Shut Down by Trojan Horse Downloader.Agent2.SNU HELP!

B.

Should I try to load the disk?

Yes please.

I inserted the Windows XP CD in the PC and rebooted but the reinstallation does not start. It continues the same loop as before.

When I attempted to run setup, I got this message:

"Setup could not continue because the version on windows is newer than my CD. To erase the newer version and install the older version, restart the computer and boot from CD"

It won't start the installation because of the continual loop.

Thanks.

Hello.
When prompted, did you type R for repair install?

Belahzur,

We're back in business, I was able to do a system restore point to May 21st and then tried the combofix as directed. However, the combofix did not produce a log, it started the same loop again even though I did it right this time. Can you fix the internet connection without the combofix step?

Thanks!

Re-Run OTL and post the new log.

Okay.

Belahzur,

Here's the OTL log:
OTL logfile created on: 5/31/2010 9:44:48 PM - Run 3
OTL by OldTimer - Version 3.2.4.1 Folder = H:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 204.00 Mb Available Physical Memory | 40.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 52.15 Gb Free Space | 69.98% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 1.86 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: FAT
I: Drive not present or media not loaded

Computer Name: CUSTOMCOMPUTER
Current User Name: User1
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/05/14 11:21:04 | 000,570,880 | ---- | M] (OldTimer Tools) -- H:\OTL.exe
PRC - [2010/04/15 08:25:20 | 001,872,320 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\a-squared Free\a2service.exe
PRC - [2010/03/25 17:15:38 | 001,940,544 | ---- | M] (CallWave, Inc.) -- C:\Program Files\CallWave\IAM.exe
PRC - [2010/03/15 09:02:27 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/01/21 17:11:36 | 000,184,320 | ---- | M] () -- C:\Program Files\AMT Media Manager\AMTDeviceService.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/09 14:56:26 | 000,388,936 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\Washer\WasherSvc.exe
PRC - [2007/06/05 17:23:28 | 000,561,152 | ---- | M] (Lavasoft AB) -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
PRC - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2004/12/29 07:01:56 | 000,544,768 | ---- | M] (Motorola Inc.) -- C:\WINDOWS\sm56hlpr.exe
PRC - [2003/11/18 14:11:04 | 000,565,248 | R--- | M] (VIA Technologies) -- C:\Program Files\VIA\RAID\raid_tool.exe
PRC - [2002/09/20 16:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


========== Modules (SafeList) ==========

MOD - [2010/05/31 21:28:23 | 000,163,840 | ---- | M] () -- C:\Program Files\CallWave\CWIdle.dll
MOD - [2010/05/14 11:21:04 | 000,570,880 | ---- | M] (OldTimer Tools) -- H:\OTL.exe
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/04/15 08:25:20 | 001,872,320 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\a-squared Free\a2service.exe -- (a2free)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/08/09 14:56:26 | 000,388,936 | ---- | M] (Webroot Software, Inc.) [Auto | Running] -- C:\Program Files\Webroot\Washer\WasherSvc.exe -- (wwEngineSvc)
SRV - [2007/06/05 17:23:28 | 000,561,152 | ---- | M] (Lavasoft AB) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe -- (aawservice)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2002/09/20 16:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))


========== Driver Services (SafeList) ==========

DRV - [2008/04/13 14:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2007/07/19 15:10:28 | 000,127,768 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2007/03/22 13:57:14 | 000,028,672 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\elagopro.sys -- (elagopro)
DRV - [2007/03/22 13:57:14 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\elaunidr.sys -- (elaunidr)
DRV - [2006/02/21 20:46:26 | 001,505,792 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/09/19 08:41:00 | 000,241,280 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2005/01/11 08:25:10 | 000,923,826 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial)
DRV - [2003/10/31 11:22:38 | 000,077,312 | R--- | M] (VIA Technologies inc,.ltd) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\viasraid.sys -- (viasraid)
DRV - [2001/08/17 13:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/
IE - HKCU\..\URLSearchHook: {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========


FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/03/15 09:05:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/05 23:59:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/08 19:14:04 | 000,000,000 | ---D | M]

[2009/12/29 17:00:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\Mozilla\Extensions
[2009/07/01 19:21:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/05/12 22:29:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\Mozilla\Firefox\Profiles\aqsjgtw3.default\extensions
[2009/08/22 22:09:59 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\User1\Application Data\Mozilla\Firefox\Profiles\aqsjgtw3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/11 10:24:13 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\User1\Application Data\Mozilla\Firefox\Profiles\aqsjgtw3.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2008/05/17 17:12:31 | 000,000,000 | ---D | M] (Sothink Web Video Downloader for Firefox) -- C:\Documents and Settings\User1\Application Data\Mozilla\Firefox\Profiles\aqsjgtw3.default\extensions\{FCAB6FDD-5585-425b-95C1-5ED856F3FD08}
[2010/05/15 14:32:41 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/08 19:14:04 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\zoomext@starfield
[2008/06/18 02:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2009/11/20 13:34:44 | 000,218,624 | ---- | M] (Starfield Technology, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwbe.dll

O1 HOSTS File: ([2010/05/22 19:35:03 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: () - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [AMTDeviceService] C:\Program Files\AMT Media Manager\AMTDeviceService.exe ()
O4 - HKLM..\Run: [SMSERIAL] C:\WINDOWS\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [cdloader] C:\Documents and Settings\User1\Application Data\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - HKCU..\Run: [DW6] C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe File not found
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CallWave.lnk = C:\Program Files\CallWave\IAM.exe (CallWave, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe (VIA Technologies)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: rf4qy = C:\DOCUME~1\User1\LOCALS~1\Temp\b8n8nse.exe File not found
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Show BookTemplate Toolbar! - {4444FF7E-2019-4df0-B7FD-B7F20FE02417} - Reg Error: Key error. File not found
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} http://aol.worldwinner.com/games/v47/shared/FunGamesLoader.cab (FunGamesLoader Object)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.3.5.cab (DLM Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1181362346140 (WUWebControl Class)
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab (HpProductDetection Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1181598201406 (MUWebControl Class)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://javadl-esd.sun.com/update/1.6.0/jinstall-6u1-windows-i586-jc.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A796D216-2DE1-4EA8-BABB-FE6E7C959098} http://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab (HPSDDX Class)
O16 - DPF: {BB637307-92FA-47EC-B3F7-6969078673CC} http://www.worldwinner.com/games/v45/royal/royal.cab (Royal Control)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Web-Based Email Tools http://email.secureserver.net/Download.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.68.166 68.87.74.166
O18 - Protocol\Handler\ic32pp {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} - C:\WINDOWS\wc98pp.dll ()
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/06/08 23:03:50 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{3bacd542-6658-11de-b549-0011d8894b72}\Shell\AutoRun\command - "" = F:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{3bacd542-6658-11de-b549-0011d8894b72}\Shell\install\command - "" = F:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{3bacd542-6658-11de-b549-0011d8894b72}\Shell\usermanualEnglish\command - "" = F:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{3bacd542-6658-11de-b549-0011d8894b72}\Shell\usermanualFrench\command - "" = F:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{3bacd542-6658-11de-b549-0011d8894b72}\Shell\usermanualSpanish\command - "" = F:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{9e6b7f2c-90ed-11de-b59e-0011d8894b72}\Shell - "" = AutoRun
O33 - MountPoints2\{9e6b7f2c-90ed-11de-b59e-0011d8894b72}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9e6b7f2c-90ed-11de-b59e-0011d8894b72}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (smrgdf C:\Documents and Settings\User1\Application Data\iolo\) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/05/26 23:48:59 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/05/26 23:48:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\0E6AB9FC76C2431B9C066C1CFFFEA8EB.TMP
[2010/05/26 23:48:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/05/26 23:40:49 | 000,000,000 | ---D | C] -- C:\Program Files\AsesoftNet iToolbar
[2010/05/26 23:40:48 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/05/26 23:39:39 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/26 23:24:16 | 000,000,000 | ---D | C] -- C:\Combo-Fix(3)
[2010/05/26 22:39:50 | 000,000,000 | ---D | C] -- C:\RECYCLER(3)
[2010/05/22 21:08:49 | 000,000,000 | -HSD | C] -- C:\RECYCLER(2)
[2010/05/22 21:08:09 | 000,000,000 | --SD | C] -- C:\Combo-Fix(2)
[2010/05/22 19:42:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/05/21 21:52:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/05/21 21:52:02 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/05/20 21:54:43 | 000,000,000 | ---D | C] -- C:\Inetpub
[2010/05/15 10:25:49 | 000,000,000 | ---D | C] -- C:\Program Files\a-squared Free
[2010/05/13 07:54:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MpEngineStore
[2010/05/12 22:26:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User1\Local Settings\Application Data\lrcldabqi
[2010/05/12 22:26:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User1\Application Data\ATManager
[2010/05/11 11:56:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User1\My Documents\DCFS-Apps_Rules
[2010/05/08 19:14:01 | 000,000,000 | ---D | C] -- C:\Program Files\Starfield
[2005/08/31 21:33:54 | 000,092,672 | ---- | C] ( ) -- C:\WINDOWS\System32\DVDRead.dll
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[5 C:\Documents and Settings\User1\My Documents\*.tmp files -> C:\Documents and Settings\User1\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/31 21:30:45 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/05/31 21:30:36 | 000,000,235 | ---- | M] () -- C:\Documents and Settings\User1\Desktop\Shortcut to _OTL.lnk
[2010/05/31 21:28:15 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2010/05/31 21:28:12 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-117609710-879983540-725345543-1003.job
[2010/05/31 21:27:40 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/31 21:27:39 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/31 21:27:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/31 21:27:35 | 535,613,440 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/27 00:07:24 | 008,749,056 | ---- | M] () -- C:\Documents and Settings\User1\ntuser.dat
[2010/05/27 00:07:24 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\User1\ntuser.ini
[2010/05/27 00:07:18 | 004,314,720 | -H-- | M] () -- C:\Documents and Settings\User1\Local Settings\Application Data\IconCache.db
[2010/05/22 19:35:42 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/05/22 19:35:03 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/05/20 21:55:21 | 000,005,878 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/05/15 10:31:49 | 000,000,648 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\a-squared Free.lnk
[2010/05/13 19:53:50 | 000,096,477 | ---- | M] () -- C:\Documents and Settings\User1\Desktop\~$imalistic_Thinking_Manuscript_5.10.10.docx
[2010/05/13 17:43:11 | 000,000,976 | ---- | M] () -- C:\Documents and Settings\User1\Desktop\ATManager.lnk
[2010/05/13 14:20:44 | 000,001,004 | ---- | M] () -- C:\Documents and Settings\User1\Desktop\magicJack.lnk
[2010/05/13 07:57:53 | 000,000,340 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2010/05/12 22:27:53 | 000,210,816 | ---- | M] () -- C:\WINDOWS\System32\dllcache\ndis.sys
[2010/05/12 20:09:36 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-117609710-879983540-725345543-1003.job
[2010/05/12 08:47:53 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/05/12 08:47:53 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2010/05/11 11:49:02 | 000,055,352 | ---- | M] () -- C:\Documents and Settings\User1\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/05/09 19:25:33 | 000,044,032 | ---- | M] () -- C:\Documents and Settings\User1\My Documents\Zow_Group_990_Assistance.2009_J.Bowling.doc
[2010/05/06 10:36:38 | 000,221,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[5 C:\Documents and Settings\User1\My Documents\*.tmp files -> C:\Documents and Settings\User1\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/31 21:30:36 | 000,000,235 | ---- | C] () -- C:\Documents and Settings\User1\Desktop\Shortcut to _OTL.lnk
[2010/05/26 23:51:57 | 535,613,440 | -HS- | C] () -- C:\hiberfil.sys
[2010/05/21 21:40:54 | 008,749,056 | ---- | C] () -- C:\Documents and Settings\User1\ntuser.dat
[2010/05/15 10:26:07 | 000,000,648 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\a-squared Free.lnk
[2010/05/13 19:53:50 | 000,096,477 | ---- | C] () -- C:\Documents and Settings\User1\Desktop\~$imalistic_Thinking_Manuscript_5.10.10.docx
[2010/05/13 16:04:11 | 000,005,074 | ---- | C] () -- C:\Documents and Settings\User1\avgrep.txt
[2010/05/12 22:27:53 | 000,210,816 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ndis.sys
[2010/05/12 22:27:22 | 000,000,976 | ---- | C] () -- C:\Documents and Settings\User1\Desktop\ATManager.lnk
[2010/05/12 22:18:40 | 000,014,047 | ---- | C] () -- C:\Documents and Settings\User1\hs_err_pid2804.log
[2010/05/12 08:47:53 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2010/05/12 08:47:53 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2010/05/09 19:25:33 | 000,044,032 | ---- | C] () -- C:\Documents and Settings\User1\My Documents\Zow_Group_990_Assistance.2009_J.Bowling.doc
[2010/04/13 09:18:54 | 000,051,712 | ---- | C] () -- C:\WINDOWS\wc98pp.dll
[2009/12/27 16:39:33 | 000,001,264 | ---- | C] () -- C:\WINDOWS\disney.ini
[2009/12/04 00:54:02 | 000,000,002 | ---- | C] () -- C:\WINDOWS\PhotoSuite.ini
[2009/12/04 00:53:53 | 000,458,752 | ---- | C] () -- C:\WINDOWS\System32\Fpl.dll
[2009/12/04 00:53:51 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\Jpeglib.dll
[2009/12/04 00:53:50 | 000,332,800 | ---- | C] () -- C:\WINDOWS\System32\Fpxlib.dll
[2009/12/04 00:53:49 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2009/10/07 21:43:45 | 000,000,074 | ---- | C] () -- C:\WINDOWS\st_affiliate.ini
[2009/10/06 19:20:10 | 000,056,832 | RHS- | C] () -- C:\WINDOWS\System32\mfszwmz.dll
[2009/04/15 18:35:24 | 000,018,790 | ---- | C] () -- C:\WINDOWS\System32\ddmon.dll
[2008/05/27 18:04:07 | 000,000,100 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/05/22 17:00:13 | 000,000,037 | ---- | C] () -- C:\WINDOWS\SWFConverter.INI
[2008/05/22 17:00:09 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/05/22 17:00:09 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/05/12 09:33:55 | 000,000,390 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2008/05/09 22:18:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\HPMProp.INI
[2008/03/12 18:54:31 | 000,000,340 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2007/06/11 17:41:23 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/06/09 01:42:41 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2007/06/09 01:42:40 | 000,696,320 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2007/06/09 00:09:05 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2004/11/11 02:16:10 | 000,045,056 | ---- | C] () -- C:\WINDOWS\sm56chs.dll
[2004/11/10 05:42:22 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56eng.dll
[2004/11/10 05:42:22 | 000,049,152 | ---- | C] () -- C:\WINDOWS\sm56jpn.dll
[2004/11/10 05:42:20 | 000,045,056 | ---- | C] () -- C:\WINDOWS\sm56cht.dll
[2004/11/02 11:12:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56spn.dll
[2004/11/02 11:12:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56itl.dll
[2004/11/02 11:12:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56ger.dll
[2004/11/02 11:12:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56fra.dll
[2004/11/02 11:12:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56brz.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E6F9610D
< End of report >

Hello.

Please run OTL.exe.

• Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  
  :OTL
  IE - HKCU\..\URLSearchHook: {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - Reg Error: Key error. File not found
  IE - HKCU\..\URLSearchHook: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - Reg Error: Key error. File not found
  O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
  
  
  
  
• Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
  
  
• Click the red Run Fix button.
  
• A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  
• Close OTL.exe
  

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Here it is:

========== OTL ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.

OTL by OldTimer - Version 3.2.4.1 log created on 06012010_231428

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

Belahzur,

Please see Post 10 & 11 and let me know if you want me to repeat it. Remember, I can't update the MBAM due to lack of internet connection.

Thanks.

Damn proxy is annoying as hell aint it?

Remove the Proxy setting in Internet Explorer and/or in FireFox.

In Internet Explorer

1. Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.
   

In Firefox

1. Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection > Choose "No Proxy"
   
2. Click the apply button and restart that computer in normal mode.
   

Do you have a net connection now?

Unfortunately--No. Those "low-life criminal virus pirates" really did a job on my PC. I am confident that you will beat them!

I await your your next direction.