Internet Security 2010 yeah

OTL logfile created on: 1/8/2010 1:17:15 PM - Run 1
OTL by OldTimer - Version 3.1.21.2 Folder = C:\Documents and Settings\Steve Collins\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.00 Mb Total Physical Memory | 248.00 Mb Available Physical Memory | 49.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 63.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52.86 Gb Total Space | 39.35 Gb Free Space | 74.43% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: INSPIRON1150
Current User Name: Steve Collins
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/01/08 13:07:36 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Steve Collins\Desktop\OTL.exe
PRC - [2009/12/12 23:49:52 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/11/18 12:47:14 | 01,243,088 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsTray.exe
PRC - [2009/11/06 14:29:22 | 01,141,712 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe
PRC - [2009/10/30 11:18:16 | 00,359,624 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe
PRC - [2007/06/13 05:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/04/03 07:11:35 | 00,049,664 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG Free\avgupsvc.exe
PRC - [2005/09/20 08:36:20 | 00,114,688 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\igfxpers.exe
PRC - [2005/09/20 08:32:24 | 00,077,824 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\hkcmd.exe
PRC - [2005/09/20 08:32:16 | 00,159,744 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\igfxsrvc.exe
PRC - [2004/01/06 11:47:06 | 00,327,792 | ---- | M] (Executive Software International, Inc.) -- C:\Program Files\Executive Software\Diskeeper\DkService.exe


========== Modules (SafeList) ==========

MOD - [2099/01/01 12:00:00 | 00,093,696 | -HS- | M] () -- C:\WINDOWS\SYSTEM32\dirupahu.dll
MOD - [2099/01/01 12:00:00 | 00,053,760 | -HS- | M] () -- C:\WINDOWS\SYSTEM32\dowikabu.dll
MOD - [2010/01/08 13:07:36 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Steve Collins\Desktop\OTL.exe
MOD - [2009/12/13 00:47:25 | 00,081,920 | ---- | M] (Adobe Systems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Macromedia\SwUpdate\swupdate.dll
MOD - [2009/10/30 11:18:16 | 00,147,024 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\PCTGMhk.dll
MOD - [2009/09/09 22:54:58 | 00,155,184 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\smum32.dll
MOD - [2007/03/08 10:36:28 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\kbdsock.dll
MOD - [2006/08/25 10:45:55 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/12/12 23:49:52 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/11/10 10:28:08 | 00,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Stopped] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2009/11/06 14:29:22 | 01,141,712 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2009/10/30 11:18:16 | 00,359,624 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/08/24 21:16:36 | 00,406,016 | ---- | M] (mst software GmbH, Germany) [On_Demand | Stopped] -- C:\Program Files\Ashampoo\Ashampoo WinOptimizer 2010 Advanced\Dfsdks.exe -- (DfSdkS)
SRV - [2009/01/18 08:13:50 | 00,418,816 | ---- | M] (GRISOFT, s.r.o.) [Auto | Stopped] -- C:\Program Files\Grisoft\AVG Free\avgamsvr.exe -- (Avg7Alrt)
SRV - [2008/11/09 15:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/04/03 07:11:35 | 00,049,664 | ---- | M] (GRISOFT, s.r.o.) [Auto | Running] -- C:\Program Files\Grisoft\AVG Free\avgupsvc.exe -- (Avg7UpdSvc)
SRV - [2005/12/20 20:54:34 | 00,323,584 | ---- | M] (Apple Computer, Inc.) [On_Demand | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPodService)
SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005/03/30 15:46:56 | 00,411,920 | ---- | M] (Eastman Kodak Company) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\KodakCCS.exe -- (KodakCCS)
SRV - [2004/02/20 17:14:04 | 00,045,056 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\System32\WLTRYSVC.EXE -- (WLTRYSVC)
SRV - [2004/01/06 11:47:06 | 00,327,792 | ---- | M] (Executive Software International, Inc.) [Auto | Running] -- C:\Program Files\Executive Software\Diskeeper\DkService.exe -- (Diskeeper)


========== Driver Services (SafeList) ==========

DRV - [2009/11/20 14:56:02 | 00,021,035 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\AegisP.sys -- (AegisP) AEGIS Protocol (IEEE 802.1x)
DRV - [2009/11/09 11:20:12 | 00,207,792 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2009/01/18 08:14:02 | 00,010,760 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgclean.sys -- (AvgClean)
DRV - [2009/01/18 08:13:44 | 00,821,856 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\avg7core.sys -- (Avg7Core)
DRV - [2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\secdrv.sys -- (Secdrv)
DRV - [2007/04/03 07:12:22 | 00,027,776 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\avg7rsxp.sys -- (Avg7RsXP)
DRV - [2007/04/03 07:12:22 | 00,004,224 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avg7rsw.sys -- (Avg7RsW)
DRV - [2007/04/03 07:11:40 | 00,004,960 | ---- | M] (GRISOFT, s.r.o.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgtdi.sys -- (AvgTdi)
DRV - [2005/09/20 09:00:54 | 01,302,332 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ialmnt5.sys -- (ialm)
DRV - [2005/06/16 13:41:02 | 00,037,150 | ---- | M] (Eastman Kodak Company) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\DcCam.sys -- (DcCam)
DRV - [2005/04/01 11:43:02 | 00,066,048 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\EAPPkt.sys -- (EAPPkt)
DRV - [2005/03/31 07:00:08 | 00,152,081 | ---- | M] (Eastman Kodak Company) [Kernel | System | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ExportIt.sys -- (Exportit)
DRV - [2005/03/31 06:47:56 | 00,070,262 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\DcPtp.sys -- (DcPTP)
DRV - [2005/03/31 06:47:50 | 00,008,022 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\DcLps.sys -- (DcLps)
DRV - [2005/03/31 06:47:48 | 00,038,673 | ---- | M] (Eastman Kodak Company) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\DCFS2k.sys -- (DCFS2K)
DRV - [2005/03/31 06:47:42 | 00,061,564 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\DcFpoint.sys -- (DcFpoint)
DRV - [2005/02/18 01:28:33 | 00,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\asctrm.sys -- (ASCTRM)
DRV - [2005/02/18 01:16:15 | 00,015,781 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2005/02/02 01:21:04 | 00,014,408 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2004/12/01 03:22:00 | 00,087,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2004/11/23 02:56:00 | 00,040,480 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\drvnddm.sys -- (drvnddm)
DRV - [2004/11/16 01:05:00 | 00,100,603 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2004/11/16 01:05:00 | 00,098,714 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2004/11/16 01:05:00 | 00,086,554 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2004/11/16 01:05:00 | 00,034,843 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2004/11/16 01:05:00 | 00,025,883 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2004/11/16 01:05:00 | 00,015,227 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2004/11/16 01:05:00 | 00,006,363 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2004/11/16 01:05:00 | 00,004,123 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2004/11/16 01:05:00 | 00,002,239 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndres.sys -- (tfsndres)
DRV - [2004/11/15 16:37:52 | 00,264,440 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\stac97.sys -- (STAC97) Audio Driver (WDM)
DRV - [2004/09/23 01:03:00 | 00,020,576 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2004/08/04 06:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\PTILINK.SYS -- (Ptilink)
DRV - [2004/08/04 00:07:44 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2004/08/04 00:07:44 | 00,041,088 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2004/08/03 23:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\NV4_MINI.SYS -- (nv)
DRV - [2004/08/03 23:08:44 | 00,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\usbser.sys -- (usbser)
DRV - [2004/07/14 11:29:04 | 00,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\sscdbhk5.sys -- (sscdbhk5)
DRV - [2004/07/14 11:28:50 | 00,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ssrtln.sys -- (ssrtln)
DRV - [2004/06/30 11:39:36 | 00,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2004/05/13 20:19:22 | 00,182,688 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\SynTP.sys -- (SynTP)
DRV - [2004/03/19 11:54:24 | 00,038,912 | R--- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\P2k.sys -- (P2k)
DRV - [2004/02/20 17:13:50 | 00,312,960 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\BCMWL5.SYS -- (BCM43XX)
DRV - [2004/02/13 11:46:00 | 00,017,153 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2004/01/02 11:44:22 | 00,044,032 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2003/08/29 06:59:24 | 01,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\BCMSM.sys -- (BCMModem)
DRV - [2001/08/17 15:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 15:07:42 | 00,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 15:07:40 | 00,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 15:07:36 | 00,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 15:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 14:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 14:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 14:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 14:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 14:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 14:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 14:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 14:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 14:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 14:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 13:56:16 | 00,007,552 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\SONYPVU1.SYS -- (SONYPVU1) Sony USB Filter Driver (SONYPVU1)
DRV - [2001/08/17 13:12:10 | 00,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\E100B325.SYS -- (E100B) Intel(R)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: (734 bytes) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll (Microsoft Corporation)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (UberButton Class) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo!)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (YahooTaggedBM Class) - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll (Yahoo! Inc.)
O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
O2 - BHO: (no name) - {C2B5AAB8-2183-4be7-81A6-F11493C45872} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AntiVirus Plus] File not found
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\SYSTEM32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\SYSTEM32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\SYSTEM32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [winupdate86.exe] C:\WINDOWS\SYSTEM32\winupdate86.exe (TJbFla)
O4 - HKLM..\Run: [zehuwafob] C:\WINDOWS\System32\dirupahu.DLL ()
O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\Steve Collins\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [Internet Security 2010] C:\Program Files\InternetSecurity2010\IS2010.exe File not found
O4 - HKCU..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe File not found
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Documents and Settings\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnceEx: [] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O8 - Extra context menu item: &AOL Toolbar Search - c:\Program Files\AOL\AOL Toolbar 2.0\resources\en-us\local\search.html ()
O8 - Extra context menu item: &Yahoo! Search - C:\Program Files\Yahoo!\Common [2009/11/25 20:11:09 | 00,000,000 | ---D | M]
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Yahoo! &Dictionary - C:\Program Files\Yahoo!\Common [2009/11/25 20:11:09 | 00,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &Maps - C:\Program Files\Yahoo!\Common [2009/11/25 20:11:09 | 00,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &SMS - C:\Program Files\Yahoo!\Common [2009/11/25 20:11:09 | 00,000,000 | ---D | M]
O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo!)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra Button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: parker.com ([polprod] https in Trusted sites)
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll (Installation Support)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} https://upload.facebook.com/controls/FacebookPhotoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1123808924330 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} http://www.pcpitstop.com/mhLbl.cab (mhLabel Class)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab (ZoneIntro Class)
O16 - DPF: {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.4.0/jinstall-1_4_0-windows-i586.cab (Java Plug-in 1.4.0)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab (Java Plug-in 1.5.0_04)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab (PopCapLoader Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} http://by107fd.bay107.hotmail.msn.com/activex/HMAtchmt.ocx (Hotmail Attachments Control)
O20 - AppInit_DLLs: (dowikabu.dll) - C:\WINDOWS\System32\dowikabu.dll ()
O20 - AppInit_DLLs: (c:\windows\system32\dirupahu.dll) - C:\WINDOWS\SYSTEM32\dirupahu.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (logon.exe) - C:\WINDOWS\System32\logon.exe ()
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\winlogon86.exe) - C:\WINDOWS\SYSTEM32\winlogon86.exe (TJbFla)
O20 - HKLM Winlogon: GinaDLL - (RtlGina2.dll) - C:\WINDOWS\System32\RtlGina2.dll ()
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: lemalezat - {3bec323f-7023-47f6-9240-6f2c5e692601} - CLSID or File not found.
O21 - SSODL: SwUpdate - {009541A0-3B00-1F1C-00F3-040224001C01} - C:\Documents and Settings\All Users\Application Data\Macromedia\SwUpdate\swupdate.dllget\flashplayer\current\polarbear\ultrashim.cab File not found
O21 - SSODL: vunodiguz - {f065e614-d020-4316-bd9b-c877b962bd41} - C:\WINDOWS\SYSTEM32\dirupahu.dll ()
O22 - SharedTaskScheduler: {3bec323f-7023-47f6-9240-6f2c5e692601} - mujuzedij - Reg Error: Key error. File not found
O22 - SharedTaskScheduler: {f065e614-d020-4316-bd9b-c877b962bd41} - kupuhivus - C:\WINDOWS\SYSTEM32\dirupahu.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 14:04:08 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{24c0009e-e2bb-11de-b514-000b7d199291}\Shell - "" = AutoRun
O33 - MountPoints2\{24c0009e-e2bb-11de-b514-000b7d199291}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{24c0009e-e2bb-11de-b514-000b7d199291}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{c1c15677-b4a4-11dd-b363-0011436c0a69}\Shell\AutoRun\command - "" = setupSNK.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/01/08 13:16:52 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Steve Collins\Desktop\OTL.exe
[2010/01/08 12:23:02 | 05,061,520 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Steve Collins\Desktop\iexplore.exe
[2010/01/08 10:26:00 | 00,135,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Copy (3) of TASKMGR.EXE
[2010/01/08 10:25:13 | 00,135,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iexplore.EXE
[2010/01/08 10:23:15 | 00,135,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Copy of TASKMGR.EXE
[2010/01/07 17:32:40 | 00,024,064 | ---- | C] (TJbFla) -- C:\WINDOWS\System32\winupdate86.exe
[2010/01/07 16:02:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Steve Collins\Application Data\AntiVirus Plus
[2010/01/05 18:06:54 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/05 18:06:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/01/05 18:06:43 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/05 18:05:48 | 00,000,000 | ---D | C] -- C:\Program Files\TrendMicro
[2010/01/05 16:16:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RegCure
[2010/01/05 16:16:51 | 00,000,000 | ---D | C] -- C:\Program Files\RegCure
[2010/01/05 14:11:03 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/01/05 13:39:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Steve Collins\Local Settings\Application Data\Threat Expert
[2010/01/05 13:04:18 | 01,640,400 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2010/01/05 13:04:18 | 00,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2010/01/05 13:04:18 | 00,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2010/01/05 13:04:10 | 00,233,136 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2010/01/05 13:03:54 | 00,207,792 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2010/01/05 13:03:54 | 00,087,784 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2010/01/05 13:03:46 | 00,070,408 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2010/01/05 13:03:39 | 00,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/01/05 13:03:39 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/01/05 13:03:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Steve Collins\Application Data\PC Tools
[2010/01/05 13:03:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2010/01/05 13:03:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/01/04 22:40:10 | 00,000,000 | ---D | C] -- C:\Program Files\InternetSecurity2010
[2010/01/04 22:24:08 | 00,024,064 | ---- | C] (TJbFla) -- C:\WINDOWS\System32\winlogon86.exe
[2010/01/04 22:23:57 | 00,044,544 | ---- | C] (tzuk) -- C:\afburr.exe
[2010/01/04 22:23:56 | 00,024,064 | ---- | C] (TJbFla) -- C:\khkil.exe
[2009/12/30 01:22:14 | 00,028,160 | ---- | C] (mst software GmbH, Germany) -- C:\WINDOWS\System32\DfSdkBt.exe
[2009/12/30 01:22:08 | 00,000,000 | ---D | C] -- C:\Program Files\Ashampoo
[2009/12/29 20:30:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Steve Collins\Local Settings\Application Data\Temp
[2009/12/24 14:55:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Steve Collins\Application Data\Absolute Poker
[2009/12/24 14:55:00 | 00,000,000 | ---D | C] -- C:\Program Files\Absolute Poker
[2009/12/24 14:54:51 | 00,000,000 | ---D | C] -- C:\Program Files\_uninstallation_info
[2009/12/23 14:19:53 | 10,832,920 | ---- | C] (ashampoo GmbH & Co. KG ) -- C:\Documents and Settings\Steve Collins\Desktop\ashampoo_winoptimizer_2010_advanced_6[1].50_6644.exe
[2009/12/17 02:08:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Steve Collins\Desktop\SLOT
[2009/12/17 01:03:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2009/12/17 00:05:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Steve Collins\Desktop\tonys stuff
[2009/12/13 06:27:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2009/12/12 23:50:52 | 00,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2009/12/12 23:50:52 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/12/12 23:50:52 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/12/12 23:50:52 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/12/12 23:50:52 | 00,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009/12/11 03:01:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Steve Collins\Local Settings\Application Data\Conduit
[2009/12/11 03:01:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Steve Collins\Local Settings\Application Data\BS_Player
[2009/12/11 03:01:20 | 00,000,000 | ---D | C] -- C:\Program Files\BS_Player
[2009/12/11 03:01:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Steve Collins\Application Data\BSplayer Pro
[2009/12/11 03:00:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Steve Collins\Application Data\BSplayer
[2009/12/11 03:00:57 | 00,000,000 | ---D | C] -- C:\Program Files\Webteh
[2009/12/10 16:39:10 | 00,000,000 | ---D | C] -- C:\Program Files\RegistryFix8
[2009/12/06 16:57:20 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/12/06 15:38:47 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/12/06 15:38:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/12/06 15:38:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/12/06 14:24:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\AVG7
[2005/02/23 16:08:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\McAfee.com Personal Firewall
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2099/01/01 12:00:00 | 00,114,176 | -HS- | M] () -- C:\WINDOWS\System32\nudegoya.exe
[2099/01/01 12:00:00 | 00,093,696 | -HS- | M] () -- C:\WINDOWS\System32\dirupahu.dll
[2099/01/01 12:00:00 | 00,061,952 | -HS- | M] () -- C:\WINDOWS\System32\xnetini.kdd
[2099/01/01 12:00:00 | 00,061,952 | -HS- | M] () -- C:\WINDOWS\System32\kavunize.dll
[2099/01/01 12:00:00 | 00,053,760 | -HS- | M] () -- C:\WINDOWS\System32\wuleluzu.dll
[2099/01/01 12:00:00 | 00,053,760 | -HS- | M] () -- C:\WINDOWS\System32\nadojizu.dll
[2099/01/01 12:00:00 | 00,053,760 | -HS- | M] () -- C:\WINDOWS\System32\kejajumo.dll
[2099/01/01 12:00:00 | 00,053,760 | -HS- | M] () -- C:\WINDOWS\System32\dowikabu.dll
[2099/01/01 12:00:00 | 00,045,568 | -HS- | M] () -- C:\WINDOWS\System32\rugozeko.dll
[2099/01/01 12:00:00 | 00,045,568 | -HS- | M] () -- C:\WINDOWS\System32\kamideva.dll
[2099/01/01 12:00:00 | 00,039,424 | -HS- | M] () -- C:\WINDOWS\System32\zeginizo.dll
[2099/01/01 12:00:00 | 00,039,424 | -HS- | M] () -- C:\WINDOWS\System32\surosubo.dll
[2099/01/01 12:00:00 | 00,039,424 | -HS- | M] () -- C:\WINDOWS\System32\dakegopu.dll
[2099/01/01 12:00:00 | 00,002,048 | -HS- | M] () -- C:\WINDOWS\System32\haniyuga.dll
[2010/01/08 13:26:16 | 00,006,456 | -H-- | M] () -- C:\WINDOWS\System32\wijokipo
[2010/01/08 13:07:36 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Steve Collins\Desktop\OTL.exe
[2010/01/08 13:05:30 | 00,001,053 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI
[2010/01/08 13:00:00 | 00,000,296 | ---- | M] () -- C:\WINDOWS\tasks\bwcpkovy.job
[2010/01/08 12:35:00 | 00,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2431532243-2449587419-2770306861-1006UA.job
[2010/01/08 12:29:00 | 00,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/01/08 11:34:51 | 00,095,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atapi.sys
[2010/01/08 10:11:16 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\AVR10.exe
[2010/01/08 10:11:16 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\41.exe
[2010/01/08 10:11:12 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\winhelper86.dll
[2010/01/08 10:11:01 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/01/08 10:09:39 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/01/08 10:09:39 | 00,000,394 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Startup.job
[2010/01/08 10:09:26 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/08 10:09:23 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/01/08 10:09:20 | 53,519,1552 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/08 08:48:43 | 05,578,752 | ---- | M] () -- C:\Documents and Settings\Steve Collins\ntuser.dat
[2010/01/08 08:48:43 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Steve Collins\NTUSER.INI
[2010/01/08 01:00:17 | 00,002,599 | ---- | M] () -- C:\Documents and Settings\Steve Collins\Desktop\HiJackThis.lnk
[2010/01/07 20:35:00 | 00,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2431532243-2449587419-2770306861-1006Core.job
[2010/01/07 16:15:48 | 05,061,520 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Steve Collins\Desktop\iexplore.exe
[2010/01/07 16:02:08 | 00,004,286 | ---- | M] () -- C:\Documents and Settings\Steve Collins\Application Data\avp.ico
[2010/01/07 16:02:08 | 00,001,834 | ---- | M] () -- C:\Documents and Settings\Steve Collins\Start Menu\Programs\Startup\AntiVirus Plus.lnk
[2010/01/07 16:02:08 | 00,001,834 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AntiVirus Plus.lnk
[2010/01/05 16:35:31 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\14265.exe
[2010/01/05 16:17:01 | 00,000,406 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2010/01/05 16:16:58 | 00,000,388 | ---- | M] () -- C:\WINDOWS\tasks\RegCure.job
[2010/01/05 14:15:22 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\10563.exe
[2010/01/05 13:55:22 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\7480.exe
[2010/01/05 13:32:27 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\640.exe
[2010/01/05 13:12:26 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\1086.exe
[2010/01/05 13:03:49 | 00,001,643 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2010/01/05 05:30:57 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\12883.exe
[2010/01/05 05:10:57 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\5155.exe
[2010/01/05 04:50:57 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\22439.exe
[2010/01/04 23:34:26 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\15084.exe
[2010/01/04 22:54:31 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\18467.exe
[2010/01/04 22:30:43 | 00,000,419 | ---- | M] () -- C:\WINDOWS\System32\uses32.dat
[2010/01/04 22:30:43 | 00,000,100 | ---- | M] () -- C:\WINDOWS\System32\flags.ini
[2010/01/04 22:24:29 | 00,000,046 | ---- | M] () -- C:\p2hhr.bat
[2010/01/04 22:24:23 | 00,015,000 | ---- | M] () -- C:\WINDOWS\System32\nt9slkt.dll
[2010/01/04 22:24:10 | 00,000,001 | ---- | M] () -- C:\s
[2010/01/04 22:23:58 | 00,044,544 | ---- | M] (tzuk) -- C:\afburr.exe
[2010/01/04 22:23:58 | 00,024,064 | ---- | M] (TJbFla) -- C:\WINDOWS\System32\winupdate86.exe
[2010/01/04 22:23:58 | 00,024,064 | ---- | M] (TJbFla) -- C:\WINDOWS\System32\winlogon86.exe
[2010/01/04 22:23:58 | 00,024,064 | ---- | M] (TJbFla) -- C:\khkil.exe
[2010/01/04 22:23:55 | 00,052,736 | ---- | M] () -- C:\eujbmv.exe
[2010/01/04 22:23:54 | 00,027,136 | ---- | M] () -- C:\jdmhvwpg.exe
[2010/01/04 22:23:53 | 00,022,016 | ---- | M] () -- C:\vwylecru.exe
[2010/01/03 21:18:16 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/01/03 21:18:16 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2009/12/31 17:42:19 | 06,291,456 | -H-- | M] () -- C:\Documents and Settings\Steve Collins\Local Settings\Application Data\IconCache.db
[2009/12/30 14:55:24 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/30 14:54:58 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/12/30 01:22:15 | 00,001,799 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\One-Click-Optimizer.lnk
[2009/12/30 01:22:15 | 00,000,861 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ashampoo WinOptimizer 2010 Advanced.lnk
[2009/12/29 23:57:38 | 00,002,004 | ---- | M] () -- C:\Documents and Settings\Steve Collins\My Documents\1229 new.bsl
[2009/12/29 21:06:28 | 00,017,920 | ---- | M] () -- C:\Documents and Settings\Steve Collins\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/29 20:34:47 | 00,002,344 | ---- | M] () -- C:\Documents and Settings\Steve Collins\Desktop\Google Chrome.lnk
[2009/12/29 19:56:06 | 00,001,536 | ---- | M] () -- C:\Documents and Settings\Steve Collins\Desktop\NO$GBA.INP
[2009/12/29 09:26:19 | 05,141,504 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2009/12/29 09:26:19 | 03,897,344 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2009/12/24 15:05:27 | 00,000,734 | ---- | M] () -- C:\Documents and Settings\Steve Collins\Desktop\Absolute Poker.lnk
[2009/12/24 14:53:50 | 00,002,955 | ---- | M] () -- C:\Documents and Settings\Steve Collins\My Documents\new@1.bsl
[2009/12/24 14:47:17 | 00,228,840 | ---- | M] () -- C:\Documents and Settings\Steve Collins\My Documents\AbsolutePoker_Setup.exe
[2009/12/23 14:19:53 | 10,832,920 | ---- | M] (ashampoo GmbH & Co. KG ) -- C:\Documents and Settings\Steve Collins\Desktop\ashampoo_winoptimizer_2010_advanced_6[1].50_6644.exe
[2009/12/17 00:09:43 | 00,000,040 | ---- | M] () -- C:\WINDOWS\nero.INI
[2009/12/13 07:25:12 | 00,004,836 | ---- | M] () -- C:\Documents and Settings\Steve Collins\My Documents\links to It's Always Sunny In Philadelphia.rtf
[2009/12/12 23:49:51 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2009/12/12 23:49:51 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/12/12 23:49:51 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/12/12 23:49:51 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/12/12 23:49:51 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009/12/12 20:15:01 | 00,000,775 | ---- | M] () -- C:\Documents and Settings\Steve Collins\Desktop\BS.Player FREE.lnk
[2009/12/12 19:45:10 | 00,002,854 | ---- | M] () -- C:\WINDOWS\System32\critical_warning.html
[2009/12/11 18:30:00 | 00,000,366 | ---- | M] () -- C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (D7WK0V61-Steve Collins).job
[2009/12/10 16:46:02 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2099/01/01 12:00:00 | 00,114,176 | -HS- | C] () -- C:\WINDOWS\System32\nudegoya.exe
[2099/01/01 12:00:00 | 00,093,696 | -HS- | C] () -- C:\WINDOWS\System32\dirupahu.dll
[2099/01/01 12:00:00 | 00,061,952 | -HS- | C] () -- C:\WINDOWS\System32\xnetini.kdd
[2099/01/01 12:00:00 | 00,061,952 | -HS- | C] () -- C:\WINDOWS\System32\kavunize.dll
[2099/01/01 12:00:00 | 00,053,760 | -HS- | C] () -- C:\WINDOWS\System32\wuleluzu.dll
[2099/01/01 12:00:00 | 00,053,760 | -HS- | C] () -- C:\WINDOWS\System32\nadojizu.dll
[2099/01/01 12:00:00 | 00,053,760 | -HS- | C] () -- C:\WINDOWS\System32\kejajumo.dll
[2099/01/01 12:00:00 | 00,053,760 | -HS- | C] () -- C:\WINDOWS\System32\dowikabu.dll
[2099/01/01 12:00:00 | 00,045,568 | -HS- | C] () -- C:\WINDOWS\System32\rugozeko.dll
[2099/01/01 12:00:00 | 00,045,568 | -HS- | C] () -- C:\WINDOWS\System32\kamideva.dll
[2099/01/01 12:00:00 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\zeginizo.dll
[2099/01/01 12:00:00 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\surosubo.dll
[2099/01/01 12:00:00 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\dakegopu.dll
[2099/01/01 12:00:00 | 00,006,456 | -H-- | C] () -- C:\WINDOWS\System32\wijokipo
[2099/01/01 12:00:00 | 00,002,048 | -HS- | C] () -- C:\WINDOWS\System32\haniyuga.dll
[2010/01/08 10:11:16 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\AVR10.exe
[2010/01/07 16:05:28 | 00,002,599 | ---- | C] () -- C:\Documents and Settings\Steve Collins\Desktop\HiJackThis.lnk
[2010/01/07 16:02:08 | 00,004,286 | ---- | C] () -- C:\Documents and Settings\Steve Collins\Application Data\avp.ico
[2010/01/07 16:02:08 | 00,001,834 | ---- | C] () -- C:\Documents and Settings\Steve Collins\Start Menu\Programs\Startup\AntiVirus Plus.lnk
[2010/01/07 16:02:08 | 00,001,834 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AntiVirus Plus.lnk
[2010/01/07 16:01:12 | 00,000,296 | ---- | C] () -- C:\WINDOWS\tasks\bwcpkovy.job
[2010/01/05 16:35:31 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\14265.exe
[2010/01/05 16:16:59 | 00,000,406 | ---- | C] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2010/01/05 16:16:58 | 00,000,394 | ---- | C] () -- C:\WINDOWS\tasks\RegCure Startup.job
[2010/01/05 16:16:57 | 00,000,388 | ---- | C] () -- C:\WINDOWS\tasks\RegCure.job
[2010/01/05 14:15:22 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\10563.exe
[2010/01/05 13:55:22 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\7480.exe
[2010/01/05 13:32:27 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\640.exe
[2010/01/05 13:12:26 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\1086.exe
[2010/01/05 13:04:19 | 00,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2010/01/05 13:04:18 | 01,152,444 | ---- | C] () -- C:\WINDOWS\UDB.zip
[2010/01/05 13:04:18 | 00,000,882 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml
[2010/01/05 13:04:18 | 00,000,880 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml
[2010/01/05 13:04:18 | 00,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip
[2010/01/05 13:04:10 | 00,007,387 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctgntdi.cat
[2010/01/05 13:03:54 | 00,007,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCTAppEvent.cat
[2010/01/05 13:03:54 | 00,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2010/01/05 13:03:49 | 00,001,643 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2010/01/05 13:03:46 | 00,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctplsg.cat
[2010/01/05 05:30:57 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\12883.exe
[2010/01/05 05:10:57 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\5155.exe
[2010/01/05 04:50:57 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\22439.exe
[2010/01/05 04:30:57 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\41.exe
[2010/01/04 23:34:26 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\15084.exe
[2010/01/04 22:54:31 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\18467.exe
[2010/01/04 22:30:43 | 00,000,419 | ---- | C] () -- C:\WINDOWS\System32\uses32.dat
[2010/01/04 22:30:43 | 00,000,100 | ---- | C] () -- C:\WINDOWS\System32\flags.ini
[2010/01/04 22:25:48 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\winhelper86.dll
[2010/01/04 22:24:29 | 00,000,046 | ---- | C] () -- C:\p2hhr.bat
[2010/01/04 22:24:23 | 00,015,000 | ---- | C] () -- C:\WINDOWS\System32\nt9slkt.dll
[2010/01/04 22:24:10 | 00,000,001 | ---- | C] () -- C:\s
[2010/01/04 22:23:54 | 00,052,736 | ---- | C] () -- C:\eujbmv.exe
[2010/01/04 22:23:53 | 00,027,136 | ---- | C] () -- C:\jdmhvwpg.exe
[2010/01/04 22:23:52 | 00,022,016 | ---- | C] () -- C:\vwylecru.exe
[2010/01/03 21:18:16 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2010/01/03 21:18:16 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2009/12/30 01:22:15 | 00,001,799 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\One-Click-Optimizer.lnk
[2009/12/30 01:22:15 | 00,000,861 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ashampoo WinOptimizer 2010 Advanced.lnk
[2009/12/29 23:57:38 | 00,002,004 | ---- | C] () -- C:\Documents and Settings\Steve Collins\My Documents\1229 new.bsl
[2009/12/29 20:34:47 | 00,002,344 | ---- | C] () -- C:\Documents and Settings\Steve Collins\Desktop\Google Chrome.lnk
[2009/12/29 20:30:34 | 00,001,010 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2431532243-2449587419-2770306861-1006UA.job
[2009/12/29 20:30:33 | 00,000,958 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2431532243-2449587419-2770306861-1006Core.job
[2009/12/24 15:05:27 | 00,000,734 | ---- | C] () -- C:\Documents and Settings\Steve Collins\Desktop\Absolute Poker.lnk
[2009/12/24 14:53:50 | 00,002,955 | ---- | C] () -- C:\Documents and Settings\Steve Collins\My Documents\new@1.bsl
[2009/12/24 14:47:11 | 00,228,840 | ---- | C] () -- C:\Documents and Settings\Steve Collins\My Documents\AbsolutePoker_Setup.exe
[2009/12/13 13:25:05 | 00,609,726 | ---- | C] () -- C:\Documents and Settings\Steve Collins\Desktop\102_1633.JPG
[2009/12/12 21:56:47 | 00,004,836 | ---- | C] () -- C:\Documents and Settings\Steve Collins\My Documents\links to It's Always Sunny In Philadelphia.rtf
[2009/12/12 20:15:01 | 00,000,775 | ---- | C] () -- C:\Documents and Settings\Steve Collins\Desktop\BS.Player FREE.lnk
[2009/12/10 16:46:02 | 00,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/12/09 14:30:42 | 05,578,752 | ---- | C] () -- C:\Documents and Settings\Steve Collins\ntuser.dat
[2009/11/20 14:55:50 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\RtlGina2.dll
[2009/11/20 14:55:48 | 00,966,765 | ---- | C] () -- C:\WINDOWS\System32\acAuth.dll
[2009/11/20 14:55:47 | 00,356,352 | ---- | C] () -- C:\WINDOWS\System32\SCMLib.dll
[2009/11/18 06:55:16 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[2009/08/21 14:42:28 | 00,000,034 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2008/11/20 16:18:03 | 00,044,544 | ---- | C] () -- C:\WINDOWS\System32\gif89.dll
[2008/11/20 16:17:20 | 00,000,474 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2007/11/27 15:23:18 | 00,000,000 | ---- | C] () -- C:\WINDOWS\browser.INI
[2007/06/29 20:04:25 | 00,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2007/06/29 10:48:20 | 00,000,047 | ---- | C] () -- C:\WINDOWS\SPIDERCM.INI
[2007/05/22 18:15:22 | 00,000,027 | ---- | C] () -- C:\WINDOWS\INTUIT.INI
[2007/05/10 20:45:21 | 00,000,185 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2007/05/10 20:45:13 | 00,001,053 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/02/12 17:56:03 | 00,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/12/28 13:07:52 | 00,045,056 | R--- | C] () -- C:\Program Files\SetAttrib.exe
[2005/06/23 02:41:00 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/06/23 02:41:00 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/06/23 02:41:00 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/06/23 02:41:00 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/06/23 02:41:00 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/06/23 02:41:00 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/06/23 02:40:26 | 00,122,880 | ---- | C] () -- C:\WINDOWS\System32\cddvdint.dll
[2005/06/20 03:30:10 | 00,000,141 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2005/02/26 16:29:19 | 00,196,608 | ---- | C] () -- C:\WINDOWS\System32\avisynth.dll
[2005/02/26 16:17:13 | 00,017,920 | ---- | C] () -- C:\Documents and Settings\Steve Collins\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/02/26 13:22:07 | 00,000,136 | ---- | C] () -- C:\Documents and Settings\Steve Collins\Local Settings\Application Data\fusioncache.dat
[2005/02/24 19:19:15 | 00,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2005/02/24 18:31:15 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/02/23 21:06:10 | 00,000,040 | ---- | C] () -- C:\WINDOWS\nero.INI
[2005/02/23 18:20:08 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/02/23 16:07:51 | 00,000,004 | ---- | C] () -- C:\Documents and Settings\Steve Collins\Application Data\QSPMShare
[2005/02/18 01:31:26 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/02/18 01:21:40 | 00,000,264 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/02/18 01:13:50 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2005/02/18 00:23:14 | 00,000,517 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/09/15 22:49:44 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 14:13:12 | 00,000,780 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2001/09/17 14:20:02 | 00,009,216 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2000/09/08 16:53:50 | 00,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll
[1998/08/16 06:00:00 | 00,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 186 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
< End of report >

Please run OTL.exe.

• Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  
  :OTL
  O2 - BHO: (no name) - {C2B5AAB8-2183-4be7-81A6-F11493C45872} - No CLSID value found.
  O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No CLSID value found.
  O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
  O4 - HKLM..\Run: [AntiVirus Plus] File not found
  O4 - HKLM..\Run: [winupdate86.exe] C:\WINDOWS\SYSTEM32\winupdate86.exe (TJbFla)
  O4 - HKLM..\Run: [zehuwafob] C:\WINDOWS\System32\dirupahu.DLL ()
  O4 - HKCU..\Run: [Internet Security 2010] C:\Program Files\InternetSecurity2010\IS2010.exe File not found
  O4 - HKLM..\RunOnceEx: [] File not found
  O20 - AppInit_DLLs: (dowikabu.dll) - C:\WINDOWS\System32\dowikabu.dll ()
  O20 - AppInit_DLLs: (c:\windows\system32\dirupahu.dll) - C:\WINDOWS\SYSTEM32\dirupahu.dll ()
  O20 - HKLM Winlogon: Shell - (logon.exe) - C:\WINDOWS\System32\logon.exe ()
  O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\winlogon86.exe) - C:\WINDOWS\SYSTEM32\winlogon86.exe (TJbFla)
  O20 - HKLM Winlogon: GinaDLL - (RtlGina2.dll) - C:\WINDOWS\System32\RtlGina2.dll ()
  O21 - SSODL: lemalezat - {3bec323f-7023-47f6-9240-6f2c5e692601} - CLSID or File not found.
  O21 - SSODL: vunodiguz - {f065e614-d020-4316-bd9b-c877b962bd41} - C:\WINDOWS\SYSTEM32\dirupahu.dll ()
  O22 - SharedTaskScheduler: {3bec323f-7023-47f6-9240-6f2c5e692601} - mujuzedij - Reg Error: Key error. File not found
  O22 - SharedTaskScheduler: {f065e614-d020-4316-bd9b-c877b962bd41} - kupuhivus - C:\WINDOWS\SYSTEM32\dirupahu.dll ()
  O33 - MountPoints2\{24c0009e-e2bb-11de-b514-000b7d199291}\Shell - "" = AutoRun
  O33 - MountPoints2\{24c0009e-e2bb-11de-b514-000b7d199291}\Shell\AutoRun - "" = Auto&Play
  O33 - MountPoints2\{24c0009e-e2bb-11de-b514-000b7d199291}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
  O33 - MountPoints2\{c1c15677-b4a4-11dd-b363-0011436c0a69}\Shell\AutoRun\command - "" = setupSNK.exe
  O33 - MountPoints2\E\Shell - "" = AutoRun
  O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
  O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
  [2010/01/04 22:40:10 | 00,000,000 | ---D | C] -- C:\Program Files\InternetSecurity2010
  [2010/01/04 22:24:08 | 00,024,064 | ---- | C] (TJbFla) -- C:\WINDOWS\System32\winlogon86.exe
  [2010/01/04 22:23:57 | 00,044,544 | ---- | C] (tzuk) -- C:\afburr.exe
  [2010/01/04 22:23:56 | 00,024,064 | ---- | C] (TJbFla) -- C:\khkil.exe
  [2009/12/30 01:22:14 | 00,028,160 | ---- | C] (mst software GmbH, Germany) -- C:\WINDOWS\System32\DfSdkBt.exe
  [2099/01/01 12:00:00 | 00,114,176 | -HS- | M] () -- C:\WINDOWS\System32\nudegoya.exe
  [2099/01/01 12:00:00 | 00,093,696 | -HS- | M] () -- C:\WINDOWS\System32\dirupahu.dll
  [2099/01/01 12:00:00 | 00,061,952 | -HS- | M] () -- C:\WINDOWS\System32\xnetini.kdd
  [2099/01/01 12:00:00 | 00,061,952 | -HS- | M] () -- C:\WINDOWS\System32\kavunize.dll
  [2099/01/01 12:00:00 | 00,053,760 | -HS- | M] () -- C:\WINDOWS\System32\wuleluzu.dll
  [2099/01/01 12:00:00 | 00,053,760 | -HS- | M] () -- C:\WINDOWS\System32\nadojizu.dll
  [2099/01/01 12:00:00 | 00,053,760 | -HS- | M] () -- C:\WINDOWS\System32\kejajumo.dll
  [2099/01/01 12:00:00 | 00,053,760 | -HS- | M] () -- C:\WINDOWS\System32\dowikabu.dll
  [2099/01/01 12:00:00 | 00,045,568 | -HS- | M] () -- C:\WINDOWS\System32\rugozeko.dll
  [2099/01/01 12:00:00 | 00,045,568 | -HS- | M] () -- C:\WINDOWS\System32\kamideva.dll
  [2099/01/01 12:00:00 | 00,039,424 | -HS- | M] () -- C:\WINDOWS\System32\zeginizo.dll
  [2099/01/01 12:00:00 | 00,039,424 | -HS- | M] () -- C:\WINDOWS\System32\surosubo.dll
  [2099/01/01 12:00:00 | 00,039,424 | -HS- | M] () -- C:\WINDOWS\System32\dakegopu.dll
  [2099/01/01 12:00:00 | 00,002,048 | -HS- | M] () -- C:\WINDOWS\System32\haniyuga.dll
  [2010/01/08 13:26:16 | 00,006,456 | -H-- | M] () -- C:\WINDOWS\System32\wijokipo
  [2010/01/08 13:00:00 | 00,000,296 | ---- | M] () -- C:\WINDOWS\tasks\bwcpkovy.job
  [2010/01/08 10:11:16 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\AVR10.exe
  [2010/01/08 10:11:16 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\41.exe
  [2010/01/08 10:11:12 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\winhelper86.dll
  [2010/01/07 16:02:08 | 00,001,834 | ---- | M] () -- C:\Documents and Settings\Steve Collins\Start Menu\Programs\Startup\AntiVirus Plus.lnk
  [2010/01/07 16:02:08 | 00,001,834 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AntiVirus Plus.lnk
  [2010/01/05 16:35:31 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\14265.exe
  [2010/01/05 14:15:22 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\10563.exe
  [2010/01/05 13:55:22 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\7480.exe
  [2010/01/05 13:32:27 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\640.exe
  [2010/01/05 13:12:26 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\1086.exe
  [2010/01/05 05:30:57 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\12883.exe
  [2010/01/05 05:10:57 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\5155.exe
  [2010/01/05 04:50:57 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\22439.exe
  [2010/01/04 23:34:26 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\15084.exe
  [2010/01/04 22:54:31 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\18467.exe
  [2010/01/04 22:30:43 | 00,000,419 | ---- | M] () -- C:\WINDOWS\System32\uses32.dat
  [2010/01/04 22:30:43 | 00,000,100 | ---- | M] () -- C:\WINDOWS\System32\flags.ini
  [2010/01/04 22:24:29 | 00,000,046 | ---- | M] () -- C:\p2hhr.bat
  [2010/01/04 22:24:23 | 00,015,000 | ---- | M] () -- C:\WINDOWS\System32\nt9slkt.dll
  [2010/01/04 22:24:10 | 00,000,001 | ---- | M] () -- C:\s
  [2010/01/04 22:23:58 | 00,044,544 | ---- | M] (tzuk) -- C:\afburr.exe
  [2010/01/04 22:23:58 | 00,024,064 | ---- | M] (TJbFla) -- C:\WINDOWS\System32\winupdate86.exe
  [2010/01/04 22:23:58 | 00,024,064 | ---- | M] (TJbFla) -- C:\WINDOWS\System32\winlogon86.exe
  [2010/01/04 22:23:58 | 00,024,064 | ---- | M] (TJbFla) -- C:\khkil.exe
  [2010/01/04 22:23:55 | 00,052,736 | ---- | M] () -- C:\eujbmv.exe
  [2010/01/04 22:23:54 | 00,027,136 | ---- | M] () -- C:\jdmhvwpg.exe
  [2010/01/04 22:23:53 | 00,022,016 | ---- | M] () -- C:\vwylecru.exe
  [2009/12/12 19:45:10 | 00,002,854 | ---- | M] () -- C:\WINDOWS\System32\critical_warning.html
  
  
  
  
• Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
  
  
• Click the red Run Fix button.
  
• A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  
• Close OTL.exe
  

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C2B5AAB8-2183-4be7-81A6-F11493C45872}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C2B5AAB8-2183-4be7-81A6-F11493C45872}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{BA52B914-B692-46c4-B683-905236F6F655} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BA52B914-B692-46c4-B683-905236F6F655}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\AntiVirus Plus deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\winupdate86.exe deleted successfully.
C:\WINDOWS\SYSTEM32\winupdate86.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\zehuwafob deleted successfully.
C:\WINDOWS\SYSTEM32\dirupahu.dll moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Internet Security 2010 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:dowikabu.dll deleted successfully.
C:\WINDOWS\SYSTEM32\dowikabu.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\windows\system32\dirupahu.dll deleted successfully.
File C:\WINDOWS\SYSTEM32\dirupahu.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:logon.exe deleted successfully.
C:\WINDOWS\SYSTEM32\logon.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\WINDOWS\system32\winlogon86.exe deleted successfully.
C:\WINDOWS\SYSTEM32\winlogon86.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\GinaDLL:RtlGina2.dll deleted successfully.
C:\WINDOWS\SYSTEM32\RtlGina2.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\lemalezat deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3bec323f-7023-47f6-9240-6f2c5e692601}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\vunodiguz deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f065e614-d020-4316-bd9b-c877b962bd41}\ deleted successfully.
File C:\WINDOWS\SYSTEM32\dirupahu.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{3bec323f-7023-47f6-9240-6f2c5e692601} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3bec323f-7023-47f6-9240-6f2c5e692601}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{f065e614-d020-4316-bd9b-c877b962bd41} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f065e614-d020-4316-bd9b-c877b962bd41}\ deleted successfully.
File C:\WINDOWS\SYSTEM32\dirupahu.dll not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{24c0009e-e2bb-11de-b514-000b7d199291}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{24c0009e-e2bb-11de-b514-000b7d199291}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{24c0009e-e2bb-11de-b514-000b7d199291}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{24c0009e-e2bb-11de-b514-000b7d199291}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{24c0009e-e2bb-11de-b514-000b7d199291}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{24c0009e-e2bb-11de-b514-000b7d199291}\ not found.
File E:\LaunchU3.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c1c15677-b4a4-11dd-b363-0011436c0a69}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c1c15677-b4a4-11dd-b363-0011436c0a69}\ not found.
File setupSNK.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ not found.
File E:\LaunchU3.exe not found.
C:\Program Files\InternetSecurity2010 folder moved successfully.
File C:\WINDOWS\System32\winlogon86.exe not found.
C:\afburr.exe moved successfully.
C:\khkil.exe moved successfully.
C:\WINDOWS\SYSTEM32\DfSdkBt.exe moved successfully.
C:\WINDOWS\SYSTEM32\nudegoya.exe moved successfully.
File C:\WINDOWS\System32\dirupahu.dll not found.
C:\WINDOWS\SYSTEM32\xnetini.kdd moved successfully.
C:\WINDOWS\SYSTEM32\kavunize.dll moved successfully.
C:\WINDOWS\SYSTEM32\wuleluzu.dll moved successfully.
C:\WINDOWS\SYSTEM32\nadojizu.dll moved successfully.
C:\WINDOWS\SYSTEM32\kejajumo.dll moved successfully.
File C:\WINDOWS\System32\dowikabu.dll not found.
C:\WINDOWS\SYSTEM32\rugozeko.dll moved successfully.
C:\WINDOWS\SYSTEM32\kamideva.dll moved successfully.
C:\WINDOWS\SYSTEM32\zeginizo.dll moved successfully.
C:\WINDOWS\SYSTEM32\surosubo.dll moved successfully.
C:\WINDOWS\SYSTEM32\dakegopu.dll moved successfully.
C:\WINDOWS\SYSTEM32\haniyuga.dll moved successfully.
C:\WINDOWS\SYSTEM32\wijokipo moved successfully.
C:\WINDOWS\tasks\bwcpkovy.job moved successfully.
C:\WINDOWS\SYSTEM32\AVR10.exe moved successfully.
C:\WINDOWS\SYSTEM32\41.exe moved successfully.
C:\WINDOWS\SYSTEM32\winhelper86.dll moved successfully.
C:\Documents and Settings\Steve Collins\Start Menu\Programs\Startup\AntiVirus Plus.lnk moved successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AntiVirus Plus.lnk moved successfully.
C:\WINDOWS\SYSTEM32\14265.exe moved successfully.
C:\WINDOWS\SYSTEM32\10563.exe moved successfully.
C:\WINDOWS\SYSTEM32\7480.exe moved successfully.
C:\WINDOWS\SYSTEM32\640.exe moved successfully.
C:\WINDOWS\SYSTEM32\1086.exe moved successfully.
C:\WINDOWS\SYSTEM32\12883.exe moved successfully.
C:\WINDOWS\SYSTEM32\5155.exe moved successfully.
C:\WINDOWS\SYSTEM32\22439.exe moved successfully.
C:\WINDOWS\SYSTEM32\15084.exe moved successfully.
C:\WINDOWS\SYSTEM32\18467.exe moved successfully.
C:\WINDOWS\SYSTEM32\uses32.dat moved successfully.
C:\WINDOWS\SYSTEM32\flags.ini moved successfully.
C:\p2hhr.bat moved successfully.
C:\WINDOWS\SYSTEM32\nt9slkt.dll moved successfully.
C:\s moved successfully.
File C:\afburr.exe not found.
File C:\WINDOWS\System32\winupdate86.exe not found.
File C:\WINDOWS\System32\winlogon86.exe not found.
File C:\khkil.exe not found.
C:\eujbmv.exe moved successfully.
C:\jdmhvwpg.exe moved successfully.
C:\vwylecru.exe moved successfully.
C:\WINDOWS\SYSTEM32\critical_warning.html moved successfully.

OTL by OldTimer - Version 3.1.21.2 log created on 01082010_143955

should i have spywaredoctor on it is should i close it it found 147 ifections this morning.

Let it remove what it found, then try running Combofix now we've dented it.

my internet will work on that one?

im on my uncles computer.

Are you asking if the internet will work on the infected machine? if so, logs don't show any proxy so there's no reason why it shouldn't, but anything is possible when it comes to malware infections.

on this computer download combofix.

Yes.

now what

Has Combofix completed it's run? if so, post the log.

no didnt know if that was what you wanted doing it right now

Okay.

ran combofix and it said open with witch program and i clicked notepad but its a bunch of text not like the others what do i do and should i have spyware doctor running

Close Spyware Doctor, Combofix opens with the "open with" window?

Please download exeHelper from one of the two links.
Link 1
Link 2

• Double-click on exeHelper.com or exeHelper.scr to run the fix.
  
• A black window should pop up, press any key to close once the fix is completed.
  
• Post the contents of log.txt (Will be created in the directory where you ran exeHelper.com)
  

Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

Try run Combofix now.

my computer slowing down and loading your last message with exe. app.

got the exehelper from this computer be back with the log.

exehelper made a log saved it but i ran combofix and was going to reboot but it said these real time scanners close before you hit ok or something of that nature
spywaredoctor 7
2avgantivirus
what now?

You need to disable AVG and spyware doctor. Read my instructions in my post on page 1, it has info on disabling your AV.
http://www.geekpolice.net/virus-spyware-malware-removal-f11/internet-security-2010-yeah-t17848.htm#113505

sorry heres the log for exe just keep running up and down the stairs good workout though.

exeHelper by Raktor
Build 20091220
Run at 16:07:00 on 01/08/10
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

Thanks.
exeHelper just resets the file association for exe files, to fix the "run with..." box so you can run Combofix.
Standing by for the log file.

if to do it up stairs to get your disable av link might be a min.

both computers wont goto that link can you copy and paste or just tell me how to do it.

Both computers wont go to the bleepingcomputer link?

now it will load your site but it has the green 3 bars for wifi but i go's away when i try that site

Re-run OTL and post OTL.txt only.

ok be back.

OTL logfile created on: 1/8/2010 4:48:03 PM - Run 2
OTL by OldTimer - Version 3.1.21.2 Folder = C:\Documents and Settings\Steve Collins\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.00 Mb Total Physical Memory | 221.00 Mb Available Physical Memory | 43.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52.86 Gb Total Space | 39.31 Gb Free Space | 74.37% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: INSPIRON1150
Current User Name: Steve Collins
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/01/08 16:08:05 | 00,388,608 | ---- | M] (Microsoft Corporation) -- C:\32788R22FWJFW\cmd.cfxxe
PRC - [2010/01/08 13:07:36 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Steve Collins\Desktop\OTL.exe
PRC - [2008/11/09 15:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2007/06/13 05:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/08/04 06:00:00 | 00,093,184 | -HS- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\IEXPLORE.EXE


========== Modules (SafeList) ==========

MOD - [2099/01/01 12:00:00 | 00,093,696 | -HS- | M] () -- C:\WINDOWS\SYSTEM32\yavayusa.dll
MOD - [2010/01/08 13:07:36 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Steve Collins\Desktop\OTL.exe
MOD - [2009/12/13 00:47:25 | 00,081,920 | ---- | M] (Adobe Systems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Macromedia\SwUpdate\swupdate.dll
MOD - [2009/10/30 11:18:16 | 00,147,024 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\PCTGMhk.dll
MOD - [2009/09/09 22:54:58 | 00,155,184 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\smum32.dll
MOD - [2006/08/25 10:45:55 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/12/12 23:49:52 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Stopped] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/11/10 10:28:08 | 00,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Stopped] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2009/11/06 14:29:22 | 01,141,712 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2009/10/30 11:18:16 | 00,359,624 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/08/24 21:16:36 | 00,406,016 | ---- | M] (mst software GmbH, Germany) [On_Demand | Stopped] -- C:\Program Files\Ashampoo\Ashampoo WinOptimizer 2010 Advanced\Dfsdks.exe -- (DfSdkS)
SRV - [2009/01/18 08:13:50 | 00,418,816 | ---- | M] (GRISOFT, s.r.o.) [Auto | Stopped] -- C:\Program Files\Grisoft\AVG Free\avgamsvr.exe -- (Avg7Alrt)
SRV - [2008/11/09 15:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/04/03 07:11:35 | 00,049,664 | ---- | M] (GRISOFT, s.r.o.) [Auto | Stopped] -- C:\Program Files\Grisoft\AVG Free\avgupsvc.exe -- (Avg7UpdSvc)
SRV - [2005/12/20 20:54:34 | 00,323,584 | ---- | M] (Apple Computer, Inc.) [On_Demand | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPodService)
SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005/03/30 15:46:56 | 00,411,920 | ---- | M] (Eastman Kodak Company) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\KodakCCS.exe -- (KodakCCS)
SRV - [2004/02/20 17:14:04 | 00,045,056 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\System32\WLTRYSVC.EXE -- (WLTRYSVC)
SRV - [2004/01/06 11:47:06 | 00,327,792 | ---- | M] (Executive Software International, Inc.) [Auto | Stopped] -- C:\Program Files\Executive Software\Diskeeper\DkService.exe -- (Diskeeper)


========== Driver Services (SafeList) ==========

DRV - [2009/11/20 14:56:02 | 00,021,035 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\AegisP.sys -- (AegisP) AEGIS Protocol (IEEE 802.1x)
DRV - [2009/11/09 11:20:12 | 00,207,792 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2009/01/18 08:14:02 | 00,010,760 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgclean.sys -- (AvgClean)
DRV - [2009/01/18 08:13:44 | 00,821,856 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\avg7core.sys -- (Avg7Core)
DRV - [2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\secdrv.sys -- (Secdrv)
DRV - [2007/04/03 07:12:22 | 00,027,776 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\avg7rsxp.sys -- (Avg7RsXP)
DRV - [2007/04/03 07:12:22 | 00,004,224 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avg7rsw.sys -- (Avg7RsW)
DRV - [2007/04/03 07:11:40 | 00,004,960 | ---- | M] (GRISOFT, s.r.o.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgtdi.sys -- (AvgTdi)
DRV - [2005/09/20 09:00:54 | 01,302,332 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ialmnt5.sys -- (ialm)
DRV - [2005/06/16 13:41:02 | 00,037,150 | ---- | M] (Eastman Kodak Company) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\DcCam.sys -- (DcCam)
DRV - [2005/04/01 11:43:02 | 00,066,048 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\EAPPkt.sys -- (EAPPkt)
DRV - [2005/03/31 07:00:08 | 00,152,081 | ---- | M] (Eastman Kodak Company) [Kernel | System | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ExportIt.sys -- (Exportit)
DRV - [2005/03/31 06:47:56 | 00,070,262 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\DcPtp.sys -- (DcPTP)
DRV - [2005/03/31 06:47:50 | 00,008,022 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\DcLps.sys -- (DcLps)
DRV - [2005/03/31 06:47:48 | 00,038,673 | ---- | M] (Eastman Kodak Company) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\DCFS2k.sys -- (DCFS2K)
DRV - [2005/03/31 06:47:42 | 00,061,564 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\DcFpoint.sys -- (DcFpoint)
DRV - [2005/02/18 01:28:33 | 00,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\asctrm.sys -- (ASCTRM)
DRV - [2005/02/18 01:16:15 | 00,015,781 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2005/02/02 01:21:04 | 00,014,408 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2004/12/01 03:22:00 | 00,087,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2004/11/23 02:56:00 | 00,040,480 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\drvnddm.sys -- (drvnddm)
DRV - [2004/11/16 01:05:00 | 00,100,603 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2004/11/16 01:05:00 | 00,098,714 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2004/11/16 01:05:00 | 00,086,554 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2004/11/16 01:05:00 | 00,034,843 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2004/11/16 01:05:00 | 00,025,883 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2004/11/16 01:05:00 | 00,015,227 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2004/11/16 01:05:00 | 00,006,363 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2004/11/16 01:05:00 | 00,004,123 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2004/11/16 01:05:00 | 00,002,239 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndres.sys -- (tfsndres)
DRV - [2004/11/15 16:37:52 | 00,264,440 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\stac97.sys -- (STAC97) Audio Driver (WDM)
DRV - [2004/09/23 01:03:00 | 00,020,576 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2004/08/04 06:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\PTILINK.SYS -- (Ptilink)
DRV - [2004/08/04 00:07:44 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2004/08/04 00:07:44 | 00,041,088 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2004/08/03 23:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\NV4_MINI.SYS -- (nv)
DRV - [2004/08/03 23:08:44 | 00,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\usbser.sys -- (usbser)
DRV - [2004/07/14 11:29:04 | 00,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\sscdbhk5.sys -- (sscdbhk5)
DRV - [2004/07/14 11:28:50 | 00,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ssrtln.sys -- (ssrtln)
DRV - [2004/06/30 11:39:36 | 00,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2004/05/13 20:19:22 | 00,182,688 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\SynTP.sys -- (SynTP)
DRV - [2004/03/19 11:54:24 | 00,038,912 | R--- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\P2k.sys -- (P2k)
DRV - [2004/02/20 17:13:50 | 00,312,960 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\BCMWL5.SYS -- (BCM43XX)
DRV - [2004/02/13 11:46:00 | 00,017,153 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2004/01/02 11:44:22 | 00,044,032 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2003/08/29 06:59:24 | 01,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\BCMSM.sys -- (BCMModem)
DRV - [2001/08/17 15:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 15:07:42 | 00,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 15:07:40 | 00,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 15:07:36 | 00,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 15:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 14:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 14:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 14:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 14:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 14:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 14:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 14:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 14:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 14:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 14:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 13:56:16 | 00,007,552 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\SONYPVU1.SYS -- (SONYPVU1) Sony USB Filter Driver (SONYPVU1)
DRV - [2001/08/17 13:12:10 | 00,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\E100B325.SYS -- (E100B) Intel(R)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: (734 bytes) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll (Microsoft Corporation)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (no name) - {32617793-570d-47d5-972a-cfabc51ca61a} - File not found
O2 - BHO: (UberButton Class) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo!)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (YahooTaggedBM Class) - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll (Yahoo! Inc.)
O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\SYSTEM32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\SYSTEM32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\SYSTEM32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [kimatobobo] File not found
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [zehuwafob] C:\WINDOWS\System32\yavayusa.DLL ()
O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\Steve Collins\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O8 - Extra context menu item: &AOL Toolbar Search - c:\Program Files\AOL\AOL Toolbar 2.0\resources\en-us\local\search.html ()
O8 - Extra context menu item: &Yahoo! Search - C:\Program Files\Yahoo!\Common [2009/11/25 20:11:09 | 00,000,000 | ---D | M]
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Yahoo! &Dictionary - C:\Program Files\Yahoo!\Common [2009/11/25 20:11:09 | 00,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &Maps - C:\Program Files\Yahoo!\Common [2009/11/25 20:11:09 | 00,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &SMS - C:\Program Files\Yahoo!\Common [2009/11/25 20:11:09 | 00,000,000 | ---D | M]
O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo!)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra Button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: parker.com ([polprod] https in Trusted sites)
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll (Installation Support)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} https://upload.facebook.com/controls/FacebookPhotoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1123808924330 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} http://www.pcpitstop.com/mhLbl.cab (mhLabel Class)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab (ZoneIntro Class)
O16 - DPF: {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.4.0/jinstall-1_4_0-windows-i586.cab (Java Plug-in 1.4.0)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab (Java Plug-in 1.5.0_04)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab (PopCapLoader Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} http://by107fd.bay107.hotmail.msn.com/activex/HMAtchmt.ocx (Hotmail Attachments Control)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: gumosizit - {0c89b3f5-c97a-419f-a0b1-bd1a3e72c7f0} - C:\WINDOWS\SYSTEM32\yavayusa.dll ()
O21 - SSODL: SwUpdate - {009541A0-3B00-1F1C-00F3-040224001C01} - C:\Documents and Settings\All Users\Application Data\Macromedia\SwUpdate\swupdate.dllget\flashplayer\current\polarbear\ultrashim.cab File not found
O22 - SharedTaskScheduler: {0c89b3f5-c97a-419f-a0b1-bd1a3e72c7f0} - kupuhivus - C:\WINDOWS\SYSTEM32\yavayusa.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 14:04:08 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{24c0009e-e2bb-11de-b514-000b7d199291}\Shell - "" = AutoRun
O33 - MountPoints2\{24c0009e-e2bb-11de-b514-000b7d199291}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{24c0009e-e2bb-11de-b514-000b7d199291}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
O36 - AppCertDlls: AppSecDll - (C:\WINDOWS\system32\mshlps.dll) - C:\WINDOWS\System32\mshlps.dll File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/01/08 16:48:13 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/01/08 16:48:04 | 00,000,000 | --SD | C] -- C:\ComboFix
[2010/01/08 16:08:52 | 00,000,000 | ---D | C] -- C:\Qoobox
[2010/01/08 14:39:55 | 00,000,000 | ---D | C] -- C:\_OTL
[2010/01/08 13:16:52 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Steve Collins\Desktop\OTL.exe
[2010/01/08 12:23:02 | 05,061,520 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Steve Collins\Desktop\iexplore.exe
[2010/01/08 10:26:00 | 00,135,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Copy (3) of TASKMGR.EXE
[2010/01/08 10:25:13 | 00,135,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iexplore.EXE
[2010/01/08 10:23:15 | 00,135,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Copy of TASKMGR.EXE
[2010/01/05 18:06:54 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/05 18:06:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/01/05 18:06:43 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/05 18:05:48 | 00,000,000 | ---D | C] -- C:\Program Files\TrendMicro
[2010/01/05 16:16:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RegCure
[2010/01/05 16:16:51 | 00,000,000 | ---D | C] -- C:\Program Files\RegCure
[2010/01/05 14:11:03 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/01/05 13:39:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Steve Collins\Local Settings\Application Data\Threat Expert
[2010/01/05 13:04:18 | 01,640,400 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2010/01/05 13:04:18 | 00,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2010/01/05 13:04:18 | 00,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2010/01/05 13:04:10 | 00,233,136 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2010/01/05 13:03:54 | 00,207,792 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2010/01/05 13:03:54 | 00,087,784 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2010/01/05 13:03:46 | 00,070,408 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2010/01/05 13:03:39 | 00,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/01/05 13:03:39 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/01/05 13:03:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Steve Collins\Application Data\PC Tools
[2010/01/05 13:03:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2010/01/05 13:03:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/12/30 01:22:08 | 00,000,000 | ---D | C] -- C:\Program Files\Ashampoo
[2009/12/29 20:30:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Steve Collins\Local Settings\Application Data\Temp
[2009/12/24 14:55:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Steve Collins\Application Data\Absolute Poker
[2009/12/24 14:55:00 | 00,000,000 | ---D | C] -- C:\Program Files\Absolute Poker
[2009/12/24 14:54:51 | 00,000,000 | ---D | C] -- C:\Program Files\_uninstallation_info
[2009/12/23 14:19:53 | 10,832,920 | ---- | C] (ashampoo GmbH & Co. KG ) -- C:\Documents and Settings\Steve Collins\Desktop\ashampoo_winoptimizer_2010_advanced_6[1].50_6644.exe
[2009/12/17 02:08:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Steve Collins\Desktop\SLOT
[2009/12/17 01:03:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2009/12/17 00:05:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Steve Collins\Desktop\tonys stuff
[2009/12/13 06:27:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2009/12/12 23:50:52 | 00,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2009/12/12 23:50:52 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/12/12 23:50:52 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/12/12 23:50:52 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/12/12 23:50:52 | 00,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009/12/11 03:01:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Steve Collins\Local Settings\Application Data\Conduit
[2009/12/11 03:01:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Steve Collins\Local Settings\Application Data\BS_Player
[2009/12/11 03:01:20 | 00,000,000 | ---D | C] -- C:\Program Files\BS_Player
[2009/12/11 03:01:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Steve Collins\Application Data\BSplayer Pro
[2009/12/11 03:00:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Steve Collins\Application Data\BSplayer
[2009/12/11 03:00:57 | 00,000,000 | ---D | C] -- C:\Program Files\Webteh
[2009/12/10 16:39:10 | 00,000,000 | ---D | C] -- C:\Program Files\RegistryFix8
[2009/12/06 16:57:20 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/12/06 15:38:47 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/12/06 15:38:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/12/06 15:38:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/12/06 14:24:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\AVG7
[2005/02/23 16:08:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\McAfee.com Personal Firewall
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2099/01/01 12:00:00 | 00,093,696 | -HS- | M] () -- C:\WINDOWS\System32\yavayusa.dll
[2099/01/01 12:00:00 | 00,061,440 | -HS- | M] () -- C:\WINDOWS\System32\raripizu.dll
[2099/01/01 12:00:00 | 00,039,424 | -HS- | M] () -- C:\WINDOWS\System32\norefose.dll
[2010/01/08 16:53:51 | 00,006,456 | -H-- | M] () -- C:\WINDOWS\System32\wijokipo
[2010/01/08 16:35:00 | 00,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2431532243-2449587419-2770306861-1006UA.job
[2010/01/08 16:29:00 | 00,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/01/08 16:29:00 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/01/08 16:03:54 | 00,000,296 | ---- | M] () -- C:\WINDOWS\tasks\ugvmnwsy.job
[2010/01/08 15:51:46 | 00,290,816 | ---- | M] () -- C:\Documents and Settings\Steve Collins\Desktop\exeHelper.com
[2010/01/08 15:15:15 | 03,819,182 | R--- | M] () -- C:\Documents and Settings\Steve Collins\Desktop\ComboFix.exe
[2010/01/08 14:58:08 | 00,000,419 | ---- | M] () -- C:\WINDOWS\System32\uses32.dat
[2010/01/08 14:58:08 | 00,000,100 | ---- | M] () -- C:\WINDOWS\System32\flags.ini
[2010/01/08 14:30:19 | 00,001,092 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI
[2010/01/08 13:07:36 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Steve Collins\Desktop\OTL.exe
[2010/01/08 11:34:51 | 00,095,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atapi.sys
[2010/01/08 10:11:01 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/01/08 10:09:39 | 00,000,394 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Startup.job
[2010/01/08 10:09:26 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/08 10:09:23 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/01/08 10:09:20 | 53,519,1552 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/08 08:48:43 | 05,578,752 | ---- | M] () -- C:\Documents and Settings\Steve Collins\ntuser.dat
[2010/01/08 08:48:43 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Steve Collins\NTUSER.INI
[2010/01/08 01:00:17 | 00,002,599 | ---- | M] () -- C:\Documents and Settings\Steve Collins\Desktop\HiJackThis.lnk
[2010/01/07 20:35:00 | 00,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2431532243-2449587419-2770306861-1006Core.job
[2010/01/07 16:15:48 | 05,061,520 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Steve Collins\Desktop\iexplore.exe
[2010/01/05 16:17:01 | 00,000,406 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2010/01/05 16:16:58 | 00,000,388 | ---- | M] () -- C:\WINDOWS\tasks\RegCure.job
[2010/01/05 13:03:49 | 00,001,643 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2010/01/03 21:18:16 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/01/03 21:18:16 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2009/12/31 17:42:19 | 06,291,456 | -H-- | M] () -- C:\Documents and Settings\Steve Collins\Local Settings\Application Data\IconCache.db
[2009/12/30 14:55:24 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/30 14:54:58 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/12/30 01:22:15 | 00,001,799 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\One-Click-Optimizer.lnk
[2009/12/30 01:22:15 | 00,000,861 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ashampoo WinOptimizer 2010 Advanced.lnk
[2009/12/29 23:57:38 | 00,002,004 | ---- | M] () -- C:\Documents and Settings\Steve Collins\My Documents\1229 new.bsl
[2009/12/29 21:06:28 | 00,017,920 | ---- | M] () -- C:\Documents and Settings\Steve Collins\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/29 20:34:47 | 00,002,344 | ---- | M] () -- C:\Documents and Settings\Steve Collins\Desktop\Google Chrome.lnk
[2009/12/29 19:56:06 | 00,001,536 | ---- | M] () -- C:\Documents and Settings\Steve Collins\Desktop\NO$GBA.INP
[2009/12/29 09:26:19 | 05,141,504 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2009/12/29 09:26:19 | 03,897,344 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2009/12/24 15:05:27 | 00,000,734 | ---- | M] () -- C:\Documents and Settings\Steve Collins\Desktop\Absolute Poker.lnk
[2009/12/24 14:53:50 | 00,002,955 | ---- | M] () -- C:\Documents and Settings\Steve Collins\My Documents\new@1.bsl
[2009/12/24 14:47:17 | 00,228,840 | ---- | M] () -- C:\Documents and Settings\Steve Collins\My Documents\AbsolutePoker_Setup.exe
[2009/12/23 14:19:53 | 10,832,920 | ---- | M] (ashampoo GmbH & Co. KG ) -- C:\Documents and Settings\Steve Collins\Desktop\ashampoo_winoptimizer_2010_advanced_6[1].50_6644.exe
[2009/12/17 00:09:43 | 00,000,040 | ---- | M] () -- C:\WINDOWS\nero.INI
[2009/12/13 07:25:12 | 00,004,836 | ---- | M] () -- C:\Documents and Settings\Steve Collins\My Documents\links to It's Always Sunny In Philadelphia.rtf
[2009/12/12 23:49:51 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2009/12/12 23:49:51 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/12/12 23:49:51 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/12/12 23:49:51 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/12/12 23:49:51 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009/12/12 20:15:01 | 00,000,775 | ---- | M] () -- C:\Documents and Settings\Steve Collins\Desktop\BS.Player FREE.lnk
[2009/12/11 18:30:00 | 00,000,366 | ---- | M] () -- C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (D7WK0V61-Steve Collins).job
[2009/12/10 16:46:02 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2099/01/01 12:00:00 | 00,093,696 | -HS- | C] () -- C:\WINDOWS\System32\yavayusa.dll
[2099/01/01 12:00:00 | 00,061,440 | -HS- | C] () -- C:\WINDOWS\System32\raripizu.dll
[2099/01/01 12:00:00 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\norefose.dll
[2099/01/01 12:00:00 | 00,006,456 | -H-- | C] () -- C:\WINDOWS\System32\wijokipo
[2010/01/08 15:54:07 | 00,290,816 | ---- | C] () -- C:\Documents and Settings\Steve Collins\Desktop\exeHelper.com
[2010/01/08 15:40:53 | 00,000,296 | ---- | C] () -- C:\WINDOWS\tasks\ugvmnwsy.job
[2010/01/08 15:15:10 | 03,819,182 | R--- | C] () -- C:\Documents and Settings\Steve Collins\Desktop\ComboFix.exe
[2010/01/08 14:58:08 | 00,000,419 | ---- | C] () -- C:\WINDOWS\System32\uses32.dat
[2010/01/08 14:58:08 | 00,000,100 | ---- | C] () -- C:\WINDOWS\System32\flags.ini
[2010/01/07 16:05:28 | 00,002,599 | ---- | C] () -- C:\Documents and Settings\Steve Collins\Desktop\HiJackThis.lnk
[2010/01/05 16:16:59 | 00,000,406 | ---- | C] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2010/01/05 16:16:58 | 00,000,394 | ---- | C] () -- C:\WINDOWS\tasks\RegCure Startup.job
[2010/01/05 16:16:57 | 00,000,388 | ---- | C] () -- C:\WINDOWS\tasks\RegCure.job
[2010/01/05 13:04:19 | 00,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2010/01/05 13:04:18 | 01,152,444 | ---- | C] () -- C:\WINDOWS\UDB.zip
[2010/01/05 13:04:18 | 00,000,882 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml
[2010/01/05 13:04:18 | 00,000,880 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml
[2010/01/05 13:04:18 | 00,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip
[2010/01/05 13:04:10 | 00,007,387 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctgntdi.cat
[2010/01/05 13:03:54 | 00,007,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCTAppEvent.cat
[2010/01/05 13:03:54 | 00,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2010/01/05 13:03:49 | 00,001,643 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2010/01/05 13:03:46 | 00,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctplsg.cat
[2010/01/03 21:18:16 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2010/01/03 21:18:16 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2009/12/30 01:22:15 | 00,001,799 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\One-Click-Optimizer.lnk
[2009/12/30 01:22:15 | 00,000,861 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ashampoo WinOptimizer 2010 Advanced.lnk
[2009/12/29 23:57:38 | 00,002,004 | ---- | C] () -- C:\Documents and Settings\Steve Collins\My Documents\1229 new.bsl
[2009/12/29 20:34:47 | 00,002,344 | ---- | C] () -- C:\Documents and Settings\Steve Collins\Desktop\Google Chrome.lnk
[2009/12/29 20:30:34 | 00,001,010 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2431532243-2449587419-2770306861-1006UA.job
[2009/12/29 20:30:33 | 00,000,958 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2431532243-2449587419-2770306861-1006Core.job
[2009/12/24 15:05:27 | 00,000,734 | ---- | C] () -- C:\Documents and Settings\Steve Collins\Desktop\Absolute Poker.lnk
[2009/12/24 14:53:50 | 00,002,955 | ---- | C] () -- C:\Documents and Settings\Steve Collins\My Documents\new@1.bsl
[2009/12/24 14:47:11 | 00,228,840 | ---- | C] () -- C:\Documents and Settings\Steve Collins\My Documents\AbsolutePoker_Setup.exe
[2009/12/13 13:25:05 | 00,609,726 | ---- | C] () -- C:\Documents and Settings\Steve Collins\Desktop\102_1633.JPG
[2009/12/12 21:56:47 | 00,004,836 | ---- | C] () -- C:\Documents and Settings\Steve Collins\My Documents\links to It's Always Sunny In Philadelphia.rtf
[2009/12/12 20:15:01 | 00,000,775 | ---- | C] () -- C:\Documents and Settings\Steve Collins\Desktop\BS.Player FREE.lnk
[2009/12/10 16:46:02 | 00,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/11/20 14:55:48 | 00,966,765 | ---- | C] () -- C:\WINDOWS\System32\acAuth.dll
[2009/11/20 14:55:47 | 00,356,352 | ---- | C] () -- C:\WINDOWS\System32\SCMLib.dll
[2009/11/18 06:55:16 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[2009/08/21 14:42:28 | 00,000,034 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2008/11/20 16:18:03 | 00,044,544 | ---- | C] () -- C:\WINDOWS\System32\gif89.dll
[2008/11/20 16:17:20 | 00,000,474 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2007/11/27 15:23:18 | 00,000,000 | ---- | C] () -- C:\WINDOWS\browser.INI
[2007/06/29 20:04:25 | 00,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2007/06/29 10:48:20 | 00,000,047 | ---- | C] () -- C:\WINDOWS\SPIDERCM.INI
[2007/05/22 18:15:22 | 00,000,027 | ---- | C] () -- C:\WINDOWS\INTUIT.INI
[2007/05/10 20:45:21 | 00,000,185 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2007/05/10 20:45:13 | 00,001,092 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/02/12 17:56:03 | 00,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/12/28 13:07:52 | 00,045,056 | R--- | C] () -- C:\Program Files\SetAttrib.exe
[2005/06/23 02:41:00 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/06/23 02:41:00 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/06/23 02:41:00 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/06/23 02:41:00 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/06/23 02:41:00 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/06/23 02:41:00 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/06/23 02:40:26 | 00,122,880 | ---- | C] () -- C:\WINDOWS\System32\cddvdint.dll
[2005/06/20 03:30:10 | 00,000,141 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2005/02/26 16:29:19 | 00,196,608 | ---- | C] () -- C:\WINDOWS\System32\avisynth.dll
[2005/02/26 16:17:13 | 00,017,920 | ---- | C] () -- C:\Documents and Settings\Steve Collins\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/02/26 13:22:07 | 00,000,136 | ---- | C] () -- C:\Documents and Settings\Steve Collins\Local Settings\Application Data\fusioncache.dat
[2005/02/24 19:19:15 | 00,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2005/02/24 18:31:15 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/02/23 21:06:10 | 00,000,040 | ---- | C] () -- C:\WINDOWS\nero.INI
[2005/02/23 18:20:08 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/02/23 16:07:51 | 00,000,004 | ---- | C] () -- C:\Documents and Settings\Steve Collins\Application Data\QSPMShare
[2005/02/18 01:31:26 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/02/18 01:21:40 | 00,000,264 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/02/18 01:13:50 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2005/02/18 00:23:14 | 00,000,517 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/09/15 22:49:44 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 14:13:12 | 00,000,780 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2001/09/17 14:20:02 | 00,009,216 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2000/09/08 16:53:50 | 00,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll
[1998/08/16 06:00:00 | 00,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 201 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
< End of report >

posted from infected computer.

Please run OTL.exe.

• Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  
  :OTL
  MOD - [2099/01/01 12:00:00 | 00,093,696 | -HS- | M] () -- C:\WINDOWS\SYSTEM32\yavayusa.dll
  O2 - BHO: (no name) - {32617793-570d-47d5-972a-cfabc51ca61a} - File not found
  O4 - HKLM..\Run: [kimatobobo] File not found
  O4 - HKLM..\Run: [zehuwafob] C:\WINDOWS\System32\yavayusa.DLL ()
  O21 - SSODL: gumosizit - {0c89b3f5-c97a-419f-a0b1-bd1a3e72c7f0} - C:\WINDOWS\SYSTEM32\yavayusa.dll ()
  O22 - SharedTaskScheduler: {0c89b3f5-c97a-419f-a0b1-bd1a3e72c7f0} - kupuhivus - C:\WINDOWS\SYSTEM32\yavayusa.dll ()
  [2009/12/11 03:01:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Steve Collins\Local Settings\Application Data\Conduit
  [2099/01/01 12:00:00 | 00,093,696 | -HS- | M] () -- C:\WINDOWS\System32\yavayusa.dll
  [2099/01/01 12:00:00 | 00,061,440 | -HS- | M] () -- C:\WINDOWS\System32\raripizu.dll
  [2099/01/01 12:00:00 | 00,039,424 | -HS- | M] () -- C:\WINDOWS\System32\norefose.dll
  [2010/01/08 16:53:51 | 00,006,456 | -H-- | M] () -- C:\WINDOWS\System32\wijokipo
  [2010/01/08 16:03:54 | 00,000,296 | ---- | M] () -- C:\WINDOWS\tasks\ugvmnwsy.job
  [2010/01/08 14:58:08 | 00,000,419 | ---- | C] () -- C:\WINDOWS\System32\uses32.dat
  [2010/01/08 14:58:08 | 00,000,100 | ---- | C] () -- C:\WINDOWS\System32\flags.ini
  
  
  
• Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
  
  
• Click the red Run Fix button.
  
• A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  
• Close OTL.exe
  

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{32617793-570d-47d5-972a-cfabc51ca61a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32617793-570d-47d5-972a-cfabc51ca61a}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\kimatobobo deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\zehuwafob deleted successfully.
C:\WINDOWS\SYSTEM32\yavayusa.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\gumosizit deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0c89b3f5-c97a-419f-a0b1-bd1a3e72c7f0}\ deleted successfully.
File C:\WINDOWS\SYSTEM32\yavayusa.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{0c89b3f5-c97a-419f-a0b1-bd1a3e72c7f0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0c89b3f5-c97a-419f-a0b1-bd1a3e72c7f0}\ deleted successfully.
File C:\WINDOWS\SYSTEM32\yavayusa.dll not found.
C:\Documents and Settings\Steve Collins\Local Settings\Application Data\Conduit\Community Alerts\LanguagePacks folder moved successfully.
C:\Documents and Settings\Steve Collins\Local Settings\Application Data\Conduit\Community Alerts\Feeds folder moved successfully.
C:\Documents and Settings\Steve Collins\Local Settings\Application Data\Conduit\Community Alerts folder moved successfully.
C:\Documents and Settings\Steve Collins\Local Settings\Application Data\Conduit folder moved successfully.
File C:\WINDOWS\System32\yavayusa.dll not found.
C:\WINDOWS\SYSTEM32\raripizu.dll moved successfully.
C:\WINDOWS\SYSTEM32\norefose.dll moved successfully.
C:\WINDOWS\SYSTEM32\wijokipo moved successfully.
C:\WINDOWS\tasks\ugvmnwsy.job moved successfully.
C:\WINDOWS\SYSTEM32\uses32.dat moved successfully.
C:\WINDOWS\SYSTEM32\flags.ini moved successfully.

OTL by OldTimer - Version 3.1.21.2 log created on 01082010_170545

Hello.
Delete this folder:
C:\32788R22FWJFW

Try re-running Combofix.

how

To delete the folder? right click on it, select "delete"

Now double click on Combofix and try running it.

cant find that file did a search

Hmm, okay, re-run OTL one more time, I wanna see if that vundo module file is gone.

ok

OTL logfile created on: 1/8/2010 5:39:28 PM - Run 3
OTL by OldTimer - Version 3.1.21.2 Folder = C:\Documents and Settings\Steve Collins\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.00 Mb Total Physical Memory | 216.00 Mb Available Physical Memory | 42.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52.86 Gb Total Space | 39.32 Gb Free Space | 74.37% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: INSPIRON1150
Current User Name: Steve Collins
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/01/08 13:07:36 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Steve Collins\Desktop\OTL.exe
PRC - [2008/11/09 15:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2007/06/13 05:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/01/08 13:07:36 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Steve Collins\Desktop\OTL.exe
MOD - [2009/12/13 00:47:25 | 00,081,920 | ---- | M] (Adobe Systems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Macromedia\SwUpdate\swupdate.dll
MOD - [2009/10/30 11:18:16 | 00,147,024 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\PCTGMhk.dll
MOD - [2009/09/09 22:54:58 | 00,155,184 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\smum32.dll
MOD - [2006/08/25 10:45:55 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/12/12 23:49:52 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Stopped] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/11/10 10:28:08 | 00,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Stopped] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2009/11/06 14:29:22 | 01,141,712 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2009/10/30 11:18:16 | 00,359,624 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/08/24 21:16:36 | 00,406,016 | ---- | M] (mst software GmbH, Germany) [On_Demand | Stopped] -- C:\Program Files\Ashampoo\Ashampoo WinOptimizer 2010 Advanced\Dfsdks.exe -- (DfSdkS)
SRV - [2009/01/18 08:13:50 | 00,418,816 | ---- | M] (GRISOFT, s.r.o.) [Auto | Stopped] -- C:\Program Files\Grisoft\AVG Free\avgamsvr.exe -- (Avg7Alrt)
SRV - [2008/11/09 15:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/04/03 07:11:35 | 00,049,664 | ---- | M] (GRISOFT, s.r.o.) [Auto | Stopped] -- C:\Program Files\Grisoft\AVG Free\avgupsvc.exe -- (Avg7UpdSvc)
SRV - [2005/12/20 20:54:34 | 00,323,584 | ---- | M] (Apple Computer, Inc.) [On_Demand | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPodService)
SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005/03/30 15:46:56 | 00,411,920 | ---- | M] (Eastman Kodak Company) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\KodakCCS.exe -- (KodakCCS)
SRV - [2004/02/20 17:14:04 | 00,045,056 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\System32\WLTRYSVC.EXE -- (WLTRYSVC)
SRV - [2004/01/06 11:47:06 | 00,327,792 | ---- | M] (Executive Software International, Inc.) [Auto | Stopped] -- C:\Program Files\Executive Software\Diskeeper\DkService.exe -- (Diskeeper)


========== Driver Services (SafeList) ==========

DRV - [2009/11/20 14:56:02 | 00,021,035 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\AegisP.sys -- (AegisP) AEGIS Protocol (IEEE 802.1x)
DRV - [2009/11/09 11:20:12 | 00,207,792 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2009/01/18 08:14:02 | 00,010,760 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgclean.sys -- (AvgClean)
DRV - [2009/01/18 08:13:44 | 00,821,856 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\avg7core.sys -- (Avg7Core)
DRV - [2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\secdrv.sys -- (Secdrv)
DRV - [2007/04/03 07:12:22 | 00,027,776 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\avg7rsxp.sys -- (Avg7RsXP)
DRV - [2007/04/03 07:12:22 | 00,004,224 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avg7rsw.sys -- (Avg7RsW)
DRV - [2007/04/03 07:11:40 | 00,004,960 | ---- | M] (GRISOFT, s.r.o.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgtdi.sys -- (AvgTdi)
DRV - [2005/09/20 09:00:54 | 01,302,332 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ialmnt5.sys -- (ialm)
DRV - [2005/06/16 13:41:02 | 00,037,150 | ---- | M] (Eastman Kodak Company) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\DcCam.sys -- (DcCam)
DRV - [2005/04/01 11:43:02 | 00,066,048 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\EAPPkt.sys -- (EAPPkt)
DRV - [2005/03/31 07:00:08 | 00,152,081 | ---- | M] (Eastman Kodak Company) [Kernel | System | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ExportIt.sys -- (Exportit)
DRV - [2005/03/31 06:47:56 | 00,070,262 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\DcPtp.sys -- (DcPTP)
DRV - [2005/03/31 06:47:50 | 00,008,022 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\DcLps.sys -- (DcLps)
DRV - [2005/03/31 06:47:48 | 00,038,673 | ---- | M] (Eastman Kodak Company) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\DCFS2k.sys -- (DCFS2K)
DRV - [2005/03/31 06:47:42 | 00,061,564 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\DcFpoint.sys -- (DcFpoint)
DRV - [2005/02/18 01:28:33 | 00,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\asctrm.sys -- (ASCTRM)
DRV - [2005/02/18 01:16:15 | 00,015,781 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2005/02/02 01:21:04 | 00,014,408 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2004/12/01 03:22:00 | 00,087,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2004/11/23 02:56:00 | 00,040,480 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\drvnddm.sys -- (drvnddm)
DRV - [2004/11/16 01:05:00 | 00,100,603 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2004/11/16 01:05:00 | 00,098,714 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2004/11/16 01:05:00 | 00,086,554 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2004/11/16 01:05:00 | 00,034,843 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2004/11/16 01:05:00 | 00,025,883 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2004/11/16 01:05:00 | 00,015,227 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2004/11/16 01:05:00 | 00,006,363 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2004/11/16 01:05:00 | 00,004,123 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2004/11/16 01:05:00 | 00,002,239 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndres.sys -- (tfsndres)
DRV - [2004/11/15 16:37:52 | 00,264,440 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\stac97.sys -- (STAC97) Audio Driver (WDM)
DRV - [2004/09/23 01:03:00 | 00,020,576 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2004/08/04 06:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\PTILINK.SYS -- (Ptilink)
DRV - [2004/08/04 00:07:44 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2004/08/04 00:07:44 | 00,041,088 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2004/08/03 23:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\NV4_MINI.SYS -- (nv)
DRV - [2004/08/03 23:08:44 | 00,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\usbser.sys -- (usbser)
DRV - [2004/07/14 11:29:04 | 00,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\sscdbhk5.sys -- (sscdbhk5)
DRV - [2004/07/14 11:28:50 | 00,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ssrtln.sys -- (ssrtln)
DRV - [2004/06/30 11:39:36 | 00,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2004/05/13 20:19:22 | 00,182,688 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\SynTP.sys -- (SynTP)
DRV - [2004/03/19 11:54:24 | 00,038,912 | R--- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\P2k.sys -- (P2k)
DRV - [2004/02/20 17:13:50 | 00,312,960 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\BCMWL5.SYS -- (BCM43XX)
DRV - [2004/02/13 11:46:00 | 00,017,153 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2004/01/02 11:44:22 | 00,044,032 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2003/08/29 06:59:24 | 01,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\BCMSM.sys -- (BCMModem)
DRV - [2001/08/17 15:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 15:07:42 | 00,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 15:07:40 | 00,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 15:07:36 | 00,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 15:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 14:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 14:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 14:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 14:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 14:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 14:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 14:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 14:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 14:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 14:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 13:56:16 | 00,007,552 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\SONYPVU1.SYS -- (SONYPVU1) Sony USB Filter Driver (SONYPVU1)
DRV - [2001/08/17 13:12:10 | 00,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\E100B325.SYS -- (E100B) Intel(R)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: (734 bytes) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll (Microsoft Corporation)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (no name) - {32617793-570d-47d5-972a-cfabc51ca61a} - File not found
O2 - BHO: (UberButton Class) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo!)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (YahooTaggedBM Class) - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll (Yahoo! Inc.)
O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\SYSTEM32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\SYSTEM32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\SYSTEM32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [kimatobobo] File not found
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [zehuwafob] C:\WINDOWS\System32\yavayusa.DLL File not found
O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\Steve Collins\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O8 - Extra context menu item: &AOL Toolbar Search - c:\Program Files\AOL\AOL Toolbar 2.0\resources\en-us\local\search.html ()
O8 - Extra context menu item: &Yahoo! Search - C:\Program Files\Yahoo!\Common [2009/11/25 20:11:09 | 00,000,000 | ---D | M]
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Yahoo! &Dictionary - C:\Program Files\Yahoo!\Common [2009/11/25 20:11:09 | 00,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &Maps - C:\Program Files\Yahoo!\Common [2009/11/25 20:11:09 | 00,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &SMS - C:\Program Files\Yahoo!\Common [2009/11/25 20:11:09 | 00,000,000 | ---D | M]
O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo!)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra Button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: parker.com ([polprod] https in Trusted sites)
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll (Installation Support)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} https://upload.facebook.com/controls/FacebookPhotoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1123808924330 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} http://www.pcpitstop.com/mhLbl.cab (mhLabel Class)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab (ZoneIntro Class)
O16 - DPF: {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.4.0/jinstall-1_4_0-windows-i586.cab (Java Plug-in 1.4.0)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab (Java Plug-in 1.5.0_04)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab (PopCapLoader Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} http://by107fd.bay107.hotmail.msn.com/activex/HMAtchmt.ocx (Hotmail Attachments Control)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: gumosizit - {0c89b3f5-c97a-419f-a0b1-bd1a3e72c7f0} - C:\WINDOWS\System32\yavayusa.dll File not found
O21 - SSODL: SwUpdate - {009541A0-3B00-1F1C-00F3-040224001C01} - C:\Documents and Settings\All Users\Application Data\Macromedia\SwUpdate\swupdate.dllget\flashplayer\current\polarbear\ultrashim.cab File not found
O22 - SharedTaskScheduler: {0c89b3f5-c97a-419f-a0b1-bd1a3e72c7f0} - kupuhivus - C:\WINDOWS\System32\yavayusa.dll File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 14:04:08 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{24c0009e-e2bb-11de-b514-000b7d199291}\Shell - "" = AutoRun
O33 - MountPoints2\{24c0009e-e2bb-11de-b514-000b7d199291}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{24c0009e-e2bb-11de-b514-000b7d199291}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
O36 - AppCertDlls: AppSecDll - (C:\WINDOWS\system32\mshlps.dll) - C:\WINDOWS\System32\mshlps.dll File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/01/08 16:48:13 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/01/08 16:48:04 | 00,000,000 | --SD | C] -- C:\ComboFix
[2010/01/08 16:08:52 | 00,000,000 | ---D | C] -- C:\Qoobox
[2010/01/08 14:39:55 | 00,000,000 | ---D | C] -- C:\_OTL
[2010/01/08 13:16:52 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Steve Collins\Desktop\OTL.exe
[2010/01/08 12:23:02 | 05,061,520 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Steve Collins\Desktop\iexplore.exe
[2010/01/08 10:26:00 | 00,135,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Copy (3) of TASKMGR.EXE
[2010/01/08 10:25:13 | 00,135,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iexplore.EXE
[2010/01/08 10:23:15 | 00,135,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Copy of TASKMGR.EXE
[2010/01/05 18:06:54 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/05 18:06:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/01/05 18:06:43 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/05 18:05:48 | 00,000,000 | ---D | C] -- C:\Program Files\TrendMicro
[2010/01/05 16:16:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RegCure
[2010/01/05 16:16:51 | 00,000,000 | ---D | C] -- C:\Program Files\RegCure
[2010/01/05 14:11:03 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/01/05 13:39:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Steve Collins\Local Settings\Application Data\Threat Expert
[2010/01/05 13:04:18 | 01,640,400 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2010/01/05 13:04:18 | 00,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2010/01/05 13:04:18 | 00,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2010/01/05 13:04:10 | 00,233,136 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2010/01/05 13:03:54 | 00,207,792 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2010/01/05 13:03:54 | 00,087,784 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2010/01/05 13:03:46 | 00,070,408 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2010/01/05 13:03:39 | 00,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/01/05 13:03:39 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/01/05 13:03:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Steve Collins\Application Data\PC Tools
[2010/01/05 13:03:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2010/01/05 13:03:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/12/30 01:22:08 | 00,000,000 | ---D | C] -- C:\Program Files\Ashampoo
[2009/12/29 20:30:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Steve Collins\Local Settings\Application Data\Temp
[2009/12/24 14:55:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Steve Collins\Application Data\Absolute Poker
[2009/12/24 14:55:00 | 00,000,000 | ---D | C] -- C:\Program Files\Absolute Poker
[2009/12/24 14:54:51 | 00,000,000 | ---D | C] -- C:\Program Files\_uninstallation_info
[2009/12/23 14:19:53 | 10,832,920 | ---- | C] (ashampoo GmbH & Co. KG ) -- C:\Documents and Settings\Steve Collins\Desktop\ashampoo_winoptimizer_2010_advanced_6[1].50_6644.exe
[2009/12/17 02:08:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Steve Collins\Desktop\SLOT
[2009/12/17 01:03:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2009/12/17 00:05:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Steve Collins\Desktop\tonys stuff
[2009/12/13 06:27:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2009/12/12 23:50:52 | 00,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2009/12/12 23:50:52 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/12/12 23:50:52 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/12/12 23:50:52 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/12/12 23:50:52 | 00,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009/12/11 03:01:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Steve Collins\Local Settings\Application Data\BS_Player
[2009/12/11 03:01:20 | 00,000,000 | ---D | C] -- C:\Program Files\BS_Player
[2009/12/11 03:01:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Steve Collins\Application Data\BSplayer Pro
[2009/12/11 03:00:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Steve Collins\Application Data\BSplayer
[2009/12/11 03:00:57 | 00,000,000 | ---D | C] -- C:\Program Files\Webteh
[2009/12/10 16:39:10 | 00,000,000 | ---D | C] -- C:\Program Files\RegistryFix8
[2009/12/06 16:57:20 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/12/06 15:38:47 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/12/06 15:38:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/12/06 15:38:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/12/06 14:24:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\AVG7
[2005/02/23 16:08:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\McAfee.com Personal Firewall
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/01/08 17:48:54 | 00,001,744 | -H-- | M] () -- C:\WINDOWS\System32\wijokipo
[2010/01/08 17:35:00 | 00,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2431532243-2449587419-2770306861-1006UA.job
[2010/01/08 17:29:00 | 00,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/01/08 17:00:00 | 00,000,406 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2010/01/08 16:29:00 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/01/08 15:51:46 | 00,290,816 | ---- | M] () -- C:\Documents and Settings\Steve Collins\Desktop\exeHelper.com
[2010/01/08 15:15:15 | 03,819,182 | R--- | M] () -- C:\Documents and Settings\Steve Collins\Desktop\ComboFix.exe
[2010/01/08 14:30:19 | 00,001,092 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI
[2010/01/08 13:07:36 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Steve Collins\Desktop\OTL.exe
[2010/01/08 11:34:51 | 00,095,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atapi.sys
[2010/01/08 10:11:01 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/01/08 10:09:39 | 00,000,394 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Startup.job
[2010/01/08 10:09:26 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/08 10:09:23 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/01/08 10:09:20 | 53,519,1552 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/08 08:48:43 | 05,578,752 | ---- | M] () -- C:\Documents and Settings\Steve Collins\ntuser.dat
[2010/01/08 08:48:43 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Steve Collins\NTUSER.INI
[2010/01/08 01:00:17 | 00,002,599 | ---- | M] () -- C:\Documents and Settings\Steve Collins\Desktop\HiJackThis.lnk
[2010/01/07 20:35:00 | 00,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2431532243-2449587419-2770306861-1006Core.job
[2010/01/07 16:15:48 | 05,061,520 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Steve Collins\Desktop\iexplore.exe
[2010/01/05 16:16:58 | 00,000,388 | ---- | M] () -- C:\WINDOWS\tasks\RegCure.job
[2010/01/05 13:03:49 | 00,001,643 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2010/01/03 21:18:16 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/01/03 21:18:16 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2009/12/31 17:42:19 | 06,291,456 | -H-- | M] () -- C:\Documents and Settings\Steve Collins\Local Settings\Application Data\IconCache.db
[2009/12/30 14:55:24 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/30 14:54:58 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/12/30 01:22:15 | 00,001,799 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\One-Click-Optimizer.lnk
[2009/12/30 01:22:15 | 00,000,861 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ashampoo WinOptimizer 2010 Advanced.lnk
[2009/12/29 23:57:38 | 00,002,004 | ---- | M] () -- C:\Documents and Settings\Steve Collins\My Documents\1229 new.bsl
[2009/12/29 21:06:28 | 00,017,920 | ---- | M] () -- C:\Documents and Settings\Steve Collins\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/29 20:34:47 | 00,002,344 | ---- | M] () -- C:\Documents and Settings\Steve Collins\Desktop\Google Chrome.lnk
[2009/12/29 19:56:06 | 00,001,536 | ---- | M] () -- C:\Documents and Settings\Steve Collins\Desktop\NO$GBA.INP
[2009/12/29 09:26:19 | 05,141,504 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2009/12/29 09:26:19 | 03,897,344 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2009/12/24 15:05:27 | 00,000,734 | ---- | M] () -- C:\Documents and Settings\Steve Collins\Desktop\Absolute Poker.lnk
[2009/12/24 14:53:50 | 00,002,955 | ---- | M] () -- C:\Documents and Settings\Steve Collins\My Documents\new@1.bsl
[2009/12/24 14:47:17 | 00,228,840 | ---- | M] () -- C:\Documents and Settings\Steve Collins\My Documents\AbsolutePoker_Setup.exe
[2009/12/23 14:19:53 | 10,832,920 | ---- | M] (ashampoo GmbH & Co. KG ) -- C:\Documents and Settings\Steve Collins\Desktop\ashampoo_winoptimizer_2010_advanced_6[1].50_6644.exe
[2009/12/17 00:09:43 | 00,000,040 | ---- | M] () -- C:\WINDOWS\nero.INI
[2009/12/13 07:25:12 | 00,004,836 | ---- | M] () -- C:\Documents and Settings\Steve Collins\My Documents\links to It's Always Sunny In Philadelphia.rtf
[2009/12/12 23:49:51 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2009/12/12 23:49:51 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/12/12 23:49:51 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/12/12 23:49:51 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/12/12 23:49:51 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009/12/12 20:15:01 | 00,000,775 | ---- | M] () -- C:\Documents and Settings\Steve Collins\Desktop\BS.Player FREE.lnk
[2009/12/11 18:30:00 | 00,000,366 | ---- | M] () -- C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (D7WK0V61-Steve Collins).job
[2009/12/10 16:46:02 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/08 17:14:27 | 00,001,744 | -H-- | C] () -- C:\WINDOWS\System32\wijokipo
[2010/01/08 15:54:07 | 00,290,816 | ---- | C] () -- C:\Documents and Settings\Steve Collins\Desktop\exeHelper.com
[2010/01/08 15:15:10 | 03,819,182 | R--- | C] () -- C:\Documents and Settings\Steve Collins\Desktop\ComboFix.exe
[2010/01/07 16:05:28 | 00,002,599 | ---- | C] () -- C:\Documents and Settings\Steve Collins\Desktop\HiJackThis.lnk
[2010/01/05 16:16:59 | 00,000,406 | ---- | C] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2010/01/05 16:16:58 | 00,000,394 | ---- | C] () -- C:\WINDOWS\tasks\RegCure Startup.job
[2010/01/05 16:16:57 | 00,000,388 | ---- | C] () -- C:\WINDOWS\tasks\RegCure.job
[2010/01/05 13:04:19 | 00,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2010/01/05 13:04:18 | 01,152,444 | ---- | C] () -- C:\WINDOWS\UDB.zip
[2010/01/05 13:04:18 | 00,000,882 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml
[2010/01/05 13:04:18 | 00,000,880 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml
[2010/01/05 13:04:18 | 00,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip
[2010/01/05 13:04:10 | 00,007,387 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctgntdi.cat
[2010/01/05 13:03:54 | 00,007,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCTAppEvent.cat
[2010/01/05 13:03:54 | 00,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2010/01/05 13:03:49 | 00,001,643 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2010/01/05 13:03:46 | 00,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctplsg.cat
[2010/01/03 21:18:16 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2010/01/03 21:18:16 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2009/12/30 01:22:15 | 00,001,799 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\One-Click-Optimizer.lnk
[2009/12/30 01:22:15 | 00,000,861 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ashampoo WinOptimizer 2010 Advanced.lnk
[2009/12/29 23:57:38 | 00,002,004 | ---- | C] () -- C:\Documents and Settings\Steve Collins\My Documents\1229 new.bsl
[2009/12/29 20:34:47 | 00,002,344 | ---- | C] () -- C:\Documents and Settings\Steve Collins\Desktop\Google Chrome.lnk
[2009/12/29 20:30:34 | 00,001,010 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2431532243-2449587419-2770306861-1006UA.job
[2009/12/29 20:30:33 | 00,000,958 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2431532243-2449587419-2770306861-1006Core.job
[2009/12/24 15:05:27 | 00,000,734 | ---- | C] () -- C:\Documents and Settings\Steve Collins\Desktop\Absolute Poker.lnk
[2009/12/24 14:53:50 | 00,002,955 | ---- | C] () -- C:\Documents and Settings\Steve Collins\My Documents\new@1.bsl
[2009/12/24 14:47:11 | 00,228,840 | ---- | C] () -- C:\Documents and Settings\Steve Collins\My Documents\AbsolutePoker_Setup.exe
[2009/12/13 13:25:05 | 00,609,726 | ---- | C] () -- C:\Documents and Settings\Steve Collins\Desktop\102_1633.JPG
[2009/12/12 21:56:47 | 00,004,836 | ---- | C] () -- C:\Documents and Settings\Steve Collins\My Documents\links to It's Always Sunny In Philadelphia.rtf
[2009/12/12 20:15:01 | 00,000,775 | ---- | C] () -- C:\Documents and Settings\Steve Collins\Desktop\BS.Player FREE.lnk
[2009/12/10 16:46:02 | 00,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/11/20 14:55:48 | 00,966,765 | ---- | C] () -- C:\WINDOWS\System32\acAuth.dll
[2009/11/20 14:55:47 | 00,356,352 | ---- | C] () -- C:\WINDOWS\System32\SCMLib.dll
[2009/11/18 06:55:16 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[2009/08/21 14:42:28 | 00,000,034 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2008/11/20 16:18:03 | 00,044,544 | ---- | C] () -- C:\WINDOWS\System32\gif89.dll
[2008/11/20 16:17:20 | 00,000,474 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2007/11/27 15:23:18 | 00,000,000 | ---- | C] () -- C:\WINDOWS\browser.INI
[2007/06/29 20:04:25 | 00,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2007/06/29 10:48:20 | 00,000,047 | ---- | C] () -- C:\WINDOWS\SPIDERCM.INI
[2007/05/22 18:15:22 | 00,000,027 | ---- | C] () -- C:\WINDOWS\INTUIT.INI
[2007/05/10 20:45:21 | 00,000,185 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2007/05/10 20:45:13 | 00,001,092 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/02/12 17:56:03 | 00,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/12/28 13:07:52 | 00,045,056 | R--- | C] () -- C:\Program Files\SetAttrib.exe
[2005/06/23 02:41:00 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/06/23 02:41:00 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/06/23 02:41:00 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/06/23 02:41:00 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/06/23 02:41:00 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/06/23 02:41:00 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/06/23 02:40:26 | 00,122,880 | ---- | C] () -- C:\WINDOWS\System32\cddvdint.dll
[2005/06/20 03:30:10 | 00,000,141 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2005/02/26 16:29:19 | 00,196,608 | ---- | C] () -- C:\WINDOWS\System32\avisynth.dll
[2005/02/26 16:17:13 | 00,017,920 | ---- | C] () -- C:\Documents and Settings\Steve Collins\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/02/26 13:22:07 | 00,000,136 | ---- | C] () -- C:\Documents and Settings\Steve Collins\Local Settings\Application Data\fusioncache.dat
[2005/02/24 19:19:15 | 00,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2005/02/24 18:31:15 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/02/23 21:06:10 | 00,000,040 | ---- | C] () -- C:\WINDOWS\nero.INI
[2005/02/23 18:20:08 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/02/23 16:07:51 | 00,000,004 | ---- | C] () -- C:\Documents and Settings\Steve Collins\Application Data\QSPMShare
[2005/02/18 01:31:26 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/02/18 01:21:40 | 00,000,264 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/02/18 01:13:50 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2005/02/18 00:23:14 | 00,000,517 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/09/15 22:49:44 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 14:13:12 | 00,000,780 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2001/09/17 14:20:02 | 00,009,216 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2000/09/08 16:53:50 | 00,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll
[1998/08/16 06:00:00 | 00,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 201 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
< End of report >

sorry it looked like it did not goto the page on the other computer.

Hello.
Okay, one more time.

I see that you are running Limewire.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
J2SE Development Kit 5.0 Update 4
LimeWire 4.6.0
Viewpoint Media Player

Please run OTL.exe.

• Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  
  :OTL
  O2 - BHO: (no name) - {32617793-570d-47d5-972a-cfabc51ca61a} - File not found
  O4 - HKLM..\Run: [kimatobobo] File not found
  O4 - HKLM..\Run: [zehuwafob] C:\WINDOWS\System32\yavayusa.DLL File not found
  O21 - SSODL: gumosizit - {0c89b3f5-c97a-419f-a0b1-bd1a3e72c7f0} - C:\WINDOWS\System32\yavayusa.dll File not found
  O21 - SSODL: SwUpdate - {009541A0-3B00-1F1C-00F3-040224001C01} - C:\Documents and Settings\All Users\Application Data\Macromedia\SwUpdate\swupdate.dllget\flashplayer\current\polarbear\ultrashim.cab File not found
  O22 - SharedTaskScheduler: {0c89b3f5-c97a-419f-a0b1-bd1a3e72c7f0} - kupuhivus - C:\WINDOWS\System32\yavayusa.dll File not found
  O33 - MountPoints2\{24c0009e-e2bb-11de-b514-000b7d199291}\Shell - "" = AutoRun
  O33 - MountPoints2\{24c0009e-e2bb-11de-b514-000b7d199291}\Shell\AutoRun - "" = Auto&Play
  O33 - MountPoints2\{24c0009e-e2bb-11de-b514-000b7d199291}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
  O36 - AppCertDlls: AppSecDll - (C:\WINDOWS\system32\mshlps.dll) - C:\WINDOWS\System32\mshlps.dll File not found
  [2010/01/08 17:48:54 | 00,001,744 | -H-- | M] () -- C:\WINDOWS\System32\wijokipo
  
  
  
• Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
  
  
• Click the red Run Fix button.
  
• A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  
• Close OTL.exe
  

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

i dont use it i will take it off tell me how regular delete?

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{32617793-570d-47d5-972a-cfabc51ca61a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32617793-570d-47d5-972a-cfabc51ca61a}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\kimatobobo deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\zehuwafob deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\gumosizit deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0c89b3f5-c97a-419f-a0b1-bd1a3e72c7f0}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\SwUpdate deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{009541A0-3B00-1F1C-00F3-040224001C01}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{0c89b3f5-c97a-419f-a0b1-bd1a3e72c7f0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0c89b3f5-c97a-419f-a0b1-bd1a3e72c7f0}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{24c0009e-e2bb-11de-b514-000b7d199291}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{24c0009e-e2bb-11de-b514-000b7d199291}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{24c0009e-e2bb-11de-b514-000b7d199291}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{24c0009e-e2bb-11de-b514-000b7d199291}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{24c0009e-e2bb-11de-b514-000b7d199291}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{24c0009e-e2bb-11de-b514-000b7d199291}\ not found.
File E:\LaunchU3.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls\\AppSecDll:C:\WINDOWS\system32\mshlps.dll deleted successfully.
C:\WINDOWS\SYSTEM32\wijokipo moved successfully.

OTL by OldTimer - Version 3.1.21.2 log created on 01082010_181537

Okay, re-run Hijack This now and post a new Hijack This log.

is that it

Hopefully.

it works but should i restart and what freeware av do you think would help me not do this all over again. thanks

Were not at that point yet, I'll post some recommendations once I check this final log.

hi my uncle was on his computer last night i left went to my friends
and my grandpa restarted the computer and i came in this morning and tryed a start up and it keeps saying

THE LOGON USER INTERFACE DLL FAILED TO LOAD

CONTACT YOUR SYSTEM ADMINISTRATOR TO REPLACE THE DLL OR RESTORE THE DLL OR RESTORE THE ORIGINAL DLL.

{RESTART}

I HIT RESTART AND THE SAME THING KEEPS COMING UP IS THAT BAD CAN YOU FIX IT IM SO IN YOUR Gratitude. WAIT FOR INSTRUCTIONS.

and last night i was unable to see any new post that i posted or you posted. on the website.