[Just_A_Chicky]

I honestly dont know if I am posting this in the right area or if this has been discussed already (this place has a ton of info)...
System Info from control panel so you have an idea what the pc is:

Intel Pentium Dual Cpu
e2180 @ 2.00 ghz
2.0 ghz , 2.75 gb Ram (would think PLENTY of ram)

Obviously since I am here and posting in your forum I am having some major computer issues..
Long story short. I was on facebook the other night and in applications and a page came up about a virus (Suspect it is malware but cant find it) ..

I happen to be a bit of a good times gamer and yet now whenever I try and load up second life now , I get the blue screen of death. It gets to logging into world and then codes me with the blue screen and

STOP: 0x0000008e which I have read refers to not enough ram. It also has some other codes which it flips to quick to grab , and I am unable to get them off that computer and onto this one since when I tried both ways of the cmd and option 2 under blue screen , it is a no go.

I have tried running adware-2009 and it says I have something malicious running in the background (presume that its sucking UP my Ram) ...and yet it wont go get whatever it is.

Also after it reboots it will NOT let my Mcafee data back up run , it asks to terminate it under process ide=0x9c(156) says debugging as well ?? Whatever this is, it also appears to hate Yahoo Messanger as it makes it error while the computer is reloading..

It always tells me Microsoft has just recovered from a serious error then gives a error signature which may or may not help ...

BCCode : 1000008e BCP1 : C0000005 BCP2 : B6E9838D BCP3 : B69A014C
BCP4 : 00000000 OSVer : 5_1_2600 SP : 3_0 Product : 768_1

Also when I send Microsoft the error it says something about possibly needing to update bios.. Why would that be does anyone know ??

Can someone help me so I can get back to playing on my beloved pc and not have an expensive paperweight please ?

edited for spelling errors and to add more info

Edited by Just_A_Chicky, 16 June 2009 - 10:55 AM.

[Advertisements]

Just went and and the combo-fix and it came up with this ... someone make heads or tails of it ??

ComboFix 09-06-15.07 - DBDarkside 06/16/2009 11:14.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2814.2365 [GMT -5:00]
Running from: c:\documents and settings\DBDarkside\Desktop\Combo-Fix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Adware Professional
c:\windows\system32\drivers\UACealcnjctqrpoirl.sys
c:\windows\system32\UACasegnoxjkngcdni.log
c:\windows\system32\UACfmpwncowvqobdao.dll
c:\windows\system32\UACjenopsieeoykayt.dll
c:\windows\system32\UAClkqbkoqeqlwtjuv.dll
c:\windows\system32\UACmpkrdmxfemnketa.dll
c:\windows\system32\UACphoeoihgxocdwtf.log
c:\windows\system32\UACrdspveawiugurqd.dat
c:\windows\system32\UACvkkodgakeipeawk.log
c:\windows\system32\UACxgbdsmtumylkxxu.dll
c:\program files\Adware Professional\noadware4_061509.na
c:\program files\Uninstall Fun Web Products.dll
c:\windows\system32\drivers\UACealcnjctqrpoirl.sys
c:\windows\system32\hljwugsf.bin
c:\windows\system32\UACasegnoxjkngcdni.log
c:\windows\system32\UACfmpwncowvqobdao.dll
c:\windows\system32\uacinit.dll
c:\windows\system32\UACjenopsieeoykayt.dll
c:\windows\system32\UAClkqbkoqeqlwtjuv.dll
c:\windows\system32\UACmpkrdmxfemnketa.dll
c:\windows\system32\UACphoeoihgxocdwtf.log
c:\windows\system32\UACrdspveawiugurqd.dat
c:\windows\system32\UACvkkodgakeipeawk.log
c:\windows\system32\UACxgbdsmtumylkxxu.dll
c:\windows\system32\xvyu5i4c.exe.a_a
d:\recycled\Dd2\The Sims\GameData\Skins\B004FaFitMed_DC_GliterGlamour.bmp
d:\recycled\Dd2\The Sims\GameData\Skins\B004FaFitMed_DG_BlueGlamour.bmp
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_UACd.sys
-------\Legacy_MYWEBSEARCHSERVICE
-------\Legacy_NEW_DRV
-------\Service_MyWebSearchService

((((((((((((((((((((((((( Files Created from 2009-05-16 to 2009-06-16 )))))))))))))))))))))))))))))))
.
2009-06-16 00:02 . 2009-06-16 15:28 -------- d-----w- c:\program files\Lavasoft
2009-06-16 00:02 . 2009-06-16 00:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-06-15 21:51 . 2009-06-15 22:05 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-06-14 23:30 . 2009-06-15 00:37 -------- d-----w- C:\Netgear
2009-06-14 03:55 . 2009-06-14 04:30 -------- d-----w- c:\program files\Netcom3
2009-06-14 03:15 . 2009-06-14 03:15 152576 ----a-w- c:\documents and settings\DBDarkside\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-06-11 00:33 . 2009-06-11 00:33 -------- d-----w- c:\documents and settings\DBDarkside\Application Data\CupcakeCafe
2009-06-11 00:32 . 2009-06-11 00:32 -------- d-----w- c:\program files\Jessica's Cupcake Cafe
2009-06-06 05:55 . 2009-06-06 05:56 -------- d-----w- c:\documents and settings\DBDarkside\Application Data\OpenLife
2009-06-06 05:54 . 2009-06-06 05:55 -------- d-----w- c:\program files\Openlife R16-4
2009-05-30 18:58 . 2009-05-30 18:58 -------- d-----w- c:\documents and settings\DBDarkside\Application Data\Mean Hamster
2009-05-30 18:58 . 2009-05-30 18:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Mean Hamster
2009-05-30 18:58 . 2009-05-30 18:58 -------- d-----w- c:\program files\Ye Olde Sandwich Shoppe
2009-05-18 18:37 . 2009-05-29 19:30 -------- d-----w- c:\program files\OnRez
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-16 15:52 . 2008-08-28 02:50 -------- d-----w- c:\documents and settings\All Users\Application Data\GoBit Games
2009-06-16 13:52 . 2008-04-30 13:32 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-15 21:31 . 2008-03-17 23:44 -------- d-----w- c:\program files\Winamp Remote
2009-06-14 08:06 . 2008-06-06 22:10 -------- d-----w- c:\program files\Google
2009-06-14 04:49 . 2008-09-28 01:10 -------- d-----w- c:\program files\EA GAMES
2009-06-14 04:48 . 2008-06-25 01:16 -------- d-----w- c:\program files\Shockwave.com
2009-06-14 04:48 . 2008-09-23 15:11 -------- d-----w- c:\program files\RealArcade
2009-06-14 04:43 . 2008-07-11 00:01 -------- d-----w- c:\program files\Oberon Media
2009-06-14 03:16 . 2008-04-06 22:49 -------- d-----w- c:\program files\Java
2009-06-14 02:52 . 2008-05-10 21:11 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-14 02:50 . 2008-05-10 21:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-11 23:51 . 2008-09-10 23:26 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2009-06-11 03:23 . 2008-04-30 13:29 -------- d-----w- c:\documents and settings\All Users\Application Data\BigFishGamesCache
2009-06-10 17:37 . 2008-03-19 04:37 -------- d--h--w- c:\documents and settings\DBDarkside\Application Data\OnRez
2009-06-09 14:59 . 2008-03-04 21:54 -------- d-----w- c:\documents and settings\DBDarkside\Application Data\SecondLife
2009-05-30 18:57 . 2008-04-30 13:29 -------- d-----w- c:\program files\bfgclient
2009-05-22 19:22 . 2008-07-06 22:42 -------- d--h--w- c:\documents and settings\DBDarkside\Application Data\LimeWire
2009-05-08 03:27 . 2009-05-08 03:27 -------- d-----w- c:\program files\Virtual Families
2009-05-07 15:32 . 2004-08-04 12:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-30 08:00 . 2008-03-02 15:23 25608 ----a-w- c:\documents and settings\DBDarkside\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-29 23:56 . 2008-03-04 21:53 -------- d-----w- c:\program files\SecondLife
2009-04-29 04:56 . 2004-08-04 12:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2004-08-04 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-27 18:56 . 2009-04-27 18:53 -------- d-----w- c:\program files\MSECache
2009-04-19 18:16 . 2008-03-02 15:06 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-04-19 03:47 . 2009-03-08 04:04 -------- d-----w- c:\program files\McAfee
2009-04-17 12:26 . 2004-08-04 12:00 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-08-04 12:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-10 16:01 . 2009-04-10 16:01 884640 ----a-w- c:\program files\tokoroten107.zip
2009-04-10 14:03 . 2008-03-04 00:35 10466656 ----a-w- c:\program files\winzip111.exe
2009-04-10 14:02 . 2009-04-10 14:02 884960 ----a-w- c:\program files\rokuro102.zip
2009-03-25 16:06 . 2009-03-08 04:05 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-03-25 16:06 . 2009-03-08 04:05 79880 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-03-25 16:06 . 2009-03-08 04:05 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-03-25 16:06 . 2009-01-09 18:03 214024 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-03-25 16:05 . 2009-03-08 03:56 34216 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-03-25 16:00 . 2008-07-06 22:41 16509288 ----a-w- c:\program files\LimeWireWin.exe
2008-12-19 23:38 . 2008-12-19 22:52 49426923 ----a-w- c:\program files\sims2ep5_patch_cd.exe
2008-12-19 23:36 . 2008-12-19 23:36 50666421 ----a-w- c:\program files\sims2ep5_patch_dd.exe
2008-12-19 23:00 . 2008-12-19 23:00 71656960 ----a-w- c:\program files\180.48_geforce_winxp_32bit_english_whql.exe
2008-12-08 04:03 . 2008-12-08 04:02 437168 ----a-w- c:\program files\msgr9us.exe
2008-08-03 23:23 . 2008-08-03 23:23 4248706 ----a-w- c:\program files\wlite125.exe
2008-07-28 22:50 . 2008-07-28 22:50 14321360 ----a-w- c:\program files\InstallAdventureInlay.exe
2008-07-28 01:37 . 2008-07-28 01:37 95992680 ----a-w- c:\program files\col18696.exe
2008-07-25 21:21 . 2008-07-25 21:21 27656400 ----a-w- c:\program files\InstallVirtualFarm.exe
2008-07-24 03:17 . 2008-07-24 03:17 20143320 ----a-w- c:\program files\InstallTradewindsLegends.exe
2008-07-24 03:08 . 2008-07-24 03:08 50876104 ----a-w- c:\program files\InstallBloodTies.exe
2008-07-24 03:07 . 2008-07-24 03:07 90076872 ----a-w- c:\program files\InstallTheClumsys.exe
2008-07-23 02:29 . 2008-07-23 02:29 62559440 ----a-w- c:\program files\InstallGardenDefense.exe
2008-07-23 02:26 . 2008-07-23 02:26 22737200 ----a-w- c:\program files\InstallSpongeBobDinerDash2.exe
2008-07-22 17:40 . 2008-07-22 17:40 25854712 ----a-w- c:\program files\InstallChocolatier2.exe
2008-07-21 18:06 . 2008-07-21 18:06 35876568 ----a-w- c:\program files\InstallJoJosFashionShow.exe
2008-07-20 00:14 . 2008-07-20 00:14 41303256 ----a-w- c:\program files\InstallFashionSolitaire.exe
2008-07-19 22:30 . 2008-07-19 22:30 24525512 ----a-w- c:\program files\InstallNannyMania.exe
2008-07-19 00:54 . 2008-07-19 00:54 27847384 ----a-w- c:\program files\InstallCaribbeanHideaway.exe
2008-07-18 22:52 . 2008-07-18 22:52 24665824 ----a-w- c:\program files\InstallRainforestAdventure.exe
2008-07-17 06:15 . 2008-07-17 06:15 20789448 ----a-w- c:\program files\InstallCiaoBella.exe
2008-07-17 02:37 . 2008-07-17 02:37 51790584 ----a-w- c:\program files\InstallVirtualVillagersTheSecretCity.exe
2008-07-17 00:16 . 2008-07-17 00:16 29064432 ----a-w- c:\program files\InstallHiddenWonders.exe
2008-07-16 22:32 . 2008-07-16 22:31 25989352 ----a-w- c:\program files\InstallGoldRush.exe
2008-07-16 21:44 . 2008-07-16 21:44 15781624 ----a-w- c:\program files\InstallSuperGranny2.exe
2008-07-15 01:19 . 2008-07-15 01:19 22127816 ----a-w- c:\program files\InstallMagicFarm.exe
2008-07-14 23:41 . 2008-07-14 23:41 26170088 ----a-w- c:\program files\InstallDinerDashHometownHero.exe
2008-07-14 23:40 . 2008-07-14 23:20 39076560 ----a-w- c:\program files\InstallGo-GoGourmet.exe
2008-07-14 23:20 . 2008-07-14 23:20 56587984 ----a-w- c:\program files\InstallCookingAcademy.exe
2008-07-14 04:05 . 2008-07-14 04:05 33066704 ----a-w- c:\program files\InstallPlantTycoon.exe
2008-07-12 18:55 . 2008-07-12 18:54 45946056 ----a-w- c:\program files\InstallRanchRush.exe
2008-07-12 17:36 . 2008-07-12 17:35 34449608 ----a-w- c:\program files\InstallSallysSpa.exe
2008-07-12 04:37 . 2008-07-12 04:37 61444304 ----a-w- c:\program files\InstallBuild-a-lot2.exe
2008-07-12 04:36 . 2008-07-12 04:36 35924176 ----a-w- c:\program files\InstallBuildinTime.exe
2008-07-11 00:01 . 2008-07-11 00:01 37011288 ----a-w- c:\program files\Fishdom-setup.exe
2008-07-07 17:51 . 2008-07-07 17:51 103536 ----a-w- c:\program files\bigfishgames_p17696246_s1_l1.exe
2008-05-24 16:35 . 2008-05-24 16:35 103536 ----a-w- c:\program files\bigfishgames_p14104586_s1_l1.exe
2008-05-10 23:28 . 2008-05-10 23:28 6039048 ----a-w- c:\program files\Firefox Setup 2.0.0.14.exe
2008-05-10 21:42 . 2008-05-10 21:42 47787248 ----a-w- c:\program files\avg_free_stf_en_8_100a1295.exe
2008-05-10 21:10 . 2008-05-10 21:10 9722720 ----a-w- c:\program files\spybotsd152.exe
2008-04-30 14:35 . 2008-04-30 14:34 103536 ----a-w- c:\program files\bigfishgames_p8773104_s1_l1.exe
2008-04-30 13:29 . 2008-04-30 13:29 0 ----a-w- c:\program files\temp01
2008-04-17 15:05 . 2008-04-17 15:05 36645913 ----a-w- c:\program files\Second_Life_1-19-1-4_Setup.exe
2008-04-06 22:48 . 2008-04-06 22:48 247608 ----a-w- c:\program files\jre-1_5_0_07-windows-i586-p-iftw.exe
2008-03-19 04:37 . 2008-03-19 04:37 43483929 ----a-w- c:\program files\OnRez 1-18-5-3-1 CSI Setup.exe
2008-03-18 22:31 . 2008-03-18 22:31 59163944 ----a-w- c:\program files\iTunesSetup.exe
2008-03-04 21:53 . 2008-03-04 21:53 35982607 ----a-w- c:\program files\Second_Life_1-19-0-5_Setup.exe
2008-03-04 12:57 . 2008-03-04 12:57 445976 ----a-w- c:\program files\msgr8us.exe
2008-09-15 02:29 . 2008-05-10 23:29 67696 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2008-09-15 02:29 . 2008-05-10 23:29 54376 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2008-09-15 02:29 . 2008-05-10 23:29 34952 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2008-09-15 02:29 . 2008-05-10 23:29 46720 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2008-09-15 02:29 . 2008-05-10 23:29 172144 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2008-08-01 1103216]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Orb"="c:\program files\Winamp Remote\bin\OrbTray.exe" [2008-01-07 495616]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-18 13680640]
"WatchDog"="c:\program files\mobile PhoneTools\WatchDog.exe" [2004-08-14 36864]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-01-15 37376]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-11-01 32768]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-01-09 645328]
"McENUI"="c:\progra~2\McAfee\MHN\McENUI.exe" [2009-01-09 1176808]
"McAfee Backup"="c:\program files\McAfee\MBK\McAfeeDataBackup.exe" [2009-01-09 5134864]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-11 342312]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-18 86016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-02-26 16125440]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-17 2879488]
"nwiz"="nwiz.exe" - c:\windows\SYSTEM32\nwiz.exe [2009-02-18 1657376]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-9-4 65588]
Microsoft Works Calendar Reminders.lnk - c:\program files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [1999-9-4 53317]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mfehidk.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mferkdk.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Sierra\\FEAR\\FEAR.exe"=
"c:\\Program Files\\Sierra\\FEAR\\FEARMP.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Sierra Entertainment\\FEAR Perseus Mandate\\FEARXP2.exe"=
"c:\\Program Files\\SecondLife\\SecondLife.exe"=
"c:\\Program Files\\Spybot - Search & Destroy\\SpybotSD.exe"=
"c:\\Program Files\\SecondLife\\SLVoice.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [3/7/2009 11:07 PM 210216]
S3 FIXUSTOR;FIXUSTOR;c:\windows\SYSTEM32\DRIVERS\fixustor.sys [4/19/2009 1:13 PM 12416]
S3 samhid;samhid;c:\windows\SYSTEM32\DRIVERS\Samhid.sys [3/10/2008 4:29 PM 7548]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
2009-06-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 18:34]
2009-06-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~2\mcafee\mqc\QcConsol.exe [2009-03-08 16:53]
2009-06-01 c:\windows\Tasks\McQcTask.job
- c:\progra~2\mcafee\mqc\QcConsol.exe [2009-03-08 16:53]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-wblogon - c:\windows\system32\algg.exe
HKCU-Run-Netcom3 PC Cleaner - c:\program files\Netcom3\Netcom3 PC Cleaner.exe
SafeBoot-mfehidk
SafeBoot-mferkdk
SafeBoot-mfetdik
SafeBoot-mfetdik.sys

.
------- Supplementary Scan -------
.
uLocal Page = \blank.htm
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://windowsisearch.com/search?q={searchTerms}
uDefault_Search_URL = hxxp://windowsisearch.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
mSearchMigratedDefaultURL = hxxp://windowsisearch.com/search?q={searchTerms}
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
mSearchURL = hxxp://windowsisearch.com
IE: Add to AMV Convert Tool... - c:\program files\MP3 Player Utilities 3.81\AMVConverter\grab.html
IE: Add to Media Manager... - c:\program files\MP3 Player Utilities 3.81\MediaManager\grab.html
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
Trusted Zone: babycenter.com\community
Trusted Zone: onlinecardaccess.com\www
DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
DPF: {4DCA1E08-4147-4A3D-8CA6-E095DF189FAB}
DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429}
DPF: {E41BA393-9078-424E-9554-9DB5126F5F4C}
FF - ProfilePath -
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-16 11:33
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1123561945-1454471165-725345543-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:05,31,f4,9d,d7,a7,c0,38,97,de,00,eb,b0,01,ae,4a,23,b2,5e,00,c2,d9,0c,
0f,e0,39,43,ae,bd,8a,d5,4c,65,5b,e3,f8,3a,05,01,f0,5b,eb,34,f4,59,8a,58,96,\
"??"=hex:2f,68,80,ec,12,22,24,f2,9e,b8,fe,21,a4,97,8a,7e
[HKEY_USERS\S-1-5-21-1123561945-1454471165-725345543-1004\Software\SecuROM\License information*]
"datasecu"=hex:b7,94,0e,80,a5,77,f3,80,60,db,3e,35,94,58,60,ab,89,e2,35,4d,53,
3d,21,7c,94,09,05,18,49,1c,06,b9,e9,54,80,de,a0,e0,90,3a,8e,d3,fd,c4,92,61,\
"rkeysecu"=hex:4d,e4,55,14,97,fb,75,c3,9a,02,6e,ec,1e,b5,df,43
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(732)
c:\windows\system32\nvappfilter.dll
- - - - - - - > 'explorer.exe'(1728)
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SYSTEM32\brss01a.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\SYSTEM32\nvsvc32.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
c:\windows\SYSTEM32\rundll32.exe
c:\program files\Winamp Remote\bin\Orb.exe
c:\windows\SYSTEM32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2009-06-16 11:43 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-16 16:43
Pre-Run: 172,201,076,224 bytes free
Post-Run: 172,420,199,424 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
318 --- E O F --- 2009-06-16 05:20

[Just_A_Chicky]

Just went and and the combo-fix and it came up with this ... someone make heads or tails of it ??

ComboFix 09-06-15.07 - DBDarkside 06/16/2009 11:14.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2814.2365 [GMT -5:00]
Running from: c:\documents and settings\DBDarkside\Desktop\Combo-Fix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Adware Professional
c:\windows\system32\drivers\UACealcnjctqrpoirl.sys
c:\windows\system32\UACasegnoxjkngcdni.log
c:\windows\system32\UACfmpwncowvqobdao.dll
c:\windows\system32\UACjenopsieeoykayt.dll
c:\windows\system32\UAClkqbkoqeqlwtjuv.dll
c:\windows\system32\UACmpkrdmxfemnketa.dll
c:\windows\system32\UACphoeoihgxocdwtf.log
c:\windows\system32\UACrdspveawiugurqd.dat
c:\windows\system32\UACvkkodgakeipeawk.log
c:\windows\system32\UACxgbdsmtumylkxxu.dll
c:\program files\Adware Professional\noadware4_061509.na
c:\program files\Uninstall Fun Web Products.dll
c:\windows\system32\drivers\UACealcnjctqrpoirl.sys
c:\windows\system32\hljwugsf.bin
c:\windows\system32\UACasegnoxjkngcdni.log
c:\windows\system32\UACfmpwncowvqobdao.dll
c:\windows\system32\uacinit.dll
c:\windows\system32\UACjenopsieeoykayt.dll
c:\windows\system32\UAClkqbkoqeqlwtjuv.dll
c:\windows\system32\UACmpkrdmxfemnketa.dll
c:\windows\system32\UACphoeoihgxocdwtf.log
c:\windows\system32\UACrdspveawiugurqd.dat
c:\windows\system32\UACvkkodgakeipeawk.log
c:\windows\system32\UACxgbdsmtumylkxxu.dll
c:\windows\system32\xvyu5i4c.exe.a_a
d:\recycled\Dd2\The Sims\GameData\Skins\B004FaFitMed_DC_GliterGlamour.bmp
d:\recycled\Dd2\The Sims\GameData\Skins\B004FaFitMed_DG_BlueGlamour.bmp
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_UACd.sys
-------\Legacy_MYWEBSEARCHSERVICE
-------\Legacy_NEW_DRV
-------\Service_MyWebSearchService

((((((((((((((((((((((((( Files Created from 2009-05-16 to 2009-06-16 )))))))))))))))))))))))))))))))
.
2009-06-16 00:02 . 2009-06-16 15:28 -------- d-----w- c:\program files\Lavasoft
2009-06-16 00:02 . 2009-06-16 00:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-06-15 21:51 . 2009-06-15 22:05 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-06-14 23:30 . 2009-06-15 00:37 -------- d-----w- C:\Netgear
2009-06-14 03:55 . 2009-06-14 04:30 -------- d-----w- c:\program files\Netcom3
2009-06-14 03:15 . 2009-06-14 03:15 152576 ----a-w- c:\documents and settings\DBDarkside\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-06-11 00:33 . 2009-06-11 00:33 -------- d-----w- c:\documents and settings\DBDarkside\Application Data\CupcakeCafe
2009-06-11 00:32 . 2009-06-11 00:32 -------- d-----w- c:\program files\Jessica's Cupcake Cafe
2009-06-06 05:55 . 2009-06-06 05:56 -------- d-----w- c:\documents and settings\DBDarkside\Application Data\OpenLife
2009-06-06 05:54 . 2009-06-06 05:55 -------- d-----w- c:\program files\Openlife R16-4
2009-05-30 18:58 . 2009-05-30 18:58 -------- d-----w- c:\documents and settings\DBDarkside\Application Data\Mean Hamster
2009-05-30 18:58 . 2009-05-30 18:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Mean Hamster
2009-05-30 18:58 . 2009-05-30 18:58 -------- d-----w- c:\program files\Ye Olde Sandwich Shoppe
2009-05-18 18:37 . 2009-05-29 19:30 -------- d-----w- c:\program files\OnRez
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-16 15:52 . 2008-08-28 02:50 -------- d-----w- c:\documents and settings\All Users\Application Data\GoBit Games
2009-06-16 13:52 . 2008-04-30 13:32 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-15 21:31 . 2008-03-17 23:44 -------- d-----w- c:\program files\Winamp Remote
2009-06-14 08:06 . 2008-06-06 22:10 -------- d-----w- c:\program files\Google
2009-06-14 04:49 . 2008-09-28 01:10 -------- d-----w- c:\program files\EA GAMES
2009-06-14 04:48 . 2008-06-25 01:16 -------- d-----w- c:\program files\Shockwave.com
2009-06-14 04:48 . 2008-09-23 15:11 -------- d-----w- c:\program files\RealArcade
2009-06-14 04:43 . 2008-07-11 00:01 -------- d-----w- c:\program files\Oberon Media
2009-06-14 03:16 . 2008-04-06 22:49 -------- d-----w- c:\program files\Java
2009-06-14 02:52 . 2008-05-10 21:11 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-14 02:50 . 2008-05-10 21:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-11 23:51 . 2008-09-10 23:26 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2009-06-11 03:23 . 2008-04-30 13:29 -------- d-----w- c:\documents and settings\All Users\Application Data\BigFishGamesCache
2009-06-10 17:37 . 2008-03-19 04:37 -------- d--h--w- c:\documents and settings\DBDarkside\Application Data\OnRez
2009-06-09 14:59 . 2008-03-04 21:54 -------- d-----w- c:\documents and settings\DBDarkside\Application Data\SecondLife
2009-05-30 18:57 . 2008-04-30 13:29 -------- d-----w- c:\program files\bfgclient
2009-05-22 19:22 . 2008-07-06 22:42 -------- d--h--w- c:\documents and settings\DBDarkside\Application Data\LimeWire
2009-05-08 03:27 . 2009-05-08 03:27 -------- d-----w- c:\program files\Virtual Families
2009-05-07 15:32 . 2004-08-04 12:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-30 08:00 . 2008-03-02 15:23 25608 ----a-w- c:\documents and settings\DBDarkside\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-29 23:56 . 2008-03-04 21:53 -------- d-----w- c:\program files\SecondLife
2009-04-29 04:56 . 2004-08-04 12:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2004-08-04 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-27 18:56 . 2009-04-27 18:53 -------- d-----w- c:\program files\MSECache
2009-04-19 18:16 . 2008-03-02 15:06 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-04-19 03:47 . 2009-03-08 04:04 -------- d-----w- c:\program files\McAfee
2009-04-17 12:26 . 2004-08-04 12:00 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-08-04 12:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-10 16:01 . 2009-04-10 16:01 884640 ----a-w- c:\program files\tokoroten107.zip
2009-04-10 14:03 . 2008-03-04 00:35 10466656 ----a-w- c:\program files\winzip111.exe
2009-04-10 14:02 . 2009-04-10 14:02 884960 ----a-w- c:\program files\rokuro102.zip
2009-03-25 16:06 . 2009-03-08 04:05 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-03-25 16:06 . 2009-03-08 04:05 79880 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-03-25 16:06 . 2009-03-08 04:05 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-03-25 16:06 . 2009-01-09 18:03 214024 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-03-25 16:05 . 2009-03-08 03:56 34216 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-03-25 16:00 . 2008-07-06 22:41 16509288 ----a-w- c:\program files\LimeWireWin.exe
2008-12-19 23:38 . 2008-12-19 22:52 49426923 ----a-w- c:\program files\sims2ep5_patch_cd.exe
2008-12-19 23:36 . 2008-12-19 23:36 50666421 ----a-w- c:\program files\sims2ep5_patch_dd.exe
2008-12-19 23:00 . 2008-12-19 23:00 71656960 ----a-w- c:\program files\180.48_geforce_winxp_32bit_english_whql.exe
2008-12-08 04:03 . 2008-12-08 04:02 437168 ----a-w- c:\program files\msgr9us.exe
2008-08-03 23:23 . 2008-08-03 23:23 4248706 ----a-w- c:\program files\wlite125.exe
2008-07-28 22:50 . 2008-07-28 22:50 14321360 ----a-w- c:\program files\InstallAdventureInlay.exe
2008-07-28 01:37 . 2008-07-28 01:37 95992680 ----a-w- c:\program files\col18696.exe
2008-07-25 21:21 . 2008-07-25 21:21 27656400 ----a-w- c:\program files\InstallVirtualFarm.exe
2008-07-24 03:17 . 2008-07-24 03:17 20143320 ----a-w- c:\program files\InstallTradewindsLegends.exe
2008-07-24 03:08 . 2008-07-24 03:08 50876104 ----a-w- c:\program files\InstallBloodTies.exe
2008-07-24 03:07 . 2008-07-24 03:07 90076872 ----a-w- c:\program files\InstallTheClumsys.exe
2008-07-23 02:29 . 2008-07-23 02:29 62559440 ----a-w- c:\program files\InstallGardenDefense.exe
2008-07-23 02:26 . 2008-07-23 02:26 22737200 ----a-w- c:\program files\InstallSpongeBobDinerDash2.exe
2008-07-22 17:40 . 2008-07-22 17:40 25854712 ----a-w- c:\program files\InstallChocolatier2.exe
2008-07-21 18:06 . 2008-07-21 18:06 35876568 ----a-w- c:\program files\InstallJoJosFashionShow.exe
2008-07-20 00:14 . 2008-07-20 00:14 41303256 ----a-w- c:\program files\InstallFashionSolitaire.exe
2008-07-19 22:30 . 2008-07-19 22:30 24525512 ----a-w- c:\program files\InstallNannyMania.exe
2008-07-19 00:54 . 2008-07-19 00:54 27847384 ----a-w- c:\program files\InstallCaribbeanHideaway.exe
2008-07-18 22:52 . 2008-07-18 22:52 24665824 ----a-w- c:\program files\InstallRainforestAdventure.exe
2008-07-17 06:15 . 2008-07-17 06:15 20789448 ----a-w- c:\program files\InstallCiaoBella.exe
2008-07-17 02:37 . 2008-07-17 02:37 51790584 ----a-w- c:\program files\InstallVirtualVillagersTheSecretCity.exe
2008-07-17 00:16 . 2008-07-17 00:16 29064432 ----a-w- c:\program files\InstallHiddenWonders.exe
2008-07-16 22:32 . 2008-07-16 22:31 25989352 ----a-w- c:\program files\InstallGoldRush.exe
2008-07-16 21:44 . 2008-07-16 21:44 15781624 ----a-w- c:\program files\InstallSuperGranny2.exe
2008-07-15 01:19 . 2008-07-15 01:19 22127816 ----a-w- c:\program files\InstallMagicFarm.exe
2008-07-14 23:41 . 2008-07-14 23:41 26170088 ----a-w- c:\program files\InstallDinerDashHometownHero.exe
2008-07-14 23:40 . 2008-07-14 23:20 39076560 ----a-w- c:\program files\InstallGo-GoGourmet.exe
2008-07-14 23:20 . 2008-07-14 23:20 56587984 ----a-w- c:\program files\InstallCookingAcademy.exe
2008-07-14 04:05 . 2008-07-14 04:05 33066704 ----a-w- c:\program files\InstallPlantTycoon.exe
2008-07-12 18:55 . 2008-07-12 18:54 45946056 ----a-w- c:\program files\InstallRanchRush.exe
2008-07-12 17:36 . 2008-07-12 17:35 34449608 ----a-w- c:\program files\InstallSallysSpa.exe
2008-07-12 04:37 . 2008-07-12 04:37 61444304 ----a-w- c:\program files\InstallBuild-a-lot2.exe
2008-07-12 04:36 . 2008-07-12 04:36 35924176 ----a-w- c:\program files\InstallBuildinTime.exe
2008-07-11 00:01 . 2008-07-11 00:01 37011288 ----a-w- c:\program files\Fishdom-setup.exe
2008-07-07 17:51 . 2008-07-07 17:51 103536 ----a-w- c:\program files\bigfishgames_p17696246_s1_l1.exe
2008-05-24 16:35 . 2008-05-24 16:35 103536 ----a-w- c:\program files\bigfishgames_p14104586_s1_l1.exe
2008-05-10 23:28 . 2008-05-10 23:28 6039048 ----a-w- c:\program files\Firefox Setup 2.0.0.14.exe
2008-05-10 21:42 . 2008-05-10 21:42 47787248 ----a-w- c:\program files\avg_free_stf_en_8_100a1295.exe
2008-05-10 21:10 . 2008-05-10 21:10 9722720 ----a-w- c:\program files\spybotsd152.exe
2008-04-30 14:35 . 2008-04-30 14:34 103536 ----a-w- c:\program files\bigfishgames_p8773104_s1_l1.exe
2008-04-30 13:29 . 2008-04-30 13:29 0 ----a-w- c:\program files\temp01
2008-04-17 15:05 . 2008-04-17 15:05 36645913 ----a-w- c:\program files\Second_Life_1-19-1-4_Setup.exe
2008-04-06 22:48 . 2008-04-06 22:48 247608 ----a-w- c:\program files\jre-1_5_0_07-windows-i586-p-iftw.exe
2008-03-19 04:37 . 2008-03-19 04:37 43483929 ----a-w- c:\program files\OnRez 1-18-5-3-1 CSI Setup.exe
2008-03-18 22:31 . 2008-03-18 22:31 59163944 ----a-w- c:\program files\iTunesSetup.exe
2008-03-04 21:53 . 2008-03-04 21:53 35982607 ----a-w- c:\program files\Second_Life_1-19-0-5_Setup.exe
2008-03-04 12:57 . 2008-03-04 12:57 445976 ----a-w- c:\program files\msgr8us.exe
2008-09-15 02:29 . 2008-05-10 23:29 67696 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2008-09-15 02:29 . 2008-05-10 23:29 54376 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2008-09-15 02:29 . 2008-05-10 23:29 34952 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2008-09-15 02:29 . 2008-05-10 23:29 46720 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2008-09-15 02:29 . 2008-05-10 23:29 172144 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2008-08-01 1103216]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Orb"="c:\program files\Winamp Remote\bin\OrbTray.exe" [2008-01-07 495616]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-18 13680640]
"WatchDog"="c:\program files\mobile PhoneTools\WatchDog.exe" [2004-08-14 36864]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-01-15 37376]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-11-01 32768]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-01-09 645328]
"McENUI"="c:\progra~2\McAfee\MHN\McENUI.exe" [2009-01-09 1176808]
"McAfee Backup"="c:\program files\McAfee\MBK\McAfeeDataBackup.exe" [2009-01-09 5134864]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-11 342312]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-18 86016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-02-26 16125440]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-17 2879488]
"nwiz"="nwiz.exe" - c:\windows\SYSTEM32\nwiz.exe [2009-02-18 1657376]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-9-4 65588]
Microsoft Works Calendar Reminders.lnk - c:\program files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [1999-9-4 53317]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mfehidk.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mferkdk.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Sierra\\FEAR\\FEAR.exe"=
"c:\\Program Files\\Sierra\\FEAR\\FEARMP.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Sierra Entertainment\\FEAR Perseus Mandate\\FEARXP2.exe"=
"c:\\Program Files\\SecondLife\\SecondLife.exe"=
"c:\\Program Files\\Spybot - Search & Destroy\\SpybotSD.exe"=
"c:\\Program Files\\SecondLife\\SLVoice.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [3/7/2009 11:07 PM 210216]
S3 FIXUSTOR;FIXUSTOR;c:\windows\SYSTEM32\DRIVERS\fixustor.sys [4/19/2009 1:13 PM 12416]
S3 samhid;samhid;c:\windows\SYSTEM32\DRIVERS\Samhid.sys [3/10/2008 4:29 PM 7548]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
2009-06-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 18:34]
2009-06-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~2\mcafee\mqc\QcConsol.exe [2009-03-08 16:53]
2009-06-01 c:\windows\Tasks\McQcTask.job
- c:\progra~2\mcafee\mqc\QcConsol.exe [2009-03-08 16:53]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-wblogon - c:\windows\system32\algg.exe
HKCU-Run-Netcom3 PC Cleaner - c:\program files\Netcom3\Netcom3 PC Cleaner.exe
SafeBoot-mfehidk
SafeBoot-mferkdk
SafeBoot-mfetdik
SafeBoot-mfetdik.sys

.
------- Supplementary Scan -------
.
uLocal Page = \blank.htm
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://windowsisearch.com/search?q={searchTerms}
uDefault_Search_URL = hxxp://windowsisearch.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
mSearchMigratedDefaultURL = hxxp://windowsisearch.com/search?q={searchTerms}
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
mSearchURL = hxxp://windowsisearch.com
IE: Add to AMV Convert Tool... - c:\program files\MP3 Player Utilities 3.81\AMVConverter\grab.html
IE: Add to Media Manager... - c:\program files\MP3 Player Utilities 3.81\MediaManager\grab.html
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
Trusted Zone: babycenter.com\community
Trusted Zone: onlinecardaccess.com\www
DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
DPF: {4DCA1E08-4147-4A3D-8CA6-E095DF189FAB}
DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429}
DPF: {E41BA393-9078-424E-9554-9DB5126F5F4C}
FF - ProfilePath -
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-16 11:33
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1123561945-1454471165-725345543-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:05,31,f4,9d,d7,a7,c0,38,97,de,00,eb,b0,01,ae,4a,23,b2,5e,00,c2,d9,0c,
0f,e0,39,43,ae,bd,8a,d5,4c,65,5b,e3,f8,3a,05,01,f0,5b,eb,34,f4,59,8a,58,96,\
"??"=hex:2f,68,80,ec,12,22,24,f2,9e,b8,fe,21,a4,97,8a,7e
[HKEY_USERS\S-1-5-21-1123561945-1454471165-725345543-1004\Software\SecuROM\License information*]
"datasecu"=hex:b7,94,0e,80,a5,77,f3,80,60,db,3e,35,94,58,60,ab,89,e2,35,4d,53,
3d,21,7c,94,09,05,18,49,1c,06,b9,e9,54,80,de,a0,e0,90,3a,8e,d3,fd,c4,92,61,\
"rkeysecu"=hex:4d,e4,55,14,97,fb,75,c3,9a,02,6e,ec,1e,b5,df,43
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(732)
c:\windows\system32\nvappfilter.dll
- - - - - - - > 'explorer.exe'(1728)
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SYSTEM32\brss01a.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\SYSTEM32\nvsvc32.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
c:\windows\SYSTEM32\rundll32.exe
c:\program files\Winamp Remote\bin\Orb.exe
c:\windows\SYSTEM32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2009-06-16 11:43 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-16 16:43
Pre-Run: 172,201,076,224 bytes free
Post-Run: 172,420,199,424 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
318 --- E O F --- 2009-06-16 05:20

[diabillic]

OK, I'm not Malware expert but you definitely have malware on your machine. Logs do not belong here no, but you can start a new topic here: http://www.geekstogo...emoval-f37.html