There's no such thing as a stupid question, but they're the easiest to answer.
JoinTour
Login
Search
 
Malware Removal & HijackThis Logs
Tag Cloud
audio bios blue screen boot bsod card computer connection crash dell driver error excel firefox freeze freezing google hard drive hardware hijackthis install internet laptop linux malware network no sound outlook problem reboot redirect router screen server slow sound speakers spyware startup trojan usb video virus vista vundo windows windows 7 windows vista windows xp wireless
Search
Search for:
Tech Support Guy Forums > Security & Malware Removal > Malware Removal & HijackThis Logs >
Solved: Solved: NewJuan/VM problems

Tip: Click here to scan for System Errors and Optimize PC performance
[ Sponsored Link ]

Closed Thread
 
Thread Tools
pertof's Avatar
Computer Specs
Junior Member with 9 posts.
  
Join Date: Jun 2008
17-Jun-2008, 02:41 AM #1
Solved: NewJuan/VM problems
Recently my pc started acting strange, i ran superantispyware and it usually fixes the problem but this time it is not going away...not sure what to do from here on. mcafee says it removes this on start up C:\WINDOWS\SYSTEM32\jkkHAsSi.dll .....i don't know....i would be grateful for any help.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:17:53 AM, on 6/17/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\iolo\System Mechanic Professional 6\IoloSGCtrl.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Cisco Systems\Aironet Client Monitor\ACUMon.Exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\iolo\System Mechanic Professional 6\SystemGuardAlerter.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\iolo\System Mechanic Professional 6\SysMech6.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\mcafee\msc\mcshell.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://us.mcafee.com/apps/mdm/en-US...stempopup=true
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7B398C5E-497D-4154-8772-58FE6A338994} - (no file)
O2 - BHO: (no name) - {81EA3F36-357A-435A-8741-52C27CCC9F21} - C:\WINDOWS\system32\jkkHAsSi.dll
O2 - BHO: (no name) - {95626B5F-7615-4E66-B62B-630C54D5F795} - C:\WINDOWS\system32\wvUKcdBq.dll
O2 - BHO: (no name) - {DD196F6C-B0E7-44F7-B85A-DA16C2BABA1E} - (no file)
O2 - BHO: {4333bad5-4571-10f8-6d54-b2936bac391f} - {f193cab6-392b-45d6-8f01-17545dab3334} - C:\WINDOWS\system32\ifrwtroj.dll (file missing)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ACUMon] "C:\Program Files\Cisco Systems\Aironet Client Monitor\ACUMon.Exe" -a
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SystemGuardAlerter] "C:\Program Files\iolo\System Mechanic Professional 6\SystemGuardAlerter.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe"
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Startup: PowerReg Scheduler.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: jkkHAsSi - C:\WINDOWS\SYSTEM32\jkkHAsSi.dll
O23 - Service: iolo System Guard (IOLO_SRV) - Unknown owner - C:\Program Files\iolo\System Mechanic Professional 6\IoloSGCtrl.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 5896 bytes
Register for free to hide this ad!
cybertech's Avatar
Computer Specs
Moderator with 68,036 posts.
  
Join Date: Apr 2002
Location: Washington State
19-Jun-2008, 02:26 PM #2
Hi Welcome to TSG!!


Please visit this webpage for instructions for downloading and running ComboFix.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.
pertof's Avatar
Computer Specs
Junior Member with 9 posts.
  
Join Date: Jun 2008
19-Jun-2008, 07:38 PM #3
combofix
ComboFix 08-06-19.1 - brit 2008-06-19 17:22:53.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1060 [GMT -6:00]
Running from: C:\Documents and Settings\brit\Desktop\ComboFix.exe
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BM2724d414.xml
C:\WINDOWS\pskt.ini

.
((((((((((((((((((((((((( Files Created from 2008-05-19 to 2008-06-19 )))))))))))))))))))))))))))))))
.

2008-06-19 17:13 . 2008-06-19 17:15 354 ---hs---- C:\WINDOWS\system32\kuqkfueu.ini
2008-06-19 15:52 . 2008-06-19 15:52 79,360 --a------ C:\WINDOWS\system32\ueufkquk.dll
2008-06-19 15:49 . 2008-06-19 15:49 90,112 --a------ C:\WINDOWS\system32\dfcdcoud.dll
2008-06-18 15:51 . 2008-06-18 15:51 <DIR> dr-h----- C:\Documents and Settings\brit\Application Data\SecuROM
2008-06-18 15:42 . 2008-06-18 15:42 <DIR> d-------- C:\Program Files\Flagship Studios
2008-06-18 13:55 . 2008-06-18 13:55 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2008-06-18 13:49 . 2008-06-18 13:49 <DIR> d-------- C:\Program Files\KALiNKOsoft
2008-06-17 21:48 . 2008-06-17 21:48 <DIR> d-------- C:\WINDOWS\system32\xlive
2008-06-17 20:00 . 2008-06-17 20:00 <DIR> d-------- C:\Documents and Settings\brit\Application Data\iolo
2008-06-17 20:00 . 2008-06-17 20:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\iolo
2008-06-17 16:47 . 2008-06-17 16:47 <DIR> d-------- C:\Program Files\Stardock
2008-06-17 16:47 . 2003-02-26 21:27 36,864 --a------ C:\WINDOWS\system32\wbsys.dll
2008-06-17 03:45 . 2008-06-17 03:57 <DIR> d--hs---- C:\INCINERATE
2008-06-17 03:41 . 2008-06-17 03:41 265 --a------ C:\WINDOWS\SysMech6.INI
2008-06-17 00:17 . 2008-06-17 00:17 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-16 23:48 . 2008-06-16 23:48 406 --a------ C:\WINDOWS\system32\ioloBootDefrag.cfg
2008-06-16 23:37 . 2008-06-16 23:37 4,096 --a------ C:\Volume{52C8E4FE-B853-42c1-9528-92978438BBF3}_Backup
2008-06-16 23:37 . 2008-06-18 14:00 4,096 --a------ C:\Volume{52C8E4FE-B853-42c1-9528-92978438BBF3}
2008-06-16 23:37 . 2008-06-16 23:37 4,096 --a------ C:\00007E00-14CB14CB_Backup
2008-06-16 23:37 . 2008-06-18 14:00 4,096 --a------ C:\00007E00-14CB14CB
2008-06-16 23:35 . 2002-08-09 07:00 1,731,584 --a------ C:\WINDOWS\system32\XercesLib.dll
2008-06-16 23:35 . 2002-08-09 07:00 1,500,160 --a------ C:\WINDOWS\system32\CC3260MT.DLL
2008-06-16 23:35 . 2008-06-16 23:35 657,408 --a------ C:\WINDOWS\isRS-000.tmp
2008-06-16 23:35 . 2002-08-09 07:00 325,120 --a------ C:\WINDOWS\system32\xercesxmldom.dll
2008-06-16 23:34 . 2008-06-18 14:00 <DIR> d-------- C:\Program Files\iolo
2008-06-16 13:31 . 2008-06-19 15:55 <DIR> d-------- C:\Program Files\Funcom
2008-06-15 17:27 . 2008-06-15 17:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-15 16:02 . 2008-06-15 22:24 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-15 16:02 . 2008-06-15 22:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-15 01:29 . 2008-06-18 02:08 <DIR> d-------- C:\Documents and Settings\brit\Application Data\BitTorrent
2008-06-13 15:29 . 2008-06-13 15:29 <DIR> d-------- C:\WINDOWS\Sun
2008-06-13 01:08 . 2008-06-13 01:28 <DIR> d--h----- C:\Documents and Settings\All Users\Application Data\~0
2008-06-12 23:12 . 2008-06-19 04:24 <DIR> d-------- C:\Program Files\Xfire
2008-06-12 23:12 . 2008-06-17 16:42 <DIR> d-------- C:\Documents and Settings\brit\Application Data\Xfire
2008-06-12 23:09 . 2008-06-15 02:30 <DIR> d-------- C:\Documents and Settings\brit\Application Data\Aim
2008-06-12 23:08 . 2008-06-13 15:05 <DIR> d-------- C:\Program Files\Viewpoint
2008-06-12 23:08 . 2008-06-12 23:08 <DIR> d-------- C:\Program Files\AOD
2008-06-12 23:08 . 2008-06-15 02:30 <DIR> d-------- C:\Program Files\AIM
2008-06-12 23:08 . 2008-06-12 23:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-06-12 23:04 . 2008-06-12 23:04 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-06-12 23:03 . 2008-06-13 14:50 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-06-12 23:03 . 2008-06-12 23:03 22,328 --a------ C:\Documents and Settings\brit\Application Data\PnkBstrK.sys
2008-06-12 23:02 . 2008-06-13 14:50 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-06-12 23:02 . 2008-06-12 23:21 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-06-12 23:02 . 2008-06-13 15:57 319 --a------ C:\WINDOWS\game.ini
2008-06-12 22:34 . 2008-06-12 22:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trymedia
2008-06-12 17:36 . 2008-06-12 17:36 <DIR> d--h----- C:\WINDOWS\PIF
2008-06-12 13:06 . 2008-06-12 13:07 <DIR> d-------- C:\Program Files\MagicDisc
2008-06-12 13:06 . 2008-05-27 12:11 96,896 --a------ C:\WINDOWS\system32\drivers\mcdbus.sys
2008-06-12 11:58 . 2008-06-15 16:56 <DIR> d-------- C:\Program Files\Privacy Guardian
2008-06-12 11:58 . 2004-03-09 00:00 1,081,616 --a------ C:\WINDOWS\system32\MSCOMCTL.OCX
2008-06-12 11:58 . 2004-03-09 00:00 224,016 --a------ C:\WINDOWS\system32\TABCTL32.OCX
2008-06-12 11:58 . 2004-07-14 18:26 152,848 --a------ C:\WINDOWS\system32\comdlg32.ocx
2008-06-11 17:53 . 2008-06-11 17:53 41,296 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-06-11 16:17 . 2004-02-25 13:05 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2008-06-11 12:04 . 2008-06-12 09:34 <DIR> d-------- C:\Program Files\Frets on Fire
2008-06-11 11:56 . 2008-06-18 15:51 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-06-11 03:18 . 2008-06-12 09:34 <DIR> d-------- C:\Program Files\Doom 3
2008-06-11 03:12 . 2008-06-11 03:12 <DIR> d-------- C:\Documents and Settings\brit\Application Data\Leadertech
2008-06-11 01:50 . 2008-06-11 03:13 <DIR> d-------- C:\Program Files\Cyanide
2008-06-11 01:30 . 2008-06-11 01:30 271,360 --a------ C:\WINDOWS\system32\drivers\atksgt.sys
2008-06-11 01:30 . 2008-06-11 01:30 18,048 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys
2008-06-10 13:14 . 2008-05-08 08:02 203,136 --a--c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-06-10 13:12 . 2008-04-14 06:30 272,128 --a--c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-04 17:48 . 2008-06-18 14:04 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-06-04 17:20 . 2008-06-04 17:20 <DIR> d-------- C:\Documents and Settings\brit\Application Data\Nero
2008-06-03 01:46 . 2008-06-03 01:46 <DIR> d-------- C:\WINDOWS\system32\AGEIA
2008-06-03 01:46 . 2008-06-03 01:47 <DIR> d-------- C:\Program Files\AGEIA Technologies
2008-06-02 18:00 . 2008-06-02 18:00 <DIR> d-------- C:\Program Files\AC3File
2008-06-02 17:58 . 2008-06-02 17:58 <DIR> d-------- C:\Program Files\AC3Filter
2008-05-28 16:52 . 2008-05-28 16:52 <DIR> d-------- C:\Program Files\Alky for Applications
2008-05-28 04:25 . 2008-05-28 04:25 <DIR> d-------- C:\Documents and Settings\brit\Application Data\vlc
2008-05-28 03:24 . 2008-05-28 03:24 <DIR> d-------- C:\Documents and Settings\brit\Application Data\DAEMON Tools
2008-05-26 20:14 . 2008-05-26 20:14 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-05-26 20:14 . 2008-05-26 20:14 <DIR> d-------- C:\WINDOWS\system32\en
2008-05-26 20:14 . 2008-05-26 20:14 <DIR> d-------- C:\WINDOWS\system32\bits
2008-05-26 20:14 . 2008-05-26 20:14 <DIR> d-------- C:\WINDOWS\l2schemas
2008-05-26 20:12 . 2008-05-26 20:12 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-05-26 18:23 . 2008-04-13 18:11 1,888,992 --a------ C:\WINDOWS\system32\ati3duag.dll
2008-05-26 17:14 . 2008-05-26 17:14 <DIR> d---s---- C:\Documents and Settings\brit\UserData
2008-05-25 14:47 . 2008-05-25 14:47 <DIR> d-------- C:\Program Files\7-Zip
2008-05-25 14:22 . 2008-05-25 14:43 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2008-05-25 14:20 . 2008-05-25 14:20 <DIR> d-------- C:\Program Files\Java
2008-05-25 14:20 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-25 14:09 . 2008-05-25 14:09 <DIR> d-------- C:\Program Files\Common Files\Java
2008-05-25 13:51 . 2008-06-19 17:12 5,883 --a------ C:\WINDOWS\system32\Config.MPF
2008-05-25 13:48 . 2008-05-25 13:48 <DIR> d-------- C:\Program Files\McAfee.com
2008-05-25 13:48 . 2008-05-26 17:39 <DIR> d-------- C:\Program Files\McAfee
2008-05-25 13:48 . 2008-05-25 13:48 <DIR> d-------- C:\Program Files\Common Files\McAfee
2008-05-25 13:48 . 2007-11-22 06:44 201,320 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2008-05-25 13:48 . 2007-07-13 06:20 113,952 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2008-05-25 13:48 . 2007-11-22 06:44 79,304 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2008-05-25 13:48 . 2007-12-02 12:51 40,488 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2008-05-25 13:48 . 2007-11-22 06:44 35,240 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2008-05-25 13:48 . 2007-11-22 06:44 33,832 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2008-05-25 13:43 . 2008-05-25 13:43 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-05-25 13:42 . 2008-06-12 23:02 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-05-25 13:42 . 2008-05-25 13:43 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-05-23 23:10 . 2006-03-20 21:23 23,040 --------- C:\WINDOWS\kb913800.exe
2008-05-23 22:57 . 2006-10-18 21:47 2,450,944 --a--c--- C:\WINDOWS\system32\dllcache\wmvcore.dll
2008-05-23 22:36 . 2008-05-23 22:36 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-05-23 22:36 . 2008-05-23 22:36 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-05-23 22:36 . 2008-05-23 22:36 <DIR> d-------- C:\Program Files\MSBuild
2008-05-23 22:35 . 2006-06-29 13:07 14,048 --a------ C:\WINDOWS\system32\spmsg2.dll
2008-05-23 22:33 . 2008-05-23 22:33 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-05-23 21:55 . 2006-12-14 07:45 981,760 --a--c--- C:\WINDOWS\system32\dllcache\mfc42u.dll
2008-05-23 17:46 . 2008-05-23 17:46 <DIR> d-------- C:\Program Files\VideoLAN
2008-05-23 16:21 . 2008-05-23 16:21 <DIR> d-------- C:\Logs
2008-05-23 07:31 . 2008-05-23 07:31 <DIR> d-------- C:\Documents and Settings\brit\Application Data\DivX
2008-05-23 07:30 . 2008-06-08 14:29 <DIR> d-------- C:\Program Files\World of Warcraft
2008-05-23 07:30 . 2008-05-23 01:54 <DIR> d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-05-23 06:59 . 2008-05-23 07:00 <DIR> d-------- C:\Documents and Settings\brit\Application Data\DAEMON Tools Pro
2008-05-23 06:51 . 2008-05-28 03:25 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-05-23 06:36 . 2008-05-23 06:36 <DIR> d-------- C:\WINDOWS\nvidia icons
2008-05-23 06:36 . 2008-05-23 06:38 <DIR> d-------- C:\WINDOWS\NV26602620.TMP
2008-05-23 06:36 . 2008-05-23 06:36 <DIR> d-------- C:\NVIDIA
2008-05-23 04:02 . 2008-05-23 04:02 <DIR> d-------- C:\69d0b1d4deb6acc068d1
2008-05-23 04:00 . 2008-05-25 13:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-05-23 03:55 . 2008-05-23 03:55 <DIR> d-------- C:\WINDOWS\system32\QuickTime
2008-05-23 03:54 . 2008-06-12 09:38 <DIR> d-------- C:\Program Files\Macromedia
2008-05-23 03:54 . 2008-06-12 09:38 <DIR> d-------- C:\Program Files\Common Files\Macromedia
2008-05-23 03:53 . 2008-06-12 09:37 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-05-23 00:04 . 2008-05-23 00:09 <DIR> d-------- C:\Half-Life 2
2008-05-23 00:01 . 2008-06-19 17:12 <DIR> d-------- C:\WINDOWS\system32\Lang
2008-05-23 00:01 . 2008-05-23 00:01 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-05-30 23:22 815,104 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-05-30 23:22 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-05-30 23:22 683,520 ----a-w C:\WINDOWS\system32\DivX.dll
2008-05-30 23:22 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-05-30 23:22 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-05-30 23:22 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-05-30 23:22 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-05-23 05:51 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-05-13 01:53 9,464 ----a-w C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-05-13 01:53 9,336 ----a-w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-05-13 01:53 43,528 ----a-w C:\WINDOWS\system32\drivers\pxhelp20.sys
2008-05-13 01:53 129,784 ----a-w C:\WINDOWS\system32\pxafs.dll
2008-05-13 01:53 120,056 ----a-w C:\WINDOWS\system32\pxcpyi64.exe
2008-05-13 01:53 118,520 ----a-w C:\WINDOWS\system32\pxinsi64.exe
2008-05-08 14:02 203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:12 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-21 06:44 666,112 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-14 11:42 985,088 ----a-w C:\WINDOWS\system32\setupapi.dll
2008-04-14 11:42 11,264 ----a-w C:\WINDOWS\system32\spnpinst.exe
2008-04-14 11:41 423,936 ----a-w C:\WINDOWS\system32\licdll.dll
2008-04-14 00:25 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-14 00:16 329,728 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 00:13 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll
2008-04-14 00:13 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll
2008-04-14 00:13 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll
2008-04-14 00:11 997,376 ----a-w C:\WINDOWS\system32\msgina.dll
2008-04-14 00:10 53,279 ----a-w C:\WINDOWS\system32\odbcji32.dll
2008-04-14 00:10 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll
2008-04-14 00:10 3,584 ----a-w C:\WINDOWS\system32\msafd.dll
2008-04-13 19:27 2,188,928 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-13 18:44 17,664 ----a-w C:\WINDOWS\system32\watchdog.sys
2008-04-13 18:43 9,728 ----a-w C:\WINDOWS\system32\comsdupd.exe
2008-04-13 18:43 12,800 ----a-w C:\WINDOWS\system32\spiisupd.exe
2008-04-13 18:31 7,424 ----a-w C:\WINDOWS\system32\kd1394.dll
2008-04-13 18:31 2,065,792 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-13 18:30 61,440 ----a-w C:\WINDOWS\system32\msvcrt40.dll
2008-04-13 18:14 76,800 ----a-w C:\WINDOWS\system32\msshavmsg.dll
2008-04-13 17:39 438,784 ----a-w C:\WINDOWS\system32\xpob2res.dll
2008-04-13 17:39 2,897,920 ----a-w C:\WINDOWS\system32\xpsp2res.dll
2008-04-13 17:39 187,392 ----a-w C:\WINDOWS\system32\xpsp1res.dll
2008-04-13 17:37 208,384 ----a-w C:\WINDOWS\system32\rsaenh.dll
2008-04-13 17:37 138,752 ----a-w C:\WINDOWS\system32\dssenh.dll
2008-04-13 17:27 79,872 ----a-w C:\WINDOWS\system32\msxml6r.dll
2008-04-13 17:26 94,208 ----a-w C:\WINDOWS\system32\odbcint.dll
2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\odbcp32r.dll
2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\mscpx32r.dll
2008-04-13 17:24 20,480 ----a-w C:\WINDOWS\system32\msorc32r.dll
2008-04-13 17:21 733,696 ----a-w C:\WINDOWS\system32\qedwipes.dll
2008-04-13 17:09 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll
2008-04-13 17:03 63,488 ----a-w C:\WINDOWS\system32\browselc.dll
2008-04-13 17:03 549,376 ----a-w C:\WINDOWS\system32\shdoclc.dll
2008-04-13 16:48 1,647,616 ----a-w C:\WINDOWS\system32\winbrand.dll
2008-04-13 16:45 216,064 ----a-w C:\WINDOWS\system32\moricons.dll
2008-04-13 16:26 56,832 ----a-w C:\WINDOWS\system32\mshtmler.dll
2008-04-13 16:23 48,128 ----a-w C:\WINDOWS\system32\msprivs.dll
2008-04-13 16:22 48,128 ----a-w C:\WINDOWS\system32\inetres.dll
2008-04-13 15:39 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll
2008-03-25 16:20 219,936 ----a-w C:\WINDOWS\system32\msltus40.dll
.

((((((((((((((((((((((((((((( snapshot@2008-06-19_17.14.23.07 )))))))))))))))))))))))))))))))))))))))))
.
+ 2001-07-14 23:32:24 69,632 ----a-w C:\WINDOWS\setupupd\temp\wsdueng.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 22:56 64512]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-02 22:46 13529088]
"ACUMon"="C:\Program Files\Cisco Systems\Aironet Client Monitor\ACUMon.exe" [2004-08-09 10:02 364544]
"RTHDCPL"="RTHDCPL.EXE" [2005-09-22 13:36 14854144 C:\WINDOWS\RTHDCPL.EXE]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-02 22:46 86016]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-11-01 19:12 582992]
"ioloDelayModule"="C:\Program Files\iolo\System Mechanic Professional 6\delay.exe" [ ]
"2417e788"="C:\WINDOWS\system32\ueufkquk.dll" [2008-06-19 15:52 79360]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [ ]
"BM2724d414"="C:\WINDOWS\system32\dfcdcoud.dll" [2008-06-19 15:49 90112]

C:\Documents and Settings\brit\Start Menu\Programs\Startup\
MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe [2008-06-12 13:06:19 547840]
PowerReg Scheduler.exe [2008-06-12 13:18:25 256000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkHAsSi]
jkkHAsSi.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mfehid k]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mfehid k.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mferkd k]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mferkd k.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mfetdi k]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mfetdi k.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\mmc.exe"=
"C:\\Half-Life 2\\hl2.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-2.4.0-enUS-downloader.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Flagship Studios\\Hellgate London\\Launcher.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Glob allyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R3 PCX500;Cisco Wireless LAN Adapters Driver;C:\WINDOWS\system32\DRIVERS\pcx500.sys [2005-04-26 15:52]

.
Contents of the 'Scheduled Tasks' folder
"2008-06-15 07:52:41 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
"2008-06-01 07:00:08 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-19 17:24:31
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-19 17:25:13
ComboFix-quarantined-files.txt 2008-06-19 23:25:09
ComboFix2.txt 2008-06-19 23:14:51

Pre-Run: 437,200,515,072 bytes free
Post-Run: 437,184,839,680 bytes free

289 --- E O F --- 2008-06-12 09:09:18
pertof's Avatar
Computer Specs
Junior Member with 9 posts.
  
Join Date: Jun 2008
19-Jun-2008, 07:41 PM #4
hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:33:16 PM, on 6/19/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Cisco Systems\Aironet Client Monitor\ACUMon.Exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://us.mcafee.com/apps/mdm/en-US...stempopup=true
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ACUMon] "C:\Program Files\Cisco Systems\Aironet Client Monitor\ACUMon.Exe" -a
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [ioloDelayModule] C:\Program Files\iolo\System Mechanic Professional 6\delay.exe
O4 - HKLM\..\Run: [2417e788] rundll32.exe "C:\WINDOWS\system32\ueufkquk.dll",b
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [BM2724d414] Rundll32.exe "C:\WINDOWS\system32\dfcdcoud.dll",s
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Startup: PowerReg Scheduler.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: jkkHAsSi - jkkHAsSi.dll (file missing)
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PinnacleUpdate Service (PinnacleUpdateSvc) - KALiNKOsoft - C:\Program Files\KALiNKOsoft\Pinnacle Game Profiler\pinnacle_updater.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 5015 bytes
cybertech's Avatar
Computer Specs
Moderator with 68,036 posts.
  
Join Date: Apr 2002
Location: Washington State
20-Jun-2008, 09:56 AM #5
Open Notepad and copy and paste the text in the quote box below into it:
Quote:
KILLALL::
File::
C:\WINDOWS\system32\kuqkfueu.ini
C:\WINDOWS\system32\ueufkquk.dll
C:\WINDOWS\system32\dfcdcoud.dll
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"2417e788"=-
"BM2724d414"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkHAsSi]

Save the file to you desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.



This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply.


Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Select Files to Delete choose: Select All
  • Click the Empty Selected button.

Click Exit on the Main menu to close the program.




Please download Malwarebytes Anti-Malware from Here or Here
Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy the entire report and paste it in your next reply with a new hijackthis log.
Extra Note:

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.




Please perform a scan with Kaspersky Webscan Online Virus Scanner
  • Read the Requirements and Privacy statement, then select "Accept".
  • A new window will appear promting you to install an ActiveX component from Kaspersky - "Do you want to install this software?".
  • Click "Yes" or select "Install" to download the ActiveX controls that allows ActiveScan to run.
  • When the download is complete it will say ready, click "Next".
  • Click "Scan Settings" and check the option to use the Extended Database if available otherwise Standard).
  • Click "Scan Options" and select both "Scan Archives" and "Scan Mail Bases".
  • Click "OK".
  • Under "Select a target to scan", click on "My Computer".
  • When the scan is complete choose to save the results as "Save as Text" named kaspersky.txt to your desktop and post them in your next reply.


Kaspersky does not remove anything but will provide a log of anything it finds. On August 8th, 2006 Kaspersky updated the software used for Free Online Virus Scanner. In order to continue using the online scanner you will need to uninstall the old version (if previously used) from your Add/Remove Programs list and then install the latest version. To do this, follow the steps here and reboot afterwards if your system does not reboot automatically or it will show 'Kaspersky Online Scanner license key was not found!
__________________
Microsoft MVP/Windows - Consumer Security
pertof's Avatar
Computer Specs
Junior Member with 9 posts.
  
Join Date: Jun 2008
20-Jun-2008, 02:01 PM #6
combofix
ComboFix 08-06-19.1 - brit 2008-06-20 11:46:41.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1187 [GMT -6:00]
Running from: C:\Documents and Settings\brit\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\brit\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\WINDOWS\system32\dfcdcoud.dll
C:\WINDOWS\system32\kuqkfueu.ini
C:\WINDOWS\system32\ueufkquk.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BM2724d414.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\dfcdcoud.dll
C:\WINDOWS\system32\kuqkfueu.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\ueufkquk.dll

.
((((((((((((((((((((((((( Files Created from 2008-05-20 to 2008-06-20 )))))))))))))))))))))))))))))))
.

2008-06-18 15:51 . 2008-06-18 15:51 <DIR> dr-h----- C:\Documents and Settings\brit\Application Data\SecuROM
2008-06-18 15:42 . 2008-06-18 15:42 <DIR> d-------- C:\Program Files\Flagship Studios
2008-06-18 13:55 . 2008-06-18 13:55 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2008-06-18 13:49 . 2008-06-18 13:49 <DIR> d-------- C:\Program Files\KALiNKOsoft
2008-06-17 21:48 . 2008-06-17 21:48 <DIR> d-------- C:\WINDOWS\system32\xlive
2008-06-17 20:00 . 2008-06-17 20:00 <DIR> d-------- C:\Documents and Settings\brit\Application Data\iolo
2008-06-17 20:00 . 2008-06-17 20:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\iolo
2008-06-17 16:47 . 2008-06-17 16:47 <DIR> d-------- C:\Program Files\Stardock
2008-06-17 16:47 . 2003-02-26 21:27 36,864 --a------ C:\WINDOWS\system32\wbsys.dll
2008-06-17 03:45 . 2008-06-17 03:57 <DIR> d--hs---- C:\INCINERATE
2008-06-17 03:41 . 2008-06-17 03:41 265 --a------ C:\WINDOWS\SysMech6.INI
2008-06-17 00:17 . 2008-06-17 00:17 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-16 23:48 . 2008-06-16 23:48 406 --a------ C:\WINDOWS\system32\ioloBootDefrag.cfg
2008-06-16 23:37 . 2008-06-16 23:37 4,096 --a------ C:\Volume{52C8E4FE-B853-42c1-9528-92978438BBF3}_Backup
2008-06-16 23:37 . 2008-06-18 14:00 4,096 --a------ C:\Volume{52C8E4FE-B853-42c1-9528-92978438BBF3}
2008-06-16 23:37 . 2008-06-16 23:37 4,096 --a------ C:\00007E00-14CB14CB_Backup
2008-06-16 23:37 . 2008-06-18 14:00 4,096 --a------ C:\00007E00-14CB14CB
2008-06-16 23:35 . 2002-08-09 07:00 1,731,584 --a------ C:\WINDOWS\system32\XercesLib.dll
2008-06-16 23:35 . 2002-08-09 07:00 1,500,160 --a------ C:\WINDOWS\system32\CC3260MT.DLL
2008-06-16 23:35 . 2008-06-16 23:35 657,408 --a------ C:\WINDOWS\isRS-000.tmp
2008-06-16 23:35 . 2002-08-09 07:00 325,120 --a------ C:\WINDOWS\system32\xercesxmldom.dll
2008-06-16 23:34 . 2008-06-18 14:00 <DIR> d-------- C:\Program Files\iolo
2008-06-16 13:31 . 2008-06-19 15:55 <DIR> d-------- C:\Program Files\Funcom
2008-06-15 17:27 . 2008-06-15 17:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-15 16:02 . 2008-06-15 22:24 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-15 16:02 . 2008-06-15 22:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-15 01:29 . 2008-06-18 02:08 <DIR> d-------- C:\Documents and Settings\brit\Application Data\BitTorrent
2008-06-13 15:29 . 2008-06-13 15:29 <DIR> d-------- C:\WINDOWS\Sun
2008-06-13 01:08 . 2008-06-13 01:28 <DIR> d--h----- C:\Documents and Settings\All Users\Application Data\~0
2008-06-12 23:12 . 2008-06-19 04:24 <DIR> d-------- C:\Program Files\Xfire
2008-06-12 23:12 . 2008-06-17 16:42 <DIR> d-------- C:\Documents and Settings\brit\Application Data\Xfire
2008-06-12 23:09 . 2008-06-15 02:30 <DIR> d-------- C:\Documents and Settings\brit\Application Data\Aim
2008-06-12 23:08 . 2008-06-13 15:05 <DIR> d-------- C:\Program Files\Viewpoint
2008-06-12 23:08 . 2008-06-12 23:08 <DIR> d-------- C:\Program Files\AOD
2008-06-12 23:08 . 2008-06-15 02:30 <DIR> d-------- C:\Program Files\AIM
2008-06-12 23:08 . 2008-06-12 23:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-06-12 23:04 . 2008-06-12 23:04 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-06-12 23:03 . 2008-06-13 14:50 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-06-12 23:03 . 2008-06-12 23:03 22,328 --a------ C:\Documents and Settings\brit\Application Data\PnkBstrK.sys
2008-06-12 23:02 . 2008-06-13 14:50 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-06-12 23:02 . 2008-06-12 23:21 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-06-12 23:02 . 2008-06-13 15:57 319 --a------ C:\WINDOWS\game.ini
2008-06-12 22:34 . 2008-06-12 22:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trymedia
2008-06-12 17:36 . 2008-06-12 17:36 <DIR> d--h----- C:\WINDOWS\PIF
2008-06-12 11:58 . 2008-06-19 18:43 <DIR> d-------- C:\Program Files\Privacy Guardian
2008-06-12 11:58 . 2004-03-09 00:00 1,081,616 --a------ C:\WINDOWS\system32\MSCOMCTL.OCX
2008-06-12 11:58 . 2004-03-09 00:00 224,016 --a------ C:\WINDOWS\system32\TABCTL32.OCX
2008-06-12 11:58 . 2004-07-14 18:26 152,848 --a------ C:\WINDOWS\system32\comdlg32.ocx
2008-06-11 17:53 . 2008-06-11 17:53 41,296 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-06-11 16:17 . 2004-02-25 13:05 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2008-06-11 12:04 . 2008-06-12 09:34 <DIR> d-------- C:\Program Files\Frets on Fire
2008-06-11 11:56 . 2008-06-18 15:51 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-06-11 03:18 . 2008-06-12 09:34 <DIR> d-------- C:\Program Files\Doom 3
2008-06-11 03:12 . 2008-06-11 03:12 <DIR> d-------- C:\Documents and Settings\brit\Application Data\Leadertech
2008-06-11 01:50 . 2008-06-11 03:13 <DIR> d-------- C:\Program Files\Cyanide
2008-06-11 01:30 . 2008-06-11 01:30 271,360 --a------ C:\WINDOWS\system32\drivers\atksgt.sys
2008-06-11 01:30 . 2008-06-11 01:30 18,048 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys
2008-06-10 13:14 . 2008-05-08 08:02 203,136 --a--c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-06-10 13:12 . 2008-04-14 06:30 272,128 --a--c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-04 17:48 . 2008-06-18 14:04 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-06-04 17:20 . 2008-06-04 17:20 <DIR> d-------- C:\Documents and Settings\brit\Application Data\Nero
2008-06-03 01:46 . 2008-06-03 01:46 <DIR> d-------- C:\WINDOWS\system32\AGEIA
2008-06-03 01:46 . 2008-06-03 01:47 <DIR> d-------- C:\Program Files\AGEIA Technologies
2008-06-02 18:00 . 2008-06-02 18:00 <DIR> d-------- C:\Program Files\AC3File
2008-06-02 17:58 . 2008-06-02 17:58 <DIR> d-------- C:\Program Files\AC3Filter
2008-05-28 16:52 . 2008-05-28 16:52 <DIR> d-------- C:\Program Files\Alky for Applications
2008-05-28 04:25 . 2008-05-28 04:25 <DIR> d-------- C:\Documents and Settings\brit\Application Data\vlc
2008-05-28 03:24 . 2008-05-28 03:24 <DIR> d-------- C:\Documents and Settings\brit\Application Data\DAEMON Tools
2008-05-26 20:14 . 2008-05-26 20:14 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-05-26 20:14 . 2008-05-26 20:14 <DIR> d-------- C:\WINDOWS\system32\en
2008-05-26 20:14 . 2008-05-26 20:14 <DIR> d-------- C:\WINDOWS\system32\bits
2008-05-26 20:14 . 2008-05-26 20:14 <DIR> d-------- C:\WINDOWS\l2schemas
2008-05-26 20:12 . 2008-05-26 20:12 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-05-26 18:23 . 2008-04-13 18:11 1,888,992 --a------ C:\WINDOWS\system32\ati3duag.dll
2008-05-26 17:14 . 2008-05-26 17:14 <DIR> d---s---- C:\Documents and Settings\brit\UserData
2008-05-25 14:47 . 2008-05-25 14:47 <DIR> d-------- C:\Program Files\7-Zip
2008-05-25 14:22 . 2008-05-25 14:43 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2008-05-25 14:20 . 2008-05-25 14:20 <DIR> d-------- C:\Program Files\Java
2008-05-25 14:20 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-25 14:09 . 2008-05-25 14:09 <DIR> d-------- C:\Program Files\Common Files\Java
2008-05-25 13:51 . 2008-06-20 11:50 6,193 --a------ C:\WINDOWS\system32\Config.MPF
2008-05-25 13:48 . 2008-05-25 13:48 <DIR> d-------- C:\Program Files\McAfee.com
2008-05-25 13:48 . 2008-05-26 17:39 <DIR> d-------- C:\Program Files\McAfee
2008-05-25 13:48 . 2008-05-25 13:48 <DIR> d-------- C:\Program Files\Common Files\McAfee
2008-05-25 13:48 . 2007-11-22 06:44 201,320 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2008-05-25 13:48 . 2007-07-13 06:20 113,952 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2008-05-25 13:48 . 2007-11-22 06:44 79,304 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2008-05-25 13:48 . 2007-12-02 12:51 40,488 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2008-05-25 13:48 . 2007-11-22 06:44 35,240 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2008-05-25 13:48 . 2007-11-22 06:44 33,832 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2008-05-25 13:43 . 2008-05-25 13:43 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-05-25 13:42 . 2008-06-12 23:02 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-05-25 13:42 . 2008-05-25 13:43 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-05-23 23:10 . 2006-03-20 21:23 23,040 --------- C:\WINDOWS\kb913800.exe
2008-05-23 22:57 . 2006-10-18 21:47 2,450,944 --a--c--- C:\WINDOWS\system32\dllcache\wmvcore.dll
2008-05-23 22:36 . 2008-05-23 22:36 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-05-23 22:36 . 2008-05-23 22:36 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-05-23 22:36 . 2008-05-23 22:36 <DIR> d-------- C:\Program Files\MSBuild
2008-05-23 22:35 . 2006-06-29 13:07 14,048 --a------ C:\WINDOWS\system32\spmsg2.dll
2008-05-23 22:33 . 2008-05-23 22:33 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-05-23 21:55 . 2006-12-14 07:45 981,760 --a--c--- C:\WINDOWS\system32\dllcache\mfc42u.dll
2008-05-23 17:46 . 2008-05-23 17:46 <DIR> d-------- C:\Program Files\VideoLAN
2008-05-23 16:21 . 2008-05-23 16:21 <DIR> d-------- C:\Logs
2008-05-23 07:31 . 2008-05-23 07:31 <DIR> d-------- C:\Documents and Settings\brit\Application Data\DivX
2008-05-23 07:30 . 2008-06-08 14:29 <DIR> d-------- C:\Program Files\World of Warcraft
2008-05-23 07:30 . 2008-05-23 01:54 <DIR> d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-05-23 06:59 . 2008-05-23 07:00 <DIR> d-------- C:\Documents and Settings\brit\Application Data\DAEMON Tools Pro
2008-05-23 06:51 . 2008-05-28 03:25 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-05-23 06:36 . 2008-05-23 06:36 <DIR> d-------- C:\WINDOWS\nvidia icons
2008-05-23 06:36 . 2008-05-23 06:38 <DIR> d-------- C:\WINDOWS\NV26602620.TMP
2008-05-23 06:36 . 2008-05-23 06:36 <DIR> d-------- C:\NVIDIA
2008-05-23 04:02 . 2008-05-23 04:02 <DIR> d-------- C:\69d0b1d4deb6acc068d1
2008-05-23 04:00 . 2008-05-25 13:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-05-23 03:55 . 2008-05-23 03:55 <DIR> d-------- C:\WINDOWS\system32\QuickTime
2008-05-23 03:54 . 2008-06-12 09:38 <DIR> d-------- C:\Program Files\Macromedia
2008-05-23 03:54 . 2008-06-12 09:38 <DIR> d-------- C:\Program Files\Common Files\Macromedia
2008-05-23 03:53 . 2008-06-12 09:37 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-05-23 00:04 . 2008-05-23 00:09 <DIR> d-------- C:\Half-Life 2
2008-05-23 00:01 . 2008-06-20 11:50 <DIR> d-------- C:\WINDOWS\system32\Lang
2008-05-23 00:01 . 2008-05-23 00:01 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav
2008-05-23 00:01 . 2008-05-23 00:01 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav
2008-05-23 00:01 . 2008-04-13 13:17 83,072 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2008-05-23 00:01 . 2008-04-13 12:45 52,864 --a------ C:\WINDOWS\system32\drivers\dmusic.sys
2008-05-23 00:01 . 2008-04-13 12:45 6,272 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2008-05-23 00:00 . 2008-04-13 12:45 172,416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-23 05:51 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-05-13 01:53 9,464 ----a-w C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-05-13 01:53 9,336 ----a-w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-05-13 01:53 43,528 ----a-w C:\WINDOWS\system32\drivers\pxhelp20.sys
2008-05-08 14:02 203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-04-14 00:12 69,120 ----a-w C:\WINDOWS\notepad.exe
2008-04-14 00:12 50,688 ----a-w C:\WINDOWS\twain_32.dll
2008-04-14 00:12 34,816 ----a-w C:\WINDOWS\Help\sniffpol.dll
2008-04-14 00:12 33,280 ----a-w C:\WINDOWS\Help\sstub.dll
2008-04-14 00:12 32,866 ------w C:\WINDOWS\slrundll.exe
2008-04-14 00:12 283,648 ----a-w C:\WINDOWS\winhlp32.exe
2008-04-14 00:12 279,040 ----a-w C:\WINDOWS\Help\tshoot.dll
2008-04-14 00:12 146,432 ----a-w C:\WINDOWS\regedit.exe
2008-04-14 00:12 10,752 ----a-w C:\WINDOWS\hh.exe
2008-04-14 00:12 1,033,728 ----a-w C:\WINDOWS\explorer.exe
2008-04-14 00:11 451,072 ----a-w C:\WINDOWS\AppPatch\aclayers.dll
2008-04-14 00:11 39,424 ----a-w C:\WINDOWS\AppPatch\acadproc.dll
2008-04-14 00:11 245,248 ----a-w C:\WINDOWS\AppPatch\acspecfc.dll
2008-04-14 00:11 141,312 ----a-w C:\WINDOWS\AppPatch\aclua.dll
2008-04-14 00:11 116,224 ----a-w C:\WINDOWS\AppPatch\acxtrnal.dll
2008-04-14 00:11 1,852,928 ----a-w C:\WINDOWS\AppPatch\acgenral.dll
.

((((((((((((((((((((((((((((( snapshot@2008-06-19_17.14.23.07 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-19 23:12:18 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-20 17:49:47 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2001-07-14 23:32:24 69,632 ----a-w C:\WINDOWS\setupupd\temp\wsdueng.dll
- 2008-06-19 21:52:29 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-06-20 17:42:28 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-06-19 21:52:29 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-06-20 17:42:28 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 22:56 64512]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-02 22:46 13529088]
"ACUMon"="C:\Program Files\Cisco Systems\Aironet Client Monitor\ACUMon.exe" [2004-08-09 10:02 364544]
"RTHDCPL"="RTHDCPL.EXE" [2005-09-22 13:36 14854144 C:\WINDOWS\RTHDCPL.EXE]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-02 22:46 86016]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-11-01 19:12 582992]
"ioloDelayModule"="C:\Program Files\iolo\System Mechanic Professional 6\delay.exe" [ ]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [ ]

C:\Documents and Settings\brit\Start Menu\Programs\Startup\
PowerReg Scheduler.exe [2008-06-12 13:18:25 256000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mfehid k]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mfehid k.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mferkd k]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mferkd k.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mfetdi k]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mfetdi k.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\mmc.exe"=
"C:\\Half-Life 2\\hl2.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-2.4.0-enUS-downloader.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Flagship Studios\\Hellgate London\\Launcher.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Glob allyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R3 PCX500;Cisco Wireless LAN Adapters Driver;C:\WINDOWS\system32\DRIVERS\pcx500.sys [2005-04-26 15:52]

.
Contents of the 'Scheduled Tasks' folder
"2008-06-15 07:52:41 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
"2008-06-01 07:00:08 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-20 11:50:24
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\PROGRA~1\COMMON~1\McAfee\MNA\McNASvc.exe
C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
.
**************************************************************************
.
Completion time: 2008-06-20 11:52:16 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-20 17:52:11
ComboFix2.txt 2008-06-19 23:25:14
ComboFix3.txt 2008-06-19 23:14:51

Pre-Run: 437,388,328,960 bytes free
Post-Run: 437,372,801,024 bytes free

278 --- E O F --- 2008-06-12 09:09:18
pertof's Avatar
Computer Specs
Junior Member with 9 posts.
  
Join Date: Jun 2008
20-Jun-2008, 02:14 PM #7
mbam
Malwarebytes' Anti-Malware 1.18
Database version: 871

12:11:57 PM 6/20/2008
mbam-log-6-20-2008 (12-11-57).txt

Scan type: Quick Scan
Objects scanned: 38174
Time elapsed: 14 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
pertof's Avatar
Computer Specs
Junior Member with 9 posts.
  
Join Date: Jun 2008
20-Jun-2008, 02:15 PM #8
hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:13:20 PM, on 6/20/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Cisco Systems\Aironet Client Monitor\ACUMon.Exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://us.mcafee.com/apps/mdm/en-US...stempopup=true
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ACUMon] "C:\Program Files\Cisco Systems\Aironet Client Monitor\ACUMon.Exe" -a
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [ioloDelayModule] C:\Program Files\iolo\System Mechanic Professional 6\delay.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - Startup: PowerReg Scheduler.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PinnacleUpdate Service (PinnacleUpdateSvc) - KALiNKOsoft - C:\Program Files\KALiNKOsoft\Pinnacle Game Profiler\pinnacle_updater.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 4617 bytes
cybertech's Avatar
Computer Specs
Moderator with 68,036 posts.
  
Join Date: Apr 2002
Location: Washington State
20-Jun-2008, 03:22 PM #9
Those look good. Still running Kaspersky?
pertof's Avatar
Computer Specs
Junior Member with 9 posts.
  
Join Date: Jun 2008
20-Jun-2008, 05:01 PM #10
yep
cybertech's Avatar
Computer Specs
Moderator with 68,036 posts.
  
Join Date: Apr 2002
Location: Washington State
20-Jun-2008, 06:47 PM #11
pertof's Avatar
Computer Specs
Junior Member with 9 posts.
  
Join Date: Jun 2008
23-Jun-2008, 12:33 PM #12
kaspersky
Sunday, June 22, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, June 22, 2008 08:38:20
Records in database: 880089

Scan settings Scan using the following database extended Scan archives yes Scan mail databases yes
Scan area My Computer C:\
D:\
E:\
H:\
I:\
J:\
K:\
L:\
Scan statistics Files scanned 115792 Threat name 1 Infected objects 1 Suspicious objects 0 Duration of the scan 10:37:56
File name Threat name Threats count L:\New Folder\Nero-8.2.8.0_eng_trial.exeInfected: not-a-virus:AdTool.Win32.MyWebSearch.bm1

The selected area was scanned.
cybertech's Avatar
Computer Specs
Moderator with 68,036 posts.
  
Join Date: Apr 2002
Location: Washington State
23-Jun-2008, 01:34 PM #13
Follow these steps to uninstall Combofix and tools used in the removal of malware
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.


It's a good idea to Flush your System Restore after removing malware:
Turn off system restore and then turn it back on: http://support.microsoft.com/kb/310405



Now you should Clean up your PC


Here are some additional links for you to check out to help you with your computer security.

How did I get infected in the first place. by Tony Klein

Good free tools and advice on how to tighten your security settings.

Security Help Tools
__________________
Microsoft MVP/Windows - Consumer Security
pertof's Avatar
Computer Specs
Junior Member with 9 posts.
  
Join Date: Jun 2008
02-Jul-2008, 01:22 AM #14
thank you for your time
cybertech's Avatar
Computer Specs
Moderator with 68,036 posts.
  
Join Date: Apr 2002
Location: Washington State
02-Jul-2008, 02:27 PM #15
You're welcome!
Closed Thread Bookmark and Share

THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Smart Search

Find your solution!

« Previous Thread | Malware Removal & HijackThis Logs | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
WELCOME TO TECH SUPPORT GUY! Are you looking for the solution to your computer problem? Join our site today to ask your question -- for free! Our site is run completely by volunteers who want to help you solve your computer problems. See our Welcome Guide to get started.

Thread Tools


Twitter Twitter! | Podcast | Mobile | Advertise
Contact Us - HelpOnThe.Net - Archive - Terms of Service - Top
You Are Using:
Server ID
Advertisements do not imply our endorsement of that product or service.
All times are GMT -5. The time now is 06:00 PM.
Copyright © 1996 - 2009 TechGuy, Inc. All rights reserved.
Powered by vBulletin, Copyright © 2000 - 2009, Jelsoft Enterprises Ltd.
 Powered by Cermak Technologies, Inc.