I completed all the pre-steps.

the problem that Im having is the inability to log on to certain websites, such as yahoo, myspace, log into gmail.com.

I have removed several viruses, but they persisting.

here is my log , please tell me what I should do.

Deckard's System Scanner v20071014.68
Run by reedj on 2008-06-29 23:30:13
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as reedj.exe) -----------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:30:18 PM, on 6/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ActivCard\acachsrv.exe
C:\Program Files\Common Files\ActivCard\acautoreg.exe
C:\Program Files\Common Files\ActivCard\acautoup.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\ActivCard\ActivCard Gold\acevtsrv.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\hpnra.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\ActivCard\ActivCard Gold\agquickp.exe
C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\reedj\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\reedj.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo!
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.my.af.mil/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 131.44.111.20:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = tpsw.randolph.af.mil;afriss.rs.af.mil;afrissforms. rs.af.mil;<local>
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: (no name) - {018B27FF-E05F-4CB5-8763-540CB3FD457A} - C:\WINDOWS\system32\khfFUKaW.dll (file missing)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: {a39807c7-4e0e-c4ea-15f4-52d4db9deef1} - {1feed9bd-4d25-4f51-ae4c-e0e47c70893a} - C:\WINDOWS\system32\bzkocx.dll
O2 - BHO: (no name) - {72042587-336C-4AC1-9B2F-A59D88B6CF45} - C:\WINDOWS\system32\khfFWqrr.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {A1AF17F6-ED60-49C5-A476-716EAB5A2937} - C:\Documents and Settings\reedj\Local Settings\Temporary Internet Files\Content.IE5\A8RY5IWQ\3077ahntdksr[1].dll (file missing)
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInsta nce.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [acEventServ] "C:\Program Files\ActivCard\ActivCard Gold\acevtsrv.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [masqform.exe] C:\Program Files\PureEdge\Viewer 6.5\masqform.exe -RunOnce
O4 - HKLM\..\Run: [HP Network Registry Agent] C:\WINDOWS\system32\hpnra.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [50fb2ff7] rundll32.exe "C:\WINDOWS\system32\jsthfyfn.dll",b
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
O4 - HKLM\..\Run: [BM53c81c6b] Rundll32.exe "C:\WINDOWS\system32\rvivxmtv.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - Global Startup: ActivCard Gold Smart Card Agent.lnk = C:\Program Files\ActivCard\ActivCard Gold\agquickp.exe
O4 - Global Startup: Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
O4 - Global Startup: VPN Client.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=https://www.my.af.mil
O16 - DPF: Netilla Idle Component - https://afrsnetb.gedplus.com/compone...dleTimeout.cab
O16 - DPF: Netilla Port Forwarder - https://afrsnetb.gedplus.com/webapp/intranet/pfwd.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/...oUploader3.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1171399761156
O20 - Winlogon Notify: acAuth - C:\WINDOWS\SYSTEM32\acauth.dll
O20 - Winlogon Notify: khfFUKaW - khfFUKaW.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ActivCard Authentication Service (ACachSrv) - ActivCard - C:\Program Files\Common Files\ActivCard\acachsrv.exe
O23 - Service: ActivCard Gold Autoregister (acautoreg) - ActivCard S.A. - C:\Program Files\Common Files\ActivCard\acautoreg.exe
O23 - Service: ActivCard Auto-Update Service (acautoupdate) - ActivCard S.A. - C:\Program Files\Common Files\ActivCard\acautoup.exe
O23 - Service: ActivCard Gold service (Accoca) - ActivCard - C:\Program Files\Common Files\ActivCard\accoca.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O24 - Desktop Component 0: (no name) - http://mail.google.com/mail/images/bidi_controls.gif
--
End of file - 11088 bytes
-- Files created between 2008-05-29 and 2008-06-29 -----------------------------
2008-06-29 23:28:19 132 --ah----- C:\aaw7boot.cmd
2008-06-29 11:28:37 0 d-------- C:\Program Files\Windows Defender
2008-06-29 09:32:04 0 d--h----- C:\WINDOWS\$hf_mig$
2008-06-28 23:16:48 0 d-------- C:\Documents and Settings\reedj\.housecall6.6
2008-06-28 19:40:14 4194304 --a------ C:\Documents and Settings\reedj\ntuser.dat
2008-06-28 18:10:35 103424 -----n--- C:\WINDOWS\system32\bzkocx.dll
2008-06-28 18:07:37 90624 -----n--- C:\WINDOWS\system32\rvivxmtv.dll
2008-06-28 13:53:21 0 d-------- C:\Program Files\Trend Micro
2008-06-28 13:27:38 68096 --a------ C:\WINDOWS\zip.exe
2008-06-28 13:27:38 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-06-28 13:27:38 80412 --a------ C:\WINDOWS\grep.exe
2008-06-28 13:27:37 49152 --a------ C:\WINDOWS\VFind.exe
2008-06-28 13:27:37 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-06-28 13:27:37 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-06-28 13:27:37 98816 --a------ C:\WINDOWS\sed.exe
2008-06-28 13:27:37 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-06-28 05:55:48 0 --a------ C:\WINDOWS\nsreg.dat
2008-06-28 05:55:38 0 d-------- C:\Documents and Settings\reedj\Application Data\Mozilla
2008-06-28 05:45:31 0 d-------- C:\Program Files\movie maker
2008-06-27 22:10:51 0 d-------- C:\Program Files\Lavasoft
2008-06-27 22:10:30 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-27 22:10:27 26112 --a------ C:\WINDOWS\system32\khfFXopO.dll
2008-06-26 14:36:05 0 d-------- C:\Documents and Settings\LocalService\Application Data\Yahoo!
2008-06-26 06:55:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-26 05:53:46 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-06-25 07:28:44 106496 --a------ C:\WINDOWS\system32\pyauglwt.dll
2008-06-23 19:56:30 0 d-------- C:\Program Files\AVI MPEG RM WMV Splitter
2008-06-23 19:23:04 229376 --a------ C:\Documents and Settings\LocalService\ntuser.dat
2008-06-23 19:17:53 0 d-------- C:\Program Files\Softstunt MOV to AVI MPEG WMV Converter
2008-06-22 14:13:59 0 d-------- C:\Program Files\Audacity
2008-06-09 10:53:29 0 d-------- C:\Program Files\Corel
2008-06-09 10:53:29 0 d-------- C:\Program Files\Common Files\Corel
2008-06-08 19:33:10 0 dr------- C:\Documents and Settings\LocalService\Favorites
2008-06-01 22:51:09 0 d-------- C:\Documents and Settings\reedj\Application Data\Yahoo!
2008-06-01 22:44:00 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-06-01 22:43:12 0 d-------- C:\Program Files\Yahoo!
2008-06-01 01:20:21 664 --a------ C:\WINDOWS\system32\d3d9caps.dat

-- Find3M Report ---------------------------------------------------------------
2008-06-29 22:36:06 0 d-------- C:\Program Files\Symantec AntiVirus
2008-06-28 23:15:17 0 d-------- C:\Program Files\Java
2008-06-27 22:12:43 0 d-------- C:\Documents and Settings\reedj\Application Data\uTorrent
2008-06-27 22:10:30 0 d-------- C:\Program Files\Common Files
2008-06-24 18:02:29 2516 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-06-22 15:30:47 0 d-------- C:\Documents and Settings\reedj\Application Data\LimeWire
2008-06-09 10:59:04 88 -rahs---- C:\WINDOWS\system32\CCD3D1030B.sys
2008-06-09 10:58:17 0 d-------- C:\Documents and Settings\reedj\Application Data\Corel

-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{018B27FF-E05F-4CB5-8763-540CB3FD457A}]
C:\WINDOWS\system32\khfFUKaW.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1feed9bd-4d25-4f51-ae4c-e0e47c70893a}]
06/28/2008 06:10 PM 103424 --------- C:\WINDOWS\system32\bzkocx.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{72042587-336C-4AC1-9B2F-A59D88B6CF45}]
C:\WINDOWS\system32\khfFWqrr.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A1AF17F6-ED60-49C5-A476-716EAB5A2937}]
C:\Documents and Settings\reedj\Local Settings\Temporary Internet Files\Content.IE5\A8RY5IWQ\3077ahntdksr[1].dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
06/02/2008 03:56 PM 160496 --a------ C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInsta nce.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"acEventServ"="C:\Program Files\ActivCard\ActivCard Gold\acevtsrv.exe" [06/15/2004 11:34 AM]
"SigmatelSysTrayApp"="stsystra.exe" [05/08/2006 02:12 PM C:\WINDOWS\stsystra.exe]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [11/28/2005 01:55 PM]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [11/28/2005 01:52 PM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [11/28/2005 01:55 PM]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [10/31/2003 08:42 PM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.e xe" [07/09/2001 12:50 PM]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [05/26/2004 02:47 AM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [05/29/2007 06:33 PM]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [06/06/2007 03:25 PM]
"masqform.exe"="C:\Program Files\PureEdge\Viewer 6.5\masqform.exe" [07/04/2005 10:50 AM]
"HP Network Registry Agent"="C:\WINDOWS\system32\hpnra.exe" [10/26/2000 06:21 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [03/28/2008 11:37 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
"50fb2ff7"="C:\WINDOWS\system32\jsthfyfn.dll" []
"Corel Photo Downloader"="C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [08/28/2007 12:00 PM]
"BM53c81c6b"="C:\WINDOWS\system32\rvivxmtv.dll " [06/28/2008 06:07 PM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 07:00 AM]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [11/13/2006 02:39 PM]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
ActivCard Gold Smart Card Agent.lnk - C:\Program Files\ActivCard\ActivCard Gold\agquickp.exe [6/15/2004 11:34:00 AM]
Clean Access Agent.lnk - C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe [4/26/2007 1:35:24 PM]
VPN Client.lnk - C:\WINDOWS\Installer\{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}\Icon3E5562ED7.ico [12/3/2007 4:30:05 PM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"disablecad"=0 (0x0)
"LogonType"=0 (0x0)
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer]
"NoMSAppLogo5ChannelNotify"=1 (0x1)
"NoWelcomeScreen"=1 (0x1)
"NoPublishingWizard"=1 (0x1)
"NoWebServices"=1 (0x1)
"NoOnlinePrintsWizard"=1 (0x1)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks]
"{018B27FF-E05F-4CB5-8763-540CB3FD457A}"= C:\WINDOWS\system32\khfFUKaW.dll [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\acAuth]
acauth.dll 06/15/2004 11:34 AM 65536 C:\WINDOWS\system32\acauth.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khfFUKaW]
khfFUKaW.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\khfFWqrr
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\E]
AutoRun\command- E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{4176eedd-4146-11dd-bdfd-00e0b8a07ec4}]
AutoRun\command- E:\LaunchU3.exe -a

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{EEBF9CA6-567B-41cd-B5F6-EF2C7FEF37B5}]
rundll32.exe advpack.dll,LaunchINFSectionEx C:\WINDOWS\INF\wmactedp.inf,PerUserStub,,4

-- End of Deckard's System Scanner: finished at 2008-06-29 23:30:35 ------------

You have an infection that need removing..

Ok.Lets download ComboFix.exe. This will give me a better view to the files running and also hidden on your computer and also those in the registry..Please visit this webpage for downloading and instructions for running the tool:

Go here ======> A guide and tutorial on using ComboFix <====== Go here

Please ensure you read this guide carefully and install the Recovery Console first.This applies to XP Pro and XP Home users only.If you have SP3 installed you will need to use SP2

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should get a prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

(1) Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
(2) Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New HijackThis log.

Caution: Never run and remove files with Combofix unless supervised by a qualified security analyst who is experienced in the use of Combofix. Mal use can cause serious computer problems

NOTE: Combofix prevents autorun of all CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you - please let me know.

=======================================

Please download SDFix from here and save it to your desktop

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.

Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
Please copy and paste that log in your next reply.

followed all the steps and here are the reports
this is the combofix.exe file

ComboFix 08-06-20.4 - reedj 2008-06-30 10:04:41.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.497 [GMT -5:00]
Running from: C:\Documents and Settings\reedj\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\BM53c81c6b.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\bohyfigp.ini
.
((((((((((((((((((((((((( Files Created from 2008-05-28 to 2008-06-30 )))))))))))))))))))))))))))))))
.
2008-06-29 11:28 . 2008-06-29 11:28 <DIR> d-------- C:\Program Files\Windows Defender
2008-06-29 09:32 . 2008-06-29 10:01 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-06-29 09:32 . 2008-04-22 23:16 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-06-29 09:32 . 2007-04-17 04:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-06-29 09:32 . 2007-03-08 00:10 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-06-29 09:32 . 2008-04-22 23:16 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-06-29 09:32 . 2008-04-22 23:16 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-06-29 09:32 . 2008-04-22 23:16 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-06-29 09:32 . 2008-04-22 23:16 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-06-29 09:32 . 2008-04-22 23:16 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-06-29 09:32 . 2008-04-22 02:39 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-06-28 23:18 . 2008-06-28 23:47 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-06-28 23:16 . 2008-06-28 23:47 <DIR> d-------- C:\Documents and Settings\reedj\.housecall6.6
2008-06-28 23:15 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-28 18:30 . 2008-06-28 18:32 354 --ahs---- C:\WINDOWS\system32\nfyfhtsj.ini
2008-06-28 18:00 . 2008-06-28 18:04 354 --ahs---- C:\WINDOWS\system32\tjskdgla.ini
2008-06-28 13:53 . 2008-06-28 13:53 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-28 13:52 . 2008-06-28 13:52 <DIR> d-------- C:\Deckard
2008-06-28 13:39 . 2008-06-28 13:41 354 --ahs---- C:\WINDOWS\system32\xfoddjqh.ini
2008-06-28 05:55 . 2008-06-28 05:55 0 --a------ C:\WINDOWS\nsreg.dat
2008-06-27 22:10 . 2008-06-27 22:10 <DIR> d-------- C:\Program Files\Lavasoft
2008-06-27 22:10 . 2008-06-27 22:10 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-27 22:10 . 2008-06-27 22:10 26,112 --a------ C:\WINDOWS\system32\khfFXopO.dll
2008-06-26 14:36 . 2008-06-26 14:36 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Yahoo!
2008-06-26 06:55 . 2008-06-26 06:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-26 05:53 . 2008-06-26 05:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-06-25 07:28 . 2008-06-25 07:28 106,496 --a------ C:\WINDOWS\system32\pyauglwt.dll
2008-06-23 19:56 . 2008-06-28 05:43 <DIR> d-------- C:\Program Files\AVI MPEG RM WMV Splitter
2008-06-23 19:17 . 2008-06-24 09:46 <DIR> d-------- C:\Program Files\Softstunt MOV to AVI MPEG WMV Converter
2008-06-22 14:13 . 2008-06-22 14:14 <DIR> d-------- C:\Program Files\Audacity
2008-06-11 00:31 . 2008-06-13 08:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 00:31 . 2008-06-13 08:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-09 10:53 . 2008-06-09 10:53 <DIR> d-------- C:\Program Files\Corel
2008-06-09 10:53 . 2008-06-09 10:55 <DIR> d-------- C:\Program Files\Common Files\Corel
2008-06-01 22:51 . 2008-06-02 09:06 <DIR> d-------- C:\Documents and Settings\reedj\Application Data\Yahoo!
2008-06-01 22:44 . 2008-06-02 09:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-06-01 22:43 . 2008-06-26 05:53 <DIR> d-------- C:\Program Files\Yahoo!
2008-06-01 01:20 . 2008-06-17 08:56 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-06-30 15:06 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-06-29 04:15 --------- d-----w C:\Program Files\Java
2008-06-28 03:12 --------- d-----w C:\Documents and Settings\reedj\Application Data\uTorrent
2008-06-24 23:02 2,516 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-06-22 20:30 --------- d-----w C:\Documents and Settings\reedj\Application Data\LimeWire
2008-06-09 15:58 --------- d-----w C:\Documents and Settings\reedj\Application Data\Corel
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-29 16:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 16:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 16:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2007-12-03 16:02 22 ----a-w C:\Program Files\InstSuccess.ini
2007-03-13 18:20 163 ----a-w C:\Program Files\PanaHDS.ini
.
((((((((((((((((((((((((((((( snapshot_2008-06-28_18.31.41.51 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-28 23:24:26 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-30 15:08:07 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\updspapi.dll
+ 2007-08-13 23:54:10 765,952 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\vgx.dll
+ 2007-08-13 23:39:00 123,904 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\advpack.dll
+ 2007-08-13 23:35:46 346,624 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\dxtmsft.dll
+ 2007-08-13 23:35:38 214,528 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\dxtrans.dll
+ 2007-08-13 23:54:10 131,584 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\extmgr.dll
+ 2007-08-13 23:36:26 61,952 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\icardie.dll
+ 2007-08-13 23:39:06 54,784 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ie4uinit.exe
+ 2007-08-13 23:39:26 152,064 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieakeng.dll
+ 2007-08-13 23:39:54 229,376 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieaksie.dll
+ 2007-08-13 22:56:54 161,792 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieakui.dll
+ 2007-02-12 21:10:12 2,451,312 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieapfltr.dat
+ 2007-07-11 17:27:48 383,488 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieapfltr.dll
+ 2007-08-13 23:39:50 382,976 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iedkcs32.dll
+ 2007-08-13 23:54:10 6,049,280 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieframe.dll
+ 2007-08-13 23:39:10 43,008 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iernonce.dll
+ 2007-08-13 23:34:04 266,752 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iertutil.dll
+ 2007-08-13 23:39:10 13,312 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieudinit.exe
+ 2007-08-13 23:43:56 622,080 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iexplore.exe
+ 2007-08-13 23:54:10 27,136 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\jsproxy.dll
+ 2007-08-13 23:54:10 458,752 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\msfeeds.dll
+ 2007-08-13 23:54:10 50,688 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\msfeedsbs.dll
+ 2007-08-13 23:54:12 3,578,368 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\mshtml.dll
+ 2007-08-13 23:54:10 475,648 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\mshtmled.dll
+ 2007-08-13 23:44:26 192,000 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\msrating.dll
+ 2007-08-13 23:54:10 670,720 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\mstime.dll
+ 2007-08-13 23:44:06 101,376 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\occache.dll
+ 2007-08-13 23:36:12 44,544 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\pngfilt.dll
+ 2007-03-06 01:22:39 213,216 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\updspapi.dll
+ 2007-08-13 23:44:30 105,984 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\url.dll
+ 2007-08-13 23:54:10 1,162,240 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\urlmon.dll
+ 2007-08-13 23:54:10 231,424 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\webcheck.dll
+ 2007-08-13 23:54:10 818,688 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\wininet.dll
- 2007-08-13 23:39:00 123,904 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2008-04-23 04:16:28 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
- 2007-08-13 23:39:00 123,904 -c--a-w C:\WINDOWS\system32\dllcache\advpack.dll
+ 2008-04-23 04:16:28 124,928 -c--a-w C:\WINDOWS\system32\dllcache\advpack.dll
- 2007-08-13 23:35:46 346,624 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-04-23 04:16:28 347,136 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2007-08-13 23:35:38 214,528 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-04-23 04:16:28 214,528 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2007-08-13 23:54:10 131,584 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2008-04-23 04:16:28 133,120 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
- 2007-08-13 23:39:06 54,784 -c--a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
+ 2008-04-22 07:39:58 70,656 -c--a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
- 2007-08-13 23:39:26 152,064 -c--a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
+ 2008-04-23 04:16:28 153,088 -c--a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
- 2007-08-13 23:39:54 229,376 -c--a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
+ 2008-04-23 04:16:28 230,400 -c--a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
- 2007-08-13 22:56:54 161,792 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll
+ 2008-04-20 05:07:51 161,792 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll
- 2007-08-13 23:39:50 382,976 -c--a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
+ 2008-04-23 04:16:28 384,512 -c--a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
- 2007-08-13 23:39:10 43,008 -c--a-w C:\WINDOWS\system32\dllcache\iernonce.dll
+ 2008-04-23 04:16:28 44,544 -c--a-w C:\WINDOWS\system32\dllcache\iernonce.dll
- 2007-08-13 23:43:56 622,080 -c--a-w C:\WINDOWS\system32\dllcache\iexplore.exe
+ 2008-04-22 07:40:18 625,664 -c--a-w C:\WINDOWS\system32\dllcache\iexplore.exe
- 2007-08-13 23:54:10 27,136 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-04-23 04:16:28 27,648 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
- 2004-08-04 12:00:00 294,400 -c--a-w C:\WINDOWS\system32\dllcache\msctf.dll
+ 2008-02-26 11:59:50 294,912 -c--a-w C:\WINDOWS\system32\dllcache\msctf.dll
- 2007-08-13 23:54:12 3,578,368 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2008-04-24 03:16:30 3,591,680 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2007-08-13 23:54:10 475,648 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-04-23 04:16:28 478,208 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2007-08-13 23:44:26 192,000 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-04-23 04:16:28 193,024 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
- 2007-08-13 23:54:10 670,720 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-04-23 04:16:28 671,232 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
- 2007-08-13 23:44:06 101,376 -c--a-w C:\WINDOWS\system32\dllcache\occache.dll
+ 2008-04-23 04:16:28 102,912 -c--a-w C:\WINDOWS\system32\dllcache\occache.dll
- 2007-08-13 23:36:12 44,544 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-04-23 04:16:28 44,544 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
- 2007-08-13 23:44:30 105,984 -c--a-w C:\WINDOWS\system32\dllcache\url.dll
+ 2008-04-23 04:16:28 105,984 -c--a-w C:\WINDOWS\system32\dllcache\url.dll
- 2007-08-13 23:54:10 1,162,240 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-04-23 04:16:29 1,159,680 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
- 2007-08-13 23:54:10 765,952 -c--a-w C:\WINDOWS\system32\dllcache\VGX.dll
+ 2007-07-12 23:31:54 765,952 -c--a-w C:\WINDOWS\system32\dllcache\vgx.dll
- 2007-08-13 23:54:10 231,424 -c--a-w C:\WINDOWS\system32\dllcache\webcheck.dll
+ 2008-04-23 04:16:29 233,472 -c--a-w C:\WINDOWS\system32\dllcache\webcheck.dll
- 2007-08-13 23:54:10 818,688 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-04-23 04:16:29 826,368 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
- 2007-08-13 23:35:46 346,624 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2008-04-23 04:16:28 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2007-08-13 23:35:38 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2008-04-23 04:16:28 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2007-08-13 23:54:10 131,584 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2008-04-23 04:16:28 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll
- 2007-08-13 23:36:26 61,952 ----a-w C:\WINDOWS\system32\icardie.dll
+ 2008-04-23 04:16:28 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
- 2007-08-13 23:39:06 54,784 ----a-w C:\WINDOWS\system32\ie4uinit.exe
+ 2008-04-22 07:39:58 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe
- 2007-08-13 23:39:26 152,064 ----a-w C:\WINDOWS\system32\ieakeng.dll
+ 2008-04-23 04:16:28 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll
- 2007-08-13 23:39:54 229,376 ----a-w C:\WINDOWS\system32\ieaksie.dll
+ 2008-04-23 04:16:28 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll
- 2007-08-13 22:56:54 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
+ 2008-04-20 05:07:51 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
- 2007-02-12 21:10:12 2,451,312 ----a-w C:\WINDOWS\system32\ieapfltr.dat
+ 2007-04-17 09:32:38 2,455,488 ----a-w C:\WINDOWS\system32\ieapfltr.dat
- 2007-07-11 17:27:48 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
+ 2008-04-23 04:16:28 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
- 2007-08-13 23:39:50 382,976 ----a-w C:\WINDOWS\system32\iedkcs32.dll
+ 2008-04-23 04:16:28 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll
- 2007-08-13 23:54:10 6,049,280 ----a-w C:\WINDOWS\system32\ieframe.dll
+ 2008-04-23 04:16:28 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
- 2007-08-13 23:39:10 43,008 ----a-w C:\WINDOWS\system32\iernonce.dll
+ 2008-04-23 04:16:28 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll
- 2007-08-13 23:34:04 266,752 ----a-w C:\WINDOWS\system32\iertutil.dll
+ 2008-04-23 04:16:28 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
- 2007-08-13 23:39:10 13,312 ----a-w C:\WINDOWS\system32\ieudinit.exe
+ 2008-04-22 07:39:58 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
- 2006-12-15 07:30:58 49,248 ----a-w C:\WINDOWS\system32\java.exe
+ 2008-03-25 06:28:39 135,168 ----a-w C:\WINDOWS\system32\java.exe
- 2006-12-15 07:31:06 53,346 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2008-03-25 06:28:43 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
- 2006-12-15 09:09:14 127,078 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2008-03-25 07:37:01 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
- 2007-08-13 23:54:10 27,136 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2008-04-23 04:16:28 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
- 2007-04-10 19:02:50 1,476,992 ----a-w C:\WINDOWS\system32\LegitCheckControl.dll
+ 2008-03-20 23:06:36 1,480,232 ----a-w C:\WINDOWS\system32\LegitCheckControl.DLL
+ 2008-03-25 03:21:18 2,889,088 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
+ 2008-03-25 03:21:20 218,496 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUt il.exe
+ 2008-06-30 04:59:45 70,264 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_plugi n.exe
- 2004-08-04 12:00:00 294,400 ----a-w C:\WINDOWS\system32\MSCTF.dll
+ 2008-02-26 11:59:50 294,912 ----a-w C:\WINDOWS\system32\msctf.dll
- 2007-08-13 23:54:10 458,752 ----a-w C:\WINDOWS\system32\msfeeds.dll
+ 2008-04-23 04:16:28 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
- 2007-08-13 23:54:10 50,688 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
+ 2008-04-23 04:16:28 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
- 2007-08-13 23:54:12 3,578,368 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2008-04-24 03:16:30 3,591,680 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2007-08-13 23:54:10 475,648 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2008-04-23 04:16:28 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2007-08-13 23:44:26 192,000 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2008-04-23 04:16:28 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
- 2007-08-13 23:54:10 670,720 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2008-04-23 04:16:28 671,232 ----a-w C:\WINDOWS\system32\mstime.dll
- 2007-08-13 23:44:06 101,376 ----a-w C:\WINDOWS\system32\occache.dll
+ 2008-04-23 04:16:28 102,912 ----a-w C:\WINDOWS\system32\occache.dll
- 2007-08-13 23:36:12 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2008-04-23 04:16:28 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2007-08-13 23:44:30 105,984 ----a-w C:\WINDOWS\system32\url.dll
+ 2008-04-23 04:16:28 105,984 ----a-w C:\WINDOWS\system32\url.dll
- 2007-08-13 23:54:10 1,162,240 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2008-04-23 04:16:29 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2007-08-13 23:54:10 231,424 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2008-04-23 04:16:29 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{018B27FF-E05F-4CB5-8763-540CB3FD457A}]
C:\WINDOWS\system32\khfFUKaW.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1feed9bd-4d25-4f51-ae4c-e0e47c70893a}]
C:\WINDOWS\system32\bzkocx.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{72042587-336C-4AC1-9B2F-A59D88B6CF45}]
C:\WINDOWS\system32\khfFWqrr.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A1AF17F6-ED60-49C5-A476-716EAB5A2937}]
C:\Documents and Settings\reedj\Local Settings\Temporary Internet Files\Content.IE5\A8RY5IWQ\3077ahntdksr[1].dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
2008-06-02 15:56 160496 --a------ C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInsta nce.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00 15360]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 14:39 1289000]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"acEventServ"="C:\Program Files\ActivCard\ActivCard Gold\acevtsrv.exe" [2004-06-15 11:34 28672]
"SigmatelSysTrayApp"="stsystra.exe" [2006-05-08 14:12 282624 C:\WINDOWS\stsystra.exe]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-11-28 13:55 98304]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-11-28 13:52 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-11-28 13:55 118784]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 20:42 32768]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.e xe" [2001-07-09 12:50 155648]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2004-05-26 02:47 1400944]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-05-29 18:33 52840]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2007-06-06 15:25 125632]
"masqform.exe"="C:\Program Files\PureEdge\Viewer 6.5\masqform.exe" [2005-07-04 10:50 643072]
"HP Network Registry Agent"="C:\WINDOWS\system32\hpnra.exe" [2000-10-26 18:21 49152]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"50fb2ff7"="C:\WINDOWS\system32\jsthfyfn.dll" [ ]
"BM53c81c6b"="C:\WINDOWS\system32\rvivxmtv.dll " [ ]
"Corel Photo Downloader"="C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2007-08-28 12:00 531272]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
ActivCard Gold Smart Card Agent.lnk - C:\Program Files\ActivCard\ActivCard Gold\agquickp.exe [2004-06-15 11:34:00 147456]
Clean Access Agent.lnk - C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe [2007-04-26 13:35:24 2048074]
VPN Client.lnk - C:\WINDOWS\Installer\{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}\Icon3E5562ED7.ico [2007-12-03 16:30:05 6144]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"disablecad"= 0 (0x0)
"LogonType"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer]
"NoMSAppLogo5ChannelNotify"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoPublishingWizard"= 1 (0x1)
"NoWebServices"= 1 (0x1)
"NoOnlinePrintsWizard"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{018B27FF-E05F-4CB5-8763-540CB3FD457A}"= C:\WINDOWS\system32\khfFUKaW.dll [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\acAuth]
acauth.dll 2004-06-15 11:34 65536 C:\WINDOWS\system32\acauth.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khfFUKaW]
khfFUKaW.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R2 ACachSrv;ActivCard Authentication Service;C:\Program Files\Common Files\ActivCard\acachsrv.exe [2004-06-15 11:34]
R2 acautoreg;ActivCard Gold Autoregister;C:\Program Files\Common Files\ActivCard\acautoreg.exe [2004-06-15 11:34]
R2 acautoupdate;ActivCard Auto-Update Service;C:\Program Files\Common Files\ActivCard\acautoup.exe [2004-06-15 11:34]
R2 Accoca;ActivCard Gold service;C:\Program Files\Common Files\ActivCard\accoca.exe [2004-06-15 11:34]
R2 CcmExec;SMS Agent Host;C:\WINDOWS\system32\CCM\CcmExec.exe [2004-10-25 05:15]
R3 GTIPCI21;GTIPCI21;C:\WINDOWS\system32\DRIVERS\gtip ci21.sys [2005-05-31 12:46]
S3 prepdrvr;SMS Process Event Driver;C:\WINDOWS\system32\CCM\prepdrv.sys [2004-06-27 01:50]
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{4176eedd-4146-11dd-bdfd-00e0b8a07ec4}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{EEBF9CA6-567B-41cd-B5F6-EF2C7FEF37B5}]
rundll32.exe advpack.dll,LaunchINFSectionEx C:\WINDOWS\INF\wmactedp.inf,PerUserStub,,4
.
Contents of the 'Scheduled Tasks' folder
"2008-04-10 21:34:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-29 23:32:46 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
************************************************** ************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-30 10:09:23
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\scardsvr.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\msiexec.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\verclsid.exe
.
************************************************** ************************
.
Completion time: 2008-06-30 10:14:20 - machine was rebooted [reedj]
ComboFix-quarantined-files.txt 2008-06-30 15:14:16
ComboFix2.txt 2008-06-30 01:21:53
ComboFix3.txt 2008-06-28 23:32:06
ComboFix4.txt 2008-06-28 23:04:37
ComboFix5.txt 2008-06-28 18:41:41
Pre-Run: 8,986,673,152 bytes free
Post-Run: 9,226,719,232 bytes free
362 --- E O F --- 2008-06-20 15:01:26


AND HERE IS THE SDFIX FILE


SDFix: Version 1.199
Run by reedj on Mon 06/30/2008 at 10:25 AM
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix
Checking Services :

Restoring Default Security Values
Restoring Default Hosts File
Rebooting

Checking Files :
No Trojan Files Found



Removing Temp Files
ADS Check :


Final Check :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-30 10:30:27
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Remaining Services :


Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"="C:\\Program Files\\Windows Media Player\\wmplayer.exe:*:Enabled:Windows Media Player"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
Remaining Files :

File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes :
Mon 9 Jun 2008 88 A.SHR --- "C:\WINDOWS\system32\CCD3D1030B.sys"
Tue 24 Jun 2008 2,516 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Tue 11 Mar 2008 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Thu 24 Apr 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b04031f0 b83ee952189dd8beb4ee929a\BIT1.tmp"
Mon 24 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\cf7ced0e 70c80a1e476f1abf49afecb1\BIT9.tmp"
Finished!

Have "Hijack This" fix all the following items in the list below by placing a check in the appropriate boxes.Confirm that you have only the listed ones checked, then press <Fix checked> and Close HJT.

O2 - BHO: (no name) - {018B27FF-E05F-4CB5-8763-540CB3FD457A} - C:\WINDOWS\system32\khfFUKaW.dll (file missing)
O2 - BHO: (no name) - {72042587-336C-4AC1-9B2F-A59D88B6CF45} - C:\WINDOWS\system32\khfFWqrr.dll (file missing)
O2 - BHO: (no name) - {A1AF17F6-ED60-49C5-A476-716EAB5A2937} - C:\Documents and Settings\reedj\Local Settings\Temporary Internet Files\Content.IE5\A8RY5IWQ\3077ahntdksr[1].dll (file missing)
O4 - HKLM\..\Run: [50fb2ff7] rundll32.exe "C:\WINDOWS\system32\jsthfyfn.dll",b
O4 - HKLM\..\Run: [BM53c81c6b] Rundll32.exe "C:\WINDOWS\system32\rvivxmtv.dll",s
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O20 - Winlogon Notify: khfFUKaW - khfFUKaW.dll (file missing)


Reboot..........................................

==============================

Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It's IMPORTANT to carry out the instructions in the sequence listed below.
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Open *notepad* and copy/paste the text in the quotebox below into it:

Save this as CFScript.txt




Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture a file to submit for analysis.

Ensure you are connected to the internet and click OK on the message box. A browser will open. Simply follow the instructions to copy/paste/send the requested file.

sorry for the late reply

here is my log after completing all the steps thus far.

ComboFix 08-07-14.2 - reedj 2008-07-14 15:16:13.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.419 [GMT -5:00]
Running from: C:\Documents and Settings\reedj\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\reedj\Desktop\cfscript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BM53c81c6b.txt
C:\WINDOWS\system32\khfFXopO.dll
C:\WINDOWS\system32\nfyfhtsj.ini
C:\WINDOWS\system32\pyauglwt.dll
C:\WINDOWS\system32\tjskdgla.ini
C:\WINDOWS\system32\xfoddjqh.ini

.
((((((((((((((((((((((((( Files Created from 2008-06-14 to 2008-07-14 )))))))))))))))))))))))))))))))
.

2008-07-01 15:42 . 2008-07-01 15:42 <DIR> d-------- C:\Program Files\Microsoft Works
2008-07-01 15:41 . 2008-07-01 15:41 <DIR> d-------- C:\Program Files\MSBuild
2008-07-01 15:38 . 2008-07-01 15:38 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-07-01 15:36 .