ComboFix:

ComboFix 08-12-26.03 - Jay 2008-12-26 17:58:50.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2558.1949 [GMT -8:00]
Running from: c:\documents and settings\Jay\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Jay\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: McAfee Personal Firewall *enabled*
* Created a new restore point

FILE ::
c:\documents and settings\Jay\D8505D48E91F6FE8\D8505D48E91F6FE8
c:\windows\Tasks\A518C8B0918B7E64.job
c:\windows\Tasks\piscxqzo.job
c:\windows\Tasks\znyfkaze.job
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Tasks\A518C8B0918B7E64.job
c:\windows\Tasks\piscxqzo.job
c:\windows\Tasks\znyfkaze.job

.
((((((((((((((((((((((((( Files Created from 2008-11-27 to 2008-12-27 )))))))))))))))))))))))))))))))
.

2008-12-23 23:26 . 2008-12-23 23:26 <DIR> d-------- c:\documents and settings\Jay\Application Data\Linksys
2008-12-23 20:08 . 2008-12-23 20:08 <DIR> d-------- c:\program files\Linksys
2008-12-22 14:17 . 2008-12-25 18:49 <DIR> d-------- c:\program files\America's Army Deploy Client
2008-12-22 14:17 . 2008-12-22 14:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\America's Army Deploy Client
2008-12-22 13:03 . 2008-12-22 13:03 <DIR> d-------- c:\documents and settings\Jem_2\Application Data\Malwarebytes
2008-12-22 13:02 . 2008-12-22 13:02 <DIR> d-------- c:\documents and settings\Jem_2\Contacts
2008-12-22 12:02 . 2008-12-12 00:57 78,336 --a------ c:\windows\system32\Agent.OMZ.Fix.exe
2008-12-22 00:04 . 2008-12-22 13:03 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-22 00:04 . 2008-12-22 00:04 <DIR> d-------- c:\documents and settings\Jay\Application Data\Malwarebytes
2008-12-22 00:04 . 2008-12-22 00:04 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-22 00:04 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-22 00:04 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-22 00:02 . 2008-12-22 00:02 <DIR> d-------- c:\program files\ERUNT
2008-12-21 20:05 . 2008-12-21 20:05 <DIR> d-------- c:\program files\Alwil Software
2008-12-21 19:00 . 2008-12-21 19:00 <DIR> d-------- c:\program files\Trend Micro
2008-12-19 11:24 . 2008-12-19 11:45 <DIR> d-------- c:\documents and settings\Jay\Application Data\My Battle for Middle-earth Files
2008-12-07 17:44 . 2008-12-07 17:44 <DIR> d-------- c:\program files\Unity
2008-11-29 12:09 . 2008-11-29 12:09 <DIR> d-------- C:\OpenCandy
2008-11-29 11:53 . 2008-11-29 11:53 8,192 --ahs---- c:\windows\Thumbs.db
2008-11-29 11:12 . 2008-11-29 11:12 <DIR> d-------- c:\program files\DVDVideoSoft
2008-11-29 11:12 . 2008-11-29 11:12 <DIR> d-------- c:\program files\Common Files\DVDVideoSoft
2008-11-29 11:09 . 2008-11-29 11:09 <DIR> d-------- c:\program files\XviD
2008-11-29 11:09 . 2008-12-20 16:57 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2008-11-29 11:09 . 2008-11-29 11:09 641,021 --a------ c:\windows\unins000.exe
2008-11-29 11:09 . 2004-07-26 12:13 200,192 --a------ c:\windows\system32\LameACM.acm
2008-11-29 11:09 . 2008-11-29 11:09 1,667 --a------ c:\windows\unins000.dat
2008-11-29 11:09 . 2002-04-07 11:17 414 --a------ c:\windows\system32\Lame_acm.xml
2008-11-29 11:04 . 2008-11-29 11:09 <DIR> d-------- c:\program files\Free FLV Converter
2008-11-29 11:04 . 2008-06-04 18:42 364,544 --a------ c:\windows\system32\PropertyGrid.ocx
2008-11-29 11:04 . 2008-11-21 15:37 274,432 --a------ c:\windows\system32\TubeFinder.exe
2008-11-29 11:04 . 2008-06-04 17:42 208,500 --a------ c:\windows\system32\ReyXpBasics.tlb
2008-11-29 11:04 . 2008-06-04 18:42 141,312 --a------ c:\windows\system32\MSCMCFR.DLL
2008-11-29 11:04 . 2008-06-04 18:42 119,568 --a------ c:\windows\system32\VB6FR.DLL
2008-11-29 11:04 . 2008-06-04 18:42 84,512 --a------ c:\windows\system32\PICCLP32.OCX
2008-11-29 11:04 . 2008-06-04 18:42 32,768 --a------ c:\windows\system32\CMDLGFR.DLL
2008-11-29 11:04 . 2008-06-04 18:42 24,576 --a------ c:\windows\system32\ControlSubX.ocx
2008-11-29 11:04 . 2008-06-04 18:42 9,728 --a------ c:\windows\system32\PCCLPFR.DLL
2008-11-29 11:01 . 2008-11-29 11:53 <DIR> d-------- c:\program files\CinemaForge
2008-11-29 11:01 . 2008-11-29 11:01 <DIR> d-------- C:\CFdownloads
2008-11-29 11:01 . 2008-08-18 07:55 4,691,208 --a------ c:\windows\screengenie.scr
2008-11-29 10:56 . 2008-11-29 10:58 <DIR> d-------- c:\program files\Alldj_iPod_iPhone_AppleTV_Video_Converter
2008-11-29 10:56 . 2008-11-29 10:57 <DIR> d-------- C:\allDJmp4
2008-11-29 10:41 . 2008-11-29 15:05 <DIR> d-------- C:\DVDVideoSoft
2008-11-29 10:26 . 2008-11-29 10:26 <DIR> d-------- c:\program files\Cucusoft
2008-11-29 10:26 . 2008-11-29 10:26 <DIR> d-------- C:\ConverterOutput
2008-11-29 10:26 . 2004-10-12 14:40 2,255,360 --a------ c:\windows\system32\libavcodec.dll
2008-11-29 10:26 . 2004-10-12 14:46 1,761,280 --a------ c:\windows\system32\ffdshow.ax
2008-11-29 10:26 . 2004-10-05 16:16 395,776 --a------ c:\windows\system32\libmplayer.dll
2008-11-29 10:26 . 2004-10-12 14:42 262,144 --a------ c:\windows\system32\TomsMoComp_ff.dll
2008-11-29 10:26 . 2003-04-03 00:17 172,032 --a------ c:\windows\system32\ac3filter.ax
2008-11-29 10:26 . 2004-10-04 01:50 112,640 --a------ c:\windows\system32\libmpeg2_ff.dll
2008-11-29 10:26 . 2004-12-20 11:10 61,440 --a------ c:\windows\system32\xvid.ax
2008-11-29 10:26 . 2004-09-10 13:50 34,820 --a------ c:\windows\system32\ffdshow.reg
2008-11-28 23:08 . 2008-04-13 17:12 159,232 --a------ c:\windows\system32\ptpusd.dll
2008-11-28 23:08 . 2001-08-17 22:36 5,632 --a------ c:\windows\system32\ptpusb.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-26 06:35 --------- d-----w c:\program files\Steam
2008-12-26 05:03 --------- d-----w c:\documents and settings\Jay\Application Data\LimeWire
2008-12-26 03:04 202,352 ----a-w c:\windows\system32\PnkBstrB.exe
2008-12-26 03:04 138,624 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2008-12-26 02:40 --------- d-----w c:\program files\America's Army
2008-12-24 00:48 --------- d-----w c:\program files\Common Files\Adobe
2008-12-23 21:23 --------- d-----w c:\documents and settings\Jem_2\Application Data\Apple Computer
2008-12-23 03:20 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2008-12-23 02:14 --------- d-----w c:\documents and settings\LocalService\Application Data\SACore
2008-12-22 07:34 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller
2008-12-22 01:53 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-12-17 00:28 --------- d-----w c:\program files\McAfee
2008-12-16 19:38 --------- d-----w c:\documents and settings\Jay\Application Data\ProfitUI Reborn Downloader
2008-12-13 06:40 3,593,216 ----a-w c:\windows\system32\dllcache\mshtml.dll
2008-12-12 17:36 16,452 ----a-w c:\documents and settings\Jay\Application Data\wklnhst.dat
2008-12-11 07:01 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-05 22:08 --------- d-----w c:\program files\Java
2008-11-29 20:14 --------- d-----w c:\program files\MediaCoder
2008-11-29 19:54 --------- d-----w c:\program files\GameSpy Arcade
2008-11-29 19:54 --------- d-----w c:\program files\DivX
2008-11-29 19:53 --------- d-----w c:\program files\Zoom
2008-11-29 19:53 --------- d-----w c:\program files\Windows Media Connect 2
2008-11-29 19:53 --------- d-----w c:\program files\SoftwareRevenue.org
2008-11-29 19:53 --------- d-----w c:\program files\Picture It! Premium 10
2008-11-29 19:53 --------- d-----w c:\program files\Motorola Phone Tools
2008-11-29 19:53 --------- d-----w c:\program files\Modem On Hold
2008-11-29 19:53 --------- d-----w c:\program files\Modem Helper
2008-11-29 19:53 --------- d-----w c:\program files\Microsoft Works
2008-11-29 19:53 --------- d-----w c:\program files\LimeWire
2008-11-29 07:31 --------- d-----w c:\documents and settings\Jay\Application Data\Apple Computer
2008-11-23 22:19 --------- d-----w c:\documents and settings\Jem_2\Application Data\CyberLink
2008-11-23 15:58 --------- d-----w c:\program files\Apple Software Update
2008-11-23 03:06 --------- d-----w c:\program files\iTunes
2008-11-23 03:06 --------- d-----w c:\program files\iPod
2008-11-23 03:06 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-23 03:03 --------- d-----w c:\program files\QuickTime
2008-11-23 02:55 --------- d-----w c:\program files\Bonjour
2008-11-21 01:02 --------- d-----w c:\program files\Microsoft Games for Windows - LIVE
2008-11-20 03:53 --------- d-----w c:\program files\Skype
2008-11-20 03:53 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2008-11-20 03:51 --------- d-----w c:\program files\MTV Virtual World
2008-11-20 03:38 --------- d-----w c:\program files\EA GAMES
2008-11-20 03:37 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-20 03:08 --------- d-----w c:\documents and settings\Jem_2\Application Data\skypePM
2008-11-18 21:19 --------- d-----w c:\program files\EQ2MAP Updater
2008-11-18 01:13 --------- d-----w c:\program files\Sonic
2008-11-17 20:20 --------- d-----w c:\program files\Ventrilo
2008-11-16 20:38 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo! Companion
2008-11-15 18:51 --------- d-----w c:\program files\BitLord
2008-11-15 18:14 --------- d-----w c:\documents and settings\All Users\Application Data\PMB Files
2008-11-15 18:13 --------- d-----w c:\program files\Pando Networks
2008-11-13 05:04 --------- d-----w c:\program files\Advanced Combat Tracker
2008-11-12 02:40 --------- d-----w c:\documents and settings\Jem_2\Application Data\Audacity
2008-11-12 02:20 --------- d-----w c:\program files\FREE Hi-Q Recorder
2008-11-10 13:43 410,984 ----a-w c:\windows\system32\deploytk.dll
2008-11-09 19:02 --------- d--h--r c:\documents and settings\All Users\Application Data\yahoo!
2008-11-09 19:02 --------- d-----w c:\program files\Yahoo!
2008-11-07 22:23 32,000 ----a-w c:\windows\system32\drivers\usbaapl.sys
2008-11-07 06:08 334 ----a-w c:\documents and settings\Jem_2\Application Data\wklnhst.dat
2008-11-07 05:53 --------- d-----w c:\documents and settings\Jem_2\Application Data\Sonic
2008-11-07 05:52 --------- d-----w c:\documents and settings\Jem_2\Application Data\Leadertech
2008-11-05 02:47 --------- d-----w c:\documents and settings\Jem_2\Application Data\LimeWire
2008-11-02 17:57 --------- d-----w c:\program files\Veoh Networks
2008-10-29 01:41 14,303,392 ----a-w c:\windows\system32\xlive.dll
2008-10-29 01:41 13,643,936 ----a-w c:\windows\system32\xlivefnt.dll
2008-10-24 11:21 455,296 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 12:36 286,720 ------w c:\windows\system32\dllcache\gdi32.dll
2008-10-18 00:14 3,574 ----a-w c:\windows\system32\ealregsnapshot1.reg
2008-10-16 22:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 22:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 22:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 22:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 22:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 22:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 22:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 22:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 22:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 22:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 22:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 22:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 22:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 22:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 22:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 22:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 22:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-16 13:11 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 13:11 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-10-15 16:34 337,408 ------w c:\windows\system32\dllcache\netapi32.dll
2008-10-15 07:06 633,632 ------w c:\windows\system32\dllcache\iexplore.exe
2008-10-15 07:04 161,792 ------w c:\windows\system32\dllcache\ieakui.dll
2008-10-03 10:02 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-10-03 10:02 247,326 ------w c:\windows\system32\dllcache\strmdll.dll
2008-10-01 00:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-28 00:33 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2007-09-08 19:25 92,064 ----a-w c:\documents and settings\Jay\mqdmmdm.sys
2007-09-08 19:25 9,232 ----a-w c:\documents and settings\Jay\mqdmmdfl.sys
2007-09-08 19:25 79,328 ----a-w c:\documents and settings\Jay\mqdmserd.sys
2007-09-08 19:25 66,656 ----a-w c:\documents and settings\Jay\mqdmbus.sys
2007-09-08 19:25 6,208 ----a-w c:\documents and settings\Jay\mqdmcmnt.sys
.

((((((((((((((((((((((((((((( snapshot@2008-12-26_16.34.30.59 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-12-27 01:12:03 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_244.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"Creative WebCam Tray"="c:\program files\Creative\Shared Files\CamTray.exe" [2005-03-28 258048]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2008-06-10 785520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-02-09 344064]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 221184]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 49152]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2006-04-06 49152]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-05-15 1628208]
"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-05-15 1057328]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"PD0620 STISvc"="P0620Pin.dll" [2005-05-10 c:\windows\system32\P0620Pin.dll]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 c:\windows\STSYSTRA.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 282624]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-12 73728]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-12 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\EA GAMES\\The Battle for Middle-earth ™\\game.dat"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Documents and Settings\\Jem_2\\Desktop\\utorrent.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\McAfee.com\\Agent\\mcagent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\usnsvc.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe"=
"c:\\Program Files\\America's Army Deploy Client\\AADeployClient.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\America's Army\\System\\ArmyOps.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"21058:TCP"= 21058:TCP:BitComet 21058 TCP
"21058:UDP"= 21058:UDP:BitComet 21058 UDP
"57347:TCP"= 57347:TCP:Pando Media Booster
"57347:UDP"= 57347:UDP:Pando Media Booster

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R2 LinksysUpdater;Linksys Updater;"c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe" -s "c:\program files\Linksys\Linksys Updater\conf\wrapper.conf" [2008-01-15 204800]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\McAfee\SiteAdvisor\McSACore.exe" [2008-10-01 206096]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" [2007-11-19 24652]
S2 D8505D48E91F6FE8;D8505D48E91F6FE8;\??\c:\documents and settings\Jay\D8505D48E91F6FE8\D8505D48E91F6FE8 []
S3 CrystalSysInfo;CrystalSysInfo;\??\c:\program files\MediaCoder\SysInfo.sys [2007-09-25 15152]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{571f0160-67ba-11dc-91bf-00123f9f4460}]
\Shell\AutoRun\command - J:\LaunchU3.exe -a

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder

2008-12-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2008-10-02 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]

2008-10-02 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]

2008-12-27 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDetect.exe []

2008-12-27 c:\windows\Tasks\wulutczz.job
- c:\windows\system32\rundll32.exe [2008-04-13 16:12]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Jem\Start Menu\Programs\IMVU\Run IMVU.lnk

c:\windows\system32\Unicows.dll - c:\windows\Downloaded Program Files\EStream7Decoder.dll
c:\windows\Downloaded Program Files\EStream8Decoder.dll
c:\windows\Downloaded Program Files\EyeStream7.dll
c:\windows\Downloaded Program Files\GSM.dll
c:\windows\Downloaded Program Files\MELP.dll
c:\windows\Downloaded Program Files\MID.ocx
c:\windows\Downloaded Program Files\SslNetwork.dll
c:\windows\Downloaded Program Files\CoVideoMessage.ocx
c:\windows\Downloaded Program Files\ChatRoom.ocx
c:\windows\Downloaded Program Files\CoVideoWindow.ocx
c:\windows\Downloaded Program Files\VideoSession.ocx
O16 -: {B9A296D4-38AC-4566-8168-F7ACAF7D35E6}
hxxp://imlive.com/ChatSource/gVideoContol.cab
c:\windows\Downloaded Program Files\gVideoContol.inf
FF - ProfilePath - c:\documents and settings\Jay\Application Data\Mozilla\Firefox\Profiles\3jzo9cv1.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.30523.8\npctrl.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30401.0.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPStreamPlug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Windows Media Player\npdsplay(2).dll
FF - plugin: c:\program files\Yahoo!\Shared\npYState.dll
FF - plugin: c:\windows\system32\npmirage.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-26 18:02:15
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\D8505D48E91F6FE8]
"ImagePath"="\??\c:\documents and settings\Jay\D8505D48E91F6FE8\D8505D48E91F6FE8"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(692)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2008-12-26 18:05:13
ComboFix-quarantined-files.txt 2008-12-27 02:03:54
ComboFix2.txt 2008-12-27 01:22:33
ComboFix3.txt 2008-12-27 00:35:57

Pre-Run: 23,627,845,632 bytes free
Post-Run: 23,660,699,648 bytes free

355 --- E O F --- 2008-12-17 22:41:42

HiJackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:05:44 PM, on 12/26/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\WINDOWS\system32\java.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\CF44.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\control.exe
C:\WINDOWS\system32\control.exe
C:\WINDOWS\system32\rundll32.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0311.0\msneshellx.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKUS\S-1-5-18\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Jem\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.1.2.76.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (ZPA_TexasHoldem Object) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab51411.cab
O16 - DPF: {A2E05F45-F127-4092-B9F7-9A02C3E04C77} (HGPlugin7USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin7USA.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab55579.cab
O16 - DPF: {B9A296D4-38AC-4566-8168-F7ACAF7D35E6} (Eyeball Video Session Control) - http://imlive.com/ChatSource/gVideoContol.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/pla...0/Installer.exe
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/bingame/zpagames/zpa_pool.cab42858.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by143fd.bay143.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {FF3C5A9F-5A91-4930-80E8-4709194C2AD3} (CheckersZPA Object) - http://zone.msn.com/bingame/zpagames/Check...PA.cab40641.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 14618 bytes

Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete this file (if present):

c:\windows\Tasks\wulutczz.job


Please do an online scan with Kaspersky WebScanner

Kaspersky online scanner uses JAVA tecnology to perform the scan. If you do not have the latest JAVA version, follow the instrutions below under Upgrading Java, to download and install the latest vesion.

1. Read through the requirements and privacy statement and click on Accept button.
2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
3. When the downloads have finished, click on Settings.
4. Make sure the following is checked.
   
   Spyware, Adware, Dialers, and other potentially dangerous programs
   Archives
   Mail databases
5. Click on My Computer under Scan.
6. Once the scan is complete, it will display the results. Click on View Scan Report.
7. You will see a list of infected items there. Click on Save Report As....
8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
9. Please post this log in your next reply.

Upgrading Java:

• Download the latest version of Java SE Runtime Environment (JRE) 6 Update 11.
• Click the "Download" button to the right.
• Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
• Click on Continue.
• Click on the link to download Windows Offline Installation (jre-6u11-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
• Close any programs you may have running - especially your web browser.
• Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
• Check any item with Java Runtime Environment (JRE or J2SE) in the name.
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove each Java version.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u11-windows-i586-p.exe) and select "Run as an Administrator.")

c:\windows\Tasks\wulutczz.job not present

Set Explorer to view Hidden Files and Folders:

• Right-click your Start button and go to "Explore".
• Select Tools from the menu
• Select Folder Options
• Select the View tab
• Click on Show all Files and Folders
• Remove the checkmark from Hide extensions for known file types
• Remove the checkmark from Hide protected operating System files
• Select Apply to All Folders | Yes | Apply | OK.

Try and see if viewable.

must be nothing there. did what you said.
just running online scan this might take awhile to finish

OK.

After the scan:

Set Explorer to Defaults:

• Right-click your Start button and go to "Explore".
• Select Tools from the menu
• Select Folder Options
• Select the View tab
• Click on Restore Defaults
• Select Apply to All Folders | Yes | Apply | OK.

Thanks for your help and patience so far. Really apprieciate it.

You are welcome!

Kaspersky Online:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Friday, December 26, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, December 26, 2008 22:09:52
Records in database: 1518838
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan statistics:
Files scanned: 156238
Threat name: 4
Infected objects: 7
Suspicious objects: 0
Duration of the scan: 03:40:36


File name / Threat name / Threats count
C:\Documents and Settings\Jay\Application Data\Microsoft\15539.exe Infected: Trojan-Downloader.Win32.Zlob.aqls 1
C:\Documents and Settings\Jay\Application Data\Microsoft\17383.exe Infected: Trojan-Downloader.Win32.Zlob.aqls 1
C:\Documents and Settings\Jay\Application Data\Microsoft\17524.exe Infected: Trojan-Downloader.Win32.Zlob.aqhg 1
C:\Documents and Settings\Jay\Application Data\Microsoft\27653.exe Infected: Trojan-Downloader.Win32.Zlob.aqls 1
C:\Documents and Settings\Jay\Application Data\Microsoft\31401.exe Infected: Trojan-Downloader.Win32.Zlob.aqhg 1
C:\WINDOWS\system32\mi2.exe Infected: not-a-virus:AdWare.Win32.180Solutions.ao 1
C:\WINDOWS\system32\mi2.exe Infected: not-a-virus:AdWare.Win32.Mostofate.aa 1

The selected area was scanned.

• Copy the entire contents of the Quote Box below to Notepad.
• Name the file as CFScript.txt
• Change the Save as Type to All Files
• and Save it on the desktop

Once saved, referring to the picture above, drag CFScript.txt into ComboFix.exe, and post back the resulting report along with a Hijackthis log.

Additonally, ComboFix will generate a zipped file on the (Main Drive ):\Qoobox\Quarantine\ called Submit [Date Time].zip

Please submit this file to:

http://www.bleepingcomputer.com/submit-malware.php?channel=4

Please include a link to this topic in the message.

I have submitted a file.

How is the computer doing?

It's excellent man. Feels like it was before I got that hit. Thanks alot. Happy Holidays.