Thank you in advance for the help

I noticed the problem when clicking on any google search result would get redirected to random useless advertisement sites that have nothing to do with what i was originally searching for. When I realized something was wrong I went to SpyBot which won't load, and to my Norton Antivirus, which wouldn't update (but will run and scan like normal). Internet explorer will not go to malware bytes site i get a blank page. Used another computer to down load the program, but my infected computer wil not let me run malware bytes. Also i cannot get to windows update.
I've run through your malware removal stuff. I'm including the logs you request, starting with rooter and OTListIt2.

Brian

Microsoft Windows XP Professional (5.1.2600) Service Pack 3

A:\ [Removable] (Total:0 Mo/Free:0 Mo)
C:\ [Fixed] - NTFS - (Total:152617 Mo/Free:614 Mo)
D:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
E:\ [CD-Rom] (Total:654 Mo/Free:0 Mo)

Sun 04/19/2009|21:10

----------------------\\ Processes..

--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
---------- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
---------- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
---------- C:\Program Files\Bonjour\mDNSResponder.exe
---------- C:\Program Files\Symantec AntiVirus\DefWatch.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\Program Files\Google\Update\GoogleUpdate.exe
---------- C:\Program Files\Java\jre6\bin\jqs.exe
---------- C:\Program Files\Maxtor\Sync\SyncServices.exe
---------- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
---------- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
---------- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
---------- C:\Program Files\Windows Media Player\WMPNetwk.exe
---------- C:\WINDOWS\System32\alg.exe
---------- C:\WINDOWS\Explorer.EXE
---------- C:\Program Files\Java\jre6\bin\jusched.exe
---------- C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
---------- C:\WINDOWS\system32\igfxpers.exe
---------- C:\WINDOWS\system32\hkcmd.exe
---------- C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
---------- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
---------- C:\PROGRA~1\SYMANT~1\VPTray.exe
---------- C:\WINDOWS\SYSTEM32\USRmlnkA.exe
---------- C:\WINDOWS\SYSTEM32\USRshutA.exe
---------- C:\WINDOWS\SYSTEM32\USRmlnkA.exe
---------- C:\Program Files\iTunes\iTunesHelper.exe
---------- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
---------- C:\WINDOWS\system32\ctfmon.exe
---------- C:\Program Files\Windows Media Player\WMPNSCFG.exe
---------- C:\Program Files\iPod\bin\iPodService.exe
---------- C:\Program Files\Internet Explorer\iexplore.exe
---------- C:\Program Files\Internet Explorer\iexplore.exe
---------- C:\Program Files\Internet Explorer\iexplore.exe
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\Rooter$\RK.exe

----------------------\\ Search..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters]
NameServer REG_SZ 85.255.112.179,85.255.112.61
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters]
NameServer REG_SZ 85.255.112.179,85.255.112.61
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
NameServer REG_SZ 85.255.112.179,85.255.112.61
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\..\{7CA49ADD-EB4D-45F1-9006-62C486310BF9}]
NameServer REG_SZ 85.255.112.179,85.255.112.61
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\..\{7CA49ADD-EB4D-45F1-9006-62C486310BF9}]
NameServer REG_SZ 85.255.112.179,85.255.112.61
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\..\{7CA49ADD-EB4D-45F1-9006-62C486310BF9}]
NameServer REG_SZ 85.255.112.179,85.255.112.61
==> WAREOUT <==

----------------------\\ ROOTKIT !!


----------------------\\ Cracks & Keygens..

C:\DOCUME~1\Tech\Local Settings\Temp\Temporary Internet Files\Content.IE5\81Y74DY7\wk_crackled_covers_edit[1].jpg
C:\DOCUME~1\Tech\Local Settings\Temp\Temporary Internet Files\Content.IE5\I95EJM9W\crackup[1].gif


1 - "C:\Rooter$\Rooter_1.txt" - Sun 04/19/2009|21:11

----------------------\\ Scan completed at 21:11

This post has been edited by eyedoc71: Apr 20 2009, 10:23 AM

Here is the Otllist log:

OTListIt logfile created on: 4/19/2009 9:14:40 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\Tech\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
3.45 Gb Paging File | 2.90 Gb Available in Paging File | 83.83% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 28.60 Gb Free Space | 19.19% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 654.81 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KENDRA
Current User Name: Tech
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
PRC - C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
PRC - C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Maxtor\Sync\SyncServices.exe (Seagate Technology LLC)
PRC - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
PRC - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (Rocket Division Software)
PRC - C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
PRC - C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
PRC - C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe (Musicmatch Inc.)
PRC - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
PRC - C:\WINDOWS\SYSTEM32\USRmlnkA.exe (U.S. Robotics Corporation)
PRC - C:\WINDOWS\SYSTEM32\USRshutA.exe ( U.S. Robotics Corporation)
PRC - C:\WINDOWS\SYSTEM32\USRmlnkA.exe (U.S. Robotics Corporation)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech)
PRC - C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\Tech\Desktop\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (AdobeActiveFileMonitor7.0 [Auto | Running]) -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (ccEvtMgr [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
SRV - (ccPwdSvc [On_Demand | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe (Symantec Corporation)
SRV - (ccSetMgr [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (DefWatch [Auto | Running]) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
SRV - (FLEXnet Licensing Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (gupdate1c99ed2d9e3112c [Auto | Stopped]) -- C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (Maxtor Sync Service [Auto | Running]) -- C:\Program Files\Maxtor\Sync\SyncServices.exe (Seagate Technology LLC)
SRV - (MDM [Auto | Running]) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (SavRoam [On_Demand | Stopped]) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe (symantec)
SRV - (SNDSrvc [On_Demand | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (Symantec Corporation)
SRV - (StarWindService [Auto | Running]) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (Rocket Division Software)
SRV - (Symantec AntiVirus [Auto | Running]) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
SRV - (WMPNetworkSvc [Auto | Running]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)
SRV - (YahooAUService [Auto | Running]) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)

========== Driver Services (SafeList) ==========

DRV - (ADIHdAudAddService [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ADIHdAud.sys (Windows ® Server 2003 DDK provider)
DRV - (Aspi32 [Auto | Running]) -- C:\WINDOWS\System32\drivers\ASPI32.SYS (Adaptec)
DRV - (eeCtrl [System | Running]) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (ElbyCDFL [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\ElbyCDFL.sys (SlySoft, Inc.)
DRV - (ElbyCDIO [Auto | Running]) -- C:\WINDOWS\System32\Drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (grmnusb [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\grmnusb.sys (GARMIN Corp.)
DRV - (HdAudAddService [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\HdAudio.sys (Windows ® Server 2003 DDK provider)
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)
DRV - (ialm [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - (Jukebox [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ctpdusb2.sys (Creative Technology Ltd.)
DRV - (MrFilter [Boot | Running]) -- C:\WINDOWS\System32\drivers\MRFilter.sys (Roxio)
DRV - (MTsensor [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ASACPI.sys ()
DRV - (MxlW2k [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\MxlW2k.sys (MusicMatch, Inc.)
DRV - (MXOPSWD [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\mxopswd.sys (Maxtor Corp.)
DRV - (NAVENG [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090418.004\NAVENG.SYS (Symantec Corporation)
DRV - (NAVEX15 [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090418.004\NAVEX15.SYS (Symantec Corporation)
DRV - (pcouffin [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\pcouffin.sys (VSO Software)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (RTL8023xp [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys (Realtek Semiconductor Corporation )
DRV - (rtl8139 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\RTL8139.SYS (Realtek Semiconductor Corporation)
DRV - (SAVRT [System | Running]) -- C:\Program Files\Symantec AntiVirus\savrt.sys (Symantec Corporation)
DRV - (SAVRTPEL [Auto | Running]) -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys (Symantec Corporation)
DRV - (Secdrv [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SymEvent [On_Demand | Running]) -- C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Corporation)
DRV - (SYMREDRV [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (SYMTDI [System | Running]) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (tmcomm [Auto | Running]) -- C:\WINDOWS\system32\drivers\tmcomm.sys (Trend Micro Inc.)
DRV - (USBAAPL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple, Inc.)
DRV - (usbbus [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\lgusbbus.sys (LG Electronics Inc.)
DRV - (UsbDiag [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys (LG Electronics Inc.)
DRV - (USBModem [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys (LG Electronics Inc.)
DRV - (USRpdA [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\USRpdA.sys (U.S. Robotics Corporation)
DRV - (Vax347b [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\Vax347b.sys ( )
DRV - (Vax347s [Boot | Running]) -- C:\WINDOWS\System32\Drivers\Vax347s.sys ( )

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://news.yahoo.com;
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&fr=yie7c
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mail.live.com/default.aspx?wa=wsignin1.0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;*.local

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2008/12/20 17:07:59 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\PROGRAM FILES\GOOGLE\GOOGLE GEARS\FIREFOX\ [2009/03/06 20:14:52 | 00,000,000 | ---D | M]


O1 HOSTS File: (304230 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 127.0.0.1 171203.com
O1 - Hosts: 127.0.0.1 17-plus.com
O1 - Hosts: 127.0.0.1 www.1800searchonline.com
O1 - Hosts: 127.0.0.1 1800searchonline.com
O1 - Hosts: 127.0.0.1 www.180searchassistant.com
O1 - Hosts: 10484 more lines...
O2 - BHO: (HelperObject Class) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll (TechSmith Corporation)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.2\gears.dll (Google Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {5BED3930-2E9E-76D8-BACC-80DF2188D455} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" (Symantec Corporation)
O4 - HKLM..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s (SlySoft, Inc.)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe (Musicmatch Inc.)
O4 - HKLM..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe" (Maxtor Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" (Cyberlink Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [USRpdA] C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA File not found
O4 - HKLM..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe (Symantec Corporation)
O4 - HKCU..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech)
O4 - HKCU..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
O4 - HKCU..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" (Ahead Software AG)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 File not found
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" -quiet ()
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent (Malwarebytes Corporation)
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; IEMB3; .NET CLR 2.0.50727; Windows-Media-Player/10.00.00.3990; IEMB3)" -"http://pbskids.org/dragontales/treasurehunt/treasurehunt_que.html" (Adobe Systems, Inc.)
O4 - HKLM..\RunOnceEx: [] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe (Yahoo! Inc.)
O4 - Startup: C:\Documents and Settings\Tech\Start Menu\Programs\Startup\MEMonitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe (Smith Micro Software, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.2\gears.dll (Google Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 50 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Sites: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: 50 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} http://h20270.www2.hp.com/ediags/gmn/insta...staller_gmn.cab (VerifyGMN Class)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://prerelease.trendmicro-europe.com/ho...ivex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6)
O16 - DPF: {230C3D02-DA27-11D2-8612-00A0C93EEA3C} http://www.winkflash.com/photo/loaders/SAXFile.cab (SAXFile FileUpload ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www.snapfish.com/SnapfishActivia.cab (Snapfish Activia)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://by121w.bay121.mail.live.com/mail/re...es/MsnPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdat...b?1131180483468 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1131180477203 (MUWebControl Class)
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} http://winkflash.com/photo/loaders/ImageUploader4.cab (Image Uploader Control)
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} http://zone.msn.com/bingame/luxr/default/mjolauncher.cab (MJLauncherCtrl Class)
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} http://www.vzwpix.com/activex/VerizonWirel...loadControl.cab (Verizon Wireless Media Upload)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} http://web1.shutterfly.com/downloads/Uploader.cab (Shutterfly Picture Upload Plugin)
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} http://www.vistaprint.com/vp/ns/pix/ImageU...geUploader3.cab (Aurigma Image Uploader 3.5 Control)
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} http://longsdrugs.digitalcameradeveloping....ploadClient.cab (FujifilmUploader Class)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.com/controls/cpcScanner.cab (Crucial cpcScan)
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx (Get_ActiveX Control)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab (ZoneIntro Class)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://www.adobe.com/products/acrobat/nos/gp.cab (get_atlcom Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://zone.msn.com/bingame/zuma/default/popcaploader_v6.cab (PopCapLoader Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://optossupport.webex.com/client/v_myw...bex/ieatgpc.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.179,85.255.112.61
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{7CA49ADD-EB4D-45F1-9006-62C486310BF9}\\NameServer = 85.255.112.179,85.255.112.61
O18 - Protocol\Handler\bw+0 {be4fa014-1344-4a2c-a40c-e678553177a6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw+0s {be4fa014-1344-4a2c-a40c-e678553177a6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw-0 {be4fa014-1344-4a2c-a40c-e678553177a6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw00 {be4fa014-1344-4a2c-a40c-e678553177a6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw00s {be4fa014-1344-4a2c-a40c-e678553177a6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw-0s {be4fa014-1344-4a2c-a40c-e678553177a6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw10 {be4fa014-1344-4a2c-a40c-e678553177a6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw10s {be4fa014-1344-4a2c-a40c-e678553177a6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw20 {be4fa014-1344-4a2c-a40c-e678553177a6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw20s {be4fa014-1344-4a2c-a40c-e678553177a6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw30 {be4fa014-1344-4a2c-a40c-e678553177a6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw30s {be4fa014-1344-4a2c-a40c-e678553177a6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw40 {be4fa014-1344-4a2c-a40c-e678553177a6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw40s {be4fa014-1344-4a2c-a40c-e678553177a6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw50 {be4fa014-1344-4a2c-a40c-e678553177a6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw50s {be4fa014-1344-4a2c-a40c-e678553177a6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw60 {be4fa014-1344-4a2c-a40c-e678553177a6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw60s {be4fa014-1344-4a2c-a40c-e678553177a6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw70 {be4fa014-1344-4a2c-a40c-e678553177a6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw70s {be4fa014-1344-4a2c-a40c-e678553177a6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw80 {be4fa014-1344-4a2c-a40c-e678553177a6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw80s {be4fa014-1344-4a2c-a40c-e678553177a6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw90 {be4fa014-1344-4a2c-a40c-e678553177a6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw90s {be4fa014-1344-4a2c-a40c-e678553177a6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwa0 {be4fa014-1344-4a2c-a40c-e678553177a6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwa0s {be4fa014-1344-4a2c-a40c-e678553177a6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwb0 {be4fa014-1344-4a2c-a40c-e678553177a6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwb0s {be4fa014-1344-4a2c-a40c-e678553177a6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwc0 {be4fa014-1344-4a2c-a40c-e678553177a6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwc0s {be4fa014-1344-4a2c-a40c-e678553177a6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwd0 {be4fa014-1344-4a2c-a40c-e678553177a6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwd0s {be4fa014-1344-4a2c-a40c-e678553177a6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwe0 {be4fa014-1344-4a2c-a40c-e678553177a6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwe0s {be4fa014-1344-4a2c-a40c-e678553177a6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwf0 {be4fa014-1344-4a2c-a40c-e678553177a6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwf0s {be4fa014-1344-4a2c-a40c-e678553177a6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwg0 {be4fa014-1344-4a2c-a40c-e678553177a6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwg0s {be4fa014-1344-4a2c-a40c-e678553177a6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwh0 {be4fa014-1344-4a2c-a40c-e678553177a6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwh0s {be4fa014-1344-4a2c-a40c-e678553177a6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwi0 {be4fa014-1344-4a2c-a40c-e678553177a6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwi0s {be4fa014-1344-4a2c-a40c-e678553177a6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwj0 {be4fa014-1344-4a2c-a40c-e678553177a6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwj0s {be4fa014-1344-4a2c-a40c-e678553177a6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwk0 {be4fa014-1344-4a2c-a40c-e678553177a6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwk0s {be4fa014-1344-4a2c-a40c-e678553177a6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwl0 {be4fa014-1344-4a2c-a40c-e678553177a6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwl0s {be4fa014-1344-4a2c-a40c-e678553177a6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwm0 {be4fa014-1344-4a2c-a40c-e678553177a6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwm0s {be4fa014-1344-4a2c-a40c-e678553177a6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwn0 {be4fa014-1344-4a2c-a40c-e678553177a6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwn0s {be4fa014-1344-4a2c-a40c-e678553177a6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwo0 {be4fa014-1344-4a2c-a40c-e678553177a6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwo0s {be4fa014-1344-4a2c-a40c-e678553177a6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwp0 {be4fa014-1344-4a2c-a40c-e678553177a6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwp0s {be4fa014-1344-4a2c-a40c-e678553177a6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwq0 {be4fa014-1344-4a2c-a40c-e678553177a6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwq0s {be4fa014-1344-4a2c-a40c-e678553177a6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwr0 {be4fa014-1344-4a2c-a40c-e678553177a6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwr0s {be4fa014-1344-4a2c-a40c-e678553177a6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bws0 {be4fa014-1344-4a2c-a40c-e678553177a6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bws0s {be4fa014-1344-4a2c-a40c-e678553177a6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwt0 {be4fa014-1344-4a2c-a40c-e678553177a6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwt0s {be4fa014-1344-4a2c-a40c-e678553177a6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwu0 {be4fa014-1344-4a2c-a40c-e678553177a6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwu0s {be4fa014-1344-4a2c-a40c-e678553177a6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwv0 {be4fa014-1344-4a2c-a40c-e678553177a6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwv0s {be4fa014-1344-4a2c-a40c-e678553177a6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bww0 {be4fa014-1344-4a2c-a40c-e678553177a6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bww0s {be4fa014-1344-4a2c-a40c-e678553177a6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwx0 {be4fa014-1344-4a2c-a40c-e678553177a6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwx0s {be4fa014-1344-4a2c-a40c-e678553177a6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwy0 {be4fa014-1344-4a2c-a40c-e678553177a6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwy0s {be4fa014-1344-4a2c-a40c-e678553177a6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwz0 {be4fa014-1344-4a2c-a40c-e678553177a6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwz0s {be4fa014-1344-4a2c-a40c-e678553177a6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\offline-8876480 {BE4FA014-1344-4A2C-A40C-E678553177A6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]
O32 - Autorun File - C:\autorun.inf () - [ NTFS ]
O32 - Autorun File - E:\Autorun [2005/01/30 15:42:25 | 00,000,000 | R--D | M] - [ CDFS ]
O32 - Autorun File - E:\autorun.inf () - [ CDFS ]
O33 - MountPoints2\{8391bf56-9aba-11da-9519-0011d8f9b30f}\Shell - "" = AutoRun
O33 - MountPoints2\{8391bf56-9aba-11da-9519-0011d8f9b30f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8391bf56-9aba-11da-9519-0011d8f9b30f}\Shell\AutoRun\command - "" = E:\.\Autorun\autorun.exe -- [2002/12/10 03:00:30 | 01,089,536 | R--- | M] ()
O33 - MountPoints2\{ee78ff17-4d83-11da-8c6d-806d6172696f}\Shell - "" = Autorun
O33 - MountPoints2\{ee78ff17-4d83-11da-8c6d-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ee78ff17-4d83-11da-8c6d-806d6172696f}\Shell\Open\command - "" = C:\RECYCLER\S-5-9-42-100025191-100017269-100018934-9722.com -- [2009/04/18 18:11:52 | 00,022,016 | RHS- | M] ()
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (sprecovr) - File not found
O34 - HKLM BootExecute: (\SystemRoot\sprecovr.txt) - C:\WINDOWS\sprecovr.txt File not found

========== Files/Folders - Created Within 30 Days ==========

[7 C:\WINDOWS\*.tmp files]
[2009/04/19 21:10:32 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/04/19 21:10:19 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\DOCUME~1\Tech\Desktop\OTListIt2.exe
[2009/04/19 21:10:01 | 00,267,612 | ---- | C] () -- C:\DOCUME~1\Tech\Desktop\Rooter.exe
[2009/04/19 21:01:17 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/19 21:01:17 | 00,000,696 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/19 21:01:15 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/19 21:01:13 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/04/19 21:01:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/04/19 20:39:18 | 00,028,672 | ---- | C] (Doug Knox) -- C:\DOCUME~1\Tech\Desktop\SysRestorePoint.exe
[2009/04/19 19:32:27 | 00,286,208 | ---- | C] () -- C:\DOCUME~1\Tech\Desktop\7txrvqgs.exe
[2009/04/19 19:16:09 | 00,000,345 | RHS- | C] () -- C:\autorun.inf
[2009/04/18 22:59:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2009/04/18 22:50:17 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2009/04/18 22:50:14 | 00,000,938 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Adobe Photoshop Elements 7.0.lnk
[2009/04/18 22:45:24 | 00,103,571 | ---- | C] () -- C:\Documents and Settings\Tech\Local Settings\Application Data\codecsetup.exe
[2009/04/18 22:45:15 | 00,024,576 | ---- | C] () -- C:\Documents and Settings\Tech\Local Settings\Application Data\cp_setup_assist.exe
[2009/04/18 22:07:29 | 00,000,000 | ---D | C] -- C:\Program Files\Adobe Photoshop Elements v7.0
[2009/04/10 07:52:34 | 00,000,000 | ---D | C] -- C:\DOCUME~1\Tech\Desktop\Depeche Mode
[2009/04/06 20:04:34 | 00,002,137 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\iTunes.lnk
[2009/04/06 20:03:40 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/04/06 20:03:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/04/06 19:56:50 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/03/31 18:09:47 | 00,001,729 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Adobe Reader 8.lnk
[2009/03/21 20:00:31 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2009/03/21 19:56:48 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/03/21 19:54:25 | 00,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iecompat.dll
[2008/10/31 22:16:52 | 00,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/10/31 22:16:42 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/10/31 22:16:38 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/10/31 22:16:38 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008/04/16 22:51:55 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\VZWDLManager.dll
[2008/04/07 13:57:34 | 00,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2008/01/08 16:46:50 | 00,229,376 | ---- | C] () -- C:\WINDOWS\System32\KPDVS.dll
[2007/02/20 11:01:54 | 00,000,052 | ---- | C] () -- C:\WINDOWS\DELLSTAT.INIA
[2006/12/20 23:47:38 | 00,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2006/04/26 23:01:42 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2006/02/10 21:50:43 | 00,159,616 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\Vax347b.sys
[2006/02/10 21:50:43 | 00,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\Vax347s.sys
[2006/02/08 13:00:00 | 00,051,392 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
[2006/02/05 21:28:49 | 00,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2006/02/04 16:17:30 | 00,000,298 | ---- | C] () -- C:\WINDOWS\Clony2.ini
[2006/02/03 21:56:54 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/01/08 19:19:07 | 00,000,784 | ---- | C] () -- C:\WINDOWS\DELLSTAT.INI
[2006/01/08 19:18:35 | 00,548,864 | ---- | C] () -- C:\WINDOWS\System32\dlbjusb1.dll
[2006/01/08 19:18:35 | 00,544,768 | ---- | C] () -- C:\WINDOWS\System32\dlbjserv.dll
[2006/01/08 19:18:35 | 00,483,328 | ---- | C] () -- C:\WINDOWS\System32\dlbjjswr.dll
[2006/01/08 19:18:35 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\dlbjcomc.dll
[2006/01/08 19:18:35 | 00,364,544 | ---- | C] () -- C:\WINDOWS\System32\dlbjcomm.dll
[2006/01/08 19:18:35 | 00,356,352 | ---- | C] () -- C:\WINDOWS\System32\dlbjlmpm.dll
[2006/01/08 19:18:35 | 00,352,256 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbjutil.dll
[2006/01/08 19:18:35 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\dlbjpplc.dll
[2006/01/08 19:18:35 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\dlbjprox.dll
[2006/01/08 19:18:35 | 00,090,112 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbjcur.dll
[2006/01/08 19:18:35 | 00,073,728 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbjcu.dll
[2006/01/08 19:18:35 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbjvs.dll
[2005/11/11 08:40:25 | 00,001,082 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2005/11/08 21:01:49 | 00,098,304 | ---- | C] () -- C:\WINDOWS\System32\PdeSrv2p.dll
[2005/11/05 03:58:29 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/11/05 03:48:33 | 00,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2005/11/05 03:48:29 | 00,003,570 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2005/11/05 03:48:24 | 00,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2003/08/07 12:01:50 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2003/03/31 05:00:00 | 00,000,566 | ---- | C] () -- C:\WINDOWS\win.ini
[2003/03/31 05:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2003/01/07 16:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[7 C:\WINDOWS\*.tmp files]
[4 C:\DOCUME~1\Tech\My Documents\*.tmp files]
[2009/04/19 21:10:20 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\DOCUME~1\Tech\Desktop\OTListIt2.exe
[2009/04/19 21:10:01 | 00,267,612 | ---- | M] () -- C:\DOCUME~1\Tech\Desktop\Rooter.exe
[2009/04/19 21:01:17 | 00,000,696 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/19 20:49:27 | 00,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job
[2009/04/19 20:12:20 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/19 20:10:39 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/19 20:10:35 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/04/19 19:47:45 | 00,000,345 | RHS- | M] () -- C:\autorun.inf
[2009/04/19 19:32:27 | 00,286,208 | ---- | M] () -- C:\DOCUME~1\Tech\Desktop\7txrvqgs.exe
[2009/04/18 23:09:49 | 00,200,936 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/04/18 23:04:07 | 00,039,936 | ---- | M] () -- C:\Documents and Settings\Tech\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/18 22:50:14 | 00,000,938 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Adobe Photoshop Elements 7.0.lnk
[2009/04/18 22:45:26 | 00,103,571 | ---- | M] () -- C:\Documents and Settings\Tech\Local Settings\Application Data\codecsetup.exe
[2009/04/18 22:45:24 | 00,024,576 | ---- | M] () -- C:\Documents and Settings\Tech\Local Settings\Application Data\cp_setup_assist.exe
[2009/04/17 20:11:20 | 00,002,137 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\iTunes.lnk
[2009/04/17 08:58:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/04/15 13:44:46 | 00,000,784 | ---- | M] () -- C:\WINDOWS\DELLSTAT.INI
[2009/04/14 23:41:52 | 00,002,405 | ---- | M] () -- C:\DOCUME~1\Tech\Desktop\Microsoft Office Picture Manager (2).lnk
[2009/04/09 02:15:32 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/04/06 21:54:24 | 00,000,668 | ---- | M] () -- C:\Documents and Settings\Tech\Application Data\vso_ts_preview.xml
[2009/04/06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/06 15:32:46 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/03/31 18:09:47 | 00,001,729 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Adobe Reader 8.lnk
[2009/03/21 20:17:10 | 00,000,075 | -HS- | M] () -- C:\DOCUME~1\Tech\My Documents\desktop.ini
[2009/03/21 19:58:51 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
< End of report >

hello

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you don't know how to disable them then just continue on.
  
  
• Double click on ComboFix.exe & follow the prompts.
  
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.





Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

Thank you again for helping me. I truly appreciate it. FYI i just got an unwarranted pop up advertisement trying to write this.

Here is the combo fix log.

ComboFix 09-04-21.06 - Tech 04/20/2009 14:19.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2935.2382 [GMT -7:00]
Running from: c:\documents and settings\Tech\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Tech\Application Data\inst.exe
c:\program files\\setup.exe
c:\program files\autorun.inf
c:\recycler\S-5-9-42-100025191-100017269-100018934-9722.com
c:\windows\IE4 Error Log.txt
c:\windows\system32\drivers\gxvxcsclrvonwalorowgyskfsgwceljibyksi.sys
c:\windows\system32\gxvxccounter
c:\windows\system32\gxvxcdddfmgyauaspmwbretyggocswpribvus.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_GXVXCSERV.SYS


((((((((((((((((((((((((( Files Created from 2009-03-21 to 2009-04-21 )))))))))))))))))))))))))))))))
.

2009-04-20 04:10 . 2009-04-20 04:11 -------- d-----w C:\Rooter$
2009-04-20 04:01 . 2009-04-06 22:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-20 04:01 . 2009-04-06 22:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-20 04:01 . 2009-04-20 04:01 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-20 04:01 . 2009-04-20 04:01 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-19 05:59 . 2009-04-19 05:59 -------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2009-04-19 05:50 . 2009-04-19 05:50 -------- d-----w c:\program files\Common Files\Macrovision Shared
2009-04-19 05:46 . 2009-04-19 05:46 -------- d-sh--w c:\documents and settings\LocalService\PrivacIE
2009-04-19 05:46 . 2009-04-19 05:46 -------- d-----w c:\documents and settings\LocalService\Application Data\Yahoo!
2009-04-19 05:45 . 2009-04-19 05:45 103571 ----a-w c:\documents and settings\Tech\Local Settings\Application Data\codecsetup.exe
2009-04-19 05:45 . 2009-04-19 05:45 24576 ----a-w c:\documents and settings\Tech\Local Settings\Application Data\cp_setup_assist.exe
2009-04-19 05:07 . 2009-01-20 07:00 -------- d-----w c:\program files\Adobe Photoshop Elements v7.0
2009-04-07 03:03 . 2009-04-07 03:03 -------- d-----w c:\program files\iPod
2009-04-07 03:03 . 2009-04-07 03:04 -------- d-----w c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-03-28 03:00 . 2009-03-28 03:00 -------- d-sh--w c:\documents and settings\LocalService\IETldCache
2009-03-22 03:23 . 2009-03-22 03:23 -------- d-sh--w c:\documents and settings\Tech\IECompatCache
2009-03-22 03:19 . 2009-03-22 03:19 -------- d-sh--w c:\documents and settings\Tech\PrivacIE
2009-03-22 03:18 . 2009-03-22 03:18 -------- d-sh--w c:\documents and settings\NetworkService\IETldCache
2009-03-22 03:16 . 2009-03-22 03:16 -------- d-sh--w c:\documents and settings\Tech\IETldCache
2009-03-22 03:00 . 2009-03-22 03:00 -------- d-----w c:\windows\ie8updates
2009-03-22 02:56 . 2009-03-22 02:58 -------- dc-h--w c:\windows\ie8
2009-03-22 02:54 . 2009-02-28 04:55 105984 -c----w c:\windows\system32\dllcache\iecompat.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-20 21:18 . 2006-12-21 06:44 -------- d-----w c:\program files\Symantec AntiVirus
2009-04-20 04:11 . 2009-04-20 04:11 4263 ----a-w C:\Rooter.txt
2009-04-20 02:15 . 2008-12-18 06:44 -------- d-----w c:\documents and settings\Tech\Application Data\uTorrent
2009-04-19 06:09 . 2009-03-21 01:11 -------- d-----w c:\program files\iTunes
2009-04-19 05:50 . 2005-11-05 10:01 -------- d-----w c:\program files\Common Files\Adobe
2009-04-19 05:46 . 2006-11-21 19:53 129784 ------w c:\windows\system32\PxAFS.DLL
2009-04-19 05:46 . 2005-11-09 04:04 116472 ------w c:\windows\system32\pxcpyi64.exe
2009-04-19 05:46 . 2006-10-18 10:00 43528 ------w c:\windows\system32\drivers\pxhelp20.sys
2009-04-19 05:46 . 2005-11-09 04:04 118520 ------w c:\windows\system32\pxinsi64.exe
2009-04-18 03:39 . 2007-03-09 05:13 -------- d--h--w c:\documents and settings\Tech\Application Data\Move Networks
2009-04-09 01:50 . 2005-11-09 07:14 -------- d-----w c:\documents and settings\All Users\Application Data\DVD Shrink
2009-04-07 04:54 . 2008-03-10 03:48 -------- d-----w c:\documents and settings\Tech\Application Data\Vso
2009-04-07 03:03 . 2009-02-07 03:04 -------- d-----w c:\program files\Common Files\Apple
2009-04-07 00:41 . 2008-10-29 06:08 -------- d-----w c:\program files\MeGUI v0.3.0.3001
2009-03-22 02:59 . 2006-09-02 15:44 -------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2009-03-22 02:59 . 2005-11-07 23:24 -------- d-----w c:\program files\Yahoo!
2009-03-22 02:59 . 2005-11-07 23:25 -------- d-----w c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-03-21 01:12 . 2009-03-21 01:11 -------- d-----w c:\documents and settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-21 01:09 . 2009-03-21 01:09 -------- d-----w c:\program files\Bonjour
2009-03-19 23:32 . 2009-02-07 03:10 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-11 16:57 . 2006-12-20 06:57 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-11 16:56 . 2006-12-20 06:57 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-10 04:08 . 2006-11-03 06:59 -------- d-----w c:\documents and settings\All Users\Application Data\MumboJumbo
2009-03-10 04:08 . 2008-07-24 04:44 -------- d-----w c:\program files\Panda Security
2009-03-09 18:56 . 2008-08-16 21:38 -------- d-----w c:\program files\Microsoft Silverlight
2009-03-08 11:34 . 2003-03-31 12:00 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 11:34 . 2003-03-31 12:00 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 11:33 . 2003-03-31 12:00 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 11:33 . 2003-03-31 12:00 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 11:32 . 2003-03-31 12:00 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 11:32 . 2003-03-31 12:00 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 11:31 . 2003-03-31 12:00 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 11:31 . 2003-03-31 12:00 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 11:31 . 2003-03-31 12:00 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 11:22 . 2003-03-31 12:00 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-07 03:14 . 2008-03-19 17:49 -------- d-----w c:\program files\Google
2009-03-06 06:59 . 2009-03-21 01:08 1900544 ----a-w c:\windows\system32\usbaaplrc.dll
2009-03-06 06:59 . 2009-02-07 03:05 36864 ----a-w c:\windows\system32\drivers\usbaapl.sys
2009-02-22 08:31 . 2008-03-10 04:19 -------- d-----w c:\program files\DVDFab Platinum 4
2009-02-09 11:13 . 2003-03-31 12:00 1846784 ----a-w c:\windows\system32\win32k.sys
2008-10-24 14:54 . 2005-11-05 09:32 46312 ----a-w c:\documents and settings\Tech\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2008-03-10 04:19 . 2008-03-10 03:48 47360 ----a-w c:\documents and settings\Tech\Application Data\pcouffin.sys
2007-07-11 12:05 . 2007-07-11 12:05 2352632 ----a-w c:\program files\PhotoStreamer2Setup.exe
2007-01-19 04:34 . 2007-01-19 04:34 43200 ----a-w c:\documents and settings\Kendra\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2006-01-10 02:15 . 2005-11-05 10:45 244 ----a-w c:\documents and settings\Tech\Application Data\wklnhst.dat
2005-12-02 22:45 . 2005-12-02 22:45 53955480 ----a-w c:\program files\DesignPro5_2_Limited.exe
2005-11-06 07:49 . 2005-11-06 07:49 137 ----a-w c:\documents and settings\NetworkService\Local Settings\Application Data\fusioncache.dat
2005-11-06 06:30 . 2005-11-06 06:30 127 ----a-w c:\documents and settings\Tech\Local Settings\Application Data\fusioncache.dat
2005-11-05 19:54 . 2005-11-05 19:54 33512 ----a-w c:\documents and settings\Brian\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2001-03-16 20:00 . 2001-03-16 20:00 50992 ------w c:\program files\readme.txt
2001-03-16 20:00 . 2001-03-16 20:00 50753 ------w c:\program files\US Readme.txt
2008-07-15 06:47 . 2008-07-15 06:47 32768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008071420080715\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="c:\progra~1\Yahoo!\MESSEN~1\ypager.exe" [2005-08-15 3092480]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2006-07-24 36864]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2004-09-23 1871872]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-21 136600]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2005-05-19 57344]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-11-01 32768]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-04-05 114688]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-04-05 77824]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-04-05 94208]
"mmtask"="c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2004-09-23 53248]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2004-03-01 66680]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2004-03-12 124128]
"USRpdA"="c:\windows\SYSTEM32\USRmlnkA.exe" [2003-03-31 77891]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" [2008-07-22 169312]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" - c:\windows\system32\HdAShCut.exe [2005-01-08 61952]

c:\documents and settings\Tech\Start Menu\Programs\Startup\
MEMonitor.lnk - c:\program files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe [2008-4-16 947544]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-1-4 113664]
ymetray.lnk - c:\program files\Yahoo!\Yahoo! Music Engine\ymetray.exe [2008-2-5 54512]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sprecovr \SystemRoot\sprecovr.txt

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Engine\\YahooMusicEngine.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\MusicBrainz Picard\\picard.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

R2 gupdate1c99ed2d9e3112c;Google Update Service (gupdate1c99ed2d9e3112c);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-07 133104]
R3 SavRoam;SavRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2004-03-12 169192]
S0 MrFilter;EasyWrite Driver; [x]
S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-09-16 169312]
S2 YahooAUService;Yahoo! Updater;c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8391bf56-9aba-11da-9519-0011d8f9b30f}]
\Shell\AutoRun\command - e:\.\Autorun\autorun.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
Contents of the 'Scheduled Tasks' folder

2009-04-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]

2009-04-20 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-07 03:14]
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
WebBrowser-{5BED3930-2E9E-76D8-BACC-80DF2188D455} - (no file)
HKCU-Run-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
HKCU-RunOnce-Shockwave Updater - c:\windows\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; IEMB3; .NET


.
------- Supplementary Scan -------
.
uStart Page = hxxp://mail.live.com/default.aspx?wa=wsignin1.0
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=yie7c
uInternet Settings,ProxyOverride = localhost;*.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://prerelease.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-20 14:25
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-04-20 14:27
ComboFix-quarantined-files.txt 2009-04-20 21:27

Pre-Run: 37,675,655,168 bytes free
Post-Run: 38,386,372,608 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

210 --- E O F --- 2009-03-18 17:35

hello

Download RootRepeal.zip and unzip it to your Desktop.

• Double click RootRepeal.exe to start the program
• Click on the Report tab at the bottom of the program window
• Click the Scan button
• In the Select Scan dialog, check:
  • Drivers
  • Files
  • Processes
  • SSDT
  • Stealth Objects
  • Hidden Services
• Click the OK button
• In the next dialog, select all drives showing
• Click OK to start the scan
  

  Note: The scan can take some time. DO NOT run any other programs while the scan is running

• When the scan is complete, the Save Report button will become available
• Click this and save the report to your Desktop as RootRepeal.txt

If the report is not too long, post the contents of RootRepeal.txt in your next reply. If the report is very long, it will not be complete if you post it, so please attach it to your reply instead.

To attach a file, do the following:

• Click Add Reply
• Under the reply panel is the Attachments Panel
• Browse for the attachment file you want to upload, then click the green Upload button
• Once it has uploaded, click the Manage Current Attachments drop down box
• Click on to insert the attachment into your post

Here is the Rootrepeal txt:

ROOTREPEAL © AD, 2007-2008
==================================================
Scan Time: 2009/04/20 14:43
Program Version: Version 1.2.3.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name:
Image Path:
Address: 0xF7473000 Size: 98304 File Visible: No
Status: -

Name:
Image Path:
Address: 0x00000000 Size: 0 File Visible: No
Status: -

Name: catchme.sys
Image Path: C:\DOCUME~1\Tech\LOCALS~1\Temp\catchme.sys
Address: 0xAA7C1000 Size: 31744 File Visible: No
Status: -

Name: Combo-Fix.sys
Image Path: Combo-Fix.sys
Address: 0xF7657000 Size: 60416 File Visible: No
Status: -

Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xAA558000 Size: 98304 File Visible: No
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF79DB000 Size: 8192 File Visible: No
Status: -

Name: PROCEXP90.SYS
Image Path: C:\WINDOWS\system32\Drivers\PROCEXP90.SYS
Address: 0xF798F000 Size: 6464 File Visible: No
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA8D3B000 Size: 45056 File Visible: No
Status: -

Hidden/Locked Files
-------------------
Path: C:\Documents and Settings\Tech\Local Settings\temp\~DF205C.tmp
Status: Allocation size mismatch (API: 589824, Raw: 16384)

Path: C:\Documents and Settings\Tech\Local Settings\temp\~DF27C3.tmp
Status: Allocation size mismatch (API: 131072, Raw: 16384)

Path: C:\Documents and Settings\Tech\Local Settings\temp\~DF8B0C.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: C:\Documents and Settings\Tech\Local Settings\temp\~DFA4.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

SSDT
-------------------
#: 025 Function Name: NtClose
Status: Hooked by "Vax347b.sys" at address 0xf75bcc58

#: 031 Function Name: NtConnectPort
Status: Hooked by "<unknown>" at address 0xe59a2b40

#: 041 Function Name: NtCreateKey
Status: Hooked by "Vax347b.sys" at address 0xf75bcc10

#: 045 Function Name: NtCreatePagingFile
Status: Hooked by "Vax347b.sys" at address 0xf75b0c70

#: 071 Function Name: NtEnumerateKey
Status: Hooked by "Vax347b.sys" at address 0xf75b14fe

#: 073 Function Name: NtEnumerateValueKey
Status: Hooked by "Vax347b.sys" at address 0xf75bcd50

#: 119 Function Name: NtOpenKey
Status: Hooked by "Vax347b.sys" at address 0xf75bcbd4

#: 160 Function Name: NtQueryKey
Status: Hooked by "Vax347b.sys" at address 0xf75b151e

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "Vax347b.sys" at address 0xf75bcca6

#: 241 Function Name: NtSetSystemPowerState
Status: Hooked by "Vax347b.sys" at address 0xf75bc4f0

Stealth Objects
-------------------
Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System Address: 0x8abcd550 Size: -

Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE]
Process: System Address: 0x8a8e32d0 Size: -

Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x8a8e32d0 Size: -

Object: Hidden Code [Driver: atapi, IRP_MJ_CLOSE]
Process: System Address: 0x8a8e32d0 Size: -

Object: Hidden Code [Driver: atapi, IRP_MJ_READ]
Process: System Address: 0x8a8e32d0 Size: -

Object: Hidden Code [Driver: atapi, IRP_MJ_WRITE]
Process: System Address: 0x8a8e32d0 Size: -

Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8a8e32d0 Size: -

Object: Hidden Code [Driver: atapi, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8a8e32d0 Size: -

Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_EA]
Process: System Address: 0x8a8e32d0 Size: -

Object: Hidden Code [Driver: atapi, IRP_MJ_SET_EA]
Process: System Address: 0x8a8e32d0 Size: -

Object: Hidden Code [Driver: atapi, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8a8e32d0 Size: -

Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8a8e32d0 Size: -

Object: Hidden Code [Driver: atapi, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x8a8e32d0 Size: -

Object: Hidden Code [Driver: atapi, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8a8e32d0 Size: -

Object: Hidden Code [Driver: atapi, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8a8e32d0 Size: -

Object: Hidden Code [Driver: atapi, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a8e32d0 Size: -

Object: Hidden Code [Driver: atapi, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a8e32d0 Size: -

Object: Hidden Code [Driver: atapi, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8a8e32d0 Size: -

Object: Hidden Code [Driver: atapi, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8a8e32d0 Size: -

Object: Hidden Code [Driver: atapi, IRP_MJ_CLEANUP]
Process: System Address: 0x8a8e32d0 Size: -

Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x8a8e32d0 Size: -

Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x8a8e32d0 Size: -

Object: Hidden Code [Driver: atapi, IRP_MJ_SET_SECURITY]
Process: System Address: 0x8a8e32d0 Size: -

Object: Hidden Code [Driver: atapi, IRP_MJ_POWER]
Process: System Address: 0x8a8e32d0 Size: -

Object: Hidden Code [Driver: atapi, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a8e32d0 Size: -

Object: Hidden Code [Driver: atapi, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x8a8e32d0 Size: -

Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x8a8e32d0 Size: -

Object: Hidden Code [Driver: atapi, IRP_MJ_SET_QUOTA]
Process: System Address: 0x8a8e32d0 Size: -

Object: Hidden Code [Driver: atapi, IRP_MJ_PNP]
Process: System Address: 0x8a8e32d0 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE]
Process: System Address: 0x8a8e22d0 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x8a8e22d0 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE]
Process: System Address: 0x8a8e22d0 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ]
Process: System Address: 0x8a8e22d0 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE]
Process: System Address: 0x8a8e22d0 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8a8e22d0 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8a8e22d0 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_EA]
Process: System Address: 0x8a8e22d0 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_EA]
Process: System Address: 0x8a8e22d0 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8a8e22d0 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8a8e22d0 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x8a8e22d0 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8a8e22d0 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8a8e22d0 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a8e22d0 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a8e22d0 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8a8e22d0 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8a8e22d0 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLEANUP]
Process: System Address: 0x8a8e22d0 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x8a8e22d0 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x8a8e22d0 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_SECURITY]
Process: System Address: 0x8a8e22d0 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER]
Process: System Address: 0x8a8e22d0 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a8e22d0 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x8a8e22d0 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x8a8e22d0 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_QUOTA]
Process: System Address: 0x8a8e22d0 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP]
Process: System Address: 0x8a8e22d0 Size: -

Object: Hidden Code [Driver: Vax347s, IRP_MJ_CREATE]
Process: System Address: 0x8a8be490 Size: -

Object: Hidden Code [Driver: Vax347s, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x8a8be490 Size: -

Object: Hidden Code [Driver: Vax347s, IRP_MJ_CLOSE]
Process: System Address: 0x8a8be490 Size: -

Object: Hidden Code [Driver: Vax347s, IRP_MJ_READ]
Process: System Address: 0x8a8be490 Size: -

Object: Hidden Code [Driver: Vax347s, IRP_MJ_WRITE]
Process: System Address: 0x8a8be490 Size: -

Object: Hidden Code [Driver: Vax347s, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8a8be490 Size: -

Object: Hidden Code [Driver: Vax347s, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8a8be490 Size: -

Object: Hidden Code [Driver: Vax347s, IRP_MJ_QUERY_EA]
Process: System Address: 0x8a8be490 Size: -

Object: Hidden Code [Driver: Vax347s, IRP_MJ_SET_EA]
Process: System Address: 0x8a8be490 Size: -

Object: Hidden Code [Driver: Vax347s, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8a8be490 Size: -

Object: Hidden Code [Driver: Vax347s, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8a8be490 Size: -

Object: Hidden Code [Driver: Vax347s, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x8a8be490 Size: -

Object: Hidden Code [Driver: Vax347s, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8a8be490 Size: -

Object: Hidden Code [Driver: Vax347s, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8a8be490 Size: -

Object: Hidden Code [Driver: Vax347s, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a8be490 Size: -

Object: Hidden Code [Driver: Vax347s, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a8be490 Size: -

Object: Hidden Code [Driver: Vax347s, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8a8be490 Size: -

Object: Hidden Code [Driver: Vax347s, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8a8be490 Size: -

Object: Hidden Code [Driver: Vax347s, IRP_MJ_CLEANUP]
Process: System Address: 0x8a8be490 Size: -

Object: Hidden Code [Driver: Vax347s, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x8a8be490 Size: -

Object: Hidden Code [Driver: Vax347s, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x8a8be490 Size: -

Object: Hidden Code [Driver: Vax347s, IRP_MJ_SET_SECURITY]
Process: System Address: 0x8a8be490 Size: -

Object: Hidden Code [Driver: Vax347s, IRP_MJ_POWER]
Process: System Address: 0x8a8be490 Size: -

Object: Hidden Code [Driver: Vax347s, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a8be490 Size: -

Object: Hidden Code [Driver: Vax347s, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x8a8be490 Size: -

Object: Hidden Code [Driver: Vax347s, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x8a8be490 Size: -

Object: Hidden Code [Driver: Vax347s, IRP_MJ_SET_QUOTA]
Process: System Address: 0x8a8be490 Size: -

Object: Hidden Code [Driver: Vax347s, IRP_MJ_PNP]
Process: System Address: 0x8a8be490 Size: -

Object: Hidden Code [Driver: Rdbss, IRP_MJ_READ]
Process: System Address: 0x8a7efc48 Size: -

Object: Hidden Code [Driver: Srv, IRP_MJ_READ]
Process: System Address: 0x8a4e3528 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ]
Process: System Address: 0x8a7862e0 Size: -

Object: Hidden Code [Driver: NpfsЅఆ䵃䆨릐륨륨쀀䀀, IRP_MJ_READ]
Process: System Address: 0x8a7b82d8 Size: -

Object: Hidden Code [Driver: Msfsȅఐ卆浩
, IRP_MJ_READ]
Process: System Address: 0x8a8356e8 Size: -

Object: Hidden Code [Driver: Fs_Rec, IRP_MJ_READ]
Process: System Address: 0x8a8825f0 Size: -

Object: Hidden Code [Driver: Cdfsȅత慓䕶B, IRP_MJ_READ]
Process: System Address: 0x8a815790 Size: -

hello

Please download ATF Cleaner by Atribune.

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser

Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.




Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.






Go to Kaspersky website and perform an online antivirus scan.

1. Read through the requirements and privacy statement and click on Accept button.
2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
3. When the downloads have finished, click on Settings.
4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
   Spyware, Adware, Dialers, and other potentially dangerous programs
   Archives
   Mail databases
5. Click on My Computer under Scan.
6. Once the scan is complete, it will display the results. Click on View Scan Report.
7. You will see a list of infected items there. Click on Save Report As....
8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

Again many thanks. Malware bytes log below, will send kaspersky tonight:

Malwarebytes' Anti-Malware 1.36
Database version: 2019
Windows 5.1.2600 Service Pack 3

4/21/2009 7:54:31 AM
mbam-log-2009-04-21 (07-54-31).txt

Scan type: Quick Scan
Objects scanned: 83464
Time elapsed: 2 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\UNICCodecSoft (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.179,85.255.112.61 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{7ca49add-eb4d-45f1-9006-62c486310bf9}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.179,85.255.112.61 -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Tech\Local Settings\Application Data\cp_setup_assist.exe (Trojan.Agent) -> Quarantined and deleted successfully.

This post has been edited by eyedoc71: Apr 21 2009, 12:41 PM

ok cool

Kaspersky log:

KASPERSKY ONLINE SCANNER 7.0 REPORT
Tuesday, April 21, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Tuesday, April 21, 2009 13:57:35
Records in database: 2066193
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\

Scan statistics:
Files scanned: 119413
Threat name: 5
Infected objects: 9
Suspicious objects: 0
Duration of the scan: 01:23:35


File name / Threat name / Threats count
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08E00002.VBN Infected: Trojan-Dropper.Win32.Agent.ajgz 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08E00004.VBN Infected: Trojan.Win32.Patched.ge 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08E00006.VBN Infected: Trojan-Dropper.Win32.Agent.ajgz 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A040000.VBN Infected: Trojan-Dropper.Win32.Agent.ajgz 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A040003.VBN Infected: Trojan-Dropper.Win32.Agent.ajgz 1
C:\Documents and Settings\Tech\Desktop\7txrvqgs.exe Infected: Trojan.Win32.Agent.ccfc 1
C:\Documents and Settings\Tech\Local Settings\Application Data\codecsetup.exe Infected: Trojan.Win32.TDSS.aagj 1
C:\Downloaded programs\Adobe Photoshop Elements v7.0.rar Infected: Trojan-Dropper.Win32.Agent.ajgz 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\gxvxcdddfmgyauaspmwbretyggocswpribvus.dll.vir Infected: Trojan-Downloader.Win32.Agent.brpo 1

The selected area was scanned.

hello

Please download OTMoveIt3 by OldTimer

• Save it to your desktop.
• Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
• Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  
  CODE
  :Processes
  explorer.exe
  
  :Services
  
  :Reg
  
  :Files
  C:\Documents and Settings\Tech\Desktop\7txrvqgs.exe
  C:\Documents and Settings\Tech\Local Settings\Application Data\codecsetup.exe
  C:\Downloaded programs\Adobe Photoshop Elements v7.0.rar
  
  
  :Commands
  [purity]
  [emptytemp]
  [start explorer]
  [Reboot]
  
  
• Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  
• Click the red Moveit! button.
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
• Close OTMoveIt3

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.



also post a new OTL log

I had seen these earlier and manually deleted these files. Hope i didn't mess up the process. Sorry.

File/Folder C:\Documents and Settings\Tech\Local Settings\Application Data\codecsetup.exe not found.
File/Folder C:\Downloaded programs\Adobe Photoshop Elements v7.0.rar not found.


OLT log:

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\Documents and Settings\Tech\Desktop\7txrvqgs.exe moved successfully.
File/Folder C:\Documents and Settings\Tech\Local Settings\Application Data\codecsetup.exe not found.
File/Folder C:\Downloaded programs\Adobe Photoshop Elements v7.0.rar not found.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Tech\LOCALS~1\Temp\IadHide5.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Tech\LOCALS~1\Temp\~DF4429.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Tech\LOCALS~1\Temp\~DF442E.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Tech\LOCALS~1\Temp\~DF44AA.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Tech\LOCALS~1\Temp\~DF44AF.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Tech\LOCALS~1\Temp\~DF4580.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Tech\LOCALS~1\Temp\~DF4585.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Tech\LOCALS~1\Temp\~DF45AD.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Tech\LOCALS~1\Temp\~DF45B2.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Tech\LOCALS~1\Temp\~DFC183.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Tech\LOCALS~1\Temp\~DFFE29.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\Tech\Local Settings\Temporary Internet Files\Content.IE5\E51D0UDF\Malware-Infection-Website-redirect-can-t-run-antivirus-no-windo-t236284[1].html scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Tech\Local Settings\Temporary Internet Files\Content.IE5\E51D0UDF\scoreboard[1].txt scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Tech\Local Settings\Temporary Internet Files\Content.IE5\42AJ5291\iframe[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Tech\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Tech\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_330.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 04222009_094119

Files moved on Reboot...
DllUnregisterServer procedure not found in C:\DOCUME~1\Tech\LOCALS~1\Temp\IadHide5.dll
C:\DOCUME~1\Tech\LOCALS~1\Temp\IadHide5.dll NOT unregistered.
C:\DOCUME~1\Tech\LOCALS~1\Temp\IadHide5.dll moved successfully.
File C:\DOCUME~1\Tech\LOCALS~1\Temp\~DF4429.tmp not found!
File C:\DOCUME~1\Tech\LOCALS~1\Temp\~DF442E.tmp not found!
File C:\DOCUME~1\Tech\LOCALS~1\Temp\~DF44AA.tmp not found!
File C:\DOCUME~1\Tech\LOCALS~1\Temp\~DF44AF.tmp not found!
File C:\DOCUME~1\Tech\LOCALS~1\Temp\~DF4580.tmp not found!
File C:\DOCUME~1\Tech\LOCALS~1\Temp\~DF4585.tmp not found!
File C:\DOCUME~1\Tech\LOCALS~1\Temp\~DF45AD.tmp not found!
File C:\DOCUME~1\Tech\LOCALS~1\Temp\~DF45B2.tmp not found!
C:\DOCUME~1\Tech\LOCALS~1\Temp\~DFC183.tmp moved successfully.
C:\DOCUME~1\Tech\LOCALS~1\Temp\~DFFE29.tmp moved successfully.
C:\Documents and Settings\Tech\Local Settings\Temporary Internet Files\Content.IE5\E51D0UDF\Malware-Infection-Website-redirect-can-t-run-antivirus-no-windo-t236284[1].html moved successfully.
C:\Documents and Settings\Tech\Local Settings\Temporary Internet Files\Content.IE5\E51D0UDF\scoreboard[1].txt moved successfully.
C:\Documents and Settings\Tech\Local Settings\Temporary Internet Files\Content.IE5\42AJ5291\iframe[1].htm moved successfully.
C:\Documents and Settings\Tech\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
File C:\WINDOWS\temp\Perflib_Perfdata_330.dat not found!

no problem, post a new OTL log

I think the log from above is the most current one, after the reboot. I was just saying i deleted those 2 files (below in red) before i ran the otl program so it could not delete those.


========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\Documents and Settings\Tech\Desktop\7txrvqgs.exe moved successfully.
File/Folder C:\Documents and Settings\Tech\Local Settings\Application Data\codecsetup.exe not found.
File/Folder C:\Downloaded programs\Adobe Photoshop Elements v7.0.rar not found.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Tech\LOCALS~1\Temp\IadHide5.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Tech\LOCALS~1\Temp\~DF4429.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Tech\LOCALS~1\Temp\~DF442E.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Tech\LOCALS~1\Temp\~DF44AA.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Tech\LOCALS~1\Temp\~DF44AF.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Tech\LOCALS~1\Temp\~DF4580.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Tech\LOCALS~1\Temp\~DF4585.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Tech\LOCALS~1\Temp\~DF45AD.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Tech\LOCALS~1\Temp\~DF45B2.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Tech\LOCALS~1\Temp\~DFC183.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Tech\LOCALS~1\Temp\~DFFE29.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\Tech\Local Settings\Temporary Internet Files\Content.IE5\E51D0UDF\Malware-Infection-Website-redirect-can-t-run-antivirus-no-windo-t236284[1].html scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Tech\Local Settings\Temporary Internet Files\Content.IE5\E51D0UDF\scoreboard[1].txt scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Tech\Local Settings\Temporary Internet Files\Content.IE5\42AJ5291\iframe[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Tech\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Tech\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_330.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 04222009_094119

Files moved on Reboot...
DllUnregisterServer procedure not found in C:\DOCUME~1\Tech\LOCALS~1\Temp\IadHide5.dll
C:\DOCUME~1\Tech\LOCALS~1\Temp\IadHide5.dll NOT unregistered.
C:\DOCUME~1\Tech\LOCALS~1\Temp\IadHide5.dll moved successfully.
File C:\DOCUME~1\Tech\LOCALS~1\Temp\~DF4429.tmp not found!
File C:\DOCUME~1\Tech\LOCALS~1\Temp\~DF442E.tmp not found!
File C:\DOCUME~1\Tech\LOCALS~1\Temp\~DF44AA.tmp not found!
File C:\DOCUME~1\Tech\LOCALS~1\Temp\~DF44AF.tmp not found!
File C:\DOCUME~1\Tech\LOCALS~1\Temp\~DF4580.tmp not found!
File C:\DOCUME~1\Tech\LOCALS~1\Temp\~DF4585.tmp not found!
File C:\DOCUME~1\Tech\LOCALS~1\Temp\~DF45AD.tmp not found!
File C:\DOCUME~1\Tech\LOCALS~1\Temp\~DF45B2.tmp not found!
C:\DOCUME~1\Tech\LOCALS~1\Temp\~DFC183.tmp moved successfully.
C:\DOCUME~1\Tech\LOCALS~1\Temp\~DFFE29.tmp moved successfully.
C:\Documents and Settings\Tech\Local Settings\Temporary Internet Files\Content.IE5\E51D0UDF\Malware-Infection-Website-redirect-can-t-run-antivirus-no-windo-t236284[1].html moved successfully.
C:\Documents and Settings\Tech\Local Settings\Temporary Internet Files\Content.IE5\E51D0UDF\scoreboard[1].txt moved successfully.
C:\Documents and Settings\Tech\Local Settings\Temporary Internet Files\Content.IE5\42AJ5291\iframe[1].htm moved successfully.
C:\Documents and Settings\Tech\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
File C:\WINDOWS\temp\Perflib_Perfdata_330.dat not found!

This post has been edited by eyedoc71: Apr 22 2009, 11:21 AM

wrong log, I mean this

• Download OTListIt2 to your desktop.
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top change it to Minimal Output.
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTListIt2.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.