Recently my pc started acting strange, i ran superantispyware and it usually fixes the problem but this time it is not going away...not sure what to do from here on. mcafee says it removes this on start up C:\WINDOWS\SYSTEM32\jkkHAsSi.dll .....i don't know....i would be grateful for any help.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:17:53 AM, on 6/17/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\iolo\System Mechanic Professional 6\IoloSGCtrl.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Cisco Systems\Aironet Client Monitor\ACUMon.Exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\iolo\System Mechanic Professional 6\SystemGuardAlerter.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\iolo\System Mechanic Professional 6\SysMech6.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\mcafee\msc\mcshell.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://us.mcafee.com/apps/mdm/en-US...stempopup=true
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7B398C5E-497D-4154-8772-58FE6A338994} - (no file)
O2 - BHO: (no name) - {81EA3F36-357A-435A-8741-52C27CCC9F21} - C:\WINDOWS\system32\jkkHAsSi.dll
O2 - BHO: (no name) - {95626B5F-7615-4E66-B62B-630C54D5F795} - C:\WINDOWS\system32\wvUKcdBq.dll
O2 - BHO: (no name) - {DD196F6C-B0E7-44F7-B85A-DA16C2BABA1E} - (no file)
O2 - BHO: {4333bad5-4571-10f8-6d54-b2936bac391f} - {f193cab6-392b-45d6-8f01-17545dab3334} - C:\WINDOWS\system32\ifrwtroj.dll (file missing)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ACUMon] "C:\Program Files\Cisco Systems\Aironet Client Monitor\ACUMon.Exe" -a
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SystemGuardAlerter] "C:\Program Files\iolo\System Mechanic Professional 6\SystemGuardAlerter.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe"
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Startup: PowerReg Scheduler.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: jkkHAsSi - C:\WINDOWS\SYSTEM32\jkkHAsSi.dll
O23 - Service: iolo System Guard (IOLO_SRV) - Unknown owner - C:\Program Files\iolo\System Mechanic Professional 6\IoloSGCtrl.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 5896 bytes

Hi Welcome to TSG!!


Please visit this webpage for instructions for downloading and running ComboFix.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

ComboFix 08-06-19.1 - brit 2008-06-19 17:22:53.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1060 [GMT -6:00]
Running from: C:\Documents and Settings\brit\Desktop\ComboFix.exe
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BM2724d414.xml
C:\WINDOWS\pskt.ini

.
((((((((((((((((((((((((( Files Created from 2008-05-19 to 2008-06-19 )))))))))))))))))))))))))))))))
.

2008-06-19 17:13 . 2008-06-19 17:15 354 ---hs---- C:\WINDOWS\system32\kuqkfueu.ini
2008-06-19 15:52 . 2008-06-19 15:52 79,360 --a------ C:\WINDOWS\system32\ueufkquk.dll
2008-06-19 15:49 . 2008-06-19 15:49 90,112 --a------ C:\WINDOWS\system32\dfcdcoud.dll
2008-06-18 15:51 . 2008-06-18 15:51 <DIR> dr-h----- C:\Documents and Settings\brit\Application Data\SecuROM
2008-06-18 15:42 . 2008-06-18 15:42 <DIR> d-------- C:\Program Files\Flagship Studios
2008-06-18 13:55 . 2008-06-18 13:55 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2008-06-18 13:49 . 2008-06-18 13:49 <DIR> d-------- C:\Program Files\KALiNKOsoft
2008-06-17 21:48 . 2008-06-17 21:48 <DIR> d-------- C:\WINDOWS\system32\xlive
2008-06-17 20:00 . 2008-06-17 20:00 <DIR> d-------- C:\Documents and Settings\brit\Application Data\iolo
2008-06-17 20:00 . 2008-06-17 20:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\iolo
2008-06-17 16:47 . 2008-06-17 16:47 <DIR> d-------- C:\Program Files\Stardock
2008-06-17 16:47 . 2003-02-26 21:27 36,864 --a------ C:\WINDOWS\system32\wbsys.dll
2008-06-17 03:45 . 2008-06-17 03:57 <DIR> d--hs---- C:\INCINERATE
2008-06-17 03:41 . 2008-06-17 03:41 265 --a------ C:\WINDOWS\SysMech6.INI
2008-06-17 00:17 . 2008-06-17 00:17 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-16 23:48 . 2008-06-16 23:48 406 --a------ C:\WINDOWS\system32\ioloBootDefrag.cfg
2008-06-16 23:37 . 2008-06-16 23:37 4,096 --a------ C:\Volume{52C8E4FE-B853-42c1-9528-92978438BBF3}_Backup
2008-06-16 23:37 . 2008-06-18 14:00 4,096 --a------ C:\Volume{52C8E4FE-B853-42c1-9528-92978438BBF3}
2008-06-16 23:37 . 2008-06-16 23:37 4,096 --a------ C:\00007E00-14CB14CB_Backup
2008-06-16 23:37 . 2008-06-18 14:00 4,096 --a------ C:\00007E00-14CB14CB
2008-06-16 23:35 . 2002-08-09 07:00 1,731,584 --a------ C:\WINDOWS\system32\XercesLib.dll
2008-06-16 23:35 . 2002-08-09 07:00 1,500,160 --a------ C:\WINDOWS\system32\CC3260MT.DLL
2008-06-16 23:35 . 2008-06-16 23:35 657,408 --a------ C:\WINDOWS\isRS-000.tmp
2008-06-16 23:35 . 2002-08-09 07:00 325,120 --a------ C:\WINDOWS\system32\xercesxmldom.dll
2008-06-16 23:34 . 2008-06-18 14:00 <DIR> d-------- C:\Program Files\iolo
2008-06-16 13:31 . 2008-06-19 15:55 <DIR> d-------- C:\Program Files\Funcom
2008-06-15 17:27 . 2008-06-15 17:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-15 16:02 . 2008-06-15 22:24 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-15 16:02 . 2008-06-15 22:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-15 01:29 . 2008-06-18 02:08 <DIR> d-------- C:\Documents and Settings\brit\Application Data\BitTorrent
2008-06-13 15:29 . 2008-06-13 15:29 <DIR> d-------- C:\WINDOWS\Sun
2008-06-13 01:08 . 2008-06-13 01:28 <DIR> d--h----- C:\Documents and Settings\All Users\Application Data\~0
2008-06-12 23:12 . 2008-06-19 04:24 <DIR> d-------- C:\Program Files\Xfire
2008-06-12 23:12 . 2008-06-17 16:42 <DIR> d-------- C:\Documents and Settings\brit\Application Data\Xfire
2008-06-12 23:09 . 2008-06-15 02:30 <DIR> d-------- C:\Documents and Settings\brit\Application Data\Aim
2008-06-12 23:08 . 2008-06-13 15:05 <DIR> d-------- C:\Program Files\Viewpoint
2008-06-12 23:08 . 2008-06-12 23:08 <DIR> d-------- C:\Program Files\AOD
2008-06-12 23:08 . 2008-06-15 02:30 <DIR> d-------- C:\Program Files\AIM
2008-06-12 23:08 . 2008-06-12 23:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-06-12 23:04 . 2008-06-12 23:04 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-06-12 23:03 . 2008-06-13 14:50 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-06-12 23:03 . 2008-06-12 23:03 22,328 --a------ C:\Documents and Settings\brit\Application Data\PnkBstrK.sys
2008-06-12 23:02 . 2008-06-13 14:50 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-06-12 23:02 . 2008-06-12 23:21 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-06-12 23:02 . 2008-06-13 15:57 319 --a------ C:\WINDOWS\game.ini
2008-06-12 22:34 . 2008-06-12 22:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trymedia
2008-06-12 17:36 . 2008-06-12 17:36 <DIR> d--h----- C:\WINDOWS\PIF
2008-06-12 13:06 . 2008-06-12 13:07 <DIR> d-------- C:\Program Files\MagicDisc
2008-06-12 13:06 . 2008-05-27 12:11 96,896 --a------ C:\WINDOWS\system32\drivers\mcdbus.sys
2008-06-12 11:58 . 2008-06-15 16:56 <DIR> d-------- C:\Program Files\Privacy Guardian
2008-06-12 11:58 . 2004-03-09 00:00 1,081,616 --a------ C:\WINDOWS\system32\MSCOMCTL.OCX
2008-06-12 11:58 . 2004-03-09 00:00 224,016 --a------ C:\WINDOWS\system32\TABCTL32.OCX
2008-06-12 11:58 . 2004-07-14 18:26 152,848 --a------ C:\WINDOWS\system32\comdlg32.ocx
2008-06-11 17:53 . 2008-06-11 17:53 41,296 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-06-11 16:17 . 2004-02-25 13:05 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2008-06-11 12:04 . 2008-06-12 09:34 <DIR> d-------- C:\Program Files\Frets on Fire
2008-06-11 11:56 . 2008-06-18 15:51 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-06-11 03:18 . 2008-06-12 09:34 <DIR> d-------- C:\Program Files\Doom 3
2008-06-11 03:12 . 2008-06-11 03:12 <DIR> d-------- C:\Documents and Settings\brit\Application Data\Leadertech
2008-06-11 01:50 . 2008-06-11 03:13 <DIR> d-------- C:\Program Files\Cyanide
2008-06-11 01:30 . 2008-06-11 01:30 271,360 --a------ C:\WINDOWS\system32\drivers\atksgt.sys
2008-06-11 01:30 . 2008-06-11 01:30 18,048 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys
2008-06-10 13:14 . 2008-05-08 08:02 203,136 --a--c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-06-10 13:12 . 2008-04-14 06:30 272,128 --a--c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-04 17:48 . 2008-06-18 14:04 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-06-04 17:20 . 2008-06-04 17:20 <DIR> d-------- C:\Documents and Settings\brit\Application Data\Nero
2008-06-03 01:46 . 2008-06-03 01:46 <DIR> d-------- C:\WINDOWS\system32\AGEIA
2008-06-03 01:46 . 2008-06-03 01:47 <DIR> d-------- C:\Program Files\AGEIA Technologies
2008-06-02 18:00 . 2008-06-02 18:00 <DIR> d-------- C:\Program Files\AC3File
2008-06-02 17:58 . 2008-06-02 17:58 <DIR> d-------- C:\Program Files\AC3Filter
2008-05-28 16:52 . 2008-05-28 16:52 <DIR> d-------- C:\Program Files\Alky for Applications
2008-05-28 04:25 . 2008-05-28 04:25 <DIR> d-------- C:\Documents and Settings\brit\Application Data\vlc
2008-05-28 03:24 . 2008-05-28 03:24 <DIR> d-------- C:\Documents and Settings\brit\Application Data\DAEMON Tools
2008-05-26 20:14 . 2008-05-26 20:14 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-05-26 20:14 . 2008-05-26 20:14 <DIR> d-------- C:\WINDOWS\system32\en
2008-05-26 20:14 . 2008-05-26 20:14 <DIR> d-------- C:\WINDOWS\system32\bits
2008-05-26 20:14 . 2008-05-26 20:14 <DIR> d-------- C:\WINDOWS\l2schemas
2008-05-26 20:12 . 2008-05-26 20:12 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-05-26 18:23 . 2008-04-13 18:11 1,888,992 --a------ C:\WINDOWS\system32\ati3duag.dll
2008-05-26 17:14 . 2008-05-26 17:14 <DIR> d---s---- C:\Documents and Settings\brit\UserData
2008-05-25 14:47 . 2008-05-25 14:47 <DIR> d-------- C:\Program Files\7-Zip
2008-05-25 14:22 . 2008-05-25 14:43 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2008-05-25 14:20 . 2008-05-25 14:20 <DIR> d-------- C:\Program Files\Java
2008-05-25 14:20 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-25 14:09 . 2008-05-25 14:09 <DIR> d-------- C:\Program Files\Common Files\Java
2008-05-25 13:51 . 2008-06-19 17:12 5,883 --a------ C:\WINDOWS\system32\Config.MPF
2008-05-25 13:48 . 2008-05-25 13:48 <DIR> d-------- C:\Program Files\McAfee.com
2008-05-25 13:48 . 2008-05-26 17:39 <DIR> d-------- C:\Program Files\McAfee
2008-05-25 13:48 . 2008-05-25 13:48 <DIR> d-------- C:\Program Files\Common Files\McAfee
2008-05-25 13:48 . 2007-11-22 06:44 201,320 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2008-05-25 13:48 . 2007-07-13 06:20 113,952 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2008-05-25 13:48 . 2007-11-22 06:44 79,304 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2008-05-25 13:48 . 2007-12-02 12:51 40,488 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2008-05-25 13:48 . 2007-11-22 06:44 35,240 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2008-05-25 13:48 . 2007-11-22 06:44 33,832 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2008-05-25 13:43 . 2008-05-25 13:43 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-05-25 13:42 . 2008-06-12 23:02 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-05-25 13:42 . 2008-05-25 13:43 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-05-23 23:10 . 2006-03-20 21:23 23,040 --------- C:\WINDOWS\kb913800.exe
2008-05-23 22:57 . 2006-10-18 21:47 2,450,944 --a--c--- C:\WINDOWS\system32\dllcache\wmvcore.dll
2008-05-23 22:36 . 2008-05-23 22:36 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-05-23 22:36 . 2008-05-23 22:36 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-05-23 22:36 . 2008-05-23 22:36 <DIR> d-------- C:\Program Files\MSBuild
2008-05-23 22:35 . 2006-06-29 13:07 14,048 --a------ C:\WINDOWS\system32\spmsg2.dll
2008-05-23 22:33 . 2008-05-23 22:33 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-05-23 21:55 . 2006-12-14 07:45 981,760 --a--c--- C:\WINDOWS\system32\dllcache\mfc42u.dll
2008-05-23 17:46 . 2008-05-23 17:46 <DIR> d-------- C:\Program Files\VideoLAN
2008-05-23 16:21 . 2008-05-23 16:21 <DIR> d-------- C:\Logs
2008-05-23 07:31 . 2008-05-23 07:31 <DIR> d-------- C:\Documents and Settings\brit\Application Data\DivX
2008-05-23 07:30 . 2008-06-08 14:29 <DIR> d-------- C:\Program Files\World of Warcraft
2008-05-23 07:30 . 2008-05-23 01:54 <DIR> d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-05-23 06:59 . 2008-05-23 07:00 <DIR> d-------- C:\Documents and Settings\brit\Application Data\DAEMON Tools Pro
2008-05-23 06:51 . 2008-05-28 03:25 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-05-23 06:36 . 2008-05-23 06:36 <DIR> d-------- C:\WINDOWS\nvidia icons
2008-05-23 06:36 . 2008-05-23 06:38 <DIR> d-------- C:\WINDOWS\NV26602620.TMP
2008-05-23 06:36 . 2008-05-23 06:36 <DIR> d-------- C:\NVIDIA
2008-05-23 04:02 . 2008-05-23 04:02 <DIR> d-------- C:\69d0b1d4deb6acc068d1
2008-05-23 04:00 . 2008-05-25 13:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-05-23 03:55 . 2008-05-23 03:55 <DIR> d-------- C:\WINDOWS\system32\QuickTime
2008-05-23 03:54 . 2008-06-12 09:38 <DIR> d-------- C:\Program Files\Macromedia
2008-05-23 03:54 . 2008-06-12 09:38 <DIR> d-------- C:\Program Files\Common Files\Macromedia
2008-05-23 03:53 . 2008-06-12 09:37 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-05-23 00:04 . 2008-05-23 00:09 <DIR> d-------- C:\Half-Life 2
2008-05-23 00:01 . 2008-06-19 17:12 <DIR> d-------- C:\WINDOWS\system32\Lang
2008-05-23 00:01 . 2008-05-23 00:01 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-05-30 23:22 815,104 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-05-30 23:22 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-05-30 23:22 683,520 ----a-w C:\WINDOWS\system32\DivX.dll
2008-05-30 23:22 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-05-30 23:22 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-05-30 23:22 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-05-30 23:22 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-05-23 05:51 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-05-13 01:53 9,464 ----a-w C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-05-13 01:53 9,336 ----a-w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-05-13 01:53 43,528 ----a-w C:\WINDOWS\system32\drivers\pxhelp20.sys
2008-05-13 01:53 129,784 ----a-w C:\WINDOWS\system32\pxafs.dll
2008-05-13 01:53 120,056 ----a-w C:\WINDOWS\system32\pxcpyi64.exe
2008-05-13 01:53 118,520 ----a-w C:\WINDOWS\system32\pxinsi64.exe
2008-05-08 14:02 203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:12 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-21 06:44 666,112 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-14 11:42 985,088 ----a-w C:\WINDOWS\system32\setupapi.dll
2008-04-14 11:42 11,264 ----a-w C:\WINDOWS\system32\spnpinst.exe
2008-04-14 11:41 423,936 ----a-w C:\WINDOWS\system32\licdll.dll
2008-04-14 00:25 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-14 00:16 329,728 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 00:13 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll
2008-04-14 00:13 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll
2008-04-14 00:13 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll
2008-04-14 00:11 997,376 ----a-w C:\WINDOWS\system32\msgina.dll
2008-04-14 00:10 53,279 ----a-w C:\WINDOWS\system32\odbcji32.dll
2008-04-14 00:10 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll
2008-04-14 00:10 3,584 ----a-w C:\WINDOWS\system32\msafd.dll
2008-04-13 19:27 2,188,928 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-13 18:44 17,664 ----a-w C:\WINDOWS\system32\watchdog.sys
2008-04-13 18:43 9,728 ----a-w C:\WINDOWS\system32\comsdupd.exe
2008-04-13 18:43 12,800 ----a-w C:\WINDOWS\system32\spiisupd.exe
2008-04-13 18:31 7,424 ----a-w C:\WINDOWS\system32\kd1394.dll
2008-04-13 18:31 2,065,792 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-13 18:30 61,440 ----a-w C:\WINDOWS\system32\msvcrt40.dll
2008-04-13 18:14 76,800 ----a-w C:\WINDOWS\system32\msshavmsg.dll
2008-04-13 17:39 438,784 ----a-w C:\WINDOWS\system32\xpob2res.dll
2008-04-13 17:39 2,897,920 ----a-w C:\WINDOWS\system32\xpsp2res.dll
2008-04-13 17:39 187,392 ----a-w C:\WINDOWS\system32\xpsp1res.dll
2008-04-13 17:37 208,384 ----a-w C:\WINDOWS\system32\rsaenh.dll
2008-04-13 17:37 138,752 ----a-w C:\WINDOWS\system32\dssenh.dll
2008-04-13 17:27 79,872 ----a-w C:\WINDOWS\system32\msxml6r.dll
2008-04-13 17:26 94,208 ----a-w C:\WINDOWS\system32\odbcint.dll
2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\odbcp32r.dll
2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\mscpx32r.dll
2008-04-13 17:24 20,480 ----a-w C:\WINDOWS\system32\msorc32r.dll
2008-04-13 17:21 733,696 ----a-w C:\WINDOWS\system32\qedwipes.dll
2008-04-13 17:09 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll
2008-04-13 17:03 63,488 ----a-w C:\WINDOWS\system32\browselc.dll
2008-04-13 17:03 549,376 ----a-w C:\WINDOWS\system32\shdoclc.dll
2008-04-13 16:48 1,647,616 ----a-w C:\WINDOWS\system32\winbrand.dll
2008-04-13 16:45 216,064 ----a-w C:\WINDOWS\system32\moricons.dll
2008-04-13 16:26 56,832 ----a-w C:\WINDOWS\system32\mshtmler.dll
2008-04-13 16:23 48,128 ----a-w C:\WINDOWS\system32\msprivs.dll
2008-04-13 16:22 48,128 ----a-w C:\WINDOWS\system32\inetres.dll
2008-04-13 15:39 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll
2008-03-25 16:20 219,936 ----a-w C:\WINDOWS\system32\msltus40.dll
.

((((((((((((((((((((((((((((( snapshot@2008-06-19_17.14.23.07 )))))))))))))))))))))))))))))))))))))))))
.
+ 2001-07-14 23:32:24 69,632 ----a-w C:\WINDOWS\setupupd\temp\wsdueng.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 22:56 64512]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-02 22:46 13529088]
"ACUMon"="C:\Program Files\Cisco Systems\Aironet Client Monitor\ACUMon.exe" [2004-08-09 10:02 364544]
"RTHDCPL"="RTHDCPL.EXE" [2005-09-22 13:36 14854144 C:\WINDOWS\RTHDCPL.EXE]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-02 22:46 86016]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-11-01 19:12 582992]
"ioloDelayModule"="C:\Program Files\iolo\System Mechanic Professional 6\delay.exe" [ ]
"2417e788"="C:\WINDOWS\system32\ueufkquk.dll" [2008-06-19 15:52 79360]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [ ]
"BM2724d414"="C:\WINDOWS\system32\dfcdcoud.dll" [2008-06-19 15:49 90112]

C:\Documents and Settings\brit\Start Menu\Programs\Startup\
MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe [2008-06-12 13:06:19 547840]
PowerReg Scheduler.exe [2008-06-12 13:18:25 256000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkHAsSi]
jkkHAsSi.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mfehid k]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mfehid k.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mferkd k]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mferkd k.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mfetdi k]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mfetdi k.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\mmc.exe"=
"C:\\Half-Life 2\\hl2.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-2.4.0-enUS-downloader.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Flagship Studios\\Hellgate London\\Launcher.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Glob allyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R3 PCX500;Cisco Wireless LAN Adapters Driver;C:\WINDOWS\system32\DRIVERS\pcx500.sys [2005-04-26 15:52]

.
Contents of the 'Scheduled Tasks' folder
"2008-06-15 07:52:41 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
"2008-06-01 07:00:08 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-19 17:24:31
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-19 17:25:13
ComboFix-quarantined-files.txt 2008-06-19 23:25:09
ComboFix2.txt 2008-06-19 23:14:51

Pre-Run: 437,200,515,072 bytes free
Post-Run: 437,184,839,680 bytes free

289 --- E O F --- 2008-06-12 09:09:18

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:33:16 PM, on 6/19/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Cisco Systems\Aironet Client Monitor\ACUMon.Exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://us.mcafee.com/apps/mdm/en-US...stempopup=true
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ACUMon] "C:\Program Files\Cisco Systems\Aironet Client Monitor\ACUMon.Exe" -a
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [ioloDelayModule] C:\Program Files\iolo\System Mechanic Professional 6\delay.exe
O4 - HKLM\..\Run: [2417e788] rundll32.exe "C:\WINDOWS\system32\ueufkquk.dll",b
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [BM2724d414] Rundll32.exe "C:\WINDOWS\system32\dfcdcoud.dll",s
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Startup: PowerReg Scheduler.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: jkkHAsSi - jkkHAsSi.dll (file missing)
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PinnacleUpdate Service (PinnacleUpdateSvc) - KALiNKOsoft - C:\Program Files\KALiNKOsoft\Pinnacle Game Profiler\pinnacle_updater.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 5015 bytes

Open Notepad and copy and paste the text in the quote box below into it:

Save the file to you desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.



This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply.


Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

• Double-click ATF-Cleaner.exe to run the program.
• Under Select Files to Delete choose: Select All
• Click the Empty Selected button.

Click Exit on the Main menu to close the program.




Please download Malwarebytes Anti-Malware from Here or Here
Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform Quick Scan, then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy the entire report and paste it in your next reply with a new hijackthis log.

Extra Note:

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.




Please perform a scan with Kaspersky Webscan Online Virus Scanner

• Read the Requirements and Privacy statement, then select "Accept".
• A new window will appear promting you to install an ActiveX component from Kaspersky - "Do you want to install this software?".
• Click "Yes" or select "Install" to download the ActiveX controls that allows ActiveScan to run.
• When the download is complete it will say ready, click "Next".
• Click "Scan Settings" and check the option to use the Extended Database if available otherwise Standard).
• Click "Scan Options" and select both "Scan Archives" and "Scan Mail Bases".
• Click "OK".
• Under "Select a target to scan", click on "My Computer".
• When the scan is complete choose to save the results as "Save as Text" named kaspersky.txt to your desktop and post them in your next reply.

Kaspersky does not remove anything but will provide a log of anything it finds. On August 8th, 2006 Kaspersky updated the software used for Free Online Virus Scanner. In order to continue using the online scanner you will need to uninstall the old version (if previously used) from your Add/Remove Programs list and then install the latest version. To do this, follow the steps here and reboot afterwards if your system does not reboot automatically or it will show 'Kaspersky Online Scanner license key was not found!

ComboFix 08-06-19.1 - brit 2008-06-20 11:46:41.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1187 [GMT -6:00]
Running from: C:\Documents and Settings\brit\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\brit\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\WINDOWS\system32\dfcdcoud.dll
C:\WINDOWS\system32\kuqkfueu.ini
C:\WINDOWS\system32\ueufkquk.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BM2724d414.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\dfcdcoud.dll
C:\WINDOWS\system32\kuqkfueu.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\ueufkquk.dll

.
((((((((((((((((((((((((( Files Created from 2008-05-20 to 2008-06-20 )))))))))))))))))))))))))))))))
.

2008-06-18 15:51 . 2008-06-18 15:51 <DIR> dr-h----- C:\Documents and Settings\brit\Application Data\SecuROM
2008-06-18 15:42 . 2008-06-18 15:42 <DIR> d-------- C:\Program Files\Flagship Studios
2008-06-18 13:55 . 2008-06-18 13:55 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2008-06-18 13:49 . 2008-06-18 13:49 <DIR> d-------- C:\Program Files\KALiNKOsoft
2008-06-17 21:48 . 2008-06-17 21:48 <DIR> d-------- C:\WINDOWS\system32\xlive
2008-06-17 20:00 . 2008-06-17 20:00 <DIR> d-------- C:\Documents and Settings\brit\Application Data\iolo
2008-06-17 20:00 . 2008-06-17 20:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\iolo
2008-06-17 16:47 . 2008-06-17 16:47 <DIR> d-------- C:\Program Files\Stardock
2008-06-17 16:47 . 2003-02-26 21:27 36,864 --a------ C:\WINDOWS\system32\wbsys.dll
2008-06-17 03:45 . 2008-06-17 03:57 <DIR> d--hs---- C:\INCINERATE
2008-06-17 03:41 . 2008-06-17 03:41 265 --a------ C:\WINDOWS\SysMech6.INI
2008-06-17 00:17 . 2008-06-17 00:17 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-16 23:48 . 2008-06-16 23:48 406 --a------ C:\WINDOWS\system32\ioloBootDefrag.cfg
2008-06-16 23:37 . 2008-06-16 23:37 4,096 --a------ C:\Volume{52C8E4FE-B853-42c1-9528-92978438BBF3}_Backup
2008-06-16 23:37 . 2008-06-18 14:00 4,096 --a------ C:\Volume{52C8E4FE-B853-42c1-9528-92978438BBF3}
2008-06-16 23:37 . 2008-06-16 23:37 4,096 --a------ C:\00007E00-14CB14CB_Backup
2008-06-16 23:37 . 2008-06-18 14:00 4,096 --a------ C:\00007E00-14CB14CB
2008-06-16 23:35 . 2002-08-09 07:00 1,731,584 --a------ C:\WINDOWS\system32\XercesLib.dll
2008-06-16 23:35 . 2002-08-09 07:00 1,500,160 --a------ C:\WINDOWS\system32\CC3260MT.DLL
2008-06-16 23:35 . 2008-06-16 23:35 657,408 --a------ C:\WINDOWS\isRS-000.tmp
2008-06-16 23:35 . 2002-08-09 07:00 325,120 --a------ C:\WINDOWS\system32\xercesxmldom.dll
2008-06-16 23:34 . 2008-06-18 14:00 <DIR> d-------- C:\Program Files\iolo
2008-06-16 13:31 . 2008-06-19 15:55 <DIR> d-------- C:\Program Files\Funcom
2008-06-15 17:27 . 2008-06-15 17:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-15 16:02 . 2008-06-15 22:24 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-15 16:02 . 2008-06-15 22:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-15 01:29 . 2008-06-18 02:08 <DIR> d-------- C:\Documents and Settings\brit\Application Data\BitTorrent
2008-06-13 15:29 . 2008-06-13 15:29 <DIR> d-------- C:\WINDOWS\Sun
2008-06-13 01:08 . 2008-06-13 01:28 <DIR> d--h----- C:\Documents and Settings\All Users\Application Data\~0
2008-06-12 23:12 . 2008-06-19 04:24 <DIR> d-------- C:\Program Files\Xfire
2008-06-12 23:12 . 2008-06-17 16:42 <DIR> d-------- C:\Documents and Settings\brit\Application Data\Xfire
2008-06-12 23:09 . 2008-06-15 02:30 <DIR> d-------- C:\Documents and Settings\brit\Application Data\Aim
2008-06-12 23:08 . 2008-06-13 15:05 <DIR> d-------- C:\Program Files\Viewpoint
2008-06-12 23:08 . 2008-06-12 23:08 <DIR> d-------- C:\Program Files\AOD
2008-06-12 23:08 . 2008-06-15 02:30 <DIR> d-------- C:\Program Files\AIM
2008-06-12 23:08 . 2008-06-12 23:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-06-12 23:04 . 2008-06-12 23:04 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-06-12 23:03 . 2008-06-13 14:50 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-06-12 23:03 . 2008-06-12 23:03 22,328 --a------ C:\Documents and Settings\brit\Application Data\PnkBstrK.sys
2008-06-12 23:02 . 2008-06-13 14:50 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-06-12 23:02 . 2008-06-12 23:21 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-06-12 23:02 . 2008-06-13 15:57 319 --a------ C:\WINDOWS\game.ini
2008-06-12 22:34 . 2008-06-12 22:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trymedia
2008-06-12 17:36 . 2008-06-12 17:36 <DIR> d--h----- C:\WINDOWS\PIF
2008-06-12 11:58 . 2008-06-19 18:43 <DIR> d-------- C:\Program Files\Privacy Guardian
2008-06-12 11:58 . 2004-03-09 00:00 1,081,616 --a------ C:\WINDOWS\system32\MSCOMCTL.OCX
2008-06-12 11:58 . 2004-03-09 00:00 224,016 --a------ C:\WINDOWS\system32\TABCTL32.OCX
2008-06-12 11:58 . 2004-07-14 18:26 152,848 --a------ C:\WINDOWS\system32\comdlg32.ocx
2008-06-11 17:53 . 2008-06-11 17:53 41,296 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-06-11 16:17 . 2004-02-25 13:05 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2008-06-11 12:04 . 2008-06-12 09:34 <DIR> d-------- C:\Program Files\Frets on Fire
2008-06-11 11:56 . 2008-06-18 15:51 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-06-11 03:18 . 2008-06-12 09:34 <DIR> d-------- C:\Program Files\Doom 3
2008-06-11 03:12 . 2008-06-11 03:12 <DIR> d-------- C:\Documents and Settings\brit\Application Data\Leadertech
2008-06-11 01:50 . 2008-06-11 03:13 <DIR> d-------- C:\Program Files\Cyanide
2008-06-11 01:30 . 2008-06-11 01:30 271,360 --a------ C:\WINDOWS\system32\drivers\atksgt.sys
2008-06-11 01:30 . 2008-06-11 01:30 18,048 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys
2008-06-10 13:14 . 2008-05-08 08:02 203,136 --a--c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-06-10 13:12 . 2008-04-14 06:30 272,128 --a--c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-04 17:48 . 2008-06-18 14:04 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-06-04 17:20 . 2008-06-04 17:20 <DIR> d-------- C:\Documents and Settings\brit\Application Data\Nero
2008-06-03 01:46 . 2008-06-03 01:46 <DIR> d-------- C:\WINDOWS\system32\AGEIA
2008-06-03 01:46 . 2008-06-03 01:47 <DIR> d-------- C:\Program Files\AGEIA Technologies
2008-06-02 18:00 . 2008-06-02 18:00 <DIR> d-------- C:\Program Files\AC3File
2008-06-02 17:58 . 2008-06-02 17:58 <DIR> d-------- C:\Program Files\AC3Filter
2008-05-28 16:52 . 2008-05-28 16:52 <DIR> d-------- C:\Program Files\Alky for Applications
2008-05-28 04:25 . 2008-05-28 04:25 <DIR> d-------- C:\Documents and Settings\brit\Application Data\vlc
2008-05-28 03:24 . 2008-05-28 03:24 <DIR> d-------- C:\Documents and Settings\brit\Application Data\DAEMON Tools
2008-05-26 20:14 . 2008-05-26 20:14 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-05-26 20:14 . 2008-05-26 20:14 <DIR> d-------- C:\WINDOWS\system32\en
2008-05-26 20:14 . 2008-05-26 20:14 <DIR> d-------- C:\WINDOWS\system32\bits
2008-05-26 20:14 . 2008-05-26 20:14 <DIR> d-------- C:\WINDOWS\l2schemas
2008-05-26 20:12 . 2008-05-26 20:12 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-05-26 18:23 . 2008-04-13 18:11 1,888,992 --a------ C:\WINDOWS\system32\ati3duag.dll
2008-05-26 17:14 . 2008-05-26 17:14 <DIR> d---s---- C:\Documents and Settings\brit\UserData
2008-05-25 14:47 . 2008-05-25 14:47 <DIR> d-------- C:\Program Files\7-Zip
2008-05-25 14:22 . 2008-05-25 14:43 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2008-05-25 14:20 . 2008-05-25 14:20 <DIR> d-------- C:\Program Files\Java
2008-05-25 14:20 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-25 14:09 . 2008-05-25 14:09 <DIR> d-------- C:\Program Files\Common Files\Java
2008-05-25 13:51 . 2008-06-20 11:50 6,193 --a------ C:\WINDOWS\system32\Config.MPF
2008-05-25 13:48 . 2008-05-25 13:48 <DIR> d-------- C:\Program Files\McAfee.com
2008-05-25 13:48 . 2008-05-26 17:39 <DIR> d-------- C:\Program Files\McAfee
2008-05-25 13:48 . 2008-05-25 13:48 <DIR> d-------- C:\Program Files\Common Files\McAfee
2008-05-25 13:48 . 2007-11-22 06:44 201,320 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2008-05-25 13:48 . 2007-07-13 06:20 113,952 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2008-05-25 13:48 . 2007-11-22 06:44 79,304 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2008-05-25 13:48 . 2007-12-02 12:51 40,488 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2008-05-25 13:48 . 2007-11-22 06:44 35,240 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2008-05-25 13:48 . 2007-11-22 06:44 33,832 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2008-05-25 13:43 . 2008-05-25 13:43 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-05-25 13:42 . 2008-06-12 23:02 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-05-25 13:42 . 2008-05-25 13:43 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-05-23 23:10 . 2006-03-20 21:23 23,040 --------- C:\WINDOWS\kb913800.exe
2008-05-23 22:57 . 2006-10-18 21:47 2,450,944 --a--c--- C:\WINDOWS\system32\dllcache\wmvcore.dll
2008-05-23 22:36 . 2008-05-23 22:36 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-05-23 22:36 . 2008-05-23 22:36 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-05-23 22:36 . 2008-05-23 22:36 <DIR> d-------- C:\Program Files\MSBuild
2008-05-23 22:35 . 2006-06-29 13:07 14,048 --a------ C:\WINDOWS\system32\spmsg2.dll
2008-05-23 22:33 . 2008-05-23 22:33 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-05-23 21:55 . 2006-12-14 07:45 981,760 --a--c--- C:\WINDOWS\system32\dllcache\mfc42u.dll
2008-05-23 17:46 . 2008-05-23 17:46 <DIR> d-------- C:\Program Files\VideoLAN
2008-05-23 16:21 . 2008-05-23 16:21 <DIR> d-------- C:\Logs
2008-05-23 07:31 . 2008-05-23 07:31 <DIR> d-------- C:\Documents and Settings\brit\Application Data\DivX
2008-05-23 07:30 . 2008-06-08 14:29 <DIR> d-------- C:\Program Files\World of Warcraft
2008-05-23 07:30 . 2008-05-23 01:54 <DIR> d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-05-23 06:59 . 2008-05-23 07:00 <DIR> d-------- C:\Documents and Settings\brit\Application Data\DAEMON Tools Pro
2008-05-23 06:51 . 2008-05-28 03:25 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-05-23 06:36 . 2008-05-23 06:36 <DIR> d-------- C:\WINDOWS\nvidia icons
2008-05-23 06:36 . 2008-05-23 06:38 <DIR> d-------- C:\WINDOWS\NV26602620.TMP
2008-05-23 06:36 . 2008-05-23 06:36 <DIR> d-------- C:\NVIDIA
2008-05-23 04:02 . 2008-05-23 04:02 <DIR> d-------- C:\69d0b1d4deb6acc068d1
2008-05-23 04:00 . 2008-05-25 13:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-05-23 03:55 . 2008-05-23 03:55 <DIR> d-------- C:\WINDOWS\system32\QuickTime
2008-05-23 03:54 . 2008-06-12 09:38 <DIR> d-------- C:\Program Files\Macromedia
2008-05-23 03:54 . 2008-06-12 09:38 <DIR> d-------- C:\Program Files\Common Files\Macromedia
2008-05-23 03:53 . 2008-06-12 09:37 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-05-23 00:04 . 2008-05-23 00:09 <DIR> d-------- C:\Half-Life 2
2008-05-23 00:01 . 2008-06-20 11:50 <DIR> d-------- C:\WINDOWS\system32\Lang
2008-05-23 00:01 . 2008-05-23 00:01 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav
2008-05-23 00:01 . 2008-05-23 00:01 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav
2008-05-23 00:01 . 2008-04-13 13:17 83,072 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2008-05-23 00:01 . 2008-04-13 12:45 52,864 --a------ C:\WINDOWS\system32\drivers\dmusic.sys
2008-05-23 00:01 . 2008-04-13 12:45 6,272 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2008-05-23 00:00 . 2008-04-13 12:45 172,416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-23 05:51 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-05-13 01:53 9,464 ----a-w C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-05-13 01:53 9,336 ----a-w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-05-13 01:53 43,528 ----a-w C:\WINDOWS\system32\drivers\pxhelp20.sys
2008-05-08 14:02 203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-04-14 00:12 69,120 ----a-w C:\WINDOWS\notepad.exe
2008-04-14 00:12 50,688 ----a-w C:\WINDOWS\twain_32.dll
2008-04-14 00:12 34,816 ----a-w C:\WINDOWS\Help\sniffpol.dll
2008-04-14 00:12 33,280 ----a-w C:\WINDOWS\Help\sstub.dll
2008-04-14 00:12 32,866 ------w C:\WINDOWS\slrundll.exe
2008-04-14 00:12 283,648 ----a-w C:\WINDOWS\winhlp32.exe
2008-04-14 00:12 279,040 ----a-w C:\WINDOWS\Help\tshoot.dll
2008-04-14 00:12 146,432 ----a-w C:\WINDOWS\regedit.exe
2008-04-14 00:12 10,752 ----a-w C:\WINDOWS\hh.exe
2008-04-14 00:12 1,033,728 ----a-w C:\WINDOWS\explorer.exe
2008-04-14 00:11 451,072 ----a-w C:\WINDOWS\AppPatch\aclayers.dll
2008-04-14 00:11 39,424 ----a-w C:\WINDOWS\AppPatch\acadproc.dll
2008-04-14 00:11 245,248 ----a-w C:\WINDOWS\AppPatch\acspecfc.dll
2008-04-14 00:11 141,312 ----a-w C:\WINDOWS\AppPatch\aclua.dll
2008-04-14 00:11 116,224 ----a-w C:\WINDOWS\AppPatch\acxtrnal.dll
2008-04-14 00:11 1,852,928 ----a-w C:\WINDOWS\AppPatch\acgenral.dll
.

((((((((((((((((((((((((((((( snapshot@2008-06-19_17.14.23.07 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-19 23:12:18 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-20 17:49:47 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2001-07-14 23:32:24 69,632 ----a-w C:\WINDOWS\setupupd\temp\wsdueng.dll
- 2008-06-19 21:52:29 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-06-20 17:42:28 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-06-19 21:52:29 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-06-20 17:42:28 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 22:56 64512]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-02 22:46 13529088]
"ACUMon"="C:\Program Files\Cisco Systems\Aironet Client Monitor\ACUMon.exe" [2004-08-09 10:02 364544]
"RTHDCPL"="RTHDCPL.EXE" [2005-09-22 13:36 14854144 C:\WINDOWS\RTHDCPL.EXE]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-02 22:46 86016]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-11-01 19:12 582992]
"ioloDelayModule"="C:\Program Files\iolo\System Mechanic Professional 6\delay.exe" [ ]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [ ]

C:\Documents and Settings\brit\Start Menu\Programs\Startup\
PowerReg Scheduler.exe [2008-06-12 13:18:25 256000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mfehid k]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mfehid k.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mferkd k]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mferkd k.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mfetdi k]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mfetdi k.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\mmc.exe"=
"C:\\Half-Life 2\\hl2.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-2.4.0-enUS-downloader.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Flagship Studios\\Hellgate London\\Launcher.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Glob allyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R3 PCX500;Cisco Wireless LAN Adapters Driver;C:\WINDOWS\system32\DRIVERS\pcx500.sys [2005-04-26 15:52]

.
Contents of the 'Scheduled Tasks' folder
"2008-06-15 07:52:41 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
"2008-06-01 07:00:08 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-20 11:50:24
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\PROGRA~1\COMMON~1\McAfee\MNA\McNASvc.exe
C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
.
**************************************************************************
.
Completion time: 2008-06-20 11:52:16 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-20 17:52:11
ComboFix2.txt 2008-06-19 23:25:14
ComboFix3.txt 2008-06-19 23:14:51

Pre-Run: 437,388,328,960 bytes free
Post-Run: 437,372,801,024 bytes free

278 --- E O F --- 2008-06-12 09:09:18

Malwarebytes' Anti-Malware 1.18
Database version: 871

12:11:57 PM 6/20/2008
mbam-log-6-20-2008 (12-11-57).txt

Scan type: Quick Scan
Objects scanned: 38174
Time elapsed: 14 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:13:20 PM, on 6/20/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Cisco Systems\Aironet Client Monitor\ACUMon.Exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://us.mcafee.com/apps/mdm/en-US...stempopup=true
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ACUMon] "C:\Program Files\Cisco Systems\Aironet Client Monitor\ACUMon.Exe" -a
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [ioloDelayModule] C:\Program Files\iolo\System Mechanic Professional 6\delay.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - Startup: PowerReg Scheduler.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PinnacleUpdate Service (PinnacleUpdateSvc) - KALiNKOsoft - C:\Program Files\KALiNKOsoft\Pinnacle Game Profiler\pinnacle_updater.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 4617 bytes

Those look good. Still running Kaspersky?

yep

Sunday, June 22, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, June 22, 2008 08:38:20
Records in database: 880089

Scan settings Scan using the following database extended Scan archives yes Scan mail databases yes
Scan area My Computer C:\
D:\
E:\
H:\
I:\
J:\
K:\
L:\
Scan statistics Files scanned 115792 Threat name 1 Infected objects 1 Suspicious objects 0 Duration of the scan 10:37:56
File name Threat name Threats count L:\New Folder\Nero-8.2.8.0_eng_trial.exeInfected: not-a-virus:AdTool.Win32.MyWebSearch.bm1

The selected area was scanned.