2007-02-28 02:08 2147840 5fb20cabc9a81baaabbe63f30ffc5284 C:\WINDOWS\SYSTEM32\ntoskrnl.exe
2007-02-28 02:08 2136064 1220faf071dea8653ee21de7dcda8bfd C:\WINDOWS\SYSTEM32\VITrans\ntoskrnl.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 15360]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]
"Rainlendar2"="C:\Program Files\Rainlendar2\Rainlendar2.exe" [2007-12-30 1365504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [X]
"IAAnotif"="C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-03-23 135168]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 339968]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 221184]
"CTSysVol"="C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"CTDVDDET"="C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE" [2003-06-17 45056]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-10 90112]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2002-09-10 368706]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 129536]
"Motive SmartBridge"="C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2003-12-10 380928]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2003-05-15 163840]
"IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 124520]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-05-31 122941]
"YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [2006-07-21 407032]
"StxTrayMenu"="C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe" [2007-01-04 187496]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 202544]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 116040]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-10 289064]
"{88263159-d7ea-a00a-302d-778d20c39157}"="C:\WINDOWS\system32\dcftwsccwjivny.dll" [2008-08-29 166400]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2007-07-19 5361464]
"CTHelper"="CTHELPER.EXE" [2004-03-11 C:\WINDOWS\SYSTEM32\CTHELPER.EXE]

C:\Documents and Settings\chevy\Start Menu\Programs\Startup\
AutoBackup Launcher.lnk - C:\Program Files\Memeo\AutoBackup\MemeoLauncher.exe [2006-12-14 214520]
PowerReg Scheduler V3.exe [2005-08-09 225280]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
UltraMon.lnk - C:\WINDOWS\Installer\{AF0FA6D7-96F3-468A-ABB7-28BE006EA8E9}\IcoUltraMon.ico [2008-08-04 29310]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"=hex(2):76,69,73,74,61,75,69,2e,65,78,65,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=xwvexa.dll gxnotq.dll dfhnhc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.iv41"= IR41_32.DLL
"VIDC.XFR1"= xfcodec.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ImageMixer for HDD Camcorder.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ImageMixer for HDD Camcorder.lnk
backup=C:\WINDOWS\pss\ImageMixer for HDD Camcorder.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SBC Self Support Tool.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SBC Self Support Tool.lnk
backup=C:\WINDOWS\pss\SBC Self Support Tool.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^chevy^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\chevy\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^chevy^Start Menu^Programs^Startup^Stardock ObjectDock.lnk]
path=C:\Documents and Settings\chevy\Start Menu\Programs\Startup\Stardock ObjectDock.lnk
backup=C:\WINDOWS\pss\Stardock ObjectDock.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-10 03:00 15360 C:\WINDOWS\SYSTEM32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
--a------ 2007-03-15 11:09 460784 C:\Program Files\DellSupport\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
--a------ 2007-11-15 10:23 202544 C:\Program Files\Dell Support Center\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
--a------ 2007-11-15 10:24 16384 C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
--------- 2005-02-23 14:19 53248 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
--a------ 2005-08-05 14:56 64512 C:\WINDOWS\EHOME\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2006-05-09 17:24 50760 C:\Program Files\Common Files\AOL\1154645544\ee\aolsoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ink Monitor]
--------- 2002-05-29 01:23 258118 C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-07-10 10:51 289064 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LClock]
--a------ 2004-09-20 02:27 65536 C:\Program Files\LClock\LClock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2005-06-28 21:51 26112 C:\Program Files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
--a------ 2007-07-19 22:54 5361464 C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-12-14 04:42 144784 C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViOrb]
--a------ 2007-11-19 14:01 163840 C:\Program Files\ViOrb\ViOrb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vista Sidebar]
--a------ 2007-11-20 14:51 524288 C:\Program Files\Vista Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViStart]
--a------ 2007-11-26 20:27 593920 C:\Program Files\ViStart\ViStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 18:43 4670704 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\system32\\sessmgr.exe"=

R0 SSFS0BB8;Spy Sweeper File System Filer Driver: 0BB8;C:\WINDOWS\system32\Drivers\SSFS0BB8.SYS [2007-07-19 20280]
R2 UltraMonUtility;UltraMon Utility Driver;C:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [2006-09-24 11776]
R3 UltraMonMirror;UltraMonMirror;C:\WINDOWS\system32\DRIVERS\UltraMonMirror.sys [2006-09-24 3584]
S1 agp4400;agp4400;C:\WINDOWS\system32\drivers\agp4400.sys [ ]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;C:\WINDOWS\system32\drivers\ScreamingBAudio.sys [ ]
.
Contents of the 'Scheduled Tasks' folder
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-23 16:42:55
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
Completion time: 2008-09-23 16:48:05
ComboFix-quarantined-files.txt 2008-09-23 23:46:44
ComboFix2.txt 2008-09-21 01:43:26
ComboFix3.txt 2008-02-14 23:15:33
ComboFix4.txt 2008-02-14 02:37:11

Pre-Run: 179,494,264,832 bytes free
Post-Run: 179,457,556,480 bytes free

277 --- E O F --- 2008-09-10 22:01:21

 

[MBGraphics]

And the HiJack This Log:



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:51:39 PM, on 9/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Memeo\AutoBackup\MemeoBackup.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://members.freewebs.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn5\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn5\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - (no file)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn5\yt.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [IntelMeM] "C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe"
O4 - HKLM\..\Run: [CTSysVol] "C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" /r
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [BJCFD] "C:\Program Files\BroadJump\Client Foundation\CFD.exe"
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [IPHSend] "C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [YOP] "C:\PROGRA~1\Yahoo!\YOP\yop.exe" /autostart
O4 - HKLM\..\Run: [UserFaultCheck] C:\WINDOWS\system32\dumprep 0 -u
O4 - HKLM\..\Run: [StxTrayMenu] "C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [AppleSyncNotifier] "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [{88263159-d7ea-a00a-302d-778d20c39157}] "C:\WINDOWS\System32\Rundll32.exe" "C:\WINDOWS\system32\dcftwsccwjivny.dll" DllStub
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Rainlendar2] "C:\Program Files\Rainlendar2\Rainlendar2.exe"
O4 - Startup: AutoBackup Launcher.lnk = C:\Program Files\Memeo\AutoBackup\MemeoLauncher.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: UltraMon.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1136011116468
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/45/install/gtdownls.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.114.44 85.255.112.180
O20 - AppInit_DLLs: xwvexa.dll gxnotq.dll dfhnhc.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AutoBackup (BMUService) - Memeo - C:\Program Files\Memeo\AutoBackup\MemeoService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE

--
End of file - 11912 bytes

 

[ceewi1]

It seems that the CFScript file has been unsuccessful. I've attached it to this post. Please save it to your Desktop and drag it into ComboFix as before, then post the log generated.

Also, please click on Start -> Run. Type the following command and click OK:
notepad C:\WINDOWS\winstart.bat

This should popup a Notepad document showing the contents of winstart.bat. Please post the contents in your next reply.

 

[MBGraphics]

Ok, here is the ComboFix log:

ComboFix 08-09-20.05 - chevy 2008-09-23 18:19:34.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2328 [GMT -7:00]
Running from: G:\ComboFix.exe
Command switches used :: C:\Documents and Settings\chevy\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\356.bat
C:\421.bat
C:\955.bat
C:\Documents and Settings\chevy\1359.bat
C:\Documents and Settings\chevy\3480.bat
C:\Documents and Settings\chevy\4742.bat
C:\Documents and Settings\chevy\Incomplete\T-3545425-boats hoes.mp3
C:\Documents and Settings\chevy\Incomplete\T-3545425-true sound basshunter.mp3
C:\Documents and Settings\chevy\Incomplete\T-5745425-boats hoes.mp3
C:\Documents and Settings\chevy\Incomplete\T-5745425-nex episode snoop dog.mp3
C:\Documents and Settings\chevy\Incomplete\T-5745425-Skee Lo -i wish.mp3
C:\Documents and Settings\chevy\Local Settings\Application Data\Opera\Opera\profile\cache4\temporary_download\Antivirus_Protection_Setup.exe
C:\Documents and Settings\chevy\Shared\eminem - Sing for the Moment.mp3
C:\Documents and Settings\chevy\Shared\souljah boy hardcore cute girl has orgasm on webcam.mp3
C:\WINDOWS\SYSTEM32\BIRsAJlm.tmp
C:\WINDOWS\SYSTEM32\c0c2a076
C:\WINDOWS\SYSTEM32\dcftwsccwjivny.dll
C:\WINDOWS\SYSTEM32\eiytiugwtrfxaxske.exe
C:\WINDOWS\SYSTEM32\filekiller.dll
C:\WINDOWS\SYSTEM32\tuvWmJdb.dll
C:\WINDOWS\SYSTEM32\WEKTCJlm.tmp
H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\Preview-T-3545425-anthum 2.mp3
H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\Preview-T-3545425-full throttle.mp3
H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\Preview-T-3545425-sleepin all day stayin up.mp3
H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\Preview-T-3545425-sleepin all day.mp3
H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\Preview-T-3545425-souljah boy hardcore.mp3
H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\Preview-T-3566386-06 Track 6 (hardcore).wma
H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\Preview-T-460090-solja boy harcore version cute girl has orgasm on webcam.mp3
H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\Preview-T-460090-solja boy harcore version cute girl has orgasm on webcam@2008-03-17T22;12;06.mp3
H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\Preview-T-5745425-full throttle.mp3
H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\T-1932750-Wicked Remix.wma
H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\T-3545425-full throttle.mp3
H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\T-3545425-full throttle@2008-06-19T06;11;20.mp3
H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\T-3545425-nizlopi.mp3
H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\T-3545425-souljah boy hardcore.mp3
H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\T-3566386-06 Track 6 (hardcore).wma
H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\T-460090-solja boy harcore version cute girl has orgasm on webcam.mp3
H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Shared\eminem - Sing for the Moment.mp3
H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Shared\souljah boy hardcore cute girl has orgasm on webcam.mp3
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\356.bat
C:\421.bat
C:\955.bat
C:\Documents and Settings\chevy\1359.bat
C:\Documents and Settings\chevy\3480.bat
C:\Documents and Settings\chevy\4742.bat
C:\Documents and Settings\chevy\Cookies\[email protected][2].txt
C:\Documents and Settings\chevy\Cookies\chevy@trafficmp[2].txt
C:\Documents and Settings\chevy\Incomplete\T-3545425-boats hoes.mp3
C:\Documents and Settings\chevy\Incomplete\T-3545425-true sound basshunter.mp3
C:\Documents and Settings\chevy\Incomplete\T-5745425-boats hoes.mp3
C:\Documents and Settings\chevy\Incomplete\T-5745425-nex episode snoop dog.mp3
C:\Documents and Settings\chevy\Incomplete\T-5745425-Skee Lo -i wish.mp3
C:\Documents and Settings\chevy\Local Settings\Application Data\Opera\Opera\profile\cache4\temporary_download\Antivirus_Protection_Setup.exe
C:\Documents and Settings\chevy\Shared\eminem - Sing for the Moment.mp3
C:\Documents and Settings\chevy\Shared\souljah boy hardcore cute girl has orgasm on webcam.mp3
C:\Temp
C:\Temp\mtc2\h5v.log
C:\WINDOWS\SYSTEM32\BIRsAJlm.tmp
C:\WINDOWS\SYSTEM32\c0c2a076
C:\WINDOWS\SYSTEM32\dcftwsccwjivny.dll
C:\WINDOWS\SYSTEM32\filekiller.dll
C:\WINDOWS\SYSTEM32\mC02
C:\WINDOWS\SYSTEM32\mC02\mC022328.exe
C:\WINDOWS\SYSTEM32\np5
C:\WINDOWS\SYSTEM32\RES
C:\WINDOWS\SYSTEM32\RES\comec130t.exe
C:\WINDOWS\SYSTEM32\tuvWmJdb.dll
C:\WINDOWS\SYSTEM32\WEKTCJlm.tmp
C:\WINDOWS\SYSTEM32\wp
C:\WINDOWS\Y2hldnk
H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\Preview-T-3545425-anthum 2.mp3
H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\Preview-T-3545425-full throttle.mp3
H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\Preview-T-3545425-sleepin all day stayin up.mp3
H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\Preview-T-3545425-sleepin all day.mp3
H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\Preview-T-3545425-souljah boy hardcore.mp3
H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\Preview-T-3566386-06 Track 6 (hardcore).wma
H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\Preview-T-460090-solja boy harcore version cute girl has orgasm on webcam.mp3
H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\Preview-T-460090-solja boy harcore version cute girl has orgasm on webcam@2008-03-17T22;12;06.mp3
H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\Preview-T-5745425-full throttle.mp3
H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\T-1932750-Wicked Remix.wma
H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\T-3545425-full throttle.mp3
H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\T-3545425-full throttle@2008-06-19T06;11;20.mp3
H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\T-3545425-nizlopi.mp3
H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\T-3545425-souljah boy hardcore.mp3
H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\T-3566386-06 Track 6 (hardcore).wma
H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\T-460090-solja boy harcore version cute girl has orgasm on webcam.mp3
H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Shared\eminem - Sing for the Moment.mp3
H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Shared\souljah boy hardcore cute girl has orgasm on webcam.mp3

.
((((((((((((((((((((((((( Files Created from 2008-08-24 to 2008-09-24 )))))))))))))))))))))))))))))))
.

2008-09-23 16:05 . 2008-09-23 16:05 577,536 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\user32.dll
2008-09-23 16:03 . 2008-09-23 16:03 <DIR> d-------- C:\WINDOWS\ERUNT
2008-09-23 15:47 . 2008-09-22 01:35 <DIR> d-------- C:\SDFix
2008-09-17 19:02 . 2008-09-17 19:02 (2) -rahs-ot- C:\WINDOWS\winstart.bat
2008-09-17 19:00 . 2008-09-17 19:49 <DIR> d-------- C:\Program Files\UnHackMe
2008-09-17 16:02 . 2008-09-17 16:02 147,456 --a------ C:\WINDOWS\SYSTEM32\vbzip10.dll
2008-09-05 17:28 . 2008-09-05 17:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ZoomBrowser
2008-08-27 14:03 . 2008-08-27 14:03 42,320 --a------ C:\WINDOWS\SYSTEM32\xfcodec.dll
2008-08-27 13:35 . 2007-02-28 02:08 2,147,840 --a------ C:\WINDOWS\SYSTEM32\ntoskrnl.exe
2008-08-26 23:08 . 2008-08-26 23:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Fugazo
2008-08-26 23:07 . 2008-08-26 23:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trymedia
2008-08-26 19:50 . 2008-08-27 13:48 <DIR> d-------- C:\WINDOWS\SYSTEM32\scripting
2008-08-26 19:50 . 2008-08-27 13:48 <DIR> d-------- C:\WINDOWS\SYSTEM32\en
2008-08-26 19:50 . 2008-08-27 13:48 <DIR> d-------- C:\WINDOWS\SYSTEM32\bits
2008-08-26 19:50 . 2008-08-27 13:48 <DIR> d-------- C:\WINDOWS\l2schemas
2008-08-26 19:45 . 2004-08-10 03:00 71,040 --------- C:\WINDOWS\SYSTEM32\DRIVERS\_003269_.tmp.dll
2008-08-26 19:07 . 2008-04-13 17:11 2,843,136 --a------ C:\WINDOWS\SYSTEM32\SET961.tmp
2008-08-26 18:46 . 2008-08-28 09:43 <DIR> d-------- C:\WINDOWS\SYSTEM32\CatRoot_bak

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-21 19:36 --------- d-----w C:\Documents and Settings\chevy\Application Data\Xfire
2008-09-20 23:54 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-19 03:41 --------- d-s---w C:\Program Files\Xfire
2008-09-19 01:02 --------- d-----w C:\Documents and Settings\chevy\Application Data\ZoomBrowser EX
2008-09-18 03:00 --------- d-----w C:\Program Files\LimeWire
2008-09-17 22:57 --------- d-----w C:\Documents and Settings\chevy\Application Data\Azureus
2008-09-16 03:35 139,128 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-09-16 03:35 111,928 ----a-w C:\WINDOWS\SYSTEM32\PnkBstrB.exe
2008-09-06 00:54 --------- d-----w C:\Program Files\Canon
2008-09-06 00:26 --------- d-----w C:\Program Files\Common Files\Canon
2008-08-27 21:12 --------- d-----w C:\Program Files\Ascentive
2008-08-27 05:59 --------- d-----w C:\Documents and Settings\chevy\Application Data\gtk-2.0
2008-08-27 03:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-24 03:07 --------- d-----w C:\Program Files\Bonjour
2008-08-24 03:03 --------- d-----w C:\Program Files\Speeditup Free
2008-08-24 03:02 --------- d-----w C:\Program Files\MySpace
2008-08-24 02:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Winferno
2008-08-21 05:06 --------- d-----w C:\Program Files\Free Offers from Freeze.com
2008-08-21 05:06 --------- d-----w C:\Program Files\AWS
2008-08-21 05:06 --------- d-----w C:\Documents and Settings\chevy\Application Data\WeatherBug
2008-08-20 07:49 --------- d-----w C:\Program Files\Flickr Uploadr
2008-08-20 01:02 --------- d-----w C:\Program Files\HD Tune
2008-08-13 21:58 --------- d-----w C:\Documents and Settings\chevy\Application Data\BearShare
2008-08-12 05:50 --------- d-----w C:\Program Files\BearShare Applications
2008-08-12 02:23 32,778 ----a-w C:\WINDOWS\Fonts\thematrix.zip
2008-08-12 02:07 81,312 ----a-w C:\WINDOWS\Fonts\fontz_1120_miltownmatrix.zip
2008-08-11 05:03 --------- d-----w C:\Documents and Settings\chevy\Application Data\Flickr
2008-08-09 23:09 --------- d-----w C:\Program Files\GIMP-2.0
2008-08-04 22:27 --------- d-----w C:\Program Files\UltraMon
2008-08-04 22:27 --------- d-----w C:\Program Files\Common Files\Realtime Soft
2008-08-04 22:27 --------- d-----w C:\Documents and Settings\chevy\Application Data\Realtime Soft
2008-08-04 22:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Realtime Soft
2008-08-04 22:15 --------- d-----w C:\Program Files\Common Files\Stardock
2008-07-19 05:10 94,920 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\cdm.dll
2008-07-19 05:10 94,920 ----a-w C:\WINDOWS\SYSTEM32\cdm.dll
2008-07-19 05:10 53,448 ----a-w C:\WINDOWS\SYSTEM32\wuauclt.exe
2008-07-19 05:10 53,448 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wuauclt.exe
2008-07-19 05:10 45,768 ----a-w C:\WINDOWS\SYSTEM32\wups2.dll
2008-07-19 05:10 36,552 ----a-w C:\WINDOWS\SYSTEM32\wups.dll
2008-07-19 05:10 36,552 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wups.dll
2008-07-19 05:09 563,912 ----a-w C:\WINDOWS\SYSTEM32\wuapi.dll
2008-07-19 05:09 563,912 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wuapi.dll
2008-07-19 05:09 325,832 ----a-w C:\WINDOWS\SYSTEM32\wucltui.dll
2008-07-19 05:09 325,832 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wucltui.dll
2008-07-19 05:09 205,000 ----a-w C:\WINDOWS\SYSTEM32\wuweb.dll
2008-07-19 05:09 205,000 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wuweb.dll
2008-07-19 05:09 1,811,656 ----a-w C:\WINDOWS\SYSTEM32\wuaueng.dll
2008-07-19 05:09 1,811,656 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wuaueng.dll
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\SYSTEM32\es.dll
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\es.dll
2008-06-25 01:12 295,936 ----a-w C:\WINDOWS\SYSTEM32\wmpeffects.dll
2008-06-24 17:57 3,592,192 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\SYSTEM32\mscms.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mscms.dll
2007-12-25 17:58 22,328 ----a-w C:\Documents and Settings\chevy\Application Data\PnkBstrK.sys
2007-10-06 21:22 1,066,496 -csha-w C:\Program Files\ehthumbs.db
2005-08-06 06:54 211,952 ----a-w C:\Program Files\new.sc3
2005-08-06 03:55 164,538 -c--a-w C:\Program Files\new city.sc3
2005-07-29 22:52 56,192 ----a-w C:\Program Files\New City69.sc3
2005-07-07 23:07 251 ----a-w C:\Program Files\wt3d.ini
2003-05-27 03:08 8,964,958 ----a-w C:\Documents and Settings\chevy\SCXE26Setup.exe
2003-05-05 22:59 436,224 ----a-w C:\Documents and Settings\chevy\SCXEDirectoryFix.exe
2003-04-19 22:34 467,968 ----a-w C:\Documents and Settings\chevy\SCXEUpd.exe
.

------- Sigcheck -------

2005-03-01 17:36 2056832 d8aba3eab509627e707a3b14f00fbb6b C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
2006-12-19 09:12 2059392 ba4b97c00a437c1cc3da365d93ee1e9d C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe
2007-02-28 02:15 2059392 4d3dbdccbf97f5ba1e74f322b155c3ba C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
2004-08-03 20:59 2015232 fb142b7007ca2eea76966c6c5cc12150 C:\WINDOWS\$NtUninstallKB890859$\ntkrnlpa.exe
2005-03-01 17:34 2015232 3cd941e472ddf3534e53038535719771 C:\WINDOWS\$NtUninstallKB929338$\ntkrnlpa.exe
2006-12-19 05:55 2015744 bbb2322eb14ad9ad55b1024ffd4d88bf C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe
2007-02-28 01:38 2057600 515d30e2c90a3665a2739309334c9283 C:\WINDOWS\Driver Cache\I386\ntkrnlpa.exe
2008-04-13 11:31 2065792 109f8e3e3c82e337bb71b6bc9b895d61 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ntkrnlpa.exe
2007-02-28 01:38 2027520 54a8b9806027049f8b19f1274a63c7b4 C:\WINDOWS\SYSTEM32\ntkrnlpa.exe
2007-02-28 01:38 2015744 a58ac1c6199ef34228abee7fc057ae09 C:\WINDOWS\SYSTEM32\VITrans\ntkrnlpa.exe

2005-03-01 18:04 2179456 28187802b7c368c0d3aef7d4c382aabb C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
2006-12-19 09:51 2182016 cef243f6defd20be4adde26c7ecacb54 C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe
2007-02-28 02:55 2182144 5a5c8db4aa962c714c8371fbdf189fc9 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
2004-08-03 21:18 2148352 626309040459c3915997ef98ec1c8d40 C:\WINDOWS\$NtUninstallKB890859$\ntoskrnl.exe
2005-03-01 17:57 2135552 48b3e89af7074cee0314a3e0c7faffdb C:\WINDOWS\$NtUninstallKB929338$\ntoskrnl.exe
2006-12-19 07:15 2136064 8318ed54797f3e513fd5817a1d4bbd18 C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe
2007-02-28 02:10 2180352 582a8dbaa58c3b1f176eb2817daee77c C:\WINDOWS\Driver Cache\I386\ntoskrnl.exe
2008-04-13 12:27 2188928 0c89243c7c3ee199b96fcc16990e0679 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ntoskrnl.exe
2007-02-28 02:08 2147840 5fb20cabc9a81baaabbe63f30ffc5284 C:\WINDOWS\SYSTEM32\ntoskrnl.exe
2007-02-28 02:08 2136064 1220faf071dea8653ee21de7dcda8bfd C:\WINDOWS\SYSTEM32\VITrans\ntoskrnl.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 15360]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]
"Rainlendar2"="C:\Program Files\Rainlendar2\Rainlendar2.exe" [2007-12-30 1365504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [X]
"IAAnotif"="C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-03-23 135168]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 339968]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 221184]
"CTSysVol"="C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"CTDVDDET"="C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE" [2003-06-17 45056]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-10 90112]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2002-09-10 368706]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 129536]
"Motive SmartBridge"="C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2003-12-10 380928]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2003-05-15 163840]
"IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 124520]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-05-31 122941]
"YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [2006-07-21 407032]
"StxTrayMenu"="C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe" [2007-01-04 187496]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 202544]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 116040]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-10 289064]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2007-07-19 5361464]
"CTHelper"="CTHELPER.EXE" [2004-03-11 C:\WINDOWS\SYSTEM32\CTHELPER.EXE]

C:\Documents and Settings\chevy\Start Menu\Programs\Startup\
AutoBackup Launcher.lnk - C:\Program Files\Memeo\AutoBackup\MemeoLauncher.exe [2006-12-14 214520]
PowerReg Scheduler V3.exe [2005-08-09 225280]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
UltraMon.lnk - C:\WINDOWS\Installer\{AF0FA6D7-96F3-468A-ABB7-28BE006EA8E9}\IcoUltraMon.ico [2008-08-04 29310]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"=hex(2):76,69,73,74,61,75,69,2e,65,78,65,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.iv41"= IR41_32.DLL
"VIDC.XFR1"= xfcodec.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ImageMixer for HDD Camcorder.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ImageMixer for HDD Camcorder.lnk
backup=C:\WINDOWS\pss\ImageMixer for HDD Camcorder.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SBC Self Support Tool.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SBC Self Support Tool.lnk
backup=C:\WINDOWS\pss\SBC Self Support Tool.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^chevy^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\chevy\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^chevy^Start Menu^Programs^Startup^Stardock ObjectDock.lnk]
path=C:\Documents and Settings\chevy\Start Menu\Programs\Startup\Stardock ObjectDock.lnk
backup=C:\WINDOWS\pss\Stardock ObjectDock.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-10 03:00 15360 C:\WINDOWS\SYSTEM32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
--a------ 2007-03-15 11:09 460784 C:\Program Files\DellSupport\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
--a------ 2007-11-15 10:23 202544 C:\Program Files\Dell Support Center\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
--a------ 2007-11-15 10:24 16384 C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
--------- 2005-02-23 14:19 53248 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
--a------ 2005-08-05 14:56 64512 C:\WINDOWS\EHOME\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2006-05-09 17:24 50760 C:\Program Files\Common Files\AOL\1154645544\ee\aolsoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ink Monitor]
--------- 2002-05-29 01:23 258118 C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-07-10 10:51 289064 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LClock]
--a------ 2004-09-20 02:27 65536 C:\Program Files\LClock\LClock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2005-06-28 21:51 26112 C:\Program Files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
--a------ 2007-07-19 22:54 5361464 C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-12-14 04:42 144784 C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViOrb]
--a------ 2007-11-19 14:01 163840 C:\Program Files\ViOrb\ViOrb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vista Sidebar]
--a------ 2007-11-20 14:51 524288 C:\Program Files\Vista Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViStart]
--a------ 2007-11-26 20:27 593920 C:\Program Files\ViStart\ViStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 18:43 4670704 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\system32\\sessmgr.exe"=

R0 SSFS0BB8;Spy Sweeper File System Filer Driver: 0BB8;C:\WINDOWS\system32\Drivers\SSFS0BB8.SYS [2007-07-19 20280]
R2 UltraMonUtility;UltraMon Utility Driver;C:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [2006-09-24 11776]
R3 UltraMonMirror;UltraMonMirror;C:\WINDOWS\system32\DRIVERS\UltraMonMirror.sys [2006-09-24 3584]
S1 agp4400;agp4400;C:\WINDOWS\system32\drivers\agp4400.sys [ ]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;C:\WINDOWS\system32\drivers\ScreamingBAudio.sys [ ]
.
Contents of the 'Scheduled Tasks' folder
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-23 18:29:40
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
Completion time: 2008-09-23 18:34:13
ComboFix-quarantined-files.txt 2008-09-24 01:32:59
ComboFix2.txt 2008-09-23 23:48:07
ComboFix3.txt 2008-09-21 01:43:26
ComboFix4.txt 2008-02-14 23:15:33
ComboFix5.txt 2008-09-24 01:18:41

Pre-Run: 179,333,509,120 bytes free
Post-Run: 179,293,990,912 bytes free

345 --- E O F --- 2008-09-10 22:01:21

 

[MBGraphics]

when i put in this command: notepad C:\WINDOWS\winstart.bat
into the RUN, just a blank notepad pops up.

 

[cohen]

Just a tip, clear out your incomplete folder for either limewire or frostwire.

It is located here - C:\Documents and Settings\chevy\Incomplete

 

[ceewi1]

That's fine, if the file is empty there is no problem. It looks like ComboFix has done its job this time, just a couple more things I'd like to check.

Please go to http://www.virustotal.com/, click on Browse, and upload the following file for analysis:

C:\WINDOWS\SYSTEM32\DRIVERS\_003269_.tmp.dll

Then click Send File. Allow the file to be scanned, and then please copy and paste the results here for me to see.

Please repeat the process for the following file:

C:\WINDOWS\SYSTEM32\SET961.tmp

If that scanner is busy, please use this one: http://virusscan.jotti.org

Please also post a new HijackThis log and an update on how your system is running now.

 

[MBGraphics]

C:\WINDOWS\SYSTEM32\DRIVERS\_003269_.tmp.dll
Results: 0/36

C:\WINDOWS\SYSTEM32\SET961.tmp
Results: 0/36


And the HiJack This log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:12:30 PM, on 9/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Memeo\AutoBackup\MemeoService.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Memeo\AutoBackup\MemeoBackup.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Xfire\Xfire.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://members.freewebs.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn5\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn5\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - (no file)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn5\yt.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [IntelMeM] "C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe"
O4 - HKLM\..\Run: [CTSysVol] "C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" /r
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [BJCFD] "C:\Program Files\BroadJump\Client Foundation\CFD.exe"
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [IPHSend] "C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [YOP] "C:\PROGRA~1\Yahoo!\YOP\yop.exe" /autostart
O4 - HKLM\..\Run: [UserFaultCheck] C:\WINDOWS\system32\dumprep 0 -u
O4 - HKLM\..\Run: [StxTrayMenu] "C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [AppleSyncNotifier] "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Rainlendar2] "C:\Program Files\Rainlendar2\Rainlendar2.exe"
O4 - Startup: AutoBackup Launcher.lnk = C:\Program Files\Memeo\AutoBackup\MemeoLauncher.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: UltraMon.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1136011116468
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/45/install/gtdownls.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.114.44 85.255.112.180
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AutoBackup (BMUService) - Memeo - C:\Program Files\Memeo\AutoBackup\MemeoService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE

--
End of file - 11794 bytes




The computer is running MUCH better now

Thank you all for the help!

 

[ceewi1]

OK, still one more malicious entry, although it's likely that the infection behind it has already been removed.

Please download FixWareout.

Save it to your desktop and run it. Click Next, then Install, make sure Run fixit is checked and click Finish.
The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

Please post the text that will open (report.txt) in your next reply.

Please run HijackThis and choose Do a system scan only.

Place a check next to the following entries (where still present):

• 
  [*]R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
  [*]O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - (no file)
  [*]O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.114.44 85.255.112.180
  

Optionally, you may also check the following entry:

• O4 - Startup: PowerReg Scheduler V3.exe
  This is a registration reminder that is used by a number of different companies. It is not needed and some people think that it reports back to the company about your computer, so I suggest fixing it

Please close all open windows except for HijackThis and choose Fix checked

Please post a new HijackThis log along with the FixWareout report