Missing Rundll32.exe/Virus/Trojan arrrrgghhh

[iboglander]

First off, I had a "problem" that produced 'Windows Restorer', "your computer is infected, upgrade now to fix" blah blah blah.  Long story short, it took over the comp, killed Internet Explorer (could not access it), hid all my files (turned them all into hidden files) and basically wiped any recovery I might have had (system restore was wiped to a point AFTER I was infected).

Using multiple spyware and antivirus, as well as just plain hunting down anything out of the ordinary and deleting it if possible, I got it to a state where I am no longer getting 50 bazillion pop ups a minute and I can now use internet explorer.  My problem now is, the comp is telling me I am missing the "rundll32.exe"

Sorry, here is the error. "Windows cannot find 'C:\WINDOWS\system32\rundll32.exe' Make sure you typed the name correctly, and then try again. To search for a file, click the Start button, and then click Search."

I get this pretty much for anything I want to run in the control panel.

Here is the HJT Log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:27:55 AM, on 5/13/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\zHotkey.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\YTSingleInstance.dll
O2 - BHO: (no name) - {fdd3b846-8d59-4ffb-8758-209b6ad74acc} - (no file)
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod2\v4\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod2\v4\yhexbmes.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.gateway.com
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {26B2A5DA-BFD6-422F-A89A-28A54C74B12B} (Photo Upload Plugin Class) - http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_4/PhotoCenter_ActiveX_Control.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcophotocenter.com/CostcoActivia.cab
O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} (king.com) - http://games.king.com/ctl/kingcomie.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1264368087191
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1264368078129
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://disteng.nefficient.com/disteng/neffy/NeffyLauncher.cab
O16 - DPF: {ABB660B6-6694-407B-950A-EDBA5A159722} (DVCDownloadControl) - http://download.games.yahoo.com/games/web_games/sony/davinci/DVCDownloadControl.cab
O16 - DPF: {B3872502-F9FD-4E96-93FF-0D37298F0689} (SOESysInfo Control) - http://everquest2.station.sony.com/systemscan/soesysinfo.cab
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} (Photo Upload Plugin Class) - http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://download.games.yahoo.com/games/web_games/tikgames/cinematycoon/cinematycoon.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 10308 bytes


Since cleaning this mess up, I have been attacked one more time and had to system restore back to where I "thought" I had it cleaned up.  This has been over the last 36 hrs.

Some files that I manually deleted to get me to where I am at the moment (I wont say that I fixed it since Im sure I did as much damage as good):

Srx.exe
jxvuof.exe (which I actually did not delete and could not locate even with the exact location listed from CCleaner)
Stosya.exe (and I think a Stosyb.exe as well)

There were many other trial and errors but those 3 seemed to be the main "foreign objects" floating around in my processes.  Oh and ntx.exe was another program that at one point would block any program I tried to open.

Sorry if I sound a bit all over the place with my explanation.  If I had found this site sooner, I would have come here first, rather than tamper with things way beyond my pay grade, lol.  Here are my concerns and questions (Finally! I know, right?)

1.  How do I get my rundll32.exe back?
2.  What do you recommend for anti-virusing/malware clean etc, because at the moment, I still dont know if I got it all (lol, it would be a miracle if I did)
3. Re: #2, are there good, free programs for this?  I have paid for Norton and a few others over the years and honestly hated every minute of them.  They did more damage, slow down, error causing than the viruses and I actually Paid for the priveledge.
4.  .....anything else you want to tell me, I have pushed my amateur status to the limit with this one.  As proud as I am to have gotten my comp back to something sorta normal, I probably made it worse in the process too=(.

Thanks for your time,
Ready to act on everything you tell me, lol.
Let me know what else you need to know, Im here all day, trying to make my comp happy again!

OH! I downloaded the:

Let's try this method
Download this Zipped file [color="#000000"]xp_fileassoc.zip[/color]
UNZIP it to your desktop and Double click on the
xp_fileassoc.bat to run it
Follow the prompts

RESTART your computer afterwards

Didnt see any noticeable changes, still cant open anything in Control Panel (Internet options, Display, etc etc).

Thanks!!!

[guestolo]

Download [color="#FF0000"]OTL.exe[/color][/url] by OldTimer to your Desktop.

• Double click on OTL.exe to run it
• Click Run Scan and let the program run uninterrupted.
  
• It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  
  

[iboglander]

OTL logfile created on: 5/13/2011 10:37:15 AM - Run 1
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Documents and Settings\Owner.YOUR-D26EF63B94\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1,022.00 Mb Total Physical Memory | 542.00 Mb Available Physical Memory | 53.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): C:\pagefile.sys 3048 4096 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 204.65 Gb Free Space | 87.88% Space Free | Partition Type: NTFS
Drive D: | 37.62 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 464.26 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: YOUR-D26EF63B94 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011/05/13 10:36:28 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Desktop\OTL.exe
PRC - [2008/11/09 13:48:14 | 000,602,392 | -H-- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/13 17:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/19 17:14:16 | 001,247,600 | -H-- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2005/09/21 15:32:56 | 002,807,808 | ---- | M] (RealTek Semicoductor Corp.) -- C:\WINDOWS\ALCWZRD.EXE
PRC - [2005/09/21 10:24:02 | 000,086,016 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2004/05/17 18:30:04 | 000,543,232 | ---- | M] () -- C:\WINDOWS\zHotkey.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011/05/13 10:36:28 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Desktop\OTL.exe
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011/02/02 10:57:54 | 000,052,288 | -H-- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R)
SRV - [2009/08/07 12:43:04 | 000,045,816 | -H-- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2008/11/09 13:48:14 | 000,602,392 | -H-- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/04/13 17:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2008/04/13 17:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2007/09/19 17:14:16 | 001,247,600 | -H-- | M] () [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2008/04/13 11:56:49 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2008/04/13 11:45:34 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\irbus.sys -- (IrBus)
DRV - [2007/12/06 10:51:00 | 000,285,952 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2007/09/27 13:44:12 | 000,102,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2007/06/20 04:00:00 | 000,009,200 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2007/06/20 04:00:00 | 000,009,072 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2007/05/09 22:51:34 | 000,041,888 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007/05/09 22:47:00 | 001,276,832 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2007/05/09 22:46:48 | 000,014,112 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter)
DRV - [2006/08/12 20:53:27 | 000,012,464 | ---- | M] (Macrovision Europe Ltd) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CdaD10BA.SYS -- (CdaD10BA)
DRV - [2006/02/20 10:43:19 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2005/09/23 18:56:28 | 003,966,976 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005/07/22 11:02:12 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/07/22 11:01:10 | 000,231,168 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2005/07/22 11:01:00 | 000,717,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/05/27 02:46:22 | 000,913,280 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302AV.SYS -- (PID_08A0) QuickCam IM(PID_08A0)
DRV - [2005/02/01 17:39:18 | 000,970,240 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/01/07 16:07:16 | 000,145,920 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2004/09/15 13:59:54 | 000,241,152 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\A88VidBB.sys -- (CX23880) AVerMedia AVerTV MPEG Video Capture (!)
DRV - [2004/09/15 11:30:58 | 000,296,576 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\A88EncBB.sys -- (CX88ENC)
DRV - [2004/09/15 11:29:38 | 000,010,112 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\A88BarBB.sys -- (CX88XBAR) AVerMedia AVerTV MPEG Crossbar (Dual-Input)
DRV - [2004/09/15 11:29:16 | 000,024,576 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\A88TunBB.sys -- (CXTUNE)
DRV - [2004/09/15 10:16:54 | 000,009,216 | ---- | M] (AVerMedia) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\A88AudBB.sys -- (CXAVSAUD)
DRV - [2004/09/07 16:29:37 | 000,028,352 | ---- | M] (MusicMatch, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k)
DRV - [2004/06/17 15:55:04 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/03/22 11:27:20 | 000,042,936 | ---- | M] (Alcor Micro Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sunkfilt39.sys -- (SunkFilt39)
DRV - [2004/03/22 11:01:38 | 000,040,564 | ---- | M] (Alcor Micro Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Sunkfilt.sys -- (SunkFilt)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapps.yahoo.com/customize/ie/defaults/cs/ymsgr6/*http://www.yahoo.com/ext/search/search.html
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/11/27 16:27:25 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{7796FD67-9319-444C-88F2-7A247E0BBED9}: C:\Documents and Settings\Owner\Local Settings\Application Data\{7796FD67-9319-444C-88F2-7A247E0BBED9}
FF - HKLM\software\mozilla\Mozilla Firefox 3.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/09 00:44:38 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/06 22:07:52 | 000,000,000 | -H-D | M]
 
[2010/09/15 14:34:55 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/04/06 22:07:51 | 000,466,944 | -H-- | M] (Catalina Marketing Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPcol400.dll
[2011/04/06 22:07:51 | 000,466,944 | -H-- | M] (Catalina Marketing Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPcol500.dll
 
O1 HOSTS File: ([2011/05/12 16:01:09 | 000,000,202 | --S- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (no name) - {fdd3b846-8d59-4ffb-8758-209b6ad74acc} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - SITEguard - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found.
O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)
O4 - HKLM..\Run: [CHotkey] C:\WINDOWS\zHotkey.exe ()
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\HdAShCut.exe (Windows (R) Server 2003 DDK provider)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod2\v4\yhexbmes.dll (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod2\v4\yhexbmes.dll (Yahoo! Inc.)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} -  File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} -  File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=48835 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {26B2A5DA-BFD6-422F-A89A-28A54C74B12B} http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_4/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www.costcophotocenter.com/CostcoActivia.cab (Snapfish Activia)
O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} http://games.king.com/ctl/kingcomie.cab (king.com)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1264368087191 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1264368078129 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} http://web1.shutterfly.com/downloads/Uploader.cab (Shutterfly Picture Upload Plugin)
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} http://disteng.nefficient.com/disteng/neffy/NeffyLauncher.cab (NeffyLauncherCtl Class)
O16 - DPF: {ABB660B6-6694-407B-950A-EDBA5A159722} http://download.games.yahoo.com/games/web_games/sony/davinci/DVCDownloadControl.cab (DVCDownloadControl)
O16 - DPF: {B3872502-F9FD-4E96-93FF-0D37298F0689} http://everquest2.station.sony.com/systemscan/soesysinfo.cab (SOESysInfo Control)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab (Java Plug-in 1.5.0_02)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} http://download.games.yahoo.com/games/web_games/tikgames/cinematycoon/cinematycoon.cab (TikGames Online Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Gateway.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Gateway.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/09/07 12:17:21 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/10/18 13:32:07 | 000,000,082 | RH-- | M] () - D:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2003/07/10 15:09:09 | 000,000,111 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/05/13 10:36:27 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Desktop\OTL.exe
[2011/05/13 09:37:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Application Data\Malwarebytes
[2011/05/13 09:36:59 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/13 09:36:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/13 09:36:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/05/13 09:36:55 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/05/13 09:36:25 | 007,734,208 | ---- | C] (Malwarebytes Corporation                                   ) -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Desktop\mbam-setup-1.50.1.1100.exe
[2011/05/13 09:33:17 | 000,066,896 | ---- | C] (Malwarebytes Corporation) -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Desktop\mbam-clean.exe
[2011/05/13 09:25:47 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Desktop\TFC.exe
[2011/05/13 07:25:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Start Menu\Programs\HiJackThis
[2011/05/13 07:25:03 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/05/13 07:04:04 | 000,000,000 | ---D | C] -- C:\unzipped rundll32.exe file
[2011/05/13 02:02:23 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Recent
[2011/05/12 19:07:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Local Settings\Application Data\Adobe
[2011/05/12 15:40:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Advanced SystemCare 4
[2011/05/12 15:40:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Application Data\IObit
[2011/05/12 15:30:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Application Data\Sammsoft
[2011/05/12 15:30:03 | 000,000,000 | ---D | C] -- C:\Program Files\ARO 2011
[2011/05/12 15:28:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Application Data\Adobe
[2011/05/12 15:16:21 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\PrivacIE
[2011/05/12 15:16:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Application Data\Yahoo!
[2011/05/12 15:16:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Application Data\HPAppData
[2011/05/12 08:39:39 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\IETldCache
[2011/05/12 08:39:12 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Application Data\CyberLink
[2011/05/12 08:39:12 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Application Data\AOL
[2011/05/12 08:39:11 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Application Data\Macromedia
[2011/05/12 08:39:11 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Application Data\Identities
[2011/05/12 08:39:09 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Application Data\Microsoft
[2011/05/12 08:39:09 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Favorites
[2011/05/12 08:39:09 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Application Data
[2011/05/12 08:39:09 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Cookies
[2011/05/12 08:39:09 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Application Data\You've Got Pictures Screensaver
[2011/05/12 08:39:09 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Application Data\Symantec
[2011/05/12 08:39:09 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Application Data\Sun
[2011/05/12 08:39:09 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Desktop
[2011/05/12 08:39:08 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Start Menu\Programs\Startup
[2011/05/12 08:39:08 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Start Menu
[2011/05/12 08:39:08 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\SendTo
[2011/05/12 08:39:08 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\My Documents\My Videos
[2011/05/12 08:39:08 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\My Documents\My Pictures
[2011/05/12 08:39:08 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\My Documents\My Music
[2011/05/12 08:39:08 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\My Documents
[2011/05/12 08:39:08 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Start Menu\Programs\Accessories
[2011/05/12 08:39:08 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\PrintHood
[2011/05/12 08:39:08 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\NetHood
[2011/05/12 08:39:08 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Local Settings\Application Data\Microsoft
[2011/05/12 08:39:08 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Local Settings
[2011/05/12 08:39:08 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\My Documents\CyberLink
[2011/05/12 08:39:08 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Local Settings\Application Data\ApplicationHistory
[2011/05/12 08:39:08 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142000}
[2011/05/12 08:39:07 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Templates
[2011/05/11 09:39:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2011/05/10 10:02:26 | 000,000,000 | -H-D | C] -- C:\Program Files\Common Files\ODBC
[2011/05/06 09:27:56 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll
[2011/04/14 09:27:43 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\TaxCut
 
========== Files - Modified Within 30 Days ==========
 
[2011/05/13 10:36:28 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Desktop\OTL.exe
[2011/05/13 10:32:21 | 000,002,148 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/13 10:31:49 | 000,000,312 | -HS- | M] () -- C:\WINDOWS\tasks\Xgbbhicad.job
[2011/05/13 10:31:49 | 000,000,270 | ---- | M] () -- C:\WINDOWS\tasks\ASC4_PerformanceMonitor.job
[2011/05/13 09:36:59 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/13 09:36:33 | 007,734,208 | ---- | M] (Malwarebytes Corporation                                   ) -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Desktop\mbam-setup-1.50.1.1100.exe
[2011/05/13 09:33:20 | 000,066,896 | ---- | M] (Malwarebytes Corporation) -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Desktop\mbam-clean.exe
[2011/05/13 09:27:24 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Desktop\TFC.exe
[2011/05/13 07:26:49 | 000,002,479 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Desktop\HiJackThis.lnk
[2011/05/13 07:24:37 | 001,402,880 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Desktop\HiJackThis.msi
[2011/05/13 01:23:19 | 000,015,854 | -HS- | M] () -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Local Settings\Application Data\mxfvglcuf5lp6c06n0118lap1tpbhyoa0242p836ls
[2011/05/13 01:23:19 | 000,015,854 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\mxfvglcuf5lp6c06n0118lap1tpbhyoa0242p836ls
[2011/05/12 16:01:09 | 000,000,202 | --S- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/05/12 15:15:38 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/05/12 11:56:47 | 000,295,664 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/05/12 10:19:43 | 000,000,662 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Desktop\System Restore.lnk
[2011/05/12 08:51:03 | 000,000,474 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\My Documents\cc_20110512_085055.reg
[2011/05/12 08:50:36 | 000,037,298 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\My Documents\cc_20110512_085030.reg
[2011/05/12 08:47:44 | 000,000,695 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Desktop\Spybot.lnk
[2011/05/12 08:45:00 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Desktop\CAYahooAntiSpy.lnk
[2011/05/12 08:43:40 | 000,000,688 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Desktop\Shortcut to mbam.lnk
[2011/05/12 08:43:25 | 000,000,622 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Desktop\CCleaner.lnk
[2011/05/12 08:39:58 | 000,000,815 | -H-- | M] () -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/12 08:39:46 | 000,001,478 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Application Data\Microsoft\Internet Explorer\Quick Launch\Media Center.lnk
[2011/05/12 07:12:37 | 000,441,042 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110512-085451.backup
[2011/05/11 22:07:11 | 000,013,990 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\q64u71566l2osq0pus7luj42jr
[2011/05/11 08:56:18 | 000,000,128 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~18079524r
[2011/05/11 08:56:18 | 000,000,104 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~18079524
[2011/05/11 08:56:09 | 000,000,344 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\18079524
[2011/04/26 23:18:35 | 000,441,042 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110512-071237.backup
 
========== Files Created - No Company Name ==========
 
[2011/05/13 09:36:59 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/13 07:25:04 | 000,002,479 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Desktop\HiJackThis.lnk
[2011/05/13 07:24:15 | 001,402,880 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Desktop\HiJackThis.msi
[2011/05/12 19:17:59 | 000,015,854 | -HS- | C] () -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Local Settings\Application Data\mxfvglcuf5lp6c06n0118lap1tpbhyoa0242p836ls
[2011/05/12 19:17:59 | 000,015,854 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\mxfvglcuf5lp6c06n0118lap1tpbhyoa0242p836ls
[2011/05/12 15:40:35 | 000,000,270 | ---- | C] () -- C:\WINDOWS\tasks\ASC4_PerformanceMonitor.job
[2011/05/12 11:57:06 | 000,002,148 | ---- | C] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/12 11:56:47 | 000,295,664 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/05/12 10:19:43 | 000,000,662 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Desktop\System Restore.lnk
[2011/05/12 08:50:58 | 000,000,474 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\My Documents\cc_20110512_085055.reg
[2011/05/12 08:50:34 | 000,037,298 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\My Documents\cc_20110512_085030.reg
[2011/05/12 08:47:44 | 000,000,695 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Desktop\Spybot.lnk
[2011/05/12 08:45:00 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Desktop\CAYahooAntiSpy.lnk
[2011/05/12 08:43:40 | 000,000,688 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Desktop\Shortcut to mbam.lnk
[2011/05/12 08:43:25 | 000,000,622 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Desktop\CCleaner.lnk
[2011/05/12 08:39:50 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Start Menu\Programs\Windows Media Player.lnk
[2011/05/12 08:39:46 | 000,001,478 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Application Data\Microsoft\Internet Explorer\Quick Launch\Media Center.lnk
[2011/05/12 08:39:22 | 000,001,769 | -H-- | C] () -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Application Data\Microsoft\Internet Explorer\Quick Launch\MUSICMATCH Jukebox.lnk
[2011/05/12 08:39:22 | 000,000,815 | -H-- | C] () -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/12 08:39:22 | 000,000,742 | -H-- | C] () -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk
[2011/05/12 08:39:22 | 000,000,669 | -H-- | C] () -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Application Data\Microsoft\Internet Explorer\Quick Launch\America Online 9.0.lnk
[2011/05/12 08:39:22 | 000,000,079 | -H-- | C] () -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/05/12 08:39:20 | 000,000,136 | -H-- | C] () -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Local Settings\Application Data\fusioncache.dat
[2011/05/12 08:39:17 | 000,000,206 | -H-- | C] () -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\My Documents\Yahoo! Briefcase.url
[2011/05/12 08:39:14 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Start Menu\Programs\Internet Explorer.lnk
[2011/05/12 08:39:13 | 000,001,599 | -H-- | C] () -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Start Menu\Programs\Remote Assistance.lnk
[2011/05/11 14:27:52 | 000,013,990 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\q64u71566l2osq0pus7luj42jr
[2011/05/11 08:56:18 | 000,000,128 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~18079524r
[2011/05/11 08:56:18 | 000,000,104 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~18079524
[2011/05/11 08:56:08 | 000,000,344 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\18079524
[2011/05/11 08:48:35 | 000,000,312 | -HS- | C] () -- C:\WINDOWS\tasks\Xgbbhicad.job
[2010/12/09 00:19:57 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\KmRemove.exe
[2010/12/02 21:52:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2010/11/27 16:19:40 | 000,205,118 | ---- | C] () -- C:\WINDOWS\hpwins26.dat
[2010/11/27 16:19:39 | 000,000,370 | ---- | C] () -- C:\WINDOWS\hpwmdl26.dat
[2010/06/13 10:39:10 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/05/20 16:31:13 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2010/05/20 16:31:12 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2010/05/20 16:31:12 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2008/07/12 20:44:09 | 000,032,549 | ---- | C] () -- C:\WINDOWS\king-uninstall.exe
[2006/11/20 10:21:10 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS7R.DLL
[2006/11/20 10:20:27 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\IPPCPUID.DLL
[2006/11/20 10:19:54 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll
[2006/08/10 13:31:42 | 000,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.Owner.ini
[2006/07/17 21:39:38 | 000,118,784 | R--- | C] () -- C:\WINDOWS\bwUnin-7.2.0.157-8876480SL.exe
[2006/07/04 09:15:51 | 000,057,126 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2006/07/04 09:09:19 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\InstMed.exe
[2006/07/04 09:07:45 | 000,081,920 | R--- | C] () -- C:\WINDOWS\bwUnin-6.1.4.68-8876480L.exe
[2006/06/24 23:40:10 | 000,000,137 | -H-- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\fusioncache.dat
[2006/04/16 17:37:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2006/04/03 10:28:10 | 000,000,053 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/04/03 10:28:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2005/08/15 16:34:37 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2005/08/05 14:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/04/28 12:46:18 | 000,516,096 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2005/03/24 21:44:08 | 000,000,009 | ---- | C] () -- C:\WINDOWS\Debug.ini
[2005/03/05 06:15:41 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/12/27 13:39:47 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2004/12/20 13:48:50 | 000,073,845 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2004/10/31 21:27:02 | 002,031,629 | -H-- | C] () -- C:\Program Files\Winziptransfer.zip
[2004/10/31 07:39:26 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2004/10/30 23:05:01 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2004/09/07 17:16:48 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/09/07 14:43:08 | 000,036,864 | ---- | C] () -- C:\WINDOWS\ShowWnd.exe
[2004/09/07 14:43:07 | 000,543,232 | ---- | C] () -- C:\WINDOWS\zHotkey.exe
[2004/09/07 14:43:07 | 000,532,544 | ---- | C] () -- C:\WINDOWS\PIC.dll
[2004/09/07 14:43:07 | 000,024,576 | ---- | C] () -- C:\WINDOWS\HKNTDLL.dll
[2004/09/07 12:37:45 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2004/09/07 12:14:32 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/09/07 11:54:20 | 000,000,914 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/09/07 11:54:20 | 000,000,502 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2004/09/07 11:53:59 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/09/07 11:53:59 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/09/07 11:53:59 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/09/07 11:53:58 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/09/07 11:53:58 | 000,005,151 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/09/07 11:53:58 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/09/07 11:53:56 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/09/07 11:53:56 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/09/07 11:53:54 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/09/07 11:53:52 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/09/07 05:09:26 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[1999/01/27 12:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997/06/13 18:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[1997/03/31 23:00:00 | 001,664,272 | ---- | C] () -- C:\WINDOWS\System32\MSO97V.DLL
[1997/03/31 23:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997/03/31 23:00:00 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\MSORFS.DLL
[1997/03/31 23:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CA73D29

< End of report >

OTL Extras logfile created on: 5/13/2011 10:37:15 AM - Run 1
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Documents and Settings\Owner.YOUR-D26EF63B94\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1,022.00 Mb Total Physical Memory | 542.00 Mb Available Physical Memory | 53.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): C:\pagefile.sys 3048 4096 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 204.65 Gb Free Space | 87.88% Space Free | Partition Type: NTFS
Drive D: | 37.62 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 464.26 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: YOUR-D26EF63B94 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1"
inffile [install] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
InternetShortcut [print] -- rundll32.exe %SystemRoot%\System32\Mshtml.dll,PrintHTML "%1"
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- Reg Error: Key error.
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"3389:TCP" = 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"57696:TCP" = 57696:TCP:*:Enabled:Pando Media Booster
"57696:UDP" = 57696:UDP:*:Enabled:Pando Media Booster
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"10243:TCP" = 10243:TCP:LocalSubNet:Disabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Disabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Disabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Disabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Disabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Disabled:Windows Media Player Network Sharing Service
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"3389:TCP" = 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
"80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)
"57696:TCP" = 57696:TCP:*:Enabled:Pando Media Booster
"57696:UDP" = 57696:UDP:*:Enabled:Pando Media Booster
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Disabled:Logitech Desktop Messenger -- (Logitech Inc.)
"C:\WINDOWS\system32\fxsclnt.exe" = C:\WINDOWS\system32\fxsclnt.exe:*:Disabled:Microsoft  Fax Console -- (Microsoft Corporation)
"C:\Program Files\Yahoo!\Messenger\YPager.exe" = C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Disabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Disabled:Yahoo! FT Server -- (Yahoo! Inc.)
"C:\Program Files\Microsoft Games\Age of Mythology\aomx.exe" = C:\Program Files\Microsoft Games\Age of Mythology\aomx.exe:*:Enabled:Age of Mythology - The Titans Expansion -- (Ensemble Studios)
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- (Eastman Kodak Company)
"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe" = C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- (Nexon)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}" = Symantec KB-DocID:2003093015493306
"{08CA9554-B5FE-4313-938F-D4A417B81175}" = QuickTime
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{13DAAEA9-EBCD-4AAA-A9F8-30827AF1C3F3}" =
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{1526D87C-A955-4FAB-BF18-697BA457E352}" =
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1D643CD7-4DD6-11D7-A4E0-000874180BB3}" = Microsoft Money 2004
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{28379381-B56A-43e1-B505-3098D82B1C30}" = 4500G510gm_Software_Min
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{3248F0A8-6813-11D6-A77B-00B0D0150010}" = J2SE Runtime Environment 5.0 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0150110}&

[guestolo]

Thanks for the logs, let's do the following please

Double  click on OTL.exe and Run it

• Under the [color="#0000FF"]Custom Scans/Fixes[/color] box at the bottom, copy/paste in the following in the quote box below. don't include the word Quote please
  

  :OTL
  IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapp...rch/search.html
  O2 - BHO: (no name) - {fdd3b846-8d59-4ffb-8758-209b6ad74acc} - No CLSID value found.
  O3 - HKLM\..\Toolbar: (no name) - SITEguard - No CLSID value found.
  O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
  O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found.
  O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - File not found
  O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - File not found
  [2011/05/12 19:17:59 | 000,015,854 | -HS- | C] () -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Local Settings\Application Data\mxfvglcuf5lp6c06n0118lap1tpbhyoa0242p836ls
  [2011/05/12 19:17:59 | 000,015,854 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\mxfvglcuf5lp6c06n0118lap1tpbhyoa0242p836ls
  [2011/05/11 14:27:52 | 000,013,990 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\q64u71566l2osq0pus7luj42jr
  [2011/05/11 08:56:18 | 000,000,128 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~18079524r
  [2011/05/11 08:56:18 | 000,000,104 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~18079524
  [2011/05/11 08:56:08 | 000,000,344 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\18079524
  [2011/05/11 08:48:35 | 000,000,312 | -HS- | C] () -- C:\WINDOWS\tasks\Xgbbhicad.job
  @Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CA73D29
  :Reg
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
  "DisableMonitoring"=-
  :Files
  ipconfig /flushdns /c
  :Commands
  [EmptyTemp]
  [EmptyFlash]
  

  
  
• Then click the [color="#FF0000"]Run Fix[/color] button at the top
  
• Let the program run unhindered, reboot the PC when it is done

On startup, Allow OTL to run if prompted
A log should open, can you post it please
A copy of this log can also be found in
C:\_OTL\Moved Files folder

In addition: After you post the above, can I see the next

Open Malwarebytes AntiMalware

• Open the UPDATE tab and check for update  
• If an update is found, it will download and install the latest version.    
• then open the SCANNER taba and select "Perform Quick Scan", then click Scan.    
  
• The scan may take some time to finish,so please be patient.    
• When the scan is complete, click OK, then Show Results to view the results.    
  
• Make sure that everything is checked, and click Remove Selected.
      * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)    
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.    
• Copy&Paste the entire report in your next reply

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

In addition:
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

• Double-click SystemLook.exe to run it.
  
• Copy the contents of the following codebox into the main textfield:
  
  Code: [Select]
  :filefind
rundll32.exe

  
• Click the Look button to start the scan.
  
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

[iboglander]

All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\CustomSearch| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fdd3b846-8d59-4ffb-8758-209b6ad74acc}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fdd3b846-8d59-4ffb-8758-209b6ad74acc}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\SITEguard deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4982D40A-C53B-4615-B15B-B5B5E98D167C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.
C:\Documents and Settings\Owner.YOUR-D26EF63B94\Local Settings\Application Data\mxfvglcuf5lp6c06n0118lap1tpbhyoa0242p836ls moved successfully.
C:\Documents and Settings\All Users\Application Data\mxfvglcuf5lp6c06n0118lap1tpbhyoa0242p836ls moved successfully.
C:\Documents and Settings\All Users\Application Data\q64u71566l2osq0pus7luj42jr moved successfully.
C:\Documents and Settings\All Users\Application Data\~18079524r moved successfully.
C:\Documents and Settings\All Users\Application Data\~18079524 moved successfully.
C:\Documents and Settings\All Users\Application Data\18079524 moved successfully.
C:\WINDOWS\tasks\Xgbbhicad.job moved successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:1CA73D29 deleted successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\\DisableMonitoring deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Owner.YOUR-D26EF63B94\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Owner.YOUR-D26EF63B94\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes
 
User: Owner
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Owner.YOUR-D26EF63B94
->Temp folder emptied: 835584 bytes
->Temporary Internet Files folder emptied: 63963189 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 3496 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 31147 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 62.00 mb
 
 
[EMPTYFLASH]
 
User: Administrator
 
User: All Users
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: LocalService
 
User: NetworkService
->Flash cache emptied: 0 bytes
 
User: Owner
->Flash cache emptied: 0 bytes
 
User: Owner.YOUR-D26EF63B94
->Flash cache emptied: 0 bytes
 
Total Flash Files Cleaned = 0.00 mb
 
 
OTL by OldTimer - Version 3.2.22.3 log created on 05132011_120303

Files\Folders moved on Reboot...
C:\Documents and Settings\Owner.YOUR-D26EF63B94\Local Settings\Temp\~DF43C0.tmp moved successfully.
C:\Documents and Settings\Owner.YOUR-D26EF63B94\Local Settings\Temporary Internet Files\Content.IE5\YE0C1CDH\teen-moms-leah-completely-stressed-out-by-wedding[1].txt moved successfully.
C:\Documents and Settings\Owner.YOUR-D26EF63B94\Local Settings\Temporary Internet Files\Content.IE5\YE0C1CDH\xd_proxy[1].php moved successfully.
C:\Documents and Settings\Owner.YOUR-D26EF63B94\Local Settings\Temporary Internet Files\Content.IE5\RYN21U9W\dot[2].gif moved successfully.
C:\Documents and Settings\Owner.YOUR-D26EF63B94\Local Settings\Temporary Internet Files\Content.IE5\RYN21U9W\GetAdDirector_BannerCreative[1].htm moved successfully.
C:\Documents and Settings\Owner.YOUR-D26EF63B94\Local Settings\Temporary Internet Files\Content.IE5\53QNZ5XH\index[1].php moved successfully.
C:\Documents and Settings\Owner.YOUR-D26EF63B94\Local Settings\Temporary Internet Files\Content.IE5\53QNZ5XH\like[1].php moved successfully.
C:\Documents and Settings\Owner.YOUR-D26EF63B94\Local Settings\Temporary Internet Files\Content.IE5\53QNZ5XH\like[2].php moved successfully.

Registry entries deleted on Reboot...


Then Malware (no infections reported)

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6569

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/13/2011 12:11:13 PM
mbam-log-2011-05-13 (12-11-13).txt

Scan type: Quick scan
Objects scanned: 173092
Time elapsed: 3 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Then System Look:

SystemLook 04.09.10 by jpshortstuff
Log created at 12:13 on 13/05/2011 by Owner
Administrator - Elevation successful

========== filefind ==========

Searching for "rundll32.exe"
No files found.

-= EOF =-

Done, Done and Done.  Next?  Thank you by the way, helpful folks are hard to find these days!

[iboglander]

Oh man, I forgot that I ran Malware earlier (2 hours ago), here is that report, where it did find 17 infected files (This was a full scan, not a quick scan =D):

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6568

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/13/2011 10:30:04 AM
mbam-log-2011-05-13 (10-30-04).txt

Scan type: Full scan (C:\|)
Objects scanned: 248852
Time elapsed: 33 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 17

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\system volume information\_restore{ec4cb99f-e069-439a-9c27-2feff753d9c8}\RP10\A0003957.exe (Trojan.Agent.VCP) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ec4cb99f-e069-439a-9c27-2feff753d9c8}\RP16\A0004987.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ec4cb99f-e069-439a-9c27-2feff753d9c8}\RP17\A0005019.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ec4cb99f-e069-439a-9c27-2feff753d9c8}\RP4\A0002058.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ec4cb99f-e069-439a-9c27-2feff753d9c8}\RP4\A0002059.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ec4cb99f-e069-439a-9c27-2feff753d9c8}\RP4\A0002060.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ec4cb99f-e069-439a-9c27-2feff753d9c8}\RP4\A0002061.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ec4cb99f-e069-439a-9c27-2feff753d9c8}\RP6\A0002433.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ec4cb99f-e069-439a-9c27-2feff753d9c8}\RP7\A0003202.exe (Trojan.Inject) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ec4cb99f-e069-439a-9c27-2feff753d9c8}\RP7\A0003232.exe (Trojan.Agent.VCP) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ec4cb99f-e069-439a-9c27-2feff753d9c8}\RP7\A0003233.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ec4cb99f-e069-439a-9c27-2feff753d9c8}\RP7\A0003703.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ec4cb99f-e069-439a-9c27-2feff753d9c8}\RP7\A0003704.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ec4cb99f-e069-439a-9c27-2feff753d9c8}\RP7\A0003727.exe (Trojan.Agent.VCP) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ec4cb99f-e069-439a-9c27-2feff753d9c8}\RP7\A0003729.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\wmvdmoe2z.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\nmpssakhhnawe.exe (Rogue.Installer.Gen) -> Quarantined and deleted successfully.

[iboglander]

Grrrrr, just had a random couple of pop up boxes (without touching anything)...one for Twitter and one for People Magazine.  I ran another HJT report for you, just to show you current status.  Note: I have only 1 internet explorer window up, so the 4 internet explorer processes running are interesting (I know that 2 will run for 1 window or have noticed that in the past, but 4?)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:23:56 PM, on 5/13/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\WINDOWS\zHotkey.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\YTSingleInstance.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod2\v4\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod2\v4\yhexbmes.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.gateway.com
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {26B2A5DA-BFD6-422F-A89A-28A54C74B12B} (Photo Upload Plugin Class) - http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_4/PhotoCenter_ActiveX_Control.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcophotocenter.com/CostcoActivia.cab
O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} (king.com) - http://games.king.com/ctl/kingcomie.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1264368087191
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1264368078129
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://disteng.nefficient.com/disteng/neffy/NeffyLauncher.cab
O16 - DPF: {ABB660B6-6694-407B-950A-EDBA5A159722} (DVCDownloadControl) - http://download.games.yahoo.com/games/web_games/sony/davinci/DVCDownloadControl.cab
O16 - DPF: {B3872502-F9FD-4E96-93FF-0D37298F0689} (SOESysInfo Control) - http://everquest2.station.sony.com/systemscan/soesysinfo.cab
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} (Photo Upload Plugin Class) - http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://download.games.yahoo.com/games/web_games/tikgames/cinematycoon/cinematycoon.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 10051 bytes


Thanks for your patience.

[guestolo]

• Download [color="#0000FF"]TDSSKiller[/color] and save it to your Desktop.
     
• Extract its contents to your desktop.
• Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
     
• If an infected file is detected, the default action will be Cure, click on Continue.
     
• If a suspicious file is detected, the default action will be Skip, click on Continue.
  
     
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  
     
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
     
• If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

In addition:
I've uploaded a copy of rundll32.exe to mediafire
http://www.mediafire.com/file/ul8w5boqer7wbr9/rundll32.zip

Please download rundll32.zip  to your desktop than extract it's contents>>rundll32.exe

Set Windows To Show Hidden Files and Folders
    * Click Start.
    * Open My Computer.
    * Select the Tools menu and click Folder Options.
    * Select the View Tab.
    * Under the Hidden files and folders heading select Show hidden files and folders.
    * Uncheck the Hide protected operating system files (recommended) option.
    * Uncheck the Hide Extensions for known file types
    * Click Yes to confirm.
    * Click OK.
Copy/paste a copy of rundll32.exe to both the following folders
C:\WINDOWS\system32
and also
C:\WINDOWS\system32\dllcache

Let's remove older outdated versions of Sun Java
Download and save to desktop JavaRA from the following link
http://sourceforge.net/projects/javara/files/javara/JavaRa/JavaRa.zip/download
Extract to it's own folder
Open the folder and double click on JavaRa.exe
Choose 'English' then click "Select"
Under "Additional tasks" select the top 3 selections and also the bottom 2 selections
Then click GO
OK all the prompts, close the box afterwards
Ensure all browser windows are closed and choose "Remove older versions"

A log will open, you can just close it and delete JavaRa

Afterwards:
Restart your computer
Back in Windows, see if you can enter Add and Remove Programs in Windows Control Panel
Let me know if you can please

[iboglander]

2011/05/13 12:50:18.0265 3192 TDSS rootkit removing tool 2.5.1.0 May 13 2011 13:20:29
2011/05/13 12:50:18.0843 3192 ================================================================================
2011/05/13 12:50:18.0843 3192 SystemInfo:
2011/05/13 12:50:18.0843 3192
2011/05/13 12:50:18.0843 3192 OS Version: 5.1.2600 ServicePack: 3.0
2011/05/13 12:50:18.0843 3192 Product type: Workstation
2011/05/13 12:50:18.0843 3192 ComputerName: YOUR-D26EF63B94
2011/05/13 12:50:18.0843 3192 UserName: Owner
2011/05/13 12:50:18.0843 3192 Windows directory: C:\WINDOWS
2011/05/13 12:50:18.0843 3192 System windows directory: C:\WINDOWS
2011/05/13 12:50:18.0843 3192 Processor architecture: Intel x86
2011/05/13 12:50:18.0843 3192 Number of processors: 2
2011/05/13 12:50:18.0843 3192 Page size: 0x1000
2011/05/13 12:50:18.0843 3192 Boot type: Normal boot
2011/05/13 12:50:18.0843 3192 ================================================================================
2011/05/13 12:50:19.0250 3192 Initialize success
2011/05/13 12:50:27.0890 1092 ================================================================================
2011/05/13 12:50:27.0890 1092 Scan started
2011/05/13 12:50:27.0890 1092 Mode: Manual;
2011/05/13 12:50:27.0890 1092 ================================================================================
2011/05/13 12:50:28.0906 1092 ACPI           (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/05/13 12:50:28.0984 1092 ACPIEC         (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/05/13 12:50:29.0046 1092 aec            (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/05/13 12:50:29.0109 1092 AFD            (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2011/05/13 12:50:29.0312 1092 Arp1394        (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/05/13 12:50:29.0453 1092 AsyncMac       (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/05/13 12:50:29.0468 1092 atapi          (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/05/13 12:50:29.0593 1092 ati2mtag       (e42f83f1e85cf0b9f9873851543dcd9d) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/05/13 12:50:29.0656 1092 Atmarpc        (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/05/13 12:50:29.0718 1092 audstub        (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/05/13 12:50:29.0781 1092 Beep           (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/05/13 12:50:29.0843 1092 cbidf2k        (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/05/13 12:50:29.0875 1092 CCDECODE       (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/05/13 12:50:30.0203 1092 CdaD10BA       (841cefab8228ee691705d059e7f21c47) C:\WINDOWS\system32\drivers\CdaD10BA.SYS
2011/05/13 12:50:30.0265 1092 Cdaudio        (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/05/13 12:50:30.0296 1092 Cdfs           (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/05/13 12:50:30.0359 1092 Cdr4_xp        (223dea13c9d064babc882b4727f6f905) C:\WINDOWS\system32\drivers\Cdr4_xp.sys
2011/05/13 12:50:30.0390 1092 Cdralw2k       (9e26599599d178e71afb5599e146031a) C:\WINDOWS\system32\drivers\Cdralw2k.sys
2011/05/13 12:50:30.0437 1092 Cdrom          (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/05/13 12:50:30.0593 1092 CX23880        (0cdad5c0e3634b0c3fae91a61b419143) C:\WINDOWS\system32\drivers\A88VidBB.sys
2011/05/13 12:50:30.0656 1092 CX88ENC        (a1b918bb5df62d48596863b3a6c7a1db) C:\WINDOWS\system32\drivers\A88EncBB.sys
2011/05/13 12:50:30.0687 1092 CX88XBAR       (e4d09bae3963745930eedbaeb32264a1) C:\WINDOWS\system32\drivers\A88BarBB.sys
2011/05/13 12:50:30.0703 1092 CXAVSAUD       (79127a6522c4c858c407e9685971c8fd) C:\WINDOWS\system32\drivers\A88AudBB.sys
2011/05/13 12:50:30.0734 1092 CXTUNE         (feb738a2aa102e35e22061ef07b87081) C:\WINDOWS\system32\drivers\A88TunBB.sys
2011/05/13 12:50:30.0828 1092 Disk           (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/05/13 12:50:30.0921 1092 dmboot         (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/05/13 12:50:31.0031 1092 dmio           (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/05/13 12:50:31.0062 1092 dmload         (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/05/13 12:50:31.0125 1092 DMusic         (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/05/13 12:50:31.0203 1092 drmkaud        (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/05/13 12:50:31.0296 1092 Fastfat        (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/05/13 12:50:31.0343 1092 Fdc            (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/05/13 12:50:31.0375 1092 Fips           (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/05/13 12:50:31.0406 1092 Flpydisk       (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/05/13 12:50:31.0437 1092 FltMgr         (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/05/13 12:50:31.0468 1092 Fs_Rec         (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/05/13 12:50:31.0500 1092 Ftdisk         (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/05/13 12:50:31.0578 1092 GEARAspiWDM    (4ac51459805264affd5f6fdfb9d9235f) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2011/05/13 12:50:31.0609 1092 Gpc            (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/05/13 12:50:31.0656 1092 HdAudAddService (2a013e7530beab6e569faa83f517e836) C:\WINDOWS\system32\drivers\HdAudio.sys
2011/05/13 12:50:31.0703 1092 HDAudBus       (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/05/13 12:50:31.0750 1092 HidIr          (bb1a6fb7d35a91e599973fa74a619056) C:\WINDOWS\system32\DRIVERS\hidir.sys
2011/05/13 12:50:31.0781 1092 HidUsb         (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/05/13 12:50:31.0906 1092 HPZid412       (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/05/13 12:50:31.0937 1092 HPZipr12       (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/05/13 12:50:32.0015 1092 HPZius12       (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/05/13 12:50:32.0078 1092 HSFHWBS2       (b6b0721a86e51d141ec55c3cc1ca5686) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
2011/05/13 12:50:32.0156 1092 HSF_DP         (b2dfc168d6f7512faea085253c5a37ad) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
2011/05/13 12:50:32.0265 1092 HSF_DPV        (698204d9c2832e53633e53a30a53fc3d) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
2011/05/13 12:50:32.0375 1092 HTTP           (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/05/13 12:50:32.0468 1092 i8042prt       (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/05/13 12:50:32.0531 1092 Imapi          (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/05/13 12:50:32.0734 1092 IntcAzAudAddService (a30685283f90ae02f1cd50972c6065e3) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/05/13 12:50:32.0890 1092 IntelIde       (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/05/13 12:50:32.0953 1092 intelppm       (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/05/13 12:50:32.0984 1092 Ip6Fw          (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/05/13 12:50:33.0015 1092 IpInIp         (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/05/13 12:50:33.0046 1092 IpNat          (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/05/13 12:50:33.0078 1092 IPSec          (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/05/13 12:50:33.0125 1092 IrBus          (b43b36b382aea10861f7c7a37f9d4ae2) C:\WINDOWS\system32\DRIVERS\IrBus.sys
2011/05/13 12:50:33.0171 1092 IRENUM         (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/05/13 12:50:33.0218 1092 isapnp         (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/05/13 12:50:33.0265 1092 Kbdclass       (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/05/13 12:50:33.0312 1092 kbdhid         (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/05/13 12:50:33.0359 1092 kmixer         (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/05/13 12:50:33.0390 1092 KSecDD         (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/05/13 12:50:33.0500 1092 LVUSBSta       (9e9306063ecd8aa91b3fb76678d3cee2) C:\WINDOWS\system32\drivers\LVUSBSta.sys
2011/05/13 12:50:33.0546 1092 mdmxsdk        (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/05/13 12:50:33.0593 1092 MHNDRV         (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
2011/05/13 12:50:33.0656 1092 mnmdd          (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/05/13 12:50:33.0703 1092 Modem          (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/05/13 12:50:33.0718 1092 Mouclass       (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/05/13 12:50:33.0781 1092 mouhid         (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/05/13 12:50:33.0812 1092 MountMgr       (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/05/13 12:50:33.0859 1092 MRxDAV         (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/05/13 12:50:33.0953 1092 MRxSmb         (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/05/13 12:50:34.0015 1092 Msfs           (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/05/13 12:50:34.0046 1092 MSKSSRV        (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/05/13 12:50:34.0062 1092 MSPCLOCK       (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/05/13 12:50:34.0093 1092 MSPQM          (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/05/13 12:50:34.0171 1092 mssmbios       (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/05/13 12:50:34.0187 1092 MSTEE          (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/05/13 12:50:34.0234 1092 Mup            (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/05/13 12:50:34.0281 1092 MxlW2k         (88f57a15b786bf2af9458f7903768085) C:\WINDOWS\system32\drivers\MxlW2k.sys
2011/05/13 12:50:34.0312 1092 NABTSFEC       (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/05/13 12:50:34.0359 1092 NDIS           (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/05/13 12:50:34.0390 1092 NdisIP         (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/05/13 12:50:34.0406 1092 NdisTapi       (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/05/13 12:50:34.0453 1092 Ndisuio        (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/05/13 12:50:34.0468 1092 NdisWan        (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/05/13 12:50:34.0515 1092 NDProxy        (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/05/13 12:50:34.0546 1092 NetBIOS        (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/05/13 12:50:34.0593 1092 NetBT          (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/05/13 12:50:34.0640 1092 NIC1394        (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/05/13 12:50:34.0671 1092 Npfs           (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/05/13 12:50:34.0734 1092 Ntfs           (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/05/13 12:50:34.0828 1092 Null           (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/05/13 12:50:34.0875 1092 NwlnkFlt       (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/05/13 12:50:34.0921 1092 NwlnkFwd       (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/05/13 12:50:34.0968 1092 ohci1394       (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/05/13 12:50:35.0031 1092 Parport        (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/05/13 12:50:35.0046 1092 PartMgr        (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/05/13 12:50:35.0093 1092 ParVdm         (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/05/13 12:50:35.0125 1092 PCI            (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/05/13 12:50:35.0187 1092 PCIIde         (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/05/13 12:50:35.0234 1092 Pcmcia         (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/05/13 12:50:35.0406 1092 pepifilter     (d30eda6e1ab3c8c82f2ca085ab79040a) C:\WINDOWS\system32\DRIVERS\lv302af.sys
2011/05/13 12:50:35.0546 1092 PID_08A0       (cebefeae6156f4fee41f56be89ea9c96) C:\WINDOWS\system32\DRIVERS\LV302AV.SYS
2011/05/13 12:50:35.0703 1092 PID_PEPI       (0da6c5e0c8da6cebe52daacfe7ae9de6) C:\WINDOWS\system32\DRIVERS\LV302V32.SYS
2011/05/13 12:50:35.0828 1092 PptpMiniport   (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/05/13 12:50:35.0890 1092 Ptilink        (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/05/13 12:50:35.0968 1092 PxHelp20       (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/05/13 12:50:36.0140 1092 RasAcd         (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/05/13 12:50:36.0171 1092 Rasl2tp        (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/05/13 12:50:36.0203 1092 RasPppoe       (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/05/13 12:50:36.0234 1092 Raspti         (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/05/13 12:50:36.0265 1092 Rdbss          (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/05/13 12:50:36.0312 1092 RDPCDD         (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/05/13 12:50:36.0343 1092 rdpdr          (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/05/13 12:50:36.0390 1092 RDPWD          (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/05/13 12:50:36.0421 1092 redbook        (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/05/13 12:50:36.0546 1092 Secdrv         (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/05/13 12:50:36.0625 1092 serenum        (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/05/13 12:50:36.0656 1092 Serial         (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/05/13 12:50:36.0703 1092 Sfloppy        (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
2011/05/13 12:50:36.0781 1092 SLIP           (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/05/13 12:50:36.0875 1092 splitter       (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/05/13 12:50:36.0937 1092 sr             (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/05/13 12:50:37.0031 1092 Srv            (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/05/13 12:50:37.0125 1092 streamip       (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/05/13 12:50:37.0187 1092 SunkFilt       (d8cbd8b4bf4dc9cd64b5cc8e2bec1b96) C:\WINDOWS\System32\Drivers\sunkfilt.sys
2011/05/13 12:50:37.0218 1092 SunkFilt39     (fabcc3bec89a2853958cefb28943c470) C:\WINDOWS\System32\Drivers\sunkfilt39.sys
2011/05/13 12:50:37.0250 1092 swenum         (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/05/13 12:50:37.0281 1092 swmidi         (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/05/13 12:50:37.0359 1092 symlcbrd       (b226f8a4d780acdf76145b58bb791d5b) C:\WINDOWS\system32\drivers\symlcbrd.sys
2011/05/13 12:50:37.0421 1092 sysaudio       (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/05/13 12:50:37.0484 1092 Tcpip          (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/05/13 12:50:37.0531 1092 TDPIPE         (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/05/13 12:50:37.0578 1092 TDTCP          (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/05/13 12:50:37.0625 1092 TermDD         (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/05/13 12:50:37.0703 1092 tmcomm         (df8444a8fa8fd38d8848bdd40a8403b3) C:\WINDOWS\system32\drivers\tmcomm.sys
2011/05/13 12:50:37.0781 1092 Udfs           (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/05/13 12:50:37.0859 1092 Update         (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/05/13 12:50:37.0968 1092 USBAAPL        (f340199e8cb097e1acd58a967c665919) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/05/13 12:50:38.0031 1092 usbaudio       (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/05/13 12:50:38.0078 1092 usbccgp        (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/05/13 12:50:38.0093 1092 usbehci        (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/05/13 12:50:38.0125 1092 usbhub         (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/05/13 12:50:38.0140 1092 usbprint       (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/05/13 12:50:38.0156 1092 usbscan        (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/05/13 12:50:38.0171 1092 usbstor        (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/05/13 12:50:38.0203 1092 usbuhci        (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/05/13 12:50:38.0218 1092 USB_RNDIS      (bee793d4a059caea55d6ac20e19b3a8f) C:\WINDOWS\system32\DRIVERS\usb8023.sys
2011/05/13 12:50:38.0234 1092 VgaSave        (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/05/13 12:50:38.0281 1092 VolSnap        (7c38f81f40d61d1607ddb62fe5817bb9) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/05/13 12:50:38.0281 1092 Suspicious file (Forged): C:\WINDOWS\system32\drivers\VolSnap.sys. Real md5: 7c38f81f40d61d1607ddb62fe5817bb9, Fake md5: 4c8fcb5cc53aab716d810740fe59d025
2011/05/13 12:50:38.0281 1092 VolSnap - detected Rootkit.Win32.TDSS.tdl3 (0)
2011/05/13 12:50:38.0328 1092 Wanarp         (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/05/13 12:50:38.0375 1092 wdmaud         (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/05/13 12:50:38.0453 1092 winachsf       (74cf3f2e4e40c4a2e18d39d6300a5c24) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/05/13 12:50:38.0578 1092 WpdUsb         (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
2011/05/13 12:50:38.0625 1092 WSTCODEC       (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/05/13 12:50:38.0671 1092 WudfPf         (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/05/13 12:50:38.0703 1092 WudfRd         (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/05/13 12:50:38.0781 1092 yukonwxp       (4322c32ced8c4772e039616dcbf01d3f) C:\WINDOWS\system32\DRIVERS\yk51x86.sys
2011/05/13 12:50:38.0906 1092 ================================================================================
2011/05/13 12:50:38.0906 1092 Scan finished
2011/05/13 12:50:38.0906 1092 ================================================================================
2011/05/13 12:50:38.0921 2876 Detected object count: 1
2011/05/13 12:51:33.0515 2876 VolSnap        (7c38f81f40d61d1607ddb62fe5817bb9) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/05/13 12:51:33.0515 2876 Suspicious file (Forged): C:\WINDOWS\system32\drivers\VolSnap.sys. Real md5: 7c38f81f40d61d1607ddb62fe5817bb9, Fake md5: 4c8fcb5cc53aab716d810740fe59d025
2011/05/13 12:51:35.0156 2876 Backup copy found, using it..
2011/05/13 12:51:35.0171 2876 C:\WINDOWS\system32\drivers\VolSnap.sys - will be cured after reboot
2011/05/13 12:51:35.0171 2876 Rootkit.Win32.TDSS.tdl3(VolSnap) - User select action: Cure
2011/05/13 12:51:45.0968 3028 Deinitialize success


TDSS Killer report...working on the other things you told me to do=D

[iboglander]

It now allows me to open programs in my control panel, but (and this may be something i have to live with, I'm just checking that I did it right) when I do click on Add/Remove Programs or any other Control Panel function I get a:

Open File - Security Warning

The publisher could not be be verified. Are you sure you want to run this software?

Name: rundll32.exe
Publisher: Unknown Publisher
Type: Application
From: C:\WINDOWS\system32

run/cancel

always ask before opening this file? (checked)

This file does not have a valid digital signature that verifies its publisher.  You should only run software from publishers you trust..blahblahblah

This might be an easy one, but I should probably just uncheck the "always ask" or did I do something incorrect?

Either way, it works thats a step in the right direction=D  Thank you.

[guestolo]

Download ComboFix from the following location

[color="#0000FF"]Link 1[/color]
Save it ONLY to your Desktop
      --------------------------------------------------------------------
[color="#2E8B57"]Temporarily Disable your AntiVirus/AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with this tool
[/color]

• Double click on ComboFix.exe & follow the prompts.
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

[color="#2e8b57"]**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
[/color]


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply

NOTE: Do not mouseclick inside ComboFix window as it's running, it may cause it to stall
ComboFix will/may run again on startup, it will prompt that it's creating a log
This process could take up to 10 minutes, let it run uninterrupted please

with the log from ComboFix, can you also open OTL.exe, choose to Run a Quick Scan
When it's done, post the log that opens

Edit>>Can you also let me know the following
When you downloaded rundll32.zip, did you use Internet Explorer or Firefox?

[iboglander]

You may want to hit me for leaving this out earlier, but until I got back into the control panel functions, I had forgotten about this:

Microsoft Security Essentials seemed to be seriously compromised by this virus, would not let anything be touched, firewall turned off, virus protection off...and now that I see it in the Control Panel, I'm scared as hell to even click near it, lol.

Only other thing to add to this mess, is that if I try to navigate around the internet, I get iffy results.  Sometimes it goes where it is supposed to, other times it gets redirected.  Anything microsoft related, it will not let me go, always a redirect.  I was suprised it let me go here, honestly.  Details of this issue are varied, but in example:

I use search to find virus protection, it gives the usual list of choices, I pick one and it starts to go where it says, then it gets derailed to somewhere else.  Of course, while I was typing this, I rechecked this issue and its not happening at the moment, lol.  

Anyway, just adding info as I remember, encounter or stumble over it, thanks.

[guestolo]

Follow my last set of instructions
I'm going for a shower, see ya in a bit  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/tongue.gif\' class=\'bbc_emoticon\' alt=\'\' />

[iboglander]

ComboFix 11-05-13.01 - Owner 05/13/2011  13:46:12.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1022.543 [GMT -7:00]
Running from: c:\documents and settings\Owner.YOUR-D26EF63B94\Desktop\ComboFix.exe
FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Owner\jxvuof.exe
c:\documents and settings\Owner\WINDOWS
c:\windows\system32\_000005_.tmp.dll
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\Cache
.
.
(((((((((((((((((((((((((   Files Created from 2011-04-13 to 2011-05-13  )))))))))))))))))))))))))))))))
.
.
2011-05-13 20:04 . 2011-05-13 20:01 33280 -c--a-w- c:\windows\system32\dllcache\rundll32.exe
2011-05-13 20:04 . 2011-05-13 20:01 33280 ----a-w- c:\windows\system32\rundll32.exe
2011-05-13 19:03 . 2011-05-13 19:03 -------- d-----w- C:\_OTL
2011-05-13 16:36 . 2011-05-13 16:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-05-13 16:36 . 2010-12-21 01:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-13 16:36 . 2011-05-13 16:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-13 14:25 . 2011-05-13 14:25 -------- d-----w- c:\program files\Trend Micro
2011-05-13 14:04 . 2011-05-13 14:04 -------- d-----w- C:\unzipped rundll32.exe file
2011-05-13 09:04 . 2011-05-13 09:04 -------- d-----w- c:\windows\system32\wbem\Repository
2011-05-12 22:30 . 2011-05-13 09:03 -------- d-----w- c:\program files\ARO 2011
2011-05-12 15:39 . 2011-05-13 09:04 -------- d-----w- c:\documents and settings\Owner.YOUR-D26EF63B94
2011-05-11 16:39 . 2011-05-11 16:39 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2011-05-06 16:27 . 2008-11-13 14:18 599552 -c----w- c:\windows\system32\dllcache\crypt32.dll
2011-04-14 16:27 . 2011-04-14 16:27 -------- d--h--w- c:\documents and settings\All Users\Application Data\TaxCut
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-13 19:52 . 2004-09-07 18:54 52352 ----a-w- c:\windows\system32\drivers\volsnap.sys
2011-03-07 05:33 . 2004-09-07 19:15 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37 . 2004-09-07 18:54 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2004-09-07 18:54 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06 . 2004-09-07 18:54 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06 . 2004-09-07 18:53 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06 . 2004-09-07 18:53 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41 . 2004-09-07 18:53 385024 ----a-w- c:\windows\system32\html.iec
2011-02-17 13:18 . 2004-09-07 18:53 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2004-09-07 18:54 357888 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-17 12:32 . 2009-04-15 03:11 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56 . 2004-09-07 18:53 290432 ----a-w- c:\windows\system32\atmfd.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 61952]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-02 339968]
"CHotkey"="zHotkey.exe" [2004-05-18 543232]
"SoundMan"="SOUNDMAN.EXE" [2005-09-21 86016]
"AlcWzrd"="ALCWZRD.EXE" [2005-09-21 2807808]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Mythology\\aomx.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
"57696:TCP"= 57696:TCP:Pando Media Booster
"57696:UDP"= 57696:UDP:Pando Media Booster
.
R2 CX88XBAR;AVerMedia AVerTV MPEG Crossbar (Dual-Input);c:\windows\system32\drivers\A88BarBB.sys [9/7/2004 11:55 AM 10112]
R3 CXAVSAUD;AVerMedia AVerTV AvStream Audio Capture;c:\windows\system32\drivers\A88AudBB.sys [9/7/2004 11:55 AM 9216]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [9/7/2004 11:54 AM 14336]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [9/7/2004 11:54 AM 14336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ    getPlusHelper
HPZ12 REG_MULTI_SZ    Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ    HPSLPSVC
hpdevmgmt REG_MULTI_SZ    hpqcxs08 hpqddsvc
nosGetPlusHelper REG_MULTI_SZ    nosGetPlusHelper
WINRM REG_MULTI_SZ    WINRM
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 11:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {26B2A5DA-BFD6-422F-A89A-28A54C74B12B} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_4/PhotoCenter_ActiveX_Control.cab
DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} - hxxp://games.king.com/ctl/kingcomie.cab
DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} - hxxp://disteng.nefficient.com/disteng/neffy/NeffyLauncher.cab
DPF: {B3872502-F9FD-4E96-93FF-0D37298F0689} - hxxp://everquest2.station.sony.com/systemscan/soesysinfo.cab
FF - ProfilePath -
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-klmdb.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-13 13:50
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(524)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2011-05-13  13:55:03
ComboFix-quarantined-files.txt  2011-05-13 20:55
.
Pre-Run: 220,296,900,608 bytes free
Post-Run: 220,263,407,616 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
.
- - End Of File - - F018B7F658D451D69163B3C284C03B50

OTL logfile created on: 5/13/2011 2:09:25 PM - Run 2
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Documents and Settings\Owner.YOUR-D26EF63B94\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1,022.00 Mb Total Physical Memory | 524.00 Mb Available Physical Memory | 51.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): C:\pagefile.sys 3048 4096 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 205.17 Gb Free Space | 88.10% Space Free | Partition Type: NTFS
Drive D: | 37.62 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 464.26 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: YOUR-D26EF63B94 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011/05/13 10:36:28 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Desktop\OTL.exe
PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/13 17:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/19 17:14:16 | 001,247,600 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2005/09/21 15:32:56 | 002,807,808 | ---- | M] (RealTek Semicoductor Corp.) -- C:\WINDOWS\ALCWZRD.EXE
PRC - [2005/09/21 10:24:02 | 000,086,016 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2004/05/17 18:30:04 | 000,543,232 | ---- | M] () -- C:\WINDOWS\zHotkey.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011/05/13 10:36:28 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Desktop\OTL.exe
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011/02/02 10:57:54 | 000,052,288 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R)
SRV - [2009/08/07 12:43:04 | 000,045,816 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/04/13 17:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2008/04/13 17:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2007/09/19 17:14:16 | 001,247,600 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2008/04/13 11:56:49 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2008/04/13 11:45:34 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\irbus.sys -- (IrBus)
DRV - [2007/12/06 10:51:00 | 000,285,952 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2007/09/27 13:44:12 | 000,102,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2007/06/20 04:00:00 | 000,009,200 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2007/06/20 04:00:00 | 000,009,072 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2007/05/09 22:51:34 | 000,041,888 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007/05/09 22:47:00 | 001,276,832 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2007/05/09 22:46:48 | 000,014,112 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter)
DRV - [2006/08/12 20:53:27 | 000,012,464 | ---- | M] (Macrovision Europe Ltd) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CdaD10BA.SYS -- (CdaD10BA)
DRV - [2006/02/20 10:43:19 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2005/09/23 18:56:28 | 003,966,976 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005/07/22 11:02:12 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/07/22 11:01:10 | 000,231,168 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2005/07/22 11:01:00 | 000,717,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/05/27 02:46:22 | 000,913,280 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302AV.SYS -- (PID_08A0) QuickCam IM(PID_08A0)
DRV - [2005/02/01 17:39:18 | 000,970,240 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/01/07 16:07:16 | 000,145,920 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2004/09/15 13:59:54 | 000,241,152 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\A88VidBB.sys -- (CX23880) AVerMedia AVerTV MPEG Video Capture (!)
DRV - [2004/09/15 11:30:58 | 000,296,576 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\A88EncBB.sys -- (CX88ENC)
DRV - [2004/09/15 11:29:38 | 000,010,112 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\A88BarBB.sys -- (CX88XBAR) AVerMedia AVerTV MPEG Crossbar (Dual-Input)
DRV - [2004/09/15 11:29:16 | 000,024,576 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\A88TunBB.sys -- (CXTUNE)
DRV - [2004/09/15 10:16:54 | 000,009,216 | ---- | M] (AVerMedia) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\A88AudBB.sys -- (CXAVSAUD)
DRV - [2004/09/07 16:29:37 | 000,028,352 | ---- | M] (MusicMatch, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k)
DRV - [2004/06/17 15:55:04 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/03/22 11:27:20 | 000,042,936 | ---- | M] (Alcor Micro Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sunkfilt39.sys -- (SunkFilt39)
DRV - [2004/03/22 11:01:38 | 000,040,564 | ---- | M] (Alcor Micro Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Sunkfilt.sys -- (SunkFilt)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch =
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/11/27 16:27:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{7796FD67-9319-444C-88F2-7A247E0BBED9}: C:\Documents and Settings\Owner\Local Settings\Application Data\{7796FD67-9319-444C-88F2-7A247E0BBED9}
FF - HKLM\software\mozilla\Mozilla Firefox 3.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/09 00:44:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/06 22:07:52 | 000,000,000 | ---D | M]
 
[2010/09/15 14:34:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/04/06 22:07:51 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPcol400.dll
[2011/04/06 22:07:51 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPcol500.dll
 
O1 HOSTS File: ([2011/05/13 13:50:18 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)
O4 - HKLM..\Run: [CHotkey] C:\WINDOWS\zHotkey.exe ()
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\HdAShCut.exe (Windows (R) Server 2003 DDK provider)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod2\v4\yhexbmes.dll (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod2\v4\yhexbmes.dll (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=48835 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {26B2A5DA-BFD6-422F-A89A-28A54C74B12B} http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_4/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www.costcophotocenter.com/CostcoActivia.cab (Snapfish Activia)
O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} http://games.king.com/ctl/kingcomie.cab (king.com)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1264368087191 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1264368078129 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} http://web1.shutterfly.com/downloads/Uploader.cab (Shutterfly Picture Upload Plugin)
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} http://disteng.nefficient.com/disteng/neffy/NeffyLauncher.cab (NeffyLauncherCtl Class)
O16 - DPF: {ABB660B6-6694-407B-950A-EDBA5A159722} http://download.games.yahoo.com/games/web_games/sony/davinci/DVCDownloadControl.cab (DVCDownloadControl)
O16 - DPF: {B3872502-F9FD-4E96-93FF-0D37298F0689} http://everquest2.station.sony.com/systemscan/soesysinfo.cab (SOESysInfo Control)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} http://download.games.yahoo.com/games/web_games/tikgames/cinematycoon/cinematycoon.cab (TikGames Online Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Gateway.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Gateway.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/09/07 12:17:21 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/10/18 13:32:07 | 000,000,082 | RH-- | M] () - D:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2003/07/10 15:09:09 | 000,000,111 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/05/13 13:44:02 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/05/13 13:41:44 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/05/13 13:41:44 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/05/13 13:41:44 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/05/13 13:41:44 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/05/13 13:41:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/05/13 13:39:45 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/05/13 13:21:28 | 001,407,280 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Desktop\TDSSKiller.exe
[2011/05/13 13:06:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Desktop\JavaRA
[2011/05/13 12:03:03 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/13 10:36:27 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Desktop\OTL.exe
[2011/05/13 09:37:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Application Data\Malwarebytes
[2011/05/13 09:36:59 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/13 09:36:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/13 09:36:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/05/13 09:36:55 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/05/13 09:36:25 | 007,734,208 | ---- | C] (Malwarebytes Corporation                                   ) -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Desktop\mbam-setup-1.50.1.1100.exe
[2011/05/13 09:33:17 | 000,066,896 | ---- | C] (Malwarebytes Corporation) -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Desktop\mbam-clean.exe
[2011/05/13 09:25:47 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Desktop\TFC.exe
[2011/05/13 07:25:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Start Menu\Programs\HiJackThis
[2011/05/13 07:25:03 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/05/13 07:04:04 | 000,000,000 | ---D | C] -- C:\unzipped rundll32.exe file
[2011/05/13 02:02:23 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Recent
[2011/05/12 19:07:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Local Settings\Application Data\Adobe
[2011/05/12 15:40:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Advanced SystemCare 4
[2011/05/12 15:40:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Application Data\IObit
[2011/05/12 15:30:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Application Data\Sammsoft
[2011/05/12 15:30:03 | 000,000,000 | ---D | C] -- C:\Program Files\ARO 2011
[2011/05/12 15:28:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Application Data\Adobe
[2011/05/12 15:16:21 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\PrivacIE
[2011/05/12 15:16:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Application Data\Yahoo!
[2011/05/12 15:16:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Application Data\HPAppData
[2011/05/12 08:39:39 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\IETldCache
[2011/05/12 08:39:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Application Data\CyberLink
[2011/05/12 08:39:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Application Data\AOL
[2011/05/12 08:39:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Application Data\Macromedia
[2011/05/12 08:39:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Application Data\Identities
[2011/05/12 08:39:09 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Application Data\Microsoft
[2011/05/12 08:39:09 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Favorites
[2011/05/12 08:39:09 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Application Data
[2011/05/12 08:39:09 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Cookies
[2011/05/12 08:39:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Application Data\You've Got Pictures Screensaver
[2011/05/12 08:39:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Application Data\Symantec
[2011/05/12 08:39:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Application Data\Sun
[2011/05/12 08:39:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Desktop
[2011/05/12 08:39:08 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Start Menu\Programs\Startup
[2011/05/12 08:39:08 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Start Menu
[2011/05/12 08:39:08 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\SendTo
[2011/05/12 08:39:08 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\My Documents\My Videos
[2011/05/12 08:39:08 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\My Documents\My Pictures
[2011/05/12 08:39:08 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\My Documents\My Music
[2011/05/12 08:39:08 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\My Documents
[2011/05/12 08:39:08 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Start Menu\Programs\Accessories
[2011/05/12 08:39:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\PrintHood
[2011/05/12 08:39:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\NetHood
[2011/05/12 08:39:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Local Settings\Application Data\Microsoft
[2011/05/12 08:39:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Local Settings
[2011/05/12 08:39:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\My Documents\CyberLink
[2011/05/12 08:39:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Local Settings\Application Data\ApplicationHistory
[2011/05/12 08:39:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142000}
[2011/05/12 08:39:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Templates
[2011/05/11 09:39:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2011/05/10 10:02:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2011/04/14 09:27:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TaxCut
 
========== Files - Modified Within 30 Days ==========
 
[2011/05/13 13:50:18 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/05/13 13:44:05 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2011/05/13 13:38:31 | 004,347,339 | R--- | M] () -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Desktop\ComboFix.exe
[2011/05/13 13:13:36 | 000,002,148 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/13 13:06:05 | 000,160,350 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Desktop\JavaRa.zip
[2011/05/13 13:00:51 | 000,012,796 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Desktop\rundll32.zip
[2011/05/13 12:49:45 | 001,407,280 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Desktop\TDSSKiller.exe
[2011/05/13 12:48:13 | 001,280,208 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Desktop\tdsskiller.zip
[2011/05/13 12:23:20 | 000,002,479 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Desktop\HiJackThis.lnk
[2011/05/13 12:12:56 | 000,075,264 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Desktop\SystemLook.exe
[2011/05/13 10:36:28 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Desktop\OTL.exe
[2011/05/13 09:36:59 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/13 09:36:33 | 007,734,208 | ---- | M] (Malwarebytes Corporation                                   ) -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Desktop\mbam-setup-1.50.1.1100.exe
[2011/05/13 09:33:20 | 000,066,896 | ---- | M] (Malwarebytes Corporation) -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Desktop\mbam-clean.exe
[2011/05/13 09:27:24 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Desktop\TFC.exe
[2011/05/13 07:24:37 | 001,402,880 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Desktop\HiJackThis.msi
[2011/05/12 15:15:38 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/05/12 11:56:47 | 000,295,664 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/05/12 10:19:43 | 000,000,662 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Desktop\System Restore.lnk
[2011/05/12 08:51:03 | 000,000,474 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\My Documents\cc_20110512_085055.reg
[2011/05/12 08:50:36 | 000,037,298 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\My Documents\cc_20110512_085030.reg
[2011/05/12 08:47:44 | 000,000,695 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Desktop\Spybot.lnk
[2011/05/12 08:45:00 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Desktop\CAYahooAntiSpy.lnk
[2011/05/12 08:43:40 | 000,000,688 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Desktop\Shortcut to mbam.lnk
[2011/05/12 08:43:25 | 000,000,622 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Desktop\CCleaner.lnk
[2011/05/12 08:39:58 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/12 08:39:46 | 000,001,478 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Application Data\Microsoft\Internet Explorer\Quick Launch\Media Center.lnk
[2011/05/12 07:12:37 | 000,441,042 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110512-085451.backup
[2011/04/26 23:18:35 | 000,441,042 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110512-071237.backup
 
========== Files Created - No Company Name ==========
 
[2011/05/13 13:44:05 | 000,000,209 | ---- | C] () -- C:\Boot.bak
[2011/05/13 13:44:04 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/05/13 13:41:44 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/05/13 13:41:44 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/05/13 13:41:44 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/05/13 13:41:44 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/05/13 13:41:44 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/05/13 13:38:26 | 004,347,339 | R--- | C] () -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Desktop\ComboFix.exe
[2011/05/13 13:06:05 | 000,160,350 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Desktop\JavaRa.zip
[2011/05/13 13:00:48 | 000,012,796 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Desktop\rundll32.zip
[2011/05/13 12:47:59 | 001,280,208 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Desktop\tdsskiller.zip
[2011/05/13 12:12:47 | 000,075,264 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Desktop\SystemLook.exe
[2011/05/13 09:36:59 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/13 07:25:04 | 000,002,479 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Desktop\HiJackThis.lnk
[2011/05/13 07:24:15 | 001,402,880 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Desktop\HiJackThis.msi
[2011/05/12 11:57:06 | 000,002,148 | ---- | C] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/12 11:56:47 | 000,295,664 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/05/12 10:19:43 | 000,000,662 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Desktop\System Restore.lnk
[2011/05/12 08:50:58 | 000,000,474 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\My Documents\cc_20110512_085055.reg
[2011/05/12 08:50:34 | 000,037,298 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\My Documents\cc_20110512_085030.reg
[2011/05/12 08:47:44 | 000,000,695 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Desktop\Spybot.lnk
[2011/05/12 08:45:00 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Desktop\CAYahooAntiSpy.lnk
[2011/05/12 08:43:40 | 000,000,688 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Desktop\Shortcut to mbam.lnk
[2011/05/12 08:43:25 | 000,000,622 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Desktop\CCleaner.lnk
[2011/05/12 08:39:50 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Start Menu\Programs\Windows Media Player.lnk
[2011/05/12 08:39:46 | 000,001,478 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Application Data\Microsoft\Internet Explorer\Quick Launch\Media Center.lnk
[2011/05/12 08:39:22 | 000,001,769 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Application Data\Microsoft\Internet Explorer\Quick Launch\MUSICMATCH Jukebox.lnk
[2011/05/12 08:39:22 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/12 08:39:22 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk
[2011/05/12 08:39:22 | 000,000,669 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Application Data\Microsoft\Internet Explorer\Quick Launch\America Online 9.0.lnk
[2011/05/12 08:39:22 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/05/12 08:39:20 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Local Settings\Application Data\fusioncache.dat
[2011/05/12 08:39:17 | 000,000,206 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\My Documents\Yahoo! Briefcase.url
[2011/05/12 08:39:14 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Start Menu\Programs\Internet Explorer.lnk
[2011/05/12 08:39:13 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Start Menu\Programs\Remote Assistance.lnk
[2010/12/09 00:19:57 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\KmRemove.exe
[2010/12/02 21:52:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2010/11/27 16:19:40 | 000,205,118 | ---- | C] () -- C:\WINDOWS\hpwins26.dat
[2010/11/27 16:19:39 | 000,000,370 | ---- | C] () -- C:\WINDOWS\hpwmdl26.dat
[2010/06/13 10:39:10 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/05/20 16:31:13 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2010/05/20 16:31:12 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2010/05/20 16:31:12 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2008/07/12 20:44:09 | 000,032,549 | ---- | C] () -- C:\WINDOWS\king-uninstall.exe
[2006/11/20 10:21:10 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS7R.DLL
[2006/11/20 10:20:27 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\IPPCPUID.DLL
[2006/11/20 10:19:54 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll
[2006/08/10 13:31:42 | 000,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.Owner.ini
[2006/07/17 21:39:38 | 000,118,784 | R--- | C] () -- C:\WINDOWS\bwUnin-7.2.0.157-8876480SL.exe
[2006/07/04 09:15:51 | 000,057,126 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2006/07/04 09:09:19 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\InstMed.exe
[2006/07/04 09:07:45 | 000,081,920 | R--- | C] () -- C:\WINDOWS\bwUnin-6.1.4.68-8876480L.exe
[2006/06/24 23:40:10 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\fusioncache.dat
[2006/04/16 17:37:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2006/04/03 10:28:10 | 000,000,053 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/04/03 10:28:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2005/08/15 16:34:37 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2005/08/05 14:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/04/28 12:46:18 | 000,516,096 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2005/03/24 21:44:08 | 000,000,009 | ---- | C] () -- C:\WINDOWS\Debug.ini
[2005/03/05 06:15:41 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/12/27 13:39:47 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2004/12/20 13:48:50 | 000,073,845 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2004/10/31 21:27:02 | 002,031,629 | ---- | C] () -- C:\Program Files\Winziptransfer.zip
[2004/10/31 07:39:26 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2004/10/30 23:05:01 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2004/09/07 17:16:48 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/09/07 14:43:08 | 000,036,864 | ---- | C] () -- C:\WINDOWS\ShowWnd.exe
[2004/09/07 14:43:07 | 000,543,232 | ---- | C] () -- C:\WINDOWS\zHotkey.exe
[2004/09/07 14:43:07 | 000,532,544 | ---- | C] () -- C:\WINDOWS\PIC.dll
[2004/09/07 14:43:07 | 000,024,576 | ---- | C] () -- C:\WINDOWS\HKNTDLL.dll
[2004/09/07 12:37:45 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2004/09/07 12:14:32 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/09/07 11:54:20 | 000,000,914 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/09/07 11:54:20 | 000,000,502 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2004/09/07 11:53:59 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/09/07 11:53:59 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/09/07 11:53:59 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/09/07 11:53:58 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/09/07 11:53:58 | 000,005,151 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/09/07 11:53:58 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/09/07 11:53:56 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/09/07 11:53:56 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/09/07 11:53:54 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/09/07 11:53:52 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/09/07 05:09:26 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[1999/01/27 12:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997/06/13 18:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[1997/03/31 23:00:00 | 001,664,272 | ---- | C] () -- C:\WINDOWS\System32\MSO97V.DLL
[1997/03/31 23:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997/03/31 23:00:00 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\MSORFS.DLL
[1997/03/31 23:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
 
========== LOP Check ==========
 
[2006/04/03 10:30:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund
[2011/04/01 12:08:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nexon
[2011/04/01 12:05:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS
[2011/04/09 21:02:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2006/08/12 20:54:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SkillJam
[2006/08/01 23:36:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SonyPicturesGames
[2009/09/26 15:47:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2011/04/14 09:27:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TaxCut
[2009/09/26 15:46:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/09/15 14:38:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/05/12 15:40:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Application Data\IObit
[2011/05/12 15:30:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Application Data\Sammsoft
 
========== Purity Check ==========
 
 

< End of report >


I use Internet Explorer, I dont think i've ever used Firefox and if its on my comp, I have no idea how it got there, lol.

[guestolo]

Can you delete rundll32.zip from your desktop
Open Firefox, redownload rundll32.zip from MediaFire

Do not use Internet Explorer please, I want you to use Firefox
NOTE: Firefox may save to it's default location of MyDocuments>>Downloads
In case you can't find the download

Let me know when you have that done, I want to use Firefox again after this

[iboglander]

Ok Firefox updated, original rundll32.exe from desktop deleted (the other copies are still in the areas you told me to put them), new download with firefox done and on desktop.

Ready when you are.

[guestolo]

I see residuals of Norton's on your computer
Can we remove what we can
Download and save Norton Removal tool from the following link
http://majorgeeks.com/Norton_Removal_Tool_SymNRT_d4749.html

Run the tool, type in the characters and follow the prompts
Reboot the computer if required

Double  click on OTL.exe and Run it

• Under the [color="#0000FF"]Custom Scans/Fixes[/color] box at the bottom, copy/paste in the following in the quote box below. don't include the word Quote please
  

  :OTL
  O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
  :Reg
  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
  "EnableFirewall"=-
  "DisableNotifications"=-
  :Files
  c:\windows\system32\dllcache\rundll32.exe
  c:\windows\system32\rundll32.exe
  :Commands
  [EmptyTemp]
  

  
  
• Then click the [color="#FF0000"]Run Fix[/color] button at the top
  
• Let the program run unhindered, reboot the PC when it is done

On startup, Allow OTL to run if prompted
A log should open, can you post it please
A copy of this log can also be found in
C:\_OTL\Moved Files folder

In addition: Extract the contents of the new rundll32.zip, copy/paste a copy of rundll32.exe to both folders again
C:\WINDOWS\system32
and also
C:\WINDOWS\system32\dllcache


Afterwards:
[color="blue"]Updating Java:[/color]

• Download the latest version of  Java Runtime Environment (JRE) .
  
• Scroll down to where it says "Java SE 6 Update 25".
  
• Click the "Download JRE" button to the right.
  
• In the Window that opens,Check the "agree" box
• Click on the link to download Windows Offline Installation OR Windows x86 Offline and save to your desktop.
  
• Then from your desktop double-click on jre-6u25-windows-i586.exe that you downloaded to install the newest version.
  

After you have successfully installed Java
Can you next do the following
Using Firefox: Go to the following link
[color="#0000FF"]ESET Online Scanner[/color][/url]

Click on the Button "Eset Online Scanner"
A new window will open, Download and save to your desktop
esetsmartinstaller_enu.exe

Double click on 'esetsmartinstaller_enu.exe' to run it
Put a tick in "Yes, I accept the Terms of Use" then click START

Eset will download components
When done click START again

Downloading of Virus signature database will begin
Depending on your connection speed, this can take awhile
When complete the scan will start
This scan can take some time, so be patient

Once the scan is completed, you may close the window
   
Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic

Please keep me informed how things are now running

Edit: In addition, can I see the following
Download Security Check by screen317 from here or here.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

[iboglander]

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ deleted successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications deleted successfully.
========== FILES ==========
c:\windows\system32\dllcache\rundll32.exe moved successfully.
c:\windows\system32\rundll32.exe moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32835 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Owner
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Owner.YOUR-D26EF63B94
->Temp folder emptied: 20195982 bytes
->Temporary Internet Files folder emptied: 3324390 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 58205132 bytes
->Flash cache emptied: 1901 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4434 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 33280 bytes
 
Total Files Cleaned = 78.00 mb
 
 
OTL by OldTimer - Version 3.2.22.3 log created on 05132011_153002

Files\Folders moved on Reboot...
C:\WINDOWS\temp\HPSLPSVC0003.log moved successfully.

Registry entries deleted on Reboot...


Removed Norton per instruction, ran OTL..working on the rest....

[iboglander]

New dilemma, when trying to open My Computer, it tries to open SmartWebPrinting and fails. It ask me to insert a disk for the program. "An installation program for the product SmartWebPrinting cannot be found. Try the installation again using a valid copy of the installation package "SmartWebPrinting.msi"" After hitting cancel, it tries it again, one more cancel and it gives up and lets me see My Computer.

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=8a322c597cb31641bb041c093e019b2b
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-05-13 11:26:37
# local_time=2011-05-13 04:26:37 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=78081
# found=15
# cleaned=15
# scan_time=2183
C:\Qoobox\Quarantine\C\Documents and Settings\Owner\jxvuof.exe.vir   Win32/AutoRun.VB.AFP worm (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{EC4CB99F-E069-439A-9C27-2FEFF753D9C8}\RP1\A0000004.exe   Win32/AutoRun.VB.AFP worm (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{EC4CB99F-E069-439A-9C27-2FEFF753D9C8}\RP1\A0000021.exe   Win32/AutoRun.VB.AFP worm (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{EC4CB99F-E069-439A-9C27-2FEFF753D9C8}\RP18\A0005981.exe   Win32/AutoRun.VB.AFP worm (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{EC4CB99F-E069-439A-9C27-2FEFF753D9C8}\RP4\A0002078.exe   multiple threats (deleted - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{EC4CB99F-E069-439A-9C27-2FEFF753D9C8}\RP4\A0002079.exe   multiple threats (deleted - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{EC4CB99F-E069-439A-9C27-2FEFF753D9C8}\RP4\A0002080.exe   multiple threats (deleted - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{EC4CB99F-E069-439A-9C27-2FEFF753D9C8}\RP4\A0002081.exe   multiple threats (deleted - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{EC4CB99F-E069-439A-9C27-2FEFF753D9C8}\RP6\A0002435.exe   multiple threats (deleted - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{EC4CB99F-E069-439A-9C27-2FEFF753D9C8}\RP7\A0003115.ini   Win32/Adware.AntimalwareDoctor.AE.Gen application (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{EC4CB99F-E069-439A-9C27-2FEFF753D9C8}\RP7\A0003235.exe   multiple threats (deleted - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{EC4CB99F-E069-439A-9C27-2FEFF753D9C8}\RP7\A0003701.exe   multiple threats (deleted - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{EC4CB99F-E069-439A-9C27-2FEFF753D9C8}\RP7\A0003702.exe   multiple threats (deleted - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{EC4CB99F-E069-439A-9C27-2FEFF753D9C8}\RP7\A0003728.exe   multiple threats (deleted - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{EC4CB99F-E069-439A-9C27-2FEFF753D9C8}\RP8\A0003883.ini   Win32/Adware.AntimalwareDoctor.AE.Gen application (cleaned by deleting - quarantined)   00000000000000000000000000000000   C


Working on the next task.

[iboglander]

Results of screen317's Security Check version 0.99.10
 Windows XP Service Pack 3
 Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
 Windows Firewall Enabled!
 ESET Online Scanner v3
 WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
 Malwarebytes' Anti-Malware   
 CCleaner    
 Java(TM) 6 Update 25
 Java(TM) SE Runtime Environment 6 Update 1
 Java(TM) 6 Update 2
 Java(TM) 6 Update 3
 Java(TM) 6 Update 5
 Java 2 Runtime Environment, SE v1.4.2
 Out of date Java installed!
 Adobe Flash Player    10.0.22.87
Adobe Reader 8.2.0
Out of date Adobe Reader installed!
 Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent
``````````End of Log````````````


and that Smartwebprinting thing is happening when I opened: Search, Control Panel or pretty much any program off the list. =(