Rundll32.exe error

I see that you have several posts on this. I am using Windows XP Professional. I am certain it is a virus. I have researched different suggestions to repair but have been unsuccessful. It won't let me open the anti-spyware program that is installed. I cannot access the internet except for a brief moment and then it flashes an administrator request with an IP address on it and then gets stuck. I ran the C:\windows\system32\dllcache and C:\windows\ServicePackFiles\i386 and the run dll32.exe was not in either of them.
I attempted a restore and was unable to do it. I also tried typing in the msconfig and it wouldn't allow me access. I typed in command to try to get to notebook but the little screen just flashed quickly and disappeared. I have a flash drive and have tried to download software but it won't allow me to open anything.
Do you have any suggestions which don't involve downloading software? Or maybe a way to get around it? I checked on the Windows website and it said to reload the XP disk which I don't have,although I do have the key number. Any advice would be greatly appreciated.

Hello.

• Open HijackThis
  
• Choose "Do a system scan only"
  
• Check the boxes in front of these lines:
  
  
  O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
  O4 - HKLM\..\Run: [Microsoft Pinyin IME Migration] C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE /INSTALL
  O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe"
  O4 - HKLM\..\Run: [P2Go_Menu] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
  O4 - HKLM\..\Run: [HControlUser] "C:\Program Files\ATK Hotkey\HcontrolUser.exe"
  O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe
  O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
  O4 - HKLM\..\Run: [ADSMTray] C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe
  O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe
  O4 - HKLM\..\Run: [ASUSTPE] C:\Windows\system32\ASUSTPE.exe
  O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\AsScrProlog.exe
  O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe
  O4 - HKLM\..\Run: [Skytel] Skytel.exe
  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
  O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=OQBBAFYARgBSAEUARQAtAFYASwBQAEMAQgAtADYAQgBXAEYATQ"&"inst=NwA5AC0AMQAxADQAOQ"&"prod=90"&"ver=9.0.733
  O4 - Startup: AdobeUpdate.jar
  O4 - Global Startup: FancyStart daemon.lnk = ?
  
  
  
• Press "Fix Checked"
  
• Close Hijack This.
  

Reboot automatically.

How is the machine running now?

I was able to download Hijack this from a flash drive but it won't allow me to open it. It says windows cannot find "null."

Okay I was able to open it after all. I didn't find anything to match what you gave me. I had to copy everything manually so there may be some errors,here is what I have:
RO HKCU\Software\Microsoft\Internet Explore\Main,Start Page+C:\Windows\System32\spywarewarning.m *****(the rest was cutoff)
R1 HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar=http://gocompaq.com/1Q00CDT/0403/bl8****
R0 HKLM\Software\Microsoft\Internet Explorer\Main, Start page = http://gocompaq.com/1Q00CDT/0409/b17
RO HKLM\Softwar\Microsoft\Internet Explorer\Search, Search Assistant+http://as.starware.com/dp/search?
R3 URL Search Hook:Yahoo!Toolbar Beta-{GF9BD32-C1FB-11D2-892F-0090271D4F88} C:\Program Files
F2 REG:system.ini:User Init=C:\Windows\system32\userinit.exe,C:\Windows\system32\drivers\servicers.exe
O3-Toolbar:&Radio-{8E718888-423F-11D2-876E-00A0C9082467}-C:\Windows\System32\msdxm.ocx
O3 Toolbar: (no name){BA52B914-B692-46c4-B683-905236F6F655}-(no file)
O3 Toolbar: Starware Toolbar-{FE6BC4EF-5676-464B-88AE-88323913256}- C: \PROGR~1\Comet\Bin\csiel
O3 Toolbar: My Search Bar-{0494D009-F8E0-41ad-92A3-14154ECE70AC}-C:\Program Files\myway\myBa****
O3 Toolbar:Yahoo!Toolbar BETA-{EF99BD32-C1FB-11-D2-892F-0090271D4F88}-C:\Program Files\Yahoo
O4 HKLM\..\Run:[Bmdf887a8c] Rundll32.exe "C:Windows\System 32\Qjwvgux.dll",s
04 HKLM\..\Run:[[system]] C:\Windows\System32\drivers\services.exe
O4 HKLM\..\Run:[winlogon] C:\Documents andSettings\user1\svchost.exe
O4hklm\..\Run:[DCBB4910]rundll32.exe "C:\Windwos\System32\chavoqxa.dll",b
O4 HKLM\..\Run Services:[CPQ DFWAG] C:\Windows\cpq diag\Cpq DfwAg.exe
O4 HKLM\..\RunServices:[IE Update] C:\Windows\System 32\actmoviej.exe
O4 HKCU\..\RunServices:[IE Update] C:\Windows\System 32\actmoviej.exe
O4 HKUS\S-1-5-21-3569660965-1411071275-118950172-1004\..\RunServices:[I E Update] c:\Windows\system
O4 HKUS\S-1-5-18\..\Run:[intuser] C:\Windows\System32\drivers\spools.exe (User '?')
O4 HKUS\S-1-5-18\..\Run:[[system]] C:\Windows\System32\drivers\services.exe (User '?')
O4 HKUS\DEFAULT\..\Run:[ntuser] C:Windows\System32\drivers\spools.exe (User "Default user')
O4 Global Startup: Kodark EasyShare software.Ink =C:ProgramFiles\Kodak\KodakEasyShare software\bin\Ea***
O4 Global Startup: KODAK Software Updater.Ink = C:\ProgramFiles\Kodak\KODAK Software updater\7288971
O4 Global Startup:Microsoft Office.Ink = C:\Program Files\Microsfot Office\Office 101 OSA.EXE
O8 Extra content menu item: E&xport to Microsoft Excel-res://C:\PROGRA~1\MICROS~2\Office101 EXCEL.EX
O9 Extra button: Pokerstars {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF}-C:\ProgramFiles\Pokerstars
O9 Extra Button: Research{92780B25-18CC-41C8-B9BE-3 C9C571A8263}-C:\PROGRA~1\MICROS~2\OFF
O9 Extra Button: Related {c95fe070-*f5d-11d2-a2ob-00aa003c157a}-C:\Windows\web\related.htm
O9 Extra "Tools" menuitem: Show & Related Links_{C95fe080-8f5d-11d2-a2ob-00aa003c157a}-C:\Windows\
O9 Extra Button:messenger-{FB5F1910-F110-11d2-BB9E-00C04F795683}-C:\ProgramFiles\Mess
016 DPF:{ID4DB7D2-6EC9-47A3-BD87-1E41684E07BB}-http:akimg.fam.com/images/nocache/fun webproof
O16 DPF:{4ED9DDFo-7479-4BBE-9335-5A1 EDB1D8A21}-http://downloadmacaffee.com/molbin/shared/mcinsc
O16 DBF:{BCCoFF27-31D9-4614-A68E-C18E1ADA4389}-http://download.mcafee.com/molbin/shared/mcg
O20 AppInit-DLLs:jymgfahr.dll
O23 Service: Pure Networks Net 2Go Services (nrmapache)- Pure Networks, Inc. C:\Program Files\Pure Netw
O23 Service: Pure Networks Newtwork Magic Service (nmservide)-Pure Networks, Inc.- C:\ Program Files\ Pure
O23 Service Intel (R) WMS (NMSSVC)-Intel Corporation-C:\Windows\System 32\NMSSVC.exe
O23 Service: Task Scheduler (Schedule)- Unknown owner- C:\ Windows\System 32|drivers\services.exe

Okay this is everything, please let me know which ones I should remove. Thank you for your help-it is greatly appreciated.

Hello.

• Download combofix from here
  Link 1
  Link 2
  
  1. If you are using Firefox, make sure that your download settings are as follows:
  
  * Tools->Options->Main tab
  * Set to "Always ask me where to Save the files".
  
  2. During the download, rename Combofix to Combo-Fix as follows:
  
  
  
  
  
  3. It is important you rename Combofix during the download, but not after.
  4. Please do not rename Combofix to other names, but only to the one indicated.
  5. Close any open browsers.
  6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  
  
• We need to disable your local AV (Anti-virus) before running Combofix.
  
• See HERE for how to disable your AV.
  
• Double click on ComboFix.exe.
  
• Follow the prompts. NOTE:
  
• ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
  ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
  
  **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
  
  
  
• The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
  
  
  
  
• Allow ComboFix to download the Recovery Console.
  
• Accept the End-User License Agreement.
  
• The Recovery Console will be installed.
  
• You will then get this next prompt that asks if you want to continue the malware scan, select yes
  
  
  
  
• Allow combofix to run
  
• Post C:\combofix.txt back here.
  
  Note:
  Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  

I am not able to open Link 2. Can you please repost? Thanks

Link 1 works, did you try that?

Yes it works. I misunderstood, I thought I needed both. I am transferring it through a flash drive and it doesn't let me open the program. Any suggestions?

Did you rename as per my instructions?

I tried. I'm sorry for making this so difficult,I am not very computer savvy. It does not let me open it to the desktop from the flash drive,it gives me an error. The only way I was able to get it there was to use the send to option and then send it to the desktop,then it shows as shortcut to Combo-fix.

You can't copy and paste it over from the flash drive?

I renamed it on the flash drive and copied and pasted it. It won't let me open it but when I selected 'run as 'it seemed to open but it isn't doing anything. Does this mean my situation is hopeless?

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

I tried doing that but am unable to open the program. If I double click I get an error message. That is pretty much the problem,whatever virus it is has made it almost impossible to access anything on the computer, it gives me a message saying the file doesn't exist.

Download OTL by OldTimer to your Desktop.

• Close all windows and double click OTL.exe
  
• Click Run Scan and let the program run uninterrupted
  
• It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  
• You may need to use two posts to get it all.
  

Okay when I double click a box comes up in the corner which says the following:
Windows cannot find spools.exe This file is needed for opening files of type 'Application.'
Type the executable file to be used instead
C:\

I tired to circumvent it by right clicking and choosing "run as" and it flashed a black box for less than a second and then it closed.

Try this.

• Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
  Link 1
  Link 2
  
• Double click DDS.scr to run.
  
• When complete, two logs will open. Save both of the report to your Desktop.
  
• Copy and paste BOTH LOGS back here, use more than one post if needed.
  

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 7/25/2004 6:26:04 AM
System Uptime: 2/11/2010 5:37:18 PM (0 hours ago)

Motherboard: Compaq | | 07E8h
Processor: Intel(R) Pentium(R) 4 CPU 2.40GHz | XU1 PROCESSOR | 2392/533mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 37 GiB total, 22.602 GiB free.
D: is CDROM (CDFS)
E: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: D-Link WDA-1320 Desktop Adapter
Device ID: ROOT\UNKNOWN\0000
Manufacturer: D-Link
Name: D-Link WDA-1320 Desktop Adapter
PNP Device ID: ROOT\UNKNOWN\0000
Service: A3AB

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: D-Link WDA-1320 Desktop Adapter
Device ID: ROOT\UNKNOWN\0001
Manufacturer: D-Link
Name: D-Link WDA-1320 Desktop Adapter #2
PNP Device ID: ROOT\UNKNOWN\0001
Service: A3AB

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

Adobe Acrobat 5.0
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Flash Player 9 ActiveX
Adobe Illustrator CS
Adobe Photoshop Album 2.0 Starter Edition
Adobe Reader 8.1.2
Adobe SVG Viewer 3.0
ArcSoft PhotoImpression 4
Calendar Creator 8.0
CalyxLoanBridge11
Camera Driver
Canon Utilities PhotoStitch 3.1
Canon Utilities RemoteCapture 2.6
Canon Utilities ZoomBrowser EX
CardRd81
CCScore
Citrix ICA Client
Compaq Help and Support Center
Compaq Management Agents
Compaq Remote Diagnostics Enabling Agent
CR2
Crown Print Monitor+
DT NetDocs Print Only
Easy Access Button Support
ESSBrwr
ESSCDBK
ESScore
ESSCT
ESSEMAIL
ESSgui
ESShelp
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
ESSTUTOR
essvatgt
essvcpt
ESSvpaht
ESSvpot
GoldMine 5.0
HiJackThis
HLPIndex
HLPPDOCK
HLPSFO
Intel(R) 845G Chipset Graphics Driver Software
Intel(R) PRO Ethernet Adapter and Software
Intel(R) PROSet II
Internet Explorer Q831167
Kodak EasyShare software
KONICA MINOLTA magicolor 2300 DL Printer Driver Software
KSU
Learn To Speak Spanish 8.0
LiveUpdate 1.80 (Symantec Corporation)
magicolor 2300 DL
Microsoft .NET Framework 1.1
Microsoft Data Access Components KB870669
Microsoft Office Professional Edition 2003
Microsoft Office XP Professional with FrontPage
Microsoft Web Publishing Wizard 1.52
Microsoft WSE 2.0 SP3 Runtime
MSN Messenger 6.2
My Search Bar
Network Magic
Notifier
Ofoto Print@Home ActiveX Control
OfotoXMI
OTtBP
OTtBPSDK
Outlook Express Q823353
PaperPort 9.0
PhotoStitch
POINT
PokerStars
PrintMaster
QuickTime
RemoteCapture 2.6
Self-Teaching Program: MS Excel 97 and 2000
Self-Teaching Program: MS Windows 95 and 98
Self-Teaching Program: MS Word 97 and 2000
Serif PagePlus SE 1.0
Setup
Setup Compaq Software
SFR
SHASTA
Shockwave
SKIN0001
SKINXSDK
SoundMAX
SoundMAX WDM Driver
Starware
Starware Toolbar
Symantec AntiVirus Client
VPRINTOL
WebEx
WebFldrs XP
Windows Driver Package - Pure Networks, Inc. Network Magic Device Discovery Driver (02/08/2007 4.1.7039.0)
Windows Driver Package - Pure Networks, Inc. Network Magic Wireless Driver (02/08/2007 4.1.7039.0)
Windows Installer 3.1 (KB893803)
Windows Media Player Hotfix [See Q828026 for more information]
Windows XP Hotfix - KB823182
Windows XP Hotfix - KB824105
Windows XP Hotfix - KB824141
Windows XP Hotfix - KB825119
Windows XP Hotfix - KB826939
Windows XP Hotfix - KB826942
Windows XP Hotfix - KB828035
Windows XP Hotfix - KB828741
Windows XP Hotfix - KB833407
Windows XP Hotfix - KB835732
Windows XP Hotfix - KB837001
Windows XP Hotfix - KB839643
Windows XP Hotfix - KB839645
Windows XP Hotfix - KB840315
Windows XP Hotfix - KB840374
Windows XP Hotfix - KB841873
Windows XP Hotfix - KB842773
Windows XP Hotfix (SP2) Q819696
WIRELESS
Yahoo! Toolbar
Yahoo! Toolbar BETA

==== Event Viewer Messages From Past Week ========

2/4/2010 11:10:46 AM, error: SRService [104] - The System Restore initialization process failed.
2/4/2010 1:37:59 AM, error: Service Control Manager [7023] - The System Restore Service service terminated with the following error: An internal error occurred.
2/4/2010 1:37:59 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Task Scheduler service to connect.
2/4/2010 1:37:59 AM, error: Service Control Manager [7000] - The Task Scheduler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/4/2010 1:37:16 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

==== End Of File ===========================

DDS (Ver_09-12-01.01) - NTFSx86
Run by WHLI at 17:41:09.40 on Thu 02/11/2010
Internet Explorer: 6.0.2800.1106
Microsoft Windows XP Professional 5.1.2600.1.1252.1.1033.18.247.59 [GMT -8:00]


============== Running Processes ===============

C:\Windows\system32\svchost -k rpcss
C:\Windows\System32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe
C:\Windows\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
C:\Windows\System32\NMSSvc.exe
C:\Windows\System32\svchost.exe -k imgsvc
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\Windows\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Windows\System32\rundll32.exe
C:\DOCUME~1\user1\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = c:\windows\system32\spywarewarning.mht
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://go.compaq.com/1Q00CDT/0409/bl7.asp
mSearch Bar = hxxp://go.compaq.com/1Q00CDT/0409/bl8.asp
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://as.starware.com/dp/search?product=ssearch&src_id=299&it=1097269628&client_id=10931183650000000101000768361&version=g_4.4.2
uURLSearchHooks: Yahoo! Toolbar BETA: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\drivers\services.exe
BHO: {32341e7e-c319-46de-91d0-e30bb1a3caba} - c:\windows\system32\urqRJBQH.dll
BHO: {87a8a3ba-5f5b-4b15-9cc3-745a08a40d65} - c:\windows\system32\fccYRKdd.dll
BHO: {6524fed4-9a48-b3f8-9244-573d2c4f5e2b}: {b2e5f4c2-d375-4429-8f3b-84a94def4256} - c:\windows\system32\vzbcgt.dll
TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
TB: Starware Toolbar: {fe6bc4ef-5676-484b-88ae-883323913256} - c:\progra~1\comet\bin\csietb.dll
TB: My &Search Bar: {0494d0d9-f8e0-41ad-92a3-14154ece70ac} - c:\program files\myway\mybar\1.bin\MYBAR.DLL
TB: Yahoo! Toolbar BETA: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {74CC49F7-EB32-4A08-B204-948962A6E3DB} - No File
EB: {7E66936C-FEA0-4984-AD26-7B6661AC5B2E} - No File
EB: Media Band: {32683183-48a0-441b-a342-7c2a440a9478} - %SystemRoot%\System32\browseui.dll
EB: Starware: {90c61707-c8f8-43db-a25c-c1f4b18ee41e} - c:\progra~1\comet\bin\csband.dll
uRunServices: [IEUpdate] c:\windows\system32\actmoviej.exe
mRun: [BMdf887a8c] Rundll32.exe "c:\windows\system32\qjvwvgux.dll",s
mRun: [[system]] c:\windows\system32\drivers\services.exe
mRun: [winlogon] c:\documents and settings\user1\svchost.exe
mRun: [dcbb4910] rundll32.exe "c:\windows\system32\chavoqxa.dll",b
mRunServices: [CPQDFWAG] c:\windows\cpqdiag\CpqDfwAg.exe
mRunServices: [IEUpdate] c:\windows\system32\actmoviej.exe
dRun: [ntuser] c:\windows\system32\drivers\spools.exe
dRun: [autoload] c:\documents and settings\localservice\cftmon.exe
dRun: [[system]] c:\windows\system32\drivers\services.exe
dRun: [winlogon] c:\documents and settings\localservice\svchost.exe
StartupFolder: c:\documents and settings\user1\start menu\programs\startup\userinit.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodaks~1.lnk - c:\program files\kodak\kodak software updater\7288971\program\Kodak Software Updater.exe1
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
uPolicies-explorer: ForceActiveDesktopOn = 1 (0x1)
uPolicies-system: Wallpaper =
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\MSMSGS.EXE
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.imgfarm.com/images/nocache/funwebproducts/ei/FunBuddyIconsFWBInitialSetup1.0.0.8.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/wmv9dmo.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?39380.7089814815
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\puresp3.dll
Notify: igfxcui - igfxsrvc.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
Notify: urqRJBQH - urqRJBQH.dll
Notify: __c00B1101 - c:\windows\system32\__c00B1101.dat
AppInit_DLLs: jymgfahr.dll
SEH: {32341e7e-c319-46de-91d0-e30bb1a3caba} - c:\windows\system32\urqRJBQH.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\fccYRKdd
SubSystems: Windows = basefmok32

============= SERVICES / DRIVERS ===============

R1 ClntMgmt;Compaq Client Management Driver;c:\windows\system32\drivers\Clntmgmt.sys [2004-7-25 54222]
R2 MLPTDR_B;MLPTDR_B;c:\windows\system32\MLPTDR_B.SYS [2003-9-2 20064]
R2 NAVAPEL;NAVAPEL;c:\program files\symantec_client_security\symantec antivirus\Navapel.sys [2003-5-2 30208]
S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [2007-5-24 547744]
S3 NAVAP;NAVAP;c:\progra~1\symant~1\symant~1\NAVAP.sys [2003-5-2 224256]
S3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20060727.049\NAVENG.sys [2006-7-31 79240]
S3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20060727.049\NAVEX15.sys [2006-7-31 828808]
S4 CpqDfwWebAgent;Compaq Remote Diagnostics Enabling Agent;c:\windows\cpqdiag\CPQDFWAG.EXE [2004-7-25 212992]
S4 cpqWebDmi;Compaq DMI Web Agent;c:\progra~1\compaq\compaq~1\cpqweb~1\WebDmi.exe [2004-7-25 24576]
S4 Norton AntiVirus Server;Symantec AntiVirus Client;c:\progra~1\symant~1\symant~1\Rtvscan.exe [2003-5-21 610304]

============== File Associations ===============

exefile=c:\windows\system32\drivers\spools.exe "%1" %*

=============== Created Last 30 ================

2010-02-04 17:39:53 0 d-----w- c:\program files\TrendMicro
2010-02-02 20:24:27 0 d-----w- c:\windows\Favorites
2010-02-02 18:53:55 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-02-02 18:25:54 294 --sh--w- c:\windows\system32\axqovahc.ini
2010-02-02 18:25:43 78848 ----a-w- c:\windows\system32\chavoqxa.dll
2010-02-02 18:06:44 103424 ----a-w- c:\windows\system32\vzbcgt.dll
2010-02-02 18:06:44 103424 ----a-w- c:\windows\system32\ohbecgbu.dll
2010-02-02 18:04:51 294 --sh--w- c:\windows\system32\mngtbwxt.ini
2010-02-02 18:04:41 78848 ----a-w- c:\windows\system32\txwbtgnm.dll

==================== Find3M ====================

2010-02-12 01:39:48 0 ----a-w- C:\MSN Password Cracker.exe
2010-02-12 01:39:43 41780 --sha-w- c:\windows\system32\ddKRYccf.ini2
2010-02-11 17:37:29 27648 ----a-w- c:\windows\system32\__c00B1101.dat
2010-02-04 21:30:50 306 ----a-w- C:\xcrashdump.dat
2010-02-02 21:00:27 19456 ----a-w- C:\Website Hacker.exe
2010-02-02 18:40:19 0 ----a-w- C:\Norton Anti-Virus 2005 Enterprise Crack.exe
2001-08-18 05:36:58 4096 --sha-w- c:\windows\system32\1112.dat
2008-05-28 19:02:35 97280 --sh--r- c:\windows\system32\adsndso.exe
2008-06-12 15:37:48 41472 --sha-w- c:\windows\system32\Crypt16_v00.dll
2008-07-01 23:59:03 41472 --sha-w- c:\windows\system32\Crypt_16.dll
2008-06-02 17:12:49 40960 --sha-w- c:\windows\system32\drivers\Crypt_16.dll

============= FINISH: 17:43:54.70 ===============

Hello.
Bad news and good news.

Your system is severly infected. Problem with these infections nowadays is, it causes a lot of damage. Even if we clean the malware off your system, I can't guarantee that your system will be clean afterwards, because these infections/bundles leave a lot of leftovers behind that most scanners won't even recognise and logs won't show.
Also, I can't promise you we can repair all the damage it caused... Even after cleaning the malware, you can still get errors afterwards because of the damage. Solving these is not always possible since it will be searching for a needle in a haystack to find the right cause and solution.
So, we can try to clean this up and do what we can, but keep in mind that we can't solve ALL problems this malware already caused.

In light of this it would be wise for you to back up any files and folders that you don't want to lose before we start. Reason I am telling this is because when a system is so terribly infected and we try to clean this up manually, the damage that is already present may interfere with our removal attempts.

Actually, this doesn't suprise me at all...
I notice that you never scanned with an Antivirus previously before starting this thread - because you don't even have an Antivirus installed! This is somewhat suicidal in today's digital world.

Good news though, the log shows me why you can't run any exe files, the malware has been messing with your registry, it's changed an .exe file association, so we'll need to change it back to normal.

Please download exeHelper from one of the two links.
Link 1
Link 2

• Double-click on exeHelper.com or exeHelper.scr to run the fix.
  
• A black window should pop up, press any key to close once the fix is completed.
  
• Post the contents of log.txt (Will be created in the directory where you ran exeHelper.com)
  

Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

exeHelper by Raktor
Build 20091220
Run at 14:16:59 on 02/12/10
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Deleting file C:\Windows\System32\~.exe
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

Okay, file association reset, can you run OTL now?

No the black box just pops up momentarily and then it"s gone.

Okay, rename OTL and run the .exe extension, and change to .scr