[Xenexodous]

Hi, I found a post in here about how to get rid of Virtumonde and I followed all the directions up to saving copies of my scan from both GMER and HijackThis. So now I have the scans but dont quite know what to do with them. Please help, this is really tearing my computer up. They are as follows:

GMER SCAN:
GMER 1.0.14.14536 - http://www.gmer.net
Autostart scan 2008-12-28 00:27:41
Windows 5.1.2600 Service Pack 2


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\[email protected] = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\[email protected] = C:\WINDOWS\system32\userinit.exe,

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\[email protected] = hgGvtroO.dll

HKLM\Software\Microsoft\Windows NT\CurrentVersion\[email protected]_DLLs = yljxtp.dll

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
Bonjour [email protected] = "C:\Program Files\Bonjour\mDNSResponder.exe"
[email protected] = "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
[email protected] = %SystemRoot%\System32\nvsvc32.exe
[email protected] = %SystemRoot%\system32\drivers\scsiport.sys

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@NvCplDaemonRUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup = RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
@nwiznwiz.exe /install = nwiz.exe /install
@NvMediaCenterRUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit = RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
@SunJavaUpdateSched"C:\Program Files\Java\jre6\bin\jusched.exe" = "C:\Program Files\Java\jre6\bin\jusched.exe"
@winssvc"C:\Documents and Settings\R and R\Application Data\Google\pzpsp23511834.exe" 2 = "C:\Documents and Settings\R and R\Application Data\Google\pzpsp23511834.exe" 2
@409aa801rundll32.exe "C:\WINDOWS\system32\yqcflfqq.dll",b = rundll32.exe "C:\WINDOWS\system32\yqcflfqq.dll",b
@prunnet"C:\WINDOWS\system32\prunnet.exe" = "C:\WINDOWS\system32\prunnet.exe"

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@MSMSGS"C:\Program Files\Messenger\msmsgs.exe" /background = "C:\Program Files\Messenger\msmsgs.exe" /background
@Messenger (Yahoo!)"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet = "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
@SpybotSD TeaTimerC:\Program Files\Spybot - Search & Destroy\TeaTimer.exe = C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
@prunnet"C:\WINDOWS\system32\prunnet.exe" = "C:\WINDOWS\system32\prunnet.exe"
@gadcom"C:\Documents and Settings\R and R\Application Data\gadcom\gadcom.exe" 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139 = "C:\Documents and Settings\R and R\Application Data\gadcom\gadcom.exe" 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\[email protected]{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} = C:\WINDOWS\system32\hgGvtroO.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Display Panning CPL Extension*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{32683183-48a0-441b-a342-7c2a440a9478} /*Media Band*/(null) =
@{A70C977A-BF00-412C-90B7-034C51DA2439} /*NvCpl DesktopContext Class*/C:\WINDOWS\System32\nvcpl.dll = C:\WINDOWS\System32\nvcpl.dll
@{1CDB2949-8F65-4355-8456-263E7C208A5D} /*Desktop Explorer*/C:\WINDOWS\System32\nvshell.dll = C:\WINDOWS\System32\nvshell.dll
@{1E9B04FB-F9E5-4718-997B-B8DA88302A47} /*Desktop Explorer Menu*/C:\WINDOWS\System32\nvshell.dll = C:\WINDOWS\System32\nvshell.dll
@{1E9B04FB-F9E5-4718-997B-B8DA88302A48} /*nView Desktop Context Menu*/C:\WINDOWS\System32\nvshell.dll = C:\WINDOWS\System32\nvshell.dll
@{FFB699E0-306A-11d3-8BD1-00104B6F7516} /*Play on my TV helper*/C:\WINDOWS\System32\nvcpl.dll = C:\WINDOWS\System32\nvcpl.dll
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Previous Versions Property Page*/C:\WINDOWS\System32\twext.dll = C:\WINDOWS\System32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Previous Versions*/C:\WINDOWS\System32\twext.dll = C:\WINDOWS\System32\twext.dll
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/C:\WINDOWS\System32\extmgr.dll = C:\WINDOWS\System32\extmgr.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{53707962-6F74-2D53-2644-206D7942484F}C:\Program Files\Spybot - Search & Destroy\SDHelper.dll = C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
@{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}C:\WINDOWS\system32\hgGvtroO.dll = C:\WINDOWS\system32\hgGvtroO.dll
@{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}C:\Program Files\Java\jre6\bin\ssv.dll = C:\Program Files\Java\jre6\bin\ssv.dll
@{B7122DBD-5F51-4C8F-82AF-E5019186BEF7}C:\WINDOWS\system32\byXPHwVN.dll = C:\WINDOWS\system32\byXPHwVN.dll
@{DBC80044-A445-435b-BC74-9C25C1C588A9}C:\Program Files\Java\jre6\bin\jp2ssv.dll = C:\Program Files\Java\jre6\bin\jp2ssv.dll
@{fd254d82-3733-4fab-adc4-f9f357eccf02}C:\WINDOWS\system32\yljxtp.dll = C:\WINDOWS\system32\yljxtp.dll

HKCU\Control Panel\[email protected] = C:\WINDOWS\System32\logon.scr

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.yahoo.com/ = http://www.yahoo.com/
@Start Pagehttp://www.yahoo.com/ = http://www.yahoo.com/
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://www.yahoo.com/ = http://www.yahoo.com/
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
[email protected] = C:\WINDOWS\system32\msvidctl.dll
[email protected] = C:\WINDOWS\System32\itss.dll
[email protected] = C:\WINDOWS\System32\msvidctl.dll
[email protected] = %SystemRoot%\System32\inetcomm.dll
[email protected] = C:\WINDOWS\System32\itss.dll
[email protected] = C:\WINDOWS\system32\msvidctl.dll
[email protected] = C:\WINDOWS\System32\wiascr.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\0[email protected] = C:\Program Files\Bonjour\mdnsNSP.dll

C:\Documents and Settings\All Users\Start Menu\Programs\Startup >>>
Adobe Reader Speed Launch.lnk = Adobe Reader Speed Launch.lnk
Adobe Reader Synchronizer.lnk = Adobe Reader Synchronizer.lnk

---- EOF - GMER 1.0.14 ----

GMER rootkit scan:

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-12-28 00:26:30
Windows 5.1.2600 Service Pack 2


---- User code sections - GMER 1.0.14 ----

.text C:\WINDOWS\system32\rundll32.exe[440] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00C993C0 C:\Documents and Settings\R and R\Application Data\Google\mjkovl.dll
.text C:\WINDOWS\system32\rundll32.exe[440] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 00C9B530 C:\Documents and Settings\R and R\Application Data\Google\mjkovl.dll
.text C:\WINDOWS\system32\rundll32.exe[440] WS2_32.dll!send 71AB428A 2 Bytes JMP 00C997F4 C:\Documents and Settings\R and R\Application Data\Google\mjkovl.dll
.text C:\WINDOWS\system32\rundll32.exe[440] WS2_32.dll!send + 3 71AB428D 2 Bytes [ 1E, 8F ]
.text C:\WINDOWS\system32\rundll32.exe[440] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 00C99BA8 C:\Documents and Settings\R and R\Application Data\Google\mjkovl.dll
.text C:\WINDOWS\system32\rundll32.exe[440] WS2_32.dll!recv 71AB615A 5 Bytes JMP 00C99D90 C:\Documents and Settings\R and R\Application Data\Google\mjkovl.dll
.text C:\WINDOWS\system32\prunnet.exe[1348] ntdll.dll!RtlConvertUlongToLargeInteger + 75 7C9037BA 5 Bytes JMP 00DD0094
.text C:\WINDOWS\system32\prunnet.exe[1348] ntdll.dll!LdrAccessResource + 11 7C912CB3 4 Bytes [ D1, D6, 4B, 84 ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[1572] WS2_32.dll!send 71AB428A 5 Bytes JMP 1000CEA6 C:\WINDOWS\system32\yljxtp.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[2644] WS2_32.dll!send 71AB428A 5 Bytes JMP 1000CEA6 C:\WINDOWS\system32\yljxtp.dll

---- Devices - GMER 1.0.14 ----

AttachedDevice \FileSystem\Ntfs \Ntfs SiWinAcc.sys (Windows Accelerator Driver/Silicon Image, Inc.)
---- Processes - GMER 1.0.14 ----

Library C:\DOCUME~1\RANDR~1\LOCALS~1\Temp\stf45D.tmp (*** hidden *** ) @ C:\DOCUME~1\RANDR~1\LOCALS~1\Temp\stf45D.tmp [1908] 0x00400000

---- EOF - GMER 1.0.14 ----


HIJACKTHIS Scan:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:33:50 AM, on 12/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\prunnet.exe
C:\DOCUME~1\RANDR~1\LOCALS~1\Temp\stf45D.tmp
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\RANDR~1\LOCALS~1\Temp\Temporary Directory 1 for gmer(2).zip\gmer.exe
C:\Documents and Settings\R and R\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [winssvc] "C:\Documents and Settings\R and R\Application Data\Google\pzpsp23511834.exe" 2
O4 - HKLM\..\Run: [409aa801] rundll32.exe "C:\WINDOWS\system32\yqcflfqq.dll",b
O4 - HKLM\..\Run: [prunnet] "C:\WINDOWS\system32\prunnet.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [prunnet] "C:\WINDOWS\system32\prunnet.exe"
O4 - HKCU\..\Run: [gadcom] "C:\Documents and Settings\R and R\Application Data\gadcom\gadcom.exe" 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...PLOADER_V10.CAB
O20 - AppInit_DLLs: yljxtp.dll
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 4705 bytes

[Advertisements]

Hello Xenexodous

Welcome to G2Go.
=====================
Before running a new scan let's clean out the temporary folders.

Download ATF Cleaner to your Desktop.

• Double-click ATF-Cleaner.exe to run the program.
• Click Select All found at the bottom of the list.
• Click the Empty Selected button.

If you use Firefox browser, do this also:

• Click Firefox at the top and choose Select All from the list.
• Click the Empty Selected button.
• NOTE : If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser, do this also:

• Click Opera at the top and choose Select All from the list.
• Close ALL Internet browsers (very important).
• Click the Empty Selected button.
• NOTE : If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
===========================================
Download OTScanIt2.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt2 on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.

• Close ALL OTHER PROGRAMS.
• Open the OTScanIt2 folder and double-click on OTScanIt2.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
• Under Additional Scans click the checkboxes in front of the following items to select them:
  • 
    File - Lop check
    File - Purity Scan
    Under Basic scans:
    Rootkit Search -Yes
• Do not change any other settings.
• Now click the Run Scan button on the toolbar.
• Let it run unhindered until it finishes.
• When the scan is complete Notepad will open with the report file loaded in it.
• Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Use the Add Reply button and Attach the information back here. I will review it when it comes in.

[kahdah]

Hello Xenexodous

Welcome to G2Go.
=====================
Before running a new scan let's clean out the temporary folders.

Download ATF Cleaner to your Desktop.

• Double-click ATF-Cleaner.exe to run the program.
• Click Select All found at the bottom of the list.
• Click the Empty Selected button.

If you use Firefox browser, do this also:

• Click Firefox at the top and choose Select All from the list.
• Click the Empty Selected button.
• NOTE : If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser, do this also:

• Click Opera at the top and choose Select All from the list.
• Close ALL Internet browsers (very important).
• Click the Empty Selected button.
• NOTE : If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
===========================================
Download OTScanIt2.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt2 on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.

• Close ALL OTHER PROGRAMS.
• Open the OTScanIt2 folder and double-click on OTScanIt2.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
• Under Additional Scans click the checkboxes in front of the following items to select them:
  • 
    File - Lop check
    File - Purity Scan
    Under Basic scans:
    Rootkit Search -Yes
• Do not change any other settings.
• Now click the Run Scan button on the toolbar.
• Let it run unhindered until it finishes.
• When the scan is complete Notepad will open with the report file loaded in it.
• Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Use the Add Reply button and Attach the information back here. I will review it when it comes in.

[Xenexodous]

Thank you! Here is the read out from OTSCANIT as you suggested:

[code=auto:0]OTScanIt2 logfile created on: 12/28/2008 2:01:31 PM - Run 1
OTScanIt2 by OldTimer - Version 1.0.4.1 Folder = C:\Documents and Settings\R and R\My Documents\OTScanIt2
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.50 Gb Total Physical Memory | 1.04 Gb Available Physical Memory | 69.45% Memory free
3.35 Gb Paging File | 3.03 Gb Available in Paging File | 90.27% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 152.66 Gb Total Space | 129.11 Gb Free Space | 84.58% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 74.53 Gb Total Space | 14.35 Gb Free Space | 19.25% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NOWHERE
Current User Name: R and R
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days

[Processes - Safe List]
firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> [2008/12/19 00:21:57 | 07,678,568 | ---- | M] (Mozilla Corporation)
firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> [2008/12/19 00:21:57 | 07,678,568 | ---- | M] (Mozilla Corporation)
iexplore.exe -> %ProgramFiles%\Internet Explorer\iexplore.exe -> [2004/08/04 00:56:52 | 00,093,184 | ---- | M] (Microsoft Corporation)
jqs.exe -> %ProgramFiles%\Java\jre6\bin\jqs.exe -> [2008/12/10 22:16:11 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.)
mdnsresponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> [2006/02/28 12:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.)
nvsvc32.exe -> %SystemRoot%\system32\nvsvc32.exe -> [2006/06/01 17:22:00 | 00,155,715 | ---- | M] (NVIDIA Corporation)
otscanit2.exe -> %UserProfile%\My Documents\OTScanIt2\OTScanIt2.exe -> [2008/12/26 14:49:54 | 00,476,672 | ---- | M] (OldTimer Tools)
qbiugp.exe -> %AppData%\Microsoft\Windows\qbiugp.exe -> [2008/12/28 03:19:21 | 00,035,328 | ---- | M] ()
rundll32.exe -> %SystemRoot%\system32\rundll32.exe -> [2004/08/04 00:56:56 | 00,033,280 | ---- | M] (Microsoft Corporation)
rundll32.exe -> %SystemRoot%\system32\rundll32.exe -> [2004/08/04 00:56:56 | 00,033,280 | ---- | M] (Microsoft Corporation)
speedrunner.exe -> %AppData%\SpeedRunner\SpeedRunner.exe -> [2008/12/28 03:19:18 | 00,218,112 | ---- | M] ()
stf45d.tmp -> %SystemDrive%\DOCUME~1\RANDR~1\LOCALS~1\Temp\stf45D.tmp -> File not found
wscntfy.exe -> %SystemRoot%\system32\wscntfy.exe -> [2004/08/04 00:56:58 | 00,013,824 | ---- | M] (Microsoft Corporation)

[Win32 Services - Safe List]
(Bonjour Service) ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## [Win32_Own | Auto | Running] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> [2006/02/28 12:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.)
(FLEXnet Licensing Service) FLEXnet Licensing Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> [2008/12/15 18:31:30 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.)
(helpsvc) Help and Support [Win32_Shared | Auto | Running] -> %SystemRoot%\PCHEALTH\HELPCTR\Binaries\pchsvc.dll -> [2004/08/04 00:56:46 | 00,038,912 | ---- | M] (Microsoft Corporation)
(JavaQuickStarterService) Java Quick Starter [Win32_Own | Auto | Running] -> %ProgramFiles%\Java\jre6\bin\jqs.exe -> [2008/12/10 22:16:11 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.)
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\nvsvc32.exe -> [2006/06/01 17:22:00 | 00,155,715 | ---- | M] (NVIDIA Corporation)

[Driver Services - Safe List]
(AmdK7) AMD K7 Processor Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\amdk7.sys -> [2004/08/03 22:59:22 | 00,037,376 | ---- | M] (Microsoft Corporation)
(FA312) NETGEAR FA330/FA312/FA311 Fast Ethernet Adapter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\FA312nd5.sys -> [2001/08/17 04:12:32 | 00,016,074 | ---- | M] (NETGEAR Corp.)
(gameenum) Game Port Enumerator [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\gameenum.sys -> [2004/08/03 23:08:22 | 00,010,624 | ---- | M] (Microsoft Corporation)
(ms_mpu401) Microsoft MPU-401 MIDI UART Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\msmpu401.sys -> [2001/08/17 06:00:04 | 00,002,944 | ---- | M] (Microsoft Corporation)
(nv) nv [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\nv4_mini.sys -> [2006/06/01 17:22:00 | 03,925,920 | ---- | M] (NVIDIA Corporation)
(nvax) Service for NVIDIA(R) nForce(TM) Audio Enumerator [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\nvax.sys -> [2005/04/13 12:32:42 | 00,053,376 | ---- | M] (NVIDIA Corporation)
(nvnforce) Service for NVIDIA(R) nForce(TM) Audio [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\nvapu.sys -> [2005/04/13 12:34:02 | 00,414,464 | ---- | M] (NVIDIA Corporation)
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> [2001/08/23 04:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.)
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\PxHelp20.sys -> [2007/07/25 18:53:30 | 00,043,528 | ---- | M] (Sonic Solutions)
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\secdrv.sys -> [2001/08/23 04:00:00 | 00,027,440 | ---- | M] ()
(si3112r) Silicon Image SiI 3112 SATARaid Controller [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\si3112r.sys -> [2007/02/01 08:50:10 | 00,110,128 | ---- | M] (Silicon Image, Inc)
(SiFilter) SATALink driver accelerator [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\SiWinAcc.sys -> [2007/02/01 08:50:12 | 00,017,328 | ---- | M] (Silicon Image, Inc.)
(SiWinAcc) SiWinAcc [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\SiWinAcc.sys -> [2007/02/01 08:50:12 | 00,017,328 | ---- | M] (Silicon Image, Inc.)

[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://www.yahoo.com/ ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com ->
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com ->
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://www.yahoo.com/ ->
HKEY_LOCAL_MACHINE\: Search\\"CustomizeSearch" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\"CustomSearch" -> http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html ->
HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\"Search Page" -> http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com ->
HKEY_CURRENT_USER\: Main\\"Start Page" -> http://www.yahoo.com/ ->
HKEY_CURRENT_USER\: SearchURL\\"" -> http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com ->
HKEY_CURRENT_USER\: SearchURL\\"provider" -> yaho ->
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 ->
HKEY_CURRENT_USER\: "ProxyOverride" -> *.local ->
< FireFox Settings [Default Profile] > -> C:\Documents and Settings\R and R\Application Data\Mozilla\FireFox\Profiles\ekvd1k64.default\prefs.js ->
browser.search.defaultenginename -> "Yahoo" ->
browser.search.defaulturl -> "http://search.yahoo.com/search?fr=ffsp1&p=" ->
browser.search.selectedEngine -> "Yahoo" ->
browser.startup.homepage -> "http://www.yahoo.com/" ->
browser.startup.homepage_override.mstone -> "rv:1.8.1.20" ->
< HOSTS File > (734 bytes and 19 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
127.0.0.1 localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{02478D38-C3F9-4efb-9B51-7695ECA05670} [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Reg Error: Value does not exist or could not be read.] -> [2005/05/31 01:04:00 | 00,853,672 | ---- | M] (Safer Networking Limited)
{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} [HKLM] -> %SystemRoot%\system32\hgGvtroO.dll [Reg Error: Value does not exist or could not be read.] -> [2008/12/27 02:56:52 | 00,052,224 | ---- | M] ()
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre6\bin\ssv.dll [Java(tm) Plug-In SSV Helper] -> [2008/12/10 22:16:11 | 00,320,920 | ---- | M] (Sun Microsystems, Inc.)
{B7122DBD-5F51-4C8F-82AF-E5019186BEF7} [HKLM] -> %SystemRoot%\system32\byXPHwVN.dll [Reg Error: Value does not exist or could not be read.] -> [2008/12/27 03:07:03 | 00,281,600 | ---- | M] ()
{DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> %ProgramFiles%\Java\jre6\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> [2008/12/10 22:16:11 | 00,034,816 | ---- | M] (Sun Microsystems, Inc.)
{f8487f44-974a-4620-94a0-2914509e786e} [HKLM] -> %SystemRoot%\system32\vhkodq.dll [Reg Error: Value does not exist or could not be read.] -> [2008/12/28 03:13:56 | 00,139,264 | ---- | M] ()
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"409aa801" -> %SystemRoot%\system32\dumkdtmi.dll [rundll32.exe "C:\WINDOWS\system32\dumkdtmi.dll",b] -> [2008/12/28 03:10:54 | 00,090,112 | ---- | M] ()
"NvCplDaemon" -> %SystemRoot%\system32\nvcpl.dll [RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup] -> [2006/06/01 17:22:00 | 07,618,560 | ---- | M] (NVIDIA Corporation)
"NvMediaCenter" -> %SystemRoot%\system32\nvmctray.dll [RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit] -> [2006/06/01 17:22:00 | 00,086,016 | ---- | M] (NVIDIA Corporation)
"nwiz" -> %SystemRoot%\system32\nwiz.exe [nwiz.exe /install] -> [2006/06/01 17:22:00 | 01,519,616 | ---- | M] ()
"SunJavaUpdateSched" -> %ProgramFiles%\Java\jre6\bin\jusched.exe ["C:\Program Files\Java\jre6\bin\jusched.exe"] -> [2008/12/10 22:16:11 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.)
"winssvc" -> %AppData%\Google\pzpsp23511834.exe ["C:\Documents and Settings\R and R\Application Data\Google\pzpsp23511834.exe" 2] -> [2008/12/27 02:59:44 | 00,124,928 | ---- | M] ()
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"gadcom" -> %AppData%\gadcom\gadcom.exe ["C:\Documents and Settings\R and R\Application Data\gadcom\gadcom.exe" 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139] -> [2008/12/28 00:14:33 | 00,056,832 | ---- | M] ()
"Messenger (Yahoo!)" -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe ["C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet] -> [2008/11/05 21:59:00 | 04,347,120 | ---- | M] (Yahoo! Inc.)
"MSMSGS" -> %ProgramFiles%\Messenger\msmsgs.exe ["C:\Program Files\Messenger\msmsgs.exe" /background] -> [2004/08/04 00:56:54 | 01,667,584 | ---- | M] (Microsoft Corporation)
"SfKg6wIP" -> %AppData%\Microsoft\Windows\qbiugp.exe [C:\Documents and Settings\R and R\Application Data\Microsoft\Windows\qbiugp.exe] -> [2008/12/28 03:19:21 | 00,035,328 | ---- | M] ()
"SpeedRunner" -> %AppData%\SpeedRunner\SpeedRunner.exe [C:\Documents and Settings\R and R\Application Data\SpeedRunner\SpeedRunner.exe] -> [2008/12/28 03:19:18 | 00,218,112 | ---- | M] ()
"SpybotSD TeaTimer" -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe [C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe] -> [2005/05/31 01:04:00 | 01,415,824 | ---- | M] (Safer Networking Limited)
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
%AllUsersProfile%\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe -> [2006/10/23 01:48:20 | 00,040,048 | ---- | M] (Adobe Systems Incorporated)
%AllUsersProfile%\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk -> %ProgramFiles%\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe -> [2006/10/23 00:01:50 | 00,734,872 | ---- | M] ()
< R and R Startup Folder > -> C:\Documents and Settings\R and R\Start Menu\Programs\Startup ->
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"dontdisplaylastusername" -> [0] -> File not found
\\"legalnoticecaption" -> [] -> File not found
\\"legalnoticetext" -> [] -> File not found
\\"shutdownwithoutlogon" -> [1] -> File not found
\\"undockwithoutlogon" -> [1] -> File not found
< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Button: Messenger] -> [2004/08/04 00:56:54 | 01,667,584 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Menu: Windows Messenger] -> [2004/08/04 00:56:54 | 01,667,584 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/08/04 00:56:54 | 01,667,584 | ---- | M] (Microsoft Corporation)
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s ->
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. ->
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab[Java Plug-in 1.6.0_11] ->
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab[Java Plug-in 1.6.0_11] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab[Java Plug-in 1.6.0_11] ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] ->
{DF780F87-FF2B-4DF8-92D0-73DB16A1543A} [HKLM] -> http://zone.msn.com/BINGAME/POPCAPLOADER_V10.CAB[PopCapLoader Object] ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{1E771116-BBB6-4CD8-BC5B-27B829AD98A4} -> (1394 Net Adapter) ->
{2C4C7607-3FF3-4A53-934F-4FFA8F8D80BF} -> (NETGEAR FA311 Fast Ethernet Adapter) ->
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs ->
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls ->
vhkodq.dll -> %SystemRoot%\system32\vhkodq.dll -> [2008/12/28 03:13:56 | 00,139,264 | ---- | M] ()
*MultiFile Done* -> ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
hgGvtroO -> %SystemRoot%\system32\hgGvtroO.dll -> [2008/12/27 02:56:52 | 00,052,224 | ---- | M] ()
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}" [HKLM] -> %SystemRoot%\system32\hgGvtroO.dll [] -> [2008/12/27 02:56:52 | 00,052,224 | ---- | M] ()
< LSA Authentication Packages [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages ->
*LSA Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages ->
C:\WINDOWS\system32\byXPHwVN -> %SystemRoot%\system32\byXPHwVN.dll -> [2008/12/27 03:07:03 | 00,281,600 | ---- | M] ()
*MultiFile Done* -> ->
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List ->
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2004/08/04 00:56:58 | 00,140,800 | ---- | M] (Microsoft Corporation)
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List ->
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2004/08/04 00:56:58 | 00,140,800 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" -> C:\Program Files\Bonjour\mDNSResponder.exe [C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour] -> [2006/02/28 12:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.)
"C:\Program Files\uTorrent\uTorrent.exe" -> C:\Program Files\uTorrent\uTorrent.exe [C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent] -> [2008/12/13 16:04:13 | 00,267,056 | ---- | M] (BitTorrent, Inc.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger] -> [2008/11/05 21:59:00 | 04,347,120 | ---- | M] (Yahoo! Inc.)
"C:\WINDOWS\system32\drivers\svchost.exe" -> C:\WINDOWS\system32\drivers\svchost.exe [C:\WINDOWS\system32\drivers\svchost.exe:*:Disabled:svchost] -> File not found
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->
"AlternateShell" -> cmd.exe ->
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 ->
"DisplayName" -> CD-ROM Driver ->
"ImagePath" -> %SystemRoot%\system32\drivers\cdrom.sys [System32\DRIVERS\cdrom.sys] -> [2004/08/03 22:59:54 | 00,049,536 | ---- | M] (Microsoft Corporation)
< Drives with AutoRun files > -> ->
C:\AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [2008/12/10 19:42:37 | 00,000,000 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->


[Files/Folders - Created Within 30 Days]
2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
OTScanIt2 -> %UserProfile%\My Documents\OTScanIt2 -> [2008/12/28 13:59:36 | 00,000,000 | ---D | C]
OTScanIt2.exe -> %UserProfile%\Desktop\OTScanIt2.exe -> [2008/12/28 13:53:53 | 00,647,741 | ---- | C] ()
SpeedRunner -> %AppData%\SpeedRunner -> [2008/12/28 03:18:29 | 00,000,000 | ---D | C]
vhkodq.dll -> %SystemRoot%\System32\vhkodq.dll -> [2008/12/28 03:13:56 | 00,139,264 | ---- | C] ()
xybduwrw.dll -> %SystemRoot%\System32\xybduwrw.dll -> [2008/12/28 03:13:49 | 00,139,264 | ---- | C] ()
imtdkmud.ini -> %SystemRoot%\System32\imtdkmud.ini -> [2008/12/28 03:10:54 | 01,308,269 | -HS- | C] ()
dumkdtmi.dll -> %SystemRoot%\System32\dumkdtmi.dll -> [2008/12/28 03:10:46 | 00,090,112 | ---- | C] ()
Webtools -> %ProgramFiles%\Webtools -> [2008/12/28 03:07:59 | 00,000,000 | ---D | C]
Mjcore -> %ProgramFiles%\Mjcore -> [2008/12/28 03:03:02 | 00,000,000 | ---D | C]
HiJackThis.exe -> %UserProfile%\Desktop\HiJackThis.exe -> [2008/12/28 00:33:31 | 00,401,720 | ---- | C] (Trend Micro Inc.)
gmer autostart scan.rtf -> %UserProfile%\My Documents\gmer autostart scan.rtf -> [2008/12/28 00:27:58 | 00,007,167 | ---- | C] ()
rootkit scan.rtf -> %UserProfile%\My Documents\rootkit scan.rtf -> [2008/12/28 00:26:51 | 00,003,098 | ---- | C] ()
gmer.ini -> %SystemRoot%\gmer.ini -> [2008/12/28 00:22:05 | 00,000,250 | ---- | C] ()
gmer.dll -> %SystemRoot%\gmer.dll -> [2008/12/28 00:22:03 | 00,884,736 | ---- | C] ()
gmer.exe -> %SystemRoot%\gmer.exe -> [2008/12/28 00:22:03 | 00,811,008 | R--- | C] ()
gmer.sys -> %SystemRoot%\System32\drivers\gmer.sys -> [2008/12/28 00:22:03 | 00,085,969 | ---- | C] (GMER)
gmer_uninstall.cmd -> %SystemRoot%\gmer_uninstall.cmd -> [2008/12/28 00:22:03 | 00,000,080 | ---- | C] ()
gmer.zip -> %UserProfile%\Desktop\gmer.zip -> [2008/12/28 00:17:56 | 00,747,873 | ---- | C] ()
awtttuSL.dll -> %SystemRoot%\System32\awtttuSL.dll -> [2008/12/28 00:14:37 | 00,050,176 | ---- | C] ()
mlJdBTNH.dll -> %SystemRoot%\System32\mlJdBTNH.dll -> [2008/12/28 00:08:30 | 00,052,224 | ---- | C] ()
VirusRemover2008 -> %ProgramFiles%\VirusRemover2008 -> [2008/12/28 00:01:52 | 00,000,000 | ---D | C]
gadcom -> %AppData%\gadcom -> [2008/12/28 00:00:29 | 00,000,000 | ---D | C]
ssqOHbBr.dll -> %SystemRoot%\System32\ssqOHbBr.dll -> [2008/12/28 00:00:16 | 00,050,176 | ---- | C] ()
Sysvxd.exe -> %SystemRoot%\Sysvxd.exe -> [2008/12/27 04:41:53 | 00,000,073 | ---- | C] ()
yljxtp.dll -> %SystemRoot%\System32\yljxtp.dll -> [2008/12/27 03:16:10 | 00,134,656 | ---- | C] ()
oejjctlc.dll -> %SystemRoot%\System32\oejjctlc.dll -> [2008/12/27 03:16:08 | 00,134,656 | ---- | C] ()
SDHelper (Spybot - Search & Destroy) -> %ProgramFiles%\SDHelper (Spybot - Search & Destroy) -> [2008/12/27 03:08:54 | 00,000,000 | ---D | C]
TeaTimer (Spybot - Search & Destroy) -> %ProgramFiles%\TeaTimer (Spybot - Search & Destroy) -> [2008/12/27 03:08:53 | 00,000,000 | ---D | C]
Misc. Support Library (Spybot - Search & Destroy) -> %ProgramFiles%\Misc. Support Library (Spybot - Search & Destroy) -> [2008/12/27 03:08:52 | 00,000,000 | ---D | C]
File Scanner Library (Spybot - Search & Destroy) -> %ProgramFiles%\File Scanner Library (Spybot - Search & Destroy) -> [2008/12/27 03:08:51 | 00,000,000 | ---D | C]
qqflfcqy.ini -> %SystemRoot%\System32\qqflfcqy.ini -> [2008/12/27 03:08:03 | 01,308,269 | -HS- | C] ()
yqcflfqq.dll -> %SystemRoot%\System32\yqcflfqq.dll -> [2008/12/27 03:08:00 | 00,083,456 | ---- | C] ()
NVwHPXyb.ini2 -> %SystemRoot%\System32\NVwHPXyb.ini2 -> [2008/12/27 03:07:08 | 00,700,381 | -HS- | C] ()
NVwHPXyb.ini -> %SystemRoot%\System32\NVwHPXyb.ini -> [2008/12/27 03:07:05 | 00,700,381 | -HS- | C] ()
byXPHwVN.dll -> %SystemRoot%\System32\byXPHwVN.dll -> [2008/12/27 03:07:01 | 00,281,600 | ---- | C] ()
Spybot - Search & Destroy.lnk -> %UserProfile%\Desktop\Spybot - Search & Destroy.lnk -> [2008/12/27 03:06:21 | 00,000,933 | ---- | C] ()
Spybot - Search & Destroy -> %AllUsersProfile%\Application Data\Spybot - Search & Destroy -> [2008/12/27 03:06:21 | 00,000,000 | ---D | C]
Spybot - Search & Destroy -> %ProgramFiles%\Spybot - Search & Destroy -> [2008/12/27 03:06:20 | 00,000,000 | ---D | C]
Google -> %AppData%\Google -> [2008/12/27 02:59:44 | 00,000,000 | ---D | C]
hdxyuvly.job -> %SystemRoot%\tasks\hdxyuvly.job -> [2008/12/27 02:56:55 | 00,000,314 | ---- | C] ()
khfCUkhE.dll -> %SystemRoot%\System32\khfCUkhE.dll -> [2008/12/27 02:56:54 | 00,045,056 | ---- | C] ()
hgGvtroO.dll -> %SystemRoot%\System32\hgGvtroO.dll -> [2008/12/27 02:56:52 | 00,052,224 | ---- | C] ()
prunnet.exe -> %SystemRoot%\System32\prunnet.exe -> [2008/12/27 02:56:51 | 00,063,488 | ---- | C] ()
Yahoo -> %UserProfile%\Local Settings\Application Data\Yahoo -> [2008/12/24 22:31:08 | 00,000,000 | ---D | C]
Yahoo! -> %AppData%\Yahoo! -> [2008/12/24 22:30:35 | 00,000,000 | ---D | C]
Yahoo! Messenger.lnk -> %AllUsersProfile%\Desktop\Yahoo! Messenger.lnk -> [2008/12/24 22:30:14 | 00,000,812 | ---- | C] ()
Yahoo! -> %AllUsersProfile%\Application Data\Yahoo! -> [2008/12/24 22:30:12 | 00,000,000 | ---D | C]
Yahoo! -> %ProgramFiles%\Yahoo! -> [2008/12/24 22:30:11 | 00,000,000 | ---D | C]
UserData -> %UserProfile%\UserData -> [2008/12/24 22:27:41 | 00,000,000 | --SD | C]
tarot chick.psd -> %UserProfile%\Desktop\tarot chick.psd -> [2008/12/24 20:31:02 | 37,218,659 | ---- | C] ()
tarot chick.jpg -> %UserProfile%\Desktop\tarot chick.jpg -> [2008/12/24 19:24:27 | 01,607,443 | ---- | C] ()
EPSON -> %AppData%\EPSON -> [2008/12/24 19:22:08 | 00,000,000 | ---D | C]
Identities -> %UserProfile%\Local Settings\Application Data\Identities -> [2008/12/23 17:31:23 | 00,000,000 | ---D | C]
PopCap -> %AllUsersProfile%\Application Data\PopCap -> [2008/12/22 00:38:32 | 00,000,000 | ---D | C]
schung.zip -> %UserProfile%\Desktop\schung.zip -> [2008/12/21 12:34:19 | 00,047,914 | ---- | C] ()
When the Moon Comes Out.docx -> %UserProfile%\Desktop\When the Moon Comes Out.docx -> [2008/12/18 14:13:31 | 00,064,152 | ---- | C] ()
Epfb5cpl.dll -> %SystemRoot%\System32\Epfb5cpl.dll -> [2008/12/17 14:52:41 | 00,086,016 | ---- | C] (SEIKO EPSON CORP.)
escimgn.dll -> %SystemRoot%\System32\escimgn.dll -> [2008/12/17 14:52:41 | 00,047,104 | ---- | C] (SEIKO EPSON CORP.)
escimgd.dll -> %SystemRoot%\System32\escimgd.dll -> [2008/12/17 14:52:41 | 00,047,104 | ---- | C] (SEIKO EPSON CORP.)
escwian.dll -> %SystemRoot%\System32\escwian.dll -> [2008/12/17 14:52:41 | 00,035,840 | ---- | C] (SEIKO EPSON CORP.)
esccm.dll -> %SystemRoot%\System32\esccm.dll -> [2008/12/17 14:52:41 | 00,033,280 | ---- | C] (SEIKO EPSON CORP.)
escwiad.dll -> %SystemRoot%\System32\escwiad.dll -> [2008/12/17 14:52:41 | 00,032,256 | ---- | C] (SEIKO EPSON CORP.)
escwiab.dll -> %SystemRoot%\System32\escwiab.dll -> [2008/12/17 14:52:41 | 00,032,256 | ---- | C] (SEIKO EPSON CORP.)
escimg.dll -> %SystemRoot%\System32\escimg.dll -> [2008/12/17 14:52:41 | 00,027,648 | ---- | C] (SEIKO EPSON CORP.)
esccmn.dll -> %SystemRoot%\System32\esccmn.dll -> [2008/12/17 14:52:41 | 00,023,552 | ---- | C] (SEIKO EPSON CORP.)
esccmd.dll -> %SystemRoot%\System32\esccmd.dll -> [2008/12/17 14:52:41 | 00,022,528 | ---- | C] (SEIKO EPSON CORP.)
ESDTR.dll -> %SystemRoot%\System32\ESDTR.dll -> [2008/12/17 14:52:40 | 00,184,320 | ---- | C] (SEIKO EPSON CORP.)
Esint23.dll -> %SystemRoot%\System32\Esint23.dll -> [2008/12/17 14:52:40 | 00,126,976 | ---- | C] (SEIKO EPSON CORP.)
epcomdd.dll -> %SystemRoot%\System32\epcomdd.dll -> [2008/12/17 14:52:40 | 00,090,112 | ---- | C] (SEIKO EPSON CORP)
Esintpl.dll -> %SystemRoot%\System32\Esintpl.dll -> [2008/12/17 14:52:40 | 00,077,824 | ---- | C] (SEIKO EPSON CORP.)
ESICM.dll -> %SystemRoot%\System32\ESICM.dll -> [2008/12/17 14:52:40 | 00,053,248 | ---- | C] (SEIKO EPSON Corp.)
InstallShield Installation Information -> %ProgramFiles%\InstallShield Installation Information -> [2008/12/17 14:52:40 | 00,000,000 | -H-D | C]
EBPMON2.DLL -> %SystemRoot%\System32\EBPMON2.DLL -> [2008/12/17 14:52:18 | 00,070,924 | ---- | C] (SEIKO EPSON CORPORATION)
ECBTEG.DLL -> %SystemRoot%\System32\ECBTEG.DLL -> [2008/12/17 14:52:18 | 00,056,832 | ---- | C] (SEIKO EPSON CORPORATION)
EBPCHP.DLL -> %SystemRoot%\System32\EBPCHP.DLL -> [2008/12/17 14:52:18 | 00,034,304 | ---- | C] (SEIKO EPSON CORPORATION)
EBPPORT.DAT -> %SystemRoot%\System32\EBPPORT.DAT -> [2008/12/17 14:52:18 | 00,000,182 | ---- | C] ()
EPSON -> %ProgramFiles%\EPSON -> [2008/12/17 14:52:18 | 00,000,000 | ---D | C]
epson -> %SystemDrive%\epson -> [2008/12/17 14:52:14 | 00,000,000 | ---D | C]
epson10608.exe -> %UserProfile%\Desktop\epson10608.exe -> [2008/12/17 14:51:44 | 03,394,048 | ---- | C] ()
epson10573.exe -> %UserProfile%\Desktop\epson10573.exe -> [2008/12/17 14:51:20 | 06,289,920 | ---- | C] ()
epson10453.exe -> %UserProfile%\Desktop\epson10453.exe -> [2008/12/17 14:50:55 | 04,895,744 | ---- | C] ()
usbprint.sys -> %SystemRoot%\System32\drivers\usbprint.sys -> [2008/12/17 14:49:29 | 00,025,856 | ---- | C] (Microsoft Corporation)
usbprint.sys -> %SystemRoot%\System32\dllcache\usbprint.sys -> [2008/12/17 14:49:29 | 00,025,856 | ---- | C] (Microsoft Corporation)
usbccgp.sys -> %SystemRoot%\System32\drivers\usbccgp.sys -> [2008/12/17 14:49:00 | 00,031,616 | ---- | C] (Microsoft Corporation)
usbccgp.sys -> %SystemRoot%\System32\dllcache\usbccgp.sys -> [2008/12/17 14:49:00 | 00,031,616 | ---- | C] (Microsoft Corporation)
Updater5 -> %UserProfile%\My Documents\Updater5 -> [2008/12/17 14:23:46 | 00,000,000 | ---D | C]
Adobe Reader Synchronizer.lnk -> %AllUsersProfile%\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk -> [2008/12/17 14:23:14 | 00,001,788 | ---- | C] ()
Adobe Reader Speed Launch.lnk -> %AllUsersProfile%\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk -> [2008/12/17 14:23:14 | 00,001,746 | ---- | C] ()
Adobe Reader 8.lnk -> %AllUsersProfile%\Desktop\Adobe Reader 8.lnk -> [2008/12/17 14:23:14 | 00,001,729 | ---- | C] ()
wstarexpdemo.lnk -> %UserProfile%\Desktop\wstarexpdemo.lnk -> [2008/12/17 14:22:09 | 00,000,638 | ---- | C] ()
ROBOEX32.DLL -> %SystemRoot%\System32\ROBOEX32.DLL -> [2008/12/17 14:21:14 | 01,044,480 | ---- | C] (eHelp Corporation.)
PDF_In_The_Box.ocx -> %SystemRoot%\System32\PDF_In_The_Box.ocx -> [2008/12/17 14:21:14 | 00,890,368 | ---- | C] (Synactis)
tdbg5.ocx -> %SystemRoot%\System32\tdbg5.ocx -> [2008/12/17 14:21:14 | 00,661,504 | ---- | C] (APEX Software Corporation)
imgman32.dll -> %SystemRoot%\System32\imgman32.dll -> [2008/12/17 14:21:14 | 00,339,968 | ---- | C] (Data Techniques, Inc.)
IM31fpx.dil -> %SystemRoot%\System32\IM31fpx.dil -> [2008/12/17 14:21:14 | 00,307,200 | ---- | C] (Data Techniques, Inc.)
PCDLIB32.DLL -> %SystemRoot%\System32\PCDLIB32.DLL -> [2008/12/17 14:21:14 | 00,212,480 | ---- | C] (Eastman Kodak)
Imfx32.ocx -> %SystemRoot%\System32\Imfx32.ocx -> [2008/12/17 14:21:14 | 00,159,744 | ---- | C] (Data Techniques, Inc.)
IM31jpg.dil -> %SystemRoot%\System32\IM31jpg.dil -> [2008/12/17 14:21:14 | 00,159,744 | ---- | C] (Data Techniques, Inc.)
Vsocx32.ocx -> %SystemRoot%\System32\Vsocx32.ocx -> [2008/12/17 14:21:14 | 00,152,576 | ---- | C] (VideoSoft)
dwspy32.dll -> %SystemRoot%\System32\dwspy32.dll -> [2008/12/17 14:21:14 | 00,136,192 | ---- | C] (Desaware)
IM31xjpg.del -> %SystemRoot%\System32\IM31xjpg.del -> [2008/12/17 14:21:14 | 00,135,168 | ---- | C] (Data Techniques, Inc.)
Dweasy36.ocx -> %SystemRoot%\System32\Dweasy36.ocx -> [2008/12/17 14:21:14 | 00,131,584 | ---- | C] (Desaware Inc.)
stamin32.dll -> %SystemRoot%\System32\stamin32.dll -> [2008/12/17 14:21:14 | 00,116,736 | ---- | C] (MicroDexterity, Inc.)
Dwsbc36.ocx -> %SystemRoot%\System32\Dwsbc36.ocx -> [2008/12/17 14:21:14 | 00,115,200 | ---- | C] (Desaware Inc.)
imhost32.dll -> %SystemRoot%\System32\imhost32.dll -> [2008/12/17 14:21:14 | 00,098,345 | ---- | C] (Data Techniques, Inc.)
IM31xpng.del -> %SystemRoot%\System32\IM31xpng.del -> [2008/12/17 14:21:14 | 00,098,304 | ---- | C] (Data Techniques, Inc.)
imact33.ocx -> %SystemRoot%\System32\imact33.ocx -> [2008/12/17 14:21:14 | 00,094,208 | ---- | C] (Data Techniques, Inc.)
IM31dxf.dil -> %SystemRoot%\System32\IM31dxf.dil -> [2008/12/17 14:21:14 | 00,090,112 | ---- | C] (Data Techniques, Inc.)
DWCBK32.OCX -> %SystemRoot%\System32\DWCBK32.OCX -> [2008/12/17 14:21:14 | 00,089,088 | ---- | C] (Desaware Inc.)
IM31tif.dil -> %SystemRoot%\System32\IM31tif.dil -> [2008/12/17 14:21:14 | 00,086,016 | ---- | C] (Data Techniques, Inc.)
DWSPY36.dll -> %SystemRoot%\System32\DWSPY36.dll -> [2008/12/17 14:21:14 | 00,075,776 | ---- | C] (Desaware Inc.)
imtwain3.ocx -> %SystemRoot%\System32\imtwain3.ocx -> [2008/12/17 14:21:14 | 00,069,632 | ---- | C] (Data Techniques, Inc.)
IM31xtif.del -> %SystemRoot%\System32\IM31xtif.del -> [2008/12/17 14:21:14 | 00,069,632 | ---- | C] (Data Techniques, Inc.)
IM31png.dil -> %SystemRoot%\System32\IM31png.dil -> [2008/12/17 14:21:14 | 00,069,632 | ---- | C] (Data Techniques, Inc.)
IM31eps.dil -> %SystemRoot%\System32\IM31eps.dil -> [2008/12/17 14:21:14 | 00,069,632 | ---- | C] (Data Techniques, Inc.)
IM31xeps.del -> %SystemRoot%\System32\IM31xeps.del -> [2008/12/17 14:21:14 | 00,061,440 | ---- | C] (Data Techniques, Inc.)
IM31xpcx.del -> %SystemRoot%\System32\IM31xpcx.del -> [2008/12/17 14:21:14 | 00,057,344 | ---- | C] (Data Techniques, Inc.)
IM31xdcx.del -> %SystemRoot%\System32\IM31xdcx.del -> [2008/12/17 14:21:14 | 00,057,344 | ---- | C] (Data Techniques, Inc.)
IM31wpg.dil -> %SystemRoot%\System32\IM31wpg.dil -> [2008/12/17 14:21:14 | 00,057,344 | ---- | C] (Data Techniques, Inc.)
IM31pcx.dil -> %SystemRoot%\System32\IM31pcx.dil -> [2008/12/17 14:21:14 | 00,057,344 | ---- | C] (Data Techniques, Inc.)
IM31wmf.dil -> %SystemRoot%\System32\IM31wmf.dil -> [2008/12/17 14:21:14 | 00,053,248 | ---- | C] (Data Techniques, Inc.)
DFInfo32.OCX -> %SystemRoot%\System32\DFInfo32.OCX -> [2008/12/17 14:21:14 | 00,051,200 | ---- | C] ()
IM31xbmp.del -> %SystemRoot%\System32\IM31xbmp.del -> [2008/12/17 14:21:14 | 00,049,152 | ---- | C] (Data Techniques, Inc.)
IM31tga.dil -> %SystemRoot%\System32\IM31tga.dil -> [2008/12/17 14:21:14 | 00,049,152 | ---- | C] (Data Techniques, Inc.)
IM31pcd.dil -> %SystemRoot%\System32\IM31pcd.dil -> [2008/12/17 14:21:14 | 00,049,152 | ---- | C] (Data Techniques, Inc.)
IM31img.dil -> %SystemRoot%\System32\IM31img.dil -> [2008/12/17 14:21:14 | 00,049,152 | ---- | C] (Data Techniques, Inc.)
IM31bmp.dil -> %SystemRoot%\System32\IM31bmp.dil -> [2008/12/17 14:21:14 | 00,049,152 | ---- | C] (Data Techniques, Inc.)
INETWH32.dll -> %SystemRoot%\System32\INETWH32.dll -> [2008/12/17 14:21:14 | 00,049,152 | ---- | C] (Blue Sky Software Corporation.)
stamin32.tlb -> %SystemRoot%\System32\stamin32.tlb -> [2008/12/17 14:21:14 | 00,046,204 | ---- | C] ()
AtlasWinSE.ocx -> %SystemRoot%\System32\AtlasWinSE.ocx -> [2008/12/17 14:21:13 | 03,756,032 | ---- | C] (Matrix Software)
HHActiveX.dll -> %SystemRoot%\System32\HHActiveX.dll -> [2008/12/17 14:21:13 | 00,446,464 | ---- | C] (eHelp Corporation.)
SysUtils.ocx -> %SystemRoot%\System32\SysUtils.ocx -> [2008/12/17 14:21:13 | 00,040,960 | ---- | C] (Matrix Software, Inc)
iConC.ocx -> %SystemRoot%\System32\iConC.ocx -> [2008/12/17 14:21:13 | 00,028,672 | ---- | C] (Indecotec Systems Consulting CC)
MSJT4JLT.DLL -> %SystemRoot%\System32\MSJT4JLT.DLL -> [2008/12/17 14:21:12 | 01,234,704 | ---- | C] (Microsoft Corporation)
MSREPL35.DLL -> %SystemRoot%\System32\MSREPL35.DLL -> [2008/12/17 14:21:12 | 00,430,080 | ---- | C] (Microsoft Corporation)
msrd2x35.dll -> %SystemRoot%\System32\msrd2x35.dll -> [2008/12/17 14:21:12 | 00,252,176 | ---- | C] (Microsoft Corporation)
msjint35.dll -> %SystemRoot%\System32\msjint35.dll -> [2008/12/17 14:21:12 | 00,123,664 | ---- | C] (Microsoft Corporation)
msjter35.dll -> %SystemRoot%\System32\msjter35.dll -> [2008/12/17 14:21:12 | 00,024,848 | ---- | C] (Microsoft Corporation)
MSCOMCTL.OCX -> %SystemRoot%\System32\MSCOMCTL.OCX -> [2008/12/17 14:21:11 | 01,081,616 | ---- | C] (Microsoft Corporation)
msjet35.dll -> %SystemRoot%\System32\msjet35.dll -> [2008/12/17 14:21:11 | 01,050,384 | ---- | C] (Microsoft Corporation)
MSCOMCT2.OCX -> %SystemRoot%\System32\MSCOMCT2.OCX -> [2008/12/17 14:21:11 | 00,662,288 | ---- | C] (Microsoft Corporation)
COMCTL32.OCX -> %SystemRoot%\System32\COMCTL32.OCX -> [2008/12/17 14:21:11 | 00,609,824 | ---- | C] (Microsoft Corporation)
COMCT332.OCX -> %SystemRoot%\System32\COMCT332.OCX -> [2008/12/17 14:21:11 | 00,416,528 | ---- | C] (Microsoft Corporation )
MSFLXGRD.OCX -> %SystemRoot%\System32\MSFLXGRD.OCX -> [2008/12/17 14:21:11 | 00,260,880 | ---- | C] (Microsoft Corporation)
richtx32.ocx -> %SystemRoot%\System32\richtx32.ocx -> [2008/12/17 14:21:11 | 00,260,096 | ---- | C] (Microsoft Corporation)
tabctl32.ocx -> %SystemRoot%\System32\tabctl32.ocx -> [2008/12/17 14:21:11 | 00,209,608 | ---- | C] (Microsoft Corporation)
COMCT232.OCX -> %SystemRoot%\System32\COMCT232.OCX -> [2008/12/17 14:21:11 | 00,164,144 | ---- | C] (Microsoft Corporation)
COMDLG32.OCX -> %SystemRoot%\System32\COMDLG32.OCX -> [2008/12/17 14:21:11 | 00,152,848 | ---- | C] (Microsoft Corporation)
MSMAPI32.OCX -> %SystemRoot%\System32\MSMAPI32.OCX -> [2008/12/17 14:21:11 | 00,137,000 | ---- | C] (Microsoft Corporation)
MSINET.OCX -> %SystemRoot%\System32\MSINET.OCX -> [2008/12/17 14:21:11 | 00,132,880 | ---- | C] (Microsoft Corporation)
MSSTDFMT.DLL -> %SystemRoot%\System32\MSSTDFMT.DLL -> [2008/12/17 14:21:11 | 00,119,808 | ---- | C] (Microsoft Corporation)
VB5DB.DLL -> %SystemRoot%\System32\VB5DB.DLL -> [2008/12/17 14:21:11 | 00,089,360 | ---- | C] (Microsoft Corporation)
PICCLP32.OCX -> %SystemRoot%\System32\PICCLP32.OCX -> [2008/12/17 14:21:11 | 00,083,144 | ---- | C] (Microsoft Corporation)
SYSINFO.OCX -> %SystemRoot%\System32\SYSINFO.OCX -> [2008/12/17 14:21:11 | 00,067,376 | ---- | C] (Microsoft Corporation)
SSUBTMR.DLL -> %SystemRoot%\System32\SSUBTMR.DLL -> [2008/12/17 14:21:11 | 00,027,648 | ---- | C] (<none>)
wsxpdemo.exe -> %UserProfile%\Desktop\wsxpdemo.exe -> [2008/12/17 14:17:10 | 80,604,425 | ---- | C] ()
Matrix -> %ProgramFiles%\Matrix -> [2008/12/17 14:11:37 | 00,000,000 | ---D | C]
Adobe -> %UserProfile%\Local Settings\Application Data\Adobe -> [2008/12/16 12:32:20 | 00,000,000 | ---D | C]
FLEXnet -> %AllUsersProfile%\Application Data\FLEXnet -> [2008/12/16 12:29:47 | 00,000,000 | ---D | C]
Scanner -> %CommonProgramFiles%\Scanner -> [2008/12/15 21:48:01 | 00,000,000 | ---D | C]
CA Yahoo! Anti-Spy -> %ProgramFiles%\CA Yahoo! Anti-Spy -> [2008/12/15 21:47:59 | 00,000,000 | ---D | C]
ca_yahooantispy_211_setup_en.exe -> %UserProfile%\Desktop\ca_yahooantispy_211_setup_en.exe -> [2008/12/15 21:47:43 | 02,904,384 | ---- | C] (CA)
My Google Gadgets -> %UserProfile%\My Documents\My Google Gadgets -> [2008/12/15 21:43:16 | 00,000,000 | ---D | C]
Adobe -> %AllUsersProfile%\Application Data\Adobe -> [2008/12/15 18:36:59 | 00,000,000 | ---D | C]
Bonjour -> %ProgramFiles%\Bonjour -> [2008/12/15 18:36:25 | 00,000,000 | ---D | C]
Adobe -> %ProgramFiles%\Adobe -> [2008/12/15 18:31:53 | 00,000,000 | ---D | C]
Macrovision Shared -> %CommonProgramFiles%\Macrovision Shared -> [2008/12/15 18:31:30 | 00,000,000 | ---D | C]
$MSI31Uninstall_KB893803v2$ -> %SystemRoot%\$MSI31Uninstall_KB893803v2$ -> [2008/12/15 18:30:18 | 00,000,000 | -H-D | C]
Adobe -> %CommonProgramFiles%\Adobe -> [2008/12/15 18:29:56 | 00,000,000 | ---D | C]
bills.rtf -> %UserProfile%\My Documents\bills.rtf -> [2008/12/15 18:28:46 | 00,000,221 | ---- | C] ()
camera.rtf -> %UserProfile%\My Documents\camera.rtf -> [2008/12/15 18:10:45 | 00,002,955 | ---- | C] ()
mac.rtf -> %UserProfile%\My Documents\mac.rtf -> [2008/12/15 18:03:07 | 00,000,479 | ---- | C] ()
tiffanys.rtf -> %UserProfile%\My Documents\tiffanys.rtf -> [2008/12/15 17:56:20 | 00,000,611 | ---- | C] ()
DivX -> %AppData%\DivX -> [2008/12/14 18:54:32 | 00,000,000 | ---D | C]
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2008/12/14 18:07:12 | 00,049,664 | ---- | C] ()
Google -> %UserProfile%\Local Settings\Application Data\Google -> [2008/12/14 18:06:58 | 00,000,000 | ---D | C]
Google -> %ProgramFiles%\Google -> [2008/12/14 18:06:52 | 00,000,000 | ---D | C]
DivX Player.lnk -> %AllUsersProfile%\Desktop\DivX Player.lnk -> [2008/12/14 18:06:41 | 00,000,795 | ---- | C] ()
DivX Movies.lnk -> %UserProfile%\Desktop\DivX Movies.lnk -> [2008/12/14 18:06:36 | 00,001,431 | ---- | C] ()
My Videos -> %UserProfile%\My Documents\My Videos -> [2008/12/14 18:06:36 | 00,000,000 | R--D | C]
DivX Converter.lnk -> %AllUsersProfile%\Desktop\DivX Converter.lnk -> [2008/12/14 18:06:35 | 00,000,806 | ---- | C] ()
DivX -> %ProgramFiles%\DivX -> [2008/12/14 18:06:27 | 00,000,000 | ---D | C]
msvcp71.dll -> %SystemRoot%\System32\msvcp71.dll -> [2008/12/14 18:04:37 | 00,499,712 | ---- | C] (Microsoft Corporation)
msvcr71.dll -> %SystemRoot%\System32\msvcr71.dll -> [2008/12/14 18:04:37 | 00,348,160 | ---- | C] (Microsoft Corporation)
pthreadGC2.dll -> %SystemRoot%\System32\pthreadGC2.dll -> [2008/12/14 18:04:37 | 00,060,273 | ---- | C] (Open Source Software community project)
ff_vfw.dll -> %SystemRoot%\System32\ff_vfw.dll -> [2008/12/14 18:04:37 | 00,007,680 | ---- | C] ()
ff_vfw.dll.manifest -> %SystemRoot%\System32\ff_vfw.dll.manifest -> [2008/12/14 18:04:37 | 00,000,547 | ---- | C] ()
ffdshow -> %ProgramFiles%\ffdshow -> [2008/12/14 18:04:37 | 00,000,000 | ---D | C]
xvidcore.dll -> %SystemRoot%\System32\xvidcore.dll -> [2008/12/14 18:04:13 | 00,765,952 | ---- | C] ()
xvidvfw.dll -> %SystemRoot%\System32\xvidvfw.dll -> [2008/12/14 18:04:13 | 00,180,224 | ---- | C] ()
xvid.ax -> %SystemRoot%\System32\xvid.ax -> [2008/12/14 18:04:13 | 00,077,824 | ---- | C] ()
Xvid -> %ProgramFiles%\Xvid -> [2008/12/14 18:04:13 | 00,000,000 | ---D | C]
wmpns.dll -> %SystemRoot%\System32\wmpns.dll -> [2008/12/14 17:45:29 | 00,221,184 | ---- | C] (Microsoft Corporation)
Downloads -> %UserProfile%\My Documents\Downloads -> [2008/12/13 16:07:48 | 00,000,000 | ---D | C]
µTorrent.lnk -> %UserProfile%\Desktop\µTorrent.lnk -> [2008/12/13 16:04:14 | 00,000,630 | ---- | C] ()
uTorrent -> %ProgramFiles%\uTorrent -> [2008/12/13 16:04:13 | 00,000,000 | ---D | C]
uTorrent -> %AppData%\uTorrent -> [2008/12/13 16:04:12 | 00,000,000 | ---D | C]
divine caroline.rtf -> %UserProfile%\My Documents\divine caroline.rtf -> [2008/12/13 01:35:38 | 00,003,589 | ---- | C] ()
USBSTOR.SYS -> %SystemRoot%\System32\drivers\USBSTOR.SYS -> [2008/12/11 16:08:59 | 00,026,496 | ---- | C] (Microsoft Corporation)
usbstor.sys -> %SystemRoot%\System32\dllcache\usbstor.sys -> [2008/12/11 16:08:59 | 00,026,496 | ---- | C] (Microsoft Corporation)
ptpusb.dll -> %SystemRoot%\System32\ptpusb.dll -> [2008/12/11 15:50:20 | 00,005,632 | ---- | C] (Microsoft Corporation)
ptpusd.dll -> %SystemRoot%\System32\ptpusd.dll -> [2008/12/11 15:50:18 | 00,159,232 | ---- | C] (Microsoft Corporation)
usbscan.sys -> %SystemRoot%\System32\drivers\usbscan.sys -> [2008/12/11 15:50:17 | 00,015,104 | ---- | C] (Microsoft Corporation)
usbscan.sys -> %SystemRoot%\System32\dllcache\usbscan.sys -> [2008/12/11 15:50:17 | 00,015,104 | ---- | C] (Microsoft Corporation)
myspace friends.rtf -> %UserProfile%\My Documents\myspace friends.rtf -> [2008/12/11 00:15:17 | 00,001,097 | ---- | C] ()
Sun -> %SystemRoot%\Sun -> [2008/12/10 22:16:48 | 00,000,000 | ---D | C]
Java -> %ProgramFiles%\Java -> [2008/12/10 22:16:10 | 00,000,000 | ---D | C]
Sun -> %AppData%\Sun -> [2008/12/10 22:15:27 | 00,000,000 | ---D | C]
GDIPFONTCACHEV1.DAT -> %UserProfile%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT -> [2008/12/10 20:49:26 | 00,014,280 | ---- | C] ()
My Videos -> %AllUsersProfile%\Documents\My Videos -> [2008/12/10 20:49:25 | 00,000,000 | R--D | C]
SoftwareDistribution -> %SystemRoot%\SoftwareDistribution -> [2008/12/10 20:49:02 | 00,000,000 | ---D | C]
Microsoft -> %SystemRoot%\System32\Microsoft -> [2008/12/10 20:49:00 | 00,000,000 | --SD | C]
Prefetch -> %SystemRoot%\Prefetch -> [2008/12/10 20:49:00 | 00,000,000 | ---D | C]
WMSysPr9.prx -> %SystemRoot%\WMSysPr9.prx -> [2008/12/10 20:44:48 | 00,316,640 | ---- | C] ()
dpcdll.dll -> %SystemRoot%\System32\dllcache\dpcdll.dll -> [2008/12/10 20:44:34 | 00,096,768 | ---- | C] (Microsoft Corporation)
vbicodec.ax -> %SystemRoot%\System32\vbicodec.ax -> [2008/12/10 20:44:32 | 00,053,248 | ---- | C] ()
irbus.sys -> %SystemRoot%\System32\drivers\irbus.sys -> [2008/12/10 20:44:32 | 00,040,832 | ---- | C] (Microsoft Corporation)
asr_pfu.exe -> %SystemRoot%\System32\asr_pfu.exe -> [2008/12/10 20:44:32 | 00,032,768 | ---- | C] (Microsoft Corporation)
spiisupd.exe -> %SystemRoot%\System32\spiisupd.exe -> [2008/12/10 20:44:32 | 00,012,800 | ---- | C] (Microsoft Corporation)
comsdupd.exe -> %SystemRoot%\System32\comsdupd.exe -> [2008/12/10 20:44:32 | 00,009,728 | ---- | C] (Microsoft Corporation)
wstrenderer.ax -> %SystemRoot%\System32\wstrenderer.ax -> [2008/12/10 20:44&

[kahdah]

Hi can you upload the Otscan it file Here please some was cut off.

[Xenexodous]

I have sent the OTSCANIT info to the link you asked me to. Thank you.

[kahdah]

Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Unregister Dlls]
[Processes - Safe List]
YY -> qbiugp.exe -> %AppData%\Microsoft\Windows\qbiugp.exe
YY -> speedrunner.exe -> %AppData%\SpeedRunner\SpeedRunner.exe
YN -> stf45d.tmp -> %SystemDrive%\DOCUME~1\RANDR~1\LOCALS~1\Temp\stf45D.tmp
[Registry - Safe List]
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YY -> {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} [HKLM] -> %SystemRoot%\system32\hgGvtroO.dll [Reg Error: Value  does not exist or could not be read.]
YY -> {B7122DBD-5F51-4C8F-82AF-E5019186BEF7} [HKLM] -> %SystemRoot%\system32\byXPHwVN.dll [Reg Error: Value  does not exist or could not be read.]
YY -> {f8487f44-974a-4620-94a0-2914509e786e} [HKLM] -> %SystemRoot%\system32\vhkodq.dll [Reg Error: Value  does not exist or could not be read.]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> "409aa801" -> %SystemRoot%\system32\dumkdtmi.dll [rundll32.exe "C:\WINDOWS\system32\dumkdtmi.dll",b]
YY -> "winssvc" -> %AppData%\Google\pzpsp23511834.exe ["C:\Documents and Settings\R and R\Application Data\Google\pzpsp23511834.exe" 2]
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> "gadcom" -> %AppData%\gadcom\gadcom.exe ["C:\Documents and Settings\R and R\Application Data\gadcom\gadcom.exe" 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139]
YY -> "SfKg6wIP" -> %AppData%\Microsoft\Windows\qbiugp.exe [C:\Documents and Settings\R and R\Application Data\Microsoft\Windows\qbiugp.exe]
YY -> "SpeedRunner" -> %AppData%\SpeedRunner\SpeedRunner.exe [C:\Documents and Settings\R and R\Application Data\SpeedRunner\SpeedRunner.exe]
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls
YY -> vhkodq.dll -> %SystemRoot%\system32\vhkodq.dll
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
YY -> hgGvtroO -> %SystemRoot%\system32\hgGvtroO.dll
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
YY -> "{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}" [HKLM] -> %SystemRoot%\system32\hgGvtroO.dll []
< LSA Authentication Packages [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages
*LSA Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages
YY -> C:\WINDOWS\system32\byXPHwVN -> %SystemRoot%\system32\byXPHwVN.dll
< LSA Authentication Packages [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
YN -> "C:\WINDOWS\system32\drivers\svchost.exe" -> C:\WINDOWS\system32\drivers\svchost.exe [C:\WINDOWS\system32\drivers\svchost.exe:*:Disabled:svchost]
[Files/Folders - Created Within 30 Days]
NY -> SpeedRunner -> %AppData%\SpeedRunner
NY -> vhkodq.dll -> %SystemRoot%\System32\vhkodq.dll
NY -> xybduwrw.dll -> %SystemRoot%\System32\xybduwrw.dll
NY -> imtdkmud.ini -> %SystemRoot%\System32\imtdkmud.ini
NY -> dumkdtmi.dll -> %SystemRoot%\System32\dumkdtmi.dll
NY -> Webtools -> %ProgramFiles%\Webtools
NY -> Mjcore -> %ProgramFiles%\Mjcore
NY -> awtttuSL.dll -> %SystemRoot%\System32\awtttuSL.dll
NY -> mlJdBTNH.dll -> %SystemRoot%\System32\mlJdBTNH.dll
NY -> VirusRemover2008 -> %ProgramFiles%\VirusRemover2008
NY -> gadcom -> %AppData%\gadcom
NY -> ssqOHbBr.dll -> %SystemRoot%\System32\ssqOHbBr.dll
NY -> Sysvxd.exe -> %SystemRoot%\Sysvxd.exe
NY -> yljxtp.dll -> %SystemRoot%\System32\yljxtp.dll
NY -> oejjctlc.dll -> %SystemRoot%\System32\oejjctlc.dll
NY -> qqflfcqy.ini -> %SystemRoot%\System32\qqflfcqy.ini
NY -> yqcflfqq.dll -> %SystemRoot%\System32\yqcflfqq.dll
NY -> NVwHPXyb.ini2 -> %SystemRoot%\System32\NVwHPXyb.ini2
NY -> NVwHPXyb.ini -> %SystemRoot%\System32\NVwHPXyb.ini
NY -> byXPHwVN.dll -> %SystemRoot%\System32\byXPHwVN.dll
NY -> hdxyuvly.job -> %SystemRoot%\tasks\hdxyuvly.job
NY -> khfCUkhE.dll -> %SystemRoot%\System32\khfCUkhE.dll
NY -> hgGvtroO.dll -> %SystemRoot%\System32\hgGvtroO.dll
NY -> prunnet.exe -> %SystemRoot%\System32\prunnet.exe
[Files/Folders - Modified Within 30 Days]
NY -> NVwHPXyb.ini -> %SystemRoot%\System32\NVwHPXyb.ini
NY -> NVwHPXyb.ini2 -> %SystemRoot%\System32\NVwHPXyb.ini2
NY -> hdxyuvly.job -> %SystemRoot%\tasks\hdxyuvly.job
NY -> xybduwrw.dll -> %SystemRoot%\System32\xybduwrw.dll
NY -> vhkodq.dll -> %SystemRoot%\System32\vhkodq.dll
NY -> imtdkmud.ini -> %SystemRoot%\System32\imtdkmud.ini
NY -> dumkdtmi.dll -> %SystemRoot%\System32\dumkdtmi.dll
NY -> awtttuSL.dll -> %SystemRoot%\System32\awtttuSL.dll
NY -> mlJdBTNH.dll -> %SystemRoot%\System32\mlJdBTNH.dll
NY -> qqflfcqy.ini -> %SystemRoot%\System32\qqflfcqy.ini
NY -> ssqOHbBr.dll -> %SystemRoot%\System32\ssqOHbBr.dll
NY -> Sysvxd.exe -> %SystemRoot%\Sysvxd.exe
NY -> yljxtp.dll -> %SystemRoot%\System32\yljxtp.dll
NY -> oejjctlc.dll -> %SystemRoot%\System32\oejjctlc.dll
NY -> yqcflfqq.dll -> %SystemRoot%\System32\yqcflfqq.dll
NY -> byXPHwVN.dll -> %SystemRoot%\System32\byXPHwVN.dll
NY -> khfCUkhE.dll -> %SystemRoot%\System32\khfCUkhE.dll
NY -> hgGvtroO.dll -> %SystemRoot%\System32\hgGvtroO.dll
NY -> prunnet.exe -> %SystemRoot%\System32\prunnet.exe
[File - Lop Check]
NY -> gadcom -> C:\Documents and Settings\R and R\Application Data\gadcom
NY -> hdxyuvly.job -> C:\WINDOWS\Tasks\hdxyuvly.job
[Custom Items]
:zipfilestoupload
%AppData%\Google\pzpsp23511834.exe
:SENDTOMRC
channel=44
link=www.geekstogo.com/forum/index.php?showtopic=222532&view=getnewpost
:end
[Start Explorer]
[Empty Temp Folders]

The fix should only take a very short time. When the fix is completed either a message box will popup telling you that it is finished or you will be asked to reboot to finish the fix. If it is finished, click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here.
If a reboot is required, click the "Yes" button to reboot the machine. After the reboot, OTScanIt will finish moving any files that could not be moved during the fix and NotePad will open with the final results at that time. Post that information back here.
I will review the information when it comes back in.
Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

[Xenexodous]

Thank you. I just did as you suggested and here is the print out below. I had to do this a couple of times as the system would freeze. Finally I got a print out:

Process Explorer.EXE killed successfully!
[Processes - Safe List]
No active process named qbiugp.exe was found!
File C:\Documents and Settings\R and R\Application Data\Microsoft\Windows\qbiugp.exe not found.
No active process named speedrunner.exe was found!
File C:\Documents and Settings\R and R\Application Data\SpeedRunner\SpeedRunner.exe not found.
No active process named stf45d.tmp was found!
[Registry - Safe List]
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}\ deleted successfully.
LoadLibrary failed for C:\WINDOWS\system32\hgGvtroO.dll
C:\WINDOWS\system32\hgGvtroO.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\hgGvtroO.dll scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B7122DBD-5F51-4C8F-82AF-E5019186BEF7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7122DBD-5F51-4C8F-82AF-E5019186BEF7}\ not found.
File C:\WINDOWS\system32\byXPHwVN.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f8487f44-974a-4620-94a0-2914509e786e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f8487f44-974a-4620-94a0-2914509e786e}\ not found.
File C:\WINDOWS\system32\vhkodq.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\409aa801 not found.
File C:\WINDOWS\system32\dumkdtmi.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\winssvc deleted successfully.
File C:\Documents and Settings\R and R\Application Data\Google\pzpsp23511834.exe not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\gadcom not found.
File C:\Documents and Settings\R and R\Application Data\gadcom\gadcom.exe not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\SfKg6wIP not found.
File C:\Documents and Settings\R and R\Application Data\Microsoft\Windows\qbiugp.exe not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\SpeedRunner not found.
File C:\Documents and Settings\R and R\Application Data\SpeedRunner\SpeedRunner.exe not found.
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:vhkodq.dll scheduled to be deleted on reboot.
File C:\WINDOWS\system32\vhkodq.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\hgGvtroO\ deleted successfully.
LoadLibrary failed for C:\WINDOWS\system32\hgGvtroO.dll
C:\WINDOWS\system32\hgGvtroO.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\hgGvtroO.dll scheduled to be moved on reboot.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}\ deleted successfully.
LoadLibrary failed for C:\WINDOWS\system32\hgGvtroO.dll
C:\WINDOWS\system32\hgGvtroO.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\hgGvtroO.dll scheduled to be moved on reboot.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages:C:\WINDOWS\system32\byXPHwVN deleted successfully.
File C:\WINDOWS\system32\byXPHwVN.dll not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\drivers\svchost.exe not found.
[Files/Folders - Created Within 30 Days]
File C:\Documents and Settings\R and R\Application Data\SpeedRunner not found!
File C:\WINDOWS\System32\vhkodq.dll not found!
File C:\WINDOWS\System32\xybduwrw.dll not found!
File C:\WINDOWS\System32\imtdkmud.ini not found!
File C:\WINDOWS\System32\dumkdtmi.dll not found!
File C:\Program Files\Webtools not found!
File C:\Program Files\Mjcore not found!
File C:\WINDOWS\System32\awtttuSL.dll not found!
File C:\WINDOWS\System32\mlJdBTNH.dll not found!
File C:\Program Files\VirusRemover2008 not found!
File C:\Documents and Settings\R and R\Application Data\gadcom not found!
File C:\WINDOWS\System32\ssqOHbBr.dll not found!
File C:\WINDOWS\Sysvxd.exe not found!
File C:\WINDOWS\System32\yljxtp.dll not found!
File C:\WINDOWS\System32\oejjctlc.dll not found!
File C:\WINDOWS\System32\qqflfcqy.ini not found!
File C:\WINDOWS\System32\yqcflfqq.dll not found!
File C:\WINDOWS\System32\NVwHPXyb.ini2 not found!
File C:\WINDOWS\System32\NVwHPXyb.ini not found!
File C:\WINDOWS\System32\byXPHwVN.dll not found!
File C:\WINDOWS\tasks\hdxyuvly.job not found!
File C:\WINDOWS\System32\khfCUkhE.dll not found!
LoadLibrary failed for C:\WINDOWS\System32\hgGvtroO.dll
C:\WINDOWS\System32\hgGvtroO.dll NOT unregistered.
File move failed. C:\WINDOWS\System32\hgGvtroO.dll scheduled to be moved on reboot.
File C:\WINDOWS\System32\prunnet.exe not found!
[Files/Folders - Modified Within 30 Days]
File C:\WINDOWS\System32\NVwHPXyb.ini not found!
File C:\WINDOWS\System32\NVwHPXyb.ini2 not found!
File C:\WINDOWS\tasks\hdxyuvly.job not found!
File C:\WINDOWS\System32\xybduwrw.dll not found!
File C:\WINDOWS\System32\vhkodq.dll not found!
File C:\WINDOWS\System32\imtdkmud.ini not found!
File C:\WINDOWS\System32\dumkdtmi.dll not found!
File C:\WINDOWS\System32\awtttuSL.dll not found!
File C:\WINDOWS\System32\mlJdBTNH.dll not found!
File C:\WINDOWS\System32\qqflfcqy.ini not found!
File C:\WINDOWS\System32\ssqOHbBr.dll not found!
File C:\WINDOWS\Sysvxd.exe not found!
File C:\WINDOWS\System32\yljxtp.dll not found!
File C:\WINDOWS\System32\oejjctlc.dll not found!
File C:\WINDOWS\System32\yqcflfqq.dll not found!
File C:\WINDOWS\System32\byXPHwVN.dll not found!
File C:\WINDOWS\System32\khfCUkhE.dll not found!
LoadLibrary failed for C:\WINDOWS\System32\hgGvtroO.dll
C:\WINDOWS\System32\hgGvtroO.dll NOT unregistered.
File move failed. C:\WINDOWS\System32\hgGvtroO.dll scheduled to be moved on reboot.
File C:\WINDOWS\System32\prunnet.exe not found!
[File - Lop Check]
File C:\Documents and Settings\R and R\Application Data\gadcom not found!
File C:\WINDOWS\Tasks\hdxyuvly.job not found!
[Custom Items]
Zip file C:\Documents and Settings\R and R\My Documents\OTScanIt2\12282008_231303.zip created
File: C:\_OTScanIt\MovedFiles\12282008_231303\%AppData%\Google\pzpsp23511834.exe not found
File: C:\Documents and Settings\R and R\My Documents\OTScanIt2\12282008_231303.zip uploaded successfully.
Explorer started successfully
[Empty Temp Folders]
File delete failed. C:\Documents and Settings\R and R\Local Settings\Temp\Perflib_Perfdata_758.dat scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\_avast4_\unp124514617.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_17c.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_4ec.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_980.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\R and R\Local Settings\Application Data\Mozilla\Firefox\Profiles\ekvd1k64.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\R and R\Local Settings\Application Data\Mozilla\Firefox\Profiles\ekvd1k64.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\R and R\Local Settings\Application Data\Mozilla\Firefox\Profiles\ekvd1k64.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\R and R\Local Settings\Application Data\Mozilla\Firefox\Profiles\ekvd1k64.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
FireFox cache emptied.
RecycleBin -> emptied.
< End of fix log >
OTScanIt2 by OldTimer - Version 1.0.4.1 fix logfile created on 12282008_231303

Files moved on Reboot...
File move failed. C:\WINDOWS\system32\hgGvtroO.dll scheduled to be moved on reboot.
File C:\Documents and Settings\R and R\Local Settings\Temp\Perflib_Perfdata_758.dat not found!
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat moved successfully.
File C:\WINDOWS\temp\_avast4_\unp124514617.tmp not found!
File C:\WINDOWS\temp\_avast4_\Webshlock.txt not found!
File C:\WINDOWS\temp\Perflib_Perfdata_17c.dat not found!
File C:\WINDOWS\temp\Perflib_Perfdata_4ec.dat not found!
C:\WINDOWS\temp\Perflib_Perfdata_980.dat moved successfully.
C:\Documents and Settings\R and R\Local Settings\Application Data\Mozilla\Firefox\Profiles\ekvd1k64.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\R and R\Local Settings\Application Data\Mozilla\Firefox\Profiles\ekvd1k64.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\R and R\Local Settings\Application Data\Mozilla\Firefox\Profiles\ekvd1k64.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\R and R\Local Settings\Application Data\Mozilla\Firefox\Profiles\ekvd1k64.default\Cache\_CACHE_MAP_ moved successfully.

Registry entries deleted on Reboot...
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:vhkodq.dll scheduled to be deleted on reboot.


Many thanks for allf your assistance :0)
~R

[Xenexodous]

Thank you. I just did as you suggested and here is the print out below. I had to do this a couple of times as the system would freeze. Finally I got a print out:

Process Explorer.EXE killed successfully!
[Processes - Safe List]
No active process named qbiugp.exe was found!
File C:\Documents and Settings\R and R\Application Data\Microsoft\Windows\qbiugp.exe not found.
No active process named speedrunner.exe was found!
File C:\Documents and Settings\R and R\Application Data\SpeedRunner\SpeedRunner.exe not found.
No active process named stf45d.tmp was found!
[Registry - Safe List]
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}\ deleted successfully.
LoadLibrary failed for C:\WINDOWS\system32\hgGvtroO.dll
C:\WINDOWS\system32\hgGvtroO.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\hgGvtroO.dll scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B7122DBD-5F51-4C8F-82AF-E5019186BEF7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7122DBD-5F51-4C8F-82AF-E5019186BEF7}\ not found.
File C:\WINDOWS\system32\byXPHwVN.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f8487f44-974a-4620-94a0-2914509e786e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f8487f44-974a-4620-94a0-2914509e786e}\ not found.
File C:\WINDOWS\system32\vhkodq.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\409aa801 not found.
File C:\WINDOWS\system32\dumkdtmi.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\winssvc deleted successfully.
File C:\Documents and Settings\R and R\Application Data\Google\pzpsp23511834.exe not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\gadcom not found.
File C:\Documents and Settings\R and R\Application Data\gadcom\gadcom.exe not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\SfKg6wIP not found.
File C:\Documents and Settings\R and R\Application Data\Microsoft\Windows\qbiugp.exe not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\SpeedRunner not found.
File C:\Documents and Settings\R and R\Application Data\SpeedRunner\SpeedRunner.exe not found.
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:vhkodq.dll scheduled to be deleted on reboot.
File C:\WINDOWS\system32\vhkodq.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\hgGvtroO\ deleted successfully.
LoadLibrary failed for C:\WINDOWS\system32\hgGvtroO.dll
C:\WINDOWS\system32\hgGvtroO.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\hgGvtroO.dll scheduled to be moved on reboot.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}\ deleted successfully.
LoadLibrary failed for C:\WINDOWS\system32\hgGvtroO.dll
C:\WINDOWS\system32\hgGvtroO.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\hgGvtroO.dll scheduled to be moved on reboot.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages:C:\WINDOWS\system32\byXPHwVN deleted successfully.
File C:\WINDOWS\system32\byXPHwVN.dll not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\drivers\svchost.exe not found.
[Files/Folders - Created Within 30 Days]
File C:\Documents and Settings\R and R\Application Data\SpeedRunner not found!
File C:\WINDOWS\System32\vhkodq.dll not found!
File C:\WINDOWS\System32\xybduwrw.dll not found!
File C:\WINDOWS\System32\imtdkmud.ini not found!
File C:\WINDOWS\System32\dumkdtmi.dll not found!
File C:\Program Files\Webtools not found!
File C:\Program Files\Mjcore not found!
File C:\WINDOWS\System32\awtttuSL.dll not found!
File C:\WINDOWS\System32\mlJdBTNH.dll not found!
File C:\Program Files\VirusRemover2008 not found!
File C:\Documents and Settings\R and R\Application Data\gadcom not found!
File C:\WINDOWS\System32\ssqOHbBr.dll not found!
File C:\WINDOWS\Sysvxd.exe not found!
File C:\WINDOWS\System32\yljxtp.dll not found!
File C:\WINDOWS\System32\oejjctlc.dll not found!
File C:\WINDOWS\System32\qqflfcqy.ini not found!
File C:\WINDOWS\System32\yqcflfqq.dll not found!
File C:\WINDOWS\System32\NVwHPXyb.ini2 not found!
File C:\WINDOWS\System32\NVwHPXyb.ini not found!
File C:\WINDOWS\System32\byXPHwVN.dll not found!
File C:\WINDOWS\tasks\hdxyuvly.job not found!
File C:\WINDOWS\System32\khfCUkhE.dll not found!
LoadLibrary failed for C:\WINDOWS\System32\hgGvtroO.dll
C:\WINDOWS\System32\hgGvtroO.dll NOT unregistered.
File move failed. C:\WINDOWS\System32\hgGvtroO.dll scheduled to be moved on reboot.
File C:\WINDOWS\System32\prunnet.exe not found!
[Files/Folders - Modified Within 30 Days]
File C:\WINDOWS\System32\NVwHPXyb.ini not found!
File C:\WINDOWS\System32\NVwHPXyb.ini2 not found!
File C:\WINDOWS\tasks\hdxyuvly.job not found!
File C:\WINDOWS\System32\xybduwrw.dll not found!
File C:\WINDOWS\System32\vhkodq.dll not found!
File C:\WINDOWS\System32\imtdkmud.ini not found!
File C:\WINDOWS\System32\dumkdtmi.dll not found!
File C:\WINDOWS\System32\awtttuSL.dll not found!
File C:\WINDOWS\System32\mlJdBTNH.dll not found!
File C:\WINDOWS\System32\qqflfcqy.ini not found!
File C:\WINDOWS\System32\ssqOHbBr.dll not found!
File C:\WINDOWS\Sysvxd.exe not found!
File C:\WINDOWS\System32\yljxtp.dll not found!
File C:\WINDOWS\System32\oejjctlc.dll not found!
File C:\WINDOWS\System32\yqcflfqq.dll not found!
File C:\WINDOWS\System32\byXPHwVN.dll not found!
File C:\WINDOWS\System32\khfCUkhE.dll not found!
LoadLibrary failed for C:\WINDOWS\System32\hgGvtroO.dll
C:\WINDOWS\System32\hgGvtroO.dll NOT unregistered.
File move failed. C:\WINDOWS\System32\hgGvtroO.dll scheduled to be moved on reboot.
File C:\WINDOWS\System32\prunnet.exe not found!
[File - Lop Check]
File C:\Documents and Settings\R and R\Application Data\gadcom not found!
File C:\WINDOWS\Tasks\hdxyuvly.job not found!
[Custom Items]
Zip file C:\Documents and Settings\R and R\My Documents\OTScanIt2\12282008_231303.zip created
File: C:\_OTScanIt\MovedFiles\12282008_231303\%AppData%\Google\pzpsp23511834.exe not found
File: C:\Documents and Settings\R and R\My Documents\OTScanIt2\12282008_231303.zip uploaded successfully.
Explorer started successfully
[Empty Temp Folders]
File delete failed. C:\Documents and Settings\R and R\Local Settings\Temp\Perflib_Perfdata_758.dat scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\_avast4_\unp124514617.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_17c.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_4ec.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_980.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\R and R\Local Settings\Application Data\Mozilla\Firefox\Profiles\ekvd1k64.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\R and R\Local Settings\Application Data\Mozilla\Firefox\Profiles\ekvd1k64.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\R and R\Local Settings\Application Data\Mozilla\Firefox\Profiles\ekvd1k64.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\R and R\Local Settings\Application Data\Mozilla\Firefox\Profiles\ekvd1k64.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
FireFox cache emptied.
RecycleBin -> emptied.
< End of fix log >
OTScanIt2 by OldTimer - Version 1.0.4.1 fix logfile created on 12282008_231303

Files moved on Reboot...
File move failed. C:\WINDOWS\system32\hgGvtroO.dll scheduled to be moved on reboot.
File C:\Documents and Settings\R and R\Local Settings\Temp\Perflib_Perfdata_758.dat not found!
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat moved successfully.
File C:\WINDOWS\temp\_avast4_\unp124514617.tmp not found!
File C:\WINDOWS\temp\_avast4_\Webshlock.txt not found!
File C:\WINDOWS\temp\Perflib_Perfdata_17c.dat not found!
File C:\WINDOWS\temp\Perflib_Perfdata_4ec.dat not found!
C:\WINDOWS\temp\Perflib_Perfdata_980.dat moved successfully.
C:\Documents and Settings\R and R\Local Settings\Application Data\Mozilla\Firefox\Profiles\ekvd1k64.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\R and R\Local Settings\Application Data\Mozilla\Firefox\Profiles\ekvd1k64.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\R and R\Local Settings\Application Data\Mozilla\Firefox\Profiles\ekvd1k64.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\R and R\Local Settings\Application Data\Mozilla\Firefox\Profiles\ekvd1k64.default\Cache\_CACHE_MAP_ moved successfully.

Registry entries deleted on Reboot...
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:vhkodq.dll scheduled to be deleted on reboot.


Many thanks for allf your assistance :0)
~R

[kahdah]

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.
=====================
ALso

• Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
• Double click on RSIT.exe to run RSIT.
• Click Continue at the disclaimer screen.
• Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

[Xenexodous]

Hi Kahdah,

I have posted all three logs per your request at Bleeping Computer.com Lots it ickle nasties! Thanks for your continued assistance.
~Renée

[kahdah]

Thanks for the logs and you are welcome
==============================
Download ComboFix from one of these locations:

Link 1
Link 2
Link 3


* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  
  
• Double click on ComboFix.exe & follow the prompts.
  
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.