Virus, disabled system restore, run and internet windows keep popping

I caught this virus and now its driving me crazy. Mcaffe can't find it and know it won't let me update Mcaffe. Can't do system restore and internet windows keep popping up. I can't type in anything in the run window and I can't do a system restore (Something about group disabled) Can I please get some help. Thank you all for taking your time and helping people in these situations.

Download OTL by OldTimer to your Desktop.

• Close all windows and double click OTL.exe
  
• Click Run Scan and let the program run uninterrupted
  
• It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  
• You may need to use two posts to get it all.
  

Will do as soon as I get home. Tyring to do the leg work from work since my laptop is so slow. Downloaded OTL, R-kill and Malwarebytes to my jump drive just in case. Thank you

Sorry it took me so long it took me a while just to save the information I needed to my computer. Here is the info

OTL logfile created on: 6/2/2010 6:48:34 PM - Run 1
OTL by OldTimer - Version 3.2.5.3 Folder = F:\
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 557.00 Mb Available Physical Memory | 55.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 44.37 Gb Total Space | 19.48 Gb Free Space | 43.90% Space Free | Partition Type: FAT32
Drive D: | 44.86 Gb Total Space | 3.50 Gb Free Space | 7.80% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
Drive F: | 3.73 Gb Total Space | 0.22 Gb Free Space | 6.04% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LAPTOP
Current User Name: Libre Soy
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/06/02 16:55:30 | 000,571,904 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
PRC - [2010/05/30 19:07:44 | 000,030,212 | -H-- | M] () -- C:\DOCUME~1\LIBRES~1\LOCALS~1\Temp\cmd.exe
PRC - [2010/05/24 15:55:06 | 000,030,001 | -H-- | M] () -- C:\DOCUME~1\LIBRES~1\LOCALS~1\Temp\vgp9gqbc6.exe
PRC - [2010/05/24 15:54:54 | 000,164,352 | ---- | M] () -- C:\DOCUME~1\LIBRES~1\LOCALS~1\Temp\Ycx.exe
PRC - [2010/05/24 15:54:48 | 000,180,224 | ---- | M] () -- C:\WINDOWS\Yvyroa.exe
PRC - [2009/11/04 16:53:34 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
PRC - [2009/11/04 15:59:50 | 000,606,736 | ---- | M] (McAfee, Inc.) -- C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
PRC - [2009/10/29 06:54:44 | 001,218,008 | ---- | M] (McAfee, Inc.) -- c:\PROGRA~1\mcafee.com\agent\mcagent.exe
PRC - [2009/10/29 06:54:44 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
PRC - [2009/10/27 11:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MPFSrv.exe
PRC - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
PRC - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/03/08 04:31:54 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedssync.exe
PRC - [2008/04/13 20:12:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2008/01/22 11:13:32 | 001,201,448 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2008/01/22 11:13:20 | 000,152,872 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2007/08/09 02:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\System32\HPZipm12.exe
PRC - [2005/11/09 22:01:00 | 000,540,745 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2005/11/09 21:59:08 | 000,114,753 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2005/11/09 21:58:26 | 000,217,164 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2005/10/24 16:40:52 | 001,314,816 | ---- | M] (Avocent Inc.) -- C:\Acer\Empowering Technology\admServ.exe


========== Modules (SafeList) ==========

MOD - [2010/06/02 16:55:30 | 000,571,904 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (RichVideo) Cyberlink RichVideo Service(CRVS)
SRV - [2010/01/25 10:00:54 | 000,067,360 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2009/11/04 16:53:34 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe -- (McShield)
SRV - [2009/11/04 15:59:50 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe -- (McSysmon)
SRV - [2009/10/29 06:54:44 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2009/10/28 11:50:32 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe -- (McODS)
SRV - [2009/10/27 11:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe -- (McProxy)
SRV - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe -- (McNASvc)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2007/08/09 02:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\System32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2006/01/04 14:58:02 | 000,000,000 | ---D | M] [On_Demand | Stopped] -- C:\WINDOWS\system32\msdtc -- (MSDTC)
SRV - [2005/11/09 22:01:00 | 000,540,745 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel(R)
SRV - [2005/11/09 21:59:08 | 000,114,753 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV - [2005/11/09 21:58:26 | 000,217,164 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV - [2005/10/24 16:40:52 | 001,314,816 | ---- | M] (Avocent Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\admServ.exe -- (AWService)


========== Driver Services (SafeList) ==========

DRV - [2009/11/04 16:54:12 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/11/04 16:54:12 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/11/04 16:54:12 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/11/04 16:54:12 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/11/04 16:53:40 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/07/16 12:32:26 | 000,120,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\Mpfp.sys -- (MPFP)
DRV - [2008/11/18 16:47:54 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS -- (MREMP50)
DRV - [2008/11/18 16:47:50 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS -- (MRESP50)
DRV - [2008/09/06 14:09:04 | 000,016,694 | ---- | M] (PalmSource, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2008/07/05 10:10:50 | 000,083,288 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2008/07/05 10:10:50 | 000,045,848 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008/04/13 14:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 14:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\Changer.sys -- (Changer)
DRV - [2008/04/13 14:36:40 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 14:36:40 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 12:36:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus)
DRV - [2006/01/04 15:30:20 | 000,006,144 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DRIVERS\NTIDrvr.sys -- (NTIDrvr)
DRV - [2005/12/11 07:40:44 | 001,414,656 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys -- (ati2mtag)
DRV - [2005/11/17 00:45:40 | 004,069,888 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005/11/09 14:45:56 | 000,013,440 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\System32\DRIVERS\s24trans.sys -- (s24trans)
DRV - [2005/10/23 19:20:52 | 000,218,496 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/10/18 01:53:24 | 000,998,656 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/10/18 01:52:30 | 000,721,280 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys -- (winachsf)
DRV - [2005/10/15 18:20:44 | 000,012,106 | ---- | M] (OSA Technologies) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\OsaFsLoc.sys -- (OsaFsLoc)
DRV - [2005/09/29 20:11:42 | 000,078,720 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DRIVERS\Rtnicxp.sys -- (RTL8023xp)
DRV - [2005/09/13 15:34:40 | 000,004,392 | ---- | M] (OSA Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\NdisFilt.sys -- (NdisFilt)
DRV - [2005/09/11 19:49:44 | 003,298,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DRIVERS\w29n51.sys -- (w29n51) Intel(R)
DRV - [2005/08/03 05:10:14 | 000,032,512 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\npf.sys -- (NPF)
DRV - [2005/06/30 16:58:24 | 000,007,296 | ---- | M] (OSA Technologies, An Avocent Company) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\osaio.sys -- (osaio)
DRV - [2005/05/02 12:13:42 | 000,009,600 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\NETMNT.sys -- (NETMNT)
DRV - [2005/04/07 18:08:46 | 000,078,208 | ---- | M] (Acer Value Labs, USA) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\epm-shd.sys -- (EpmShd)
DRV - [2005/01/14 15:57:16 | 000,004,010 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\osanbm.sys -- (osanbm)
DRV - [2005/01/10 00:47:14 | 000,449,888 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\ar5211.sys -- (AR5211)
DRV - [2005/01/07 16:03:42 | 000,191,456 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DRIVERS\SynTP.sys -- (SynTP)
DRV - [2004/12/17 01:14:44 | 000,013,952 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\UBHelper.sys -- (UBHelper)
DRV - [2004/12/08 14:10:00 | 000,016,896 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DRIVERS\DKbFltr.sys -- (DKbFltr)
DRV - [2004/11/22 19:36:40 | 000,018,003 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - [2004/11/22 19:36:34 | 000,019,345 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - [2004/08/04 05:00:00 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2004/08/04 05:00:00 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2004/08/04 05:00:00 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2004/08/04 05:00:00 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2004/08/04 05:00:00 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2004/08/04 05:00:00 | 000,034,688 | ---- | M] (Toshiba Corp.) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\lbrtfdc.sys -- (lbrtfdc)
DRV - [2004/08/04 05:00:00 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2004/08/04 05:00:00 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2004/08/04 05:00:00 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2004/08/04 05:00:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2004/08/04 05:00:00 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2004/08/04 05:00:00 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2004/08/04 05:00:00 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2004/08/04 05:00:00 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2004/08/04 05:00:00 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2004/08/04 05:00:00 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2004/07/19 13:10:00 | 000,004,096 | ---- | M] (Acer Value Labs, USA) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\epm-psd.sys -- (EpmPsd)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/?_bc=1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Live Search"
FF - prefs.js..browser.search.defaulturl: "http://search.live.com/results.aspx?FORM=IEFM1&q="
FF - prefs.js..browser.search.selectedEngine: "Live Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:2.8
FF - prefs.js..keyword.URL: "http://search.live.com/results.aspx?FORM=IEFM1&q="


[2009/05/07 18:11:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Libre Soy\Application Data\Mozilla\Extensions
[2009/05/07 18:11:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Libre Soy\Application Data\Mozilla\Firefox\Profiles\71hfqrrk.default\extensions
[2009/05/11 18:48:24 | 000,001,632 | ---- | M] () -- C:\Documents and Settings\Libre Soy\Application Data\Mozilla\FireFox\Profiles\71hfqrrk.default\searchplugins\live-search.xml

O1 HOSTS File: ([2007/07/07 19:29:36 | 000,000,759 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: HPE9705E HP0019BBE9705E
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\WINDOWS\system32\ToolBand.dll (HiTRUST)
O3 - HKCU\..\Toolbar\WebBrowser: (Acer eDataSecurity Management) - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\WINDOWS\system32\ToolBand.dll (HiTRUST)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [datvvrfy] C:\Documents and Settings\Libre Soy\Local Settings\Application Data\licpwtblb\gdsedtctssd.exe File not found
O4 - HKLM..\Run: [ffldlpmn] C:\Documents and Settings\Libre Soy\Local Settings\Application Data\twetylupq\xcfadlptssd.exe File not found
O4 - HKLM..\Run: [kxaaweik] C:\Documents and Settings\Libre Soy\Local Settings\Application Data\xjengqxdd\ocdswqctssd.exe File not found
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [uoaedjjd] C:\Documents and Settings\Libre Soy\Local Settings\Application Data\mqhbwofjk\bnafxgctssd.exe File not found
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [datvvrfy] C:\Documents and Settings\Libre Soy\Local Settings\Application Data\licpwtblb\gdsedtctssd.exe File not found
O4 - HKCU..\Run: [ffldlpmn] C:\Documents and Settings\Libre Soy\Local Settings\Application Data\twetylupq\xcfadlptssd.exe File not found
O4 - HKCU..\Run: [hsfe8owijfisjhgs7ye39gjsoighsd7y3eu] C:\DOCUME~1\LIBRES~1\LOCALS~1\Temp\vgp9gqbc6.exe ()
O4 - HKCU..\Run: [hsfg9w8gujsokgahi8gysgnsdgefshyjy] C:\DOCUME~1\LIBRES~1\LOCALS~1\Temp\cmd.exe ()
O4 - HKCU..\Run: [kxaaweik] C:\Documents and Settings\Libre Soy\Local Settings\Application Data\xjengqxdd\ocdswqctssd.exe File not found
O4 - HKCU..\Run: [M5T8QL3YW3] C:\DOCUME~1\LIBRES~1\LOCALS~1\Temp\Ycx.exe ()
O4 - HKCU..\Run: [mcexecwin] C:\Documents and Settings\Libre Soy\Local Settings\Temp\txquclg5.dll ()
O4 - HKCU..\Run: [QZAIB7KITK] C:\WINDOWS\Yvyroa.exe ()
O4 - HKCU..\Run: [uoaedjjd] C:\Documents and Settings\Libre Soy\Local Settings\Application Data\mqhbwofjk\bnafxgctssd.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll (Sun Microsystems, Inc.)
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www2.snapfish.com/SnapfishActivia.cab (Snapfish Activia)
O16 - DPF: {413D6754-BFD4-47FE-9346-319559290BFA} https://www.webpcfos.com/webpcfos/websabre/HTEweb_new.cab (HTECtrl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1172357889890 (MUWebControl Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab (DDRevision Class)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.cbsgames.com/games/play/chuzzle/popcaploader_v10.cab (PopCapLoader Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {EA7F451B-94DD-4009-A8BF-8F977B0B2696} http://pbells.broadjump.com/wizlet/StandardInstall/static/controls/WebflowActiveXInstaller_4-2-0.cab (Reg Error: Value error.)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/RACtrl.cab (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.164.136,93.188.166.233
O18 - Protocol\Handler\ms-itss - No CLSID value found
O18 - Protocol\Handler\wlmailhtml - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O22 - SharedTaskScheduler: {C7BA40A1-74F2-52BD-F411-04B15A2C8953} - har98fefiesjfs93s8i9sejsdf - C:\WINDOWS\system32\h14k827.dll ()
O24 - Desktop WallPaper: C:\Documents and Settings\Libre Soy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Libre Soy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/01/04 15:30:50 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O33 - MountPoints2\{648144f0-197e-11dd-910b-00166f10a954}\Shell\AutoRun\command - "" = J:\setupSNK.exe -- File not found
O33 - MountPoints2\{6e8d0ab2-db86-11de-91b7-00166f10a954}\Shell - "" = AutoRun
O33 - MountPoints2\{6e8d0ab2-db86-11de-91b7-00166f10a954}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6e8d0ab2-db86-11de-91b7-00166f10a954}\Shell\AutoRun\command - "" = F:\iStudio.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: AppSecDll - (C:\Documents and Settings\Libre Soy\Local Settings\Application Data\Windows Server\hcdqyx.dll) - C:\Documents and Settings\Libre Soy\Local Settings\Application Data\Windows Server\hcdqyx.dll File not found
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/05/29 20:40:46 | 000,000,000 | ---D | C] -- C:\Program Files\Shared
[2010/05/27 16:59:20 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Libre Soy\Recent
[2010/05/26 19:07:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Libre Soy\Local Settings\Application Data\twetylupq
[2010/05/25 22:47:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Libre Soy\Local Settings\Application Data\licpwtblb
[2010/05/25 22:28:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Libre Soy\Local Settings\Application Data\mqhbwofjk
[2010/05/24 15:56:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Libre Soy\Local Settings\Application Data\xjengqxdd
[2010/05/24 15:56:23 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\drivers\lbrtfdc.sys
[2010/05/24 15:56:23 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\dllcache\lbrtfdc.sys
[2010/05/24 15:56:03 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\Changer.sys
[2010/05/24 15:56:03 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\changer.sys
[2010/05/24 15:54:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Libre Soy\Local Settings\Application Data\Windows Server
[2010/05/23 13:41:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Libre Soy\Application Data\WinRAR
[2010/05/23 13:40:50 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2010/05/19 20:49:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Libre Soy\My Documents\Personal
[2010/05/06 13:46:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/05/06 13:41:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Libre Soy\Local Settings\Application Data\Temp
[2010/05/06 13:41:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/06/02 19:02:58 | 000,000,254 | -H-- | M] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010/06/02 18:49:12 | 000,000,430 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{4C59B68C-66ED-4BB9-A80C-A0FEC974F7F6}.job
[2010/06/02 18:46:12 | 000,000,892 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/06/02 18:44:52 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/02 18:44:16 | 000,000,296 | -H-- | M] () -- C:\WINDOWS\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
[2010/06/02 18:44:02 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/06/02 18:43:52 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2887495266-2232334996-3151436957-1006.job
[2010/06/02 18:43:52 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2887495266-2232334996-3151436957-501.job
[2010/06/02 18:43:30 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/02 18:43:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/02 18:43:10 | 1063,374,848 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/01 13:12:48 | 000,019,299 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2010/06/01 13:12:40 | 004,980,736 | ---- | M] () -- C:\Documents and Settings\Libre Soy\ntuser.dat
[2010/06/01 13:12:40 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Libre Soy\ntuser.ini
[2010/06/01 01:00:08 | 000,000,326 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2010/05/26 22:20:02 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2887495266-2232334996-3151436957-501.job
[2010/05/24 15:54:56 | 000,030,000 | ---- | M] () -- C:\WINDOWS\System32\h14k827.dll
[2010/05/24 15:54:48 | 000,180,224 | ---- | M] () -- C:\WINDOWS\Yvyroa.exe
[2010/05/24 15:54:38 | 000,075,776 | ---- | M] () -- C:\WINDOWS\System32\ernel32.dll
[2010/05/23 16:41:56 | 000,343,424 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/05/23 15:57:22 | 000,000,301 | ---- | M] () -- C:\Documents and Settings\Libre Soy\Desktop\My Documents D Drive.lnk
[2010/05/23 15:50:44 | 000,587,874 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/05/23 15:50:44 | 000,489,234 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/05/23 15:50:44 | 000,087,952 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/05/23 15:50:38 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\Libre Soy\Desktop\Windows Media Player.lnk
[2010/05/23 15:46:50 | 000,095,056 | ---- | M] () -- C:\Documents and Settings\Libre Soy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/05/23 13:46:54 | 000,000,166 | ---- | M] () -- C:\WINDOWS\System32\AddPort.ini
[2010/05/23 13:46:46 | 000,000,685 | ---- | M] () -- C:\WINDOWS\hpntwksetup.ini
[2010/05/23 13:45:56 | 000,116,458 | ---- | M] () -- C:\WINDOWS\hpoins11.dat
[2010/05/23 12:26:40 | 000,116,458 | ---- | M] () -- C:\WINDOWS\hpoins11.dat.temp
[2010/05/20 19:45:26 | 000,002,507 | ---- | M] () -- C:\Documents and Settings\Libre Soy\Desktop\Microsoft Office Excel 2003.lnk
[2010/05/19 20:47:16 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Libre Soy\Desktop\My Computer.lnk
[2010/05/19 20:46:46 | 000,000,251 | ---- | M] () -- C:\Documents and Settings\Libre Soy\Desktop\My Documents C Drive.lnk
[2010/05/19 18:20:12 | 000,000,711 | ---- | M] () -- C:\Documents and Settings\Libre Soy\Desktop\Internet Explorer.lnk
[2010/05/18 16:55:46 | 000,000,057 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2010/05/18 16:44:02 | 005,368,478 | -H-- | M] () -- C:\Documents and Settings\Libre Soy\Local Settings\Application Data\IconCache.db
[2010/05/18 16:03:40 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2887495266-2232334996-3151436957-1006.job
[2010/05/17 23:42:52 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Libre Soy\Desktop\Microsoft Office Word 2003.lnk
[2010/05/17 20:22:24 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2010/05/17 20:22:20 | 000,038,460 | ---- | M] () -- C:\Documents and Settings\Libre Soy\Application Data\Microsoft Excel.ADR
[2010/05/15 11:07:12 | 000,038,474 | ---- | M] () -- C:\Documents and Settings\Libre Soy\Application Data\Comma Separated Values (DOS).ADR
[2010/05/15 07:02:30 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2010/05/13 16:29:20 | 000,000,287 | ---- | M] () -- C:\Custom.dic
[2010/05/10 16:42:46 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\Libre Soy\Desktop\Microsoft Office Outlook 2003 (2).lnk
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/25 20:09:41 | 000,075,776 | ---- | C] () -- C:\WINDOWS\System32\ernel32.dll
[2010/05/24 15:55:22 | 000,180,224 | ---- | C] () -- C:\WINDOWS\Yvyroa.exe
[2010/05/24 15:55:10 | 000,000,296 | -H-- | C] () -- C:\WINDOWS\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
[2010/05/24 15:55:08 | 000,000,254 | -H-- | C] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010/05/24 15:54:54 | 000,030,000 | ---- | C] () -- C:\WINDOWS\System32\h14k827.dll
[2010/05/23 15:57:21 | 000,000,301 | ---- | C] () -- C:\Documents and Settings\Libre Soy\Desktop\My Documents D Drive.lnk
[2010/05/23 15:50:35 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\Libre Soy\Desktop\Windows Media Player.lnk
[2010/05/23 12:30:17 | 000,000,685 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2010/05/22 11:28:25 | 000,116,458 | ---- | C] () -- C:\WINDOWS\hpoins11.dat
[2010/05/20 19:45:24 | 000,002,507 | ---- | C] () -- C:\Documents and Settings\Libre Soy\Desktop\Microsoft Office Excel 2003.lnk
[2010/05/19 20:47:14 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Libre Soy\Desktop\My Computer.lnk
[2010/05/19 20:46:44 | 000,000,251 | ---- | C] () -- C:\Documents and Settings\Libre Soy\Desktop\My Documents C Drive.lnk
[2010/05/19 18:20:11 | 000,000,711 | ---- | C] () -- C:\Documents and Settings\Libre Soy\Desktop\Internet Explorer.lnk
[2010/05/15 11:16:22 | 000,038,460 | ---- | C] () -- C:\Documents and Settings\Libre Soy\Application Data\Microsoft Excel.ADR
[2010/05/06 13:41:44 | 000,000,892 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/06 13:41:43 | 000,000,888 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/02/11 18:49:19 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
[2009/10/03 21:56:34 | 000,000,105 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/01/09 18:08:55 | 000,000,073 | ---- | C] () -- C:\WINDOWS\st_affiliate.ini
[2008/11/08 15:53:20 | 000,348,160 | ---- | C] () -- C:\WINDOWS\HTEWEB.DLL
[2008/04/12 12:23:36 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2008/04/12 09:54:25 | 000,000,121 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2008/04/12 09:54:02 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\pdfmona.dll
[2008/04/12 09:54:02 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/07/15 20:43:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2007/07/07 19:19:10 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2007/07/07 19:18:54 | 000,000,166 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2007/07/04 12:20:44 | 000,006,048 | ---- | C] () -- C:\WINDOWS\System32\MCC16.dll
[2007/06/18 18:25:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pool.INI
[2007/04/15 20:49:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2007/02/24 13:29:23 | 000,000,451 | ---- | C] () -- C:\WINDOWS\System32\eRLog.ini
[2007/02/24 13:23:12 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2007/02/24 13:21:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NT.INI
[2007/02/24 13:19:48 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\APISlice.dll
[2007/02/24 13:19:48 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\SC_res.dll
[2007/02/24 13:19:48 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\EN_res.dll
[2007/02/24 13:19:48 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\TC_res.dll
[2007/02/24 13:19:48 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\MSNChatHook.dll
[2007/02/24 10:39:55 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/02/24 10:07:52 | 000,002,772 | ---- | C] () -- C:\WINDOWS\AntiV.INI
[2006/11/02 13:28:20 | 000,008,784 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2006/01/04 16:11:50 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/01/04 15:31:14 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll
[2006/01/04 15:30:24 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll
[2006/01/04 15:30:24 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMP3.dll
[2006/01/04 15:30:24 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIFCD3.dll
[2006/01/04 15:30:24 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK7.dll
[2005/12/14 20:59:52 | 000,000,038 | ---- | C] () -- C:\WINDOWS\Acer.ini
[2005/12/01 00:24:56 | 000,037,706 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/10/31 03:17:38 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2005/05/02 12:13:42 | 000,009,600 | ---- | C] () -- C:\WINDOWS\System32\drivers\netmnt.sys
[2005/03/28 00:45:26 | 000,000,093 | ---- | C] () -- C:\WINDOWS\ALaunch.ini
[2004/12/17 01:14:44 | 000,013,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\UBHelper.sys
[2004/08/04 05:00:00 | 000,021,120 | ---- | C] () -- C:\WINDOWS\msv1_0.dll
[2003/12/29 20:45:08 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ServiceControl.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/12/26 15:12:30 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
[2001/09/03 22:46:38 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
[2001/07/30 15:33:56 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
[2001/07/23 21:04:36 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll
[2001/07/07 03:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

OTL Extras logfile created on: 6/2/2010 6:48:34 PM - Run 1
OTL by OldTimer - Version 3.2.5.3 Folder = F:\
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 557.00 Mb Available Physical Memory | 55.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 44.37 Gb Total Space | 19.48 Gb Free Space | 43.90% Space Free | Partition Type: FAT32
Drive D: | 44.86 Gb Total Space | 3.50 Gb Free Space | 7.80% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
Drive F: | 3.73 Gb Total Space | 0.22 Gb Free Space | 6.04% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LAPTOP
Current User Name: Libre Soy
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\WINDOWS\Explorer.EXE" = C:\WINDOWS\Explorer.EXE:*:Enabled:Windows Shell -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Acer\Acer Arcade\PCMService.exe" = C:\Program Files\Acer\Acer Arcade\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program -- File not found
"C:\Program Files\Palm\HOTSYNC.EXE" = C:\Program Files\Palm\HOTSYNC.EXE:*:Enabled:HotSync Manager Application -- (PalmSource, Inc)
"C:\Program Files\Bellsouth\HelpCenter\AGENTUI\bcont.exe" = C:\Program Files\Bellsouth\HelpCenter\AGENTUI\bcont.exe:*:Disabled:bcont -- File not found
"E:\setup\HPZNET01.EXE" = E:\setup\HPZNET01.EXE:*:Enabled:hpznet01.exe -- File not found
"E:\setup\HPONICIFS01.EXE" = E:\setup\HPONICIFS01.EXE:*:Enabled:hponicifs01.exe -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- File not found
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager -- File not found
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- (McAfee, Inc.)
"C:\Documents and Settings\Libre Soy\Local Settings\Temp\7zS780F\setup\HPZnet01.exe" = C:\Documents and Settings\Libre Soy\Local Settings\Temp\7zS780F\setup\HPZnet01.exe:*:Enabled:hpznet01.exe -- File not found
"C:\Documents and Settings\Libre Soy\Local Settings\Temp\7zS780F\setup\hponicifs01.exe" = C:\Documents and Settings\Libre Soy\Local Settings\Temp\7zS780F\setup\hponicifs01.exe:*:Enabled:hponicifs01.exe -- File not found
"C:\Documents and Settings\Libre Soy\Local Settings\Temp\7zS4998\setup\HPZnet01.exe" = C:\Documents and Settings\Libre Soy\Local Settings\Temp\7zS4998\setup\HPZnet01.exe:*:Enabled:hpznet01.exe -- File not found
"C:\Documents and Settings\Libre Soy\Local Settings\Temp\7zS4998\setup\hponicifs01.exe" = C:\Documents and Settings\Libre Soy\Local Settings\Temp\7zS4998\setup\hponicifs01.exe:*:Enabled:hponicifs01.exe -- File not found
"C:\Documents and Settings\Libre Soy\Local Settings\Temp\7zS5640\setup\HPZnet01.exe" = C:\Documents and Settings\Libre Soy\Local Settings\Temp\7zS5640\setup\HPZnet01.exe:*:Enabled:hpznet01.exe -- File not found
"C:\Documents and Settings\Libre Soy\Local Settings\Temp\7zS5640\setup\hponicifs01.exe" = C:\Documents and Settings\Libre Soy\Local Settings\Temp\7zS5640\setup\hponicifs01.exe:*:Enabled:hponicifs01.exe -- File not found
"C:\Documents and Settings\Libre Soy\Local Settings\Temp\7zS49C3\setup\HPZnet01.exe" = C:\Documents and Settings\Libre Soy\Local Settings\Temp\7zS49C3\setup\HPZnet01.exe:*:Enabled:hpznet01.exe -- File not found
"C:\Documents and Settings\Libre Soy\Local Settings\Temp\7zS49C3\setup\hponicifs01.exe" = C:\Documents and Settings\Libre Soy\Local Settings\Temp\7zS49C3\setup\hponicifs01.exe:*:Enabled:hponicifs01.exe -- File not found
"C:\Documents and Settings\Libre Soy\Local Settings\Temp\7zS340B\setup\HPZnet01.exe" = C:\Documents and Settings\Libre Soy\Local Settings\Temp\7zS340B\setup\HPZnet01.exe:*:Enabled:hpznet01.exe -- File not found
"C:\Documents and Settings\Libre Soy\Local Settings\Temp\7zS340B\setup\hponicifs01.exe" = C:\Documents and Settings\Libre Soy\Local Settings\Temp\7zS340B\setup\hponicifs01.exe:*:Enabled:hponicifs01.exe -- File not found
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Windows Shell -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0030188A-533E-42EE-9837-E044F10E4369}" = Palm
"{0A65A3BD-54B5-4d0d-B084-7688507813F5}" = SlideShow
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{15B70821-7893-4607-805A-BB80F3EA8279}" = Acer Empowering Technology framework
"{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{385979FE-DC4F-4140-8EAD-A59625000D72}" = NTI Backup NOW! 4
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1
"{439800C9-FD42-4EA3-94D2-063DF0926873}" = Match-Up!
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4CCC7F68-A437-4559-A840-F5E010934951}" = HP Driver Diagnostics
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5EFDFC8B-D438-4792-A298-E87AA9ADA816}" = Acer eDataSecurity Management
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6CA897D0-67F5-4F75-8261-DC8BFCA6DA42}" = Acer eLock Management
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{876A4C7A-412A-40b8-9DCF-B04D2339B73E}" = c7100_Help
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver for Mobile
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{8F1A20DC-251D-47B0-91B7-DCA2523EE6C9}" = McAfee Virtual Technician
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-0038-0409-0000-0000000FF1CE}" = Time Zone Data Update Tool for Microsoft Office Outlook
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A7B279F4-E9B0-470F-A6A0-54C31C340DBC}" = C7100
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig
"{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour
"{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}" = CP_Panorama1Config
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1C6767D-B395-43CB-BF99-051B58B86DA6}" = PhotoGallery
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus(R) for Adobe
"{D458BBDC-0363-42E0-8FF9-4736E3CB3CA2}" = Acer Screensaver
"{D9B5CB4C-ACA5-483F-900F-5A5B5F511033}" = Nero BackItUp 2 Essentials
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{DEE08946-40F0-4890-853E-60A6C3306041}" = Acer ePerformance Management
"{E38BC648-883B-4EE5-966C-94C4B7AB3E0B}" = Acer eSettings Management
"{E431C518-2EE2-471E-9234-BE995C36D513}" = Acer eDataSecurity Management 1.00.23
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}" = CP_CalendarTemplates1
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Aloha Solitaire" = Aloha Solitaire
"AsDiBiCath" = Biblia de Latinoamérica
"ATT-PRT22" = ATT-PRT22
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_AcrS009E" = HDAUDIO Soft Data Fax Modem with SmartCP
"ePresentation" = Acer ePresentation Management
"GridVista" = Acer GridVista
"HPOCR" = OCR Software by I.R.I.S 7.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{15B70821-7893-4607-805A-BB80F3EA8279}" = Acer Empowering Technology framework
"InstallShield_{385979FE-DC4F-4140-8EAD-A59625000D72}" = NTI Backup NOW! 4
"InstallShield_{6CA897D0-67F5-4F75-8261-DC8BFCA6DA42}" = Acer eLock Management
"InstallShield_{DEE08946-40F0-4890-853E-60A6C3306041}" = Acer ePerformance Management
"InstallShield_{E38BC648-883B-4EE5-966C-94C4B7AB3E0B}" = Acer eSettings Management
"LManager" = Launch Manager
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSC" = McAfee SecurityCenter
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"net" = Advertisement Service
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OpenAL" = OpenAL
"ProInst" = Intel(R) PROSet/Wireless Software
"RealArcade" = RealArcade
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"YInstHelper" = Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"PocketMirror" = PocketMirror 3.1.3 (Standard Edition)

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/1/2010 4:46:05 AM | Computer Name = LAPTOP | Source = Google Update | ID = 20
Description =

Error - 6/1/2010 5:46:05 AM | Computer Name = LAPTOP | Source = Google Update | ID = 20
Description =

Error - 6/1/2010 6:46:06 AM | Computer Name = LAPTOP | Source = Google Update | ID = 20
Description =

Error - 6/1/2010 7:46:07 AM | Computer Name = LAPTOP | Source = Google Update | ID = 20
Description =

Error - 6/1/2010 8:46:07 AM | Computer Name = LAPTOP | Source = Google Update | ID = 20
Description =

Error - 6/1/2010 9:46:07 AM | Computer Name = LAPTOP | Source = Google Update | ID = 20
Description =

Error - 6/1/2010 10:46:07 AM | Computer Name = LAPTOP | Source = Google Update | ID = 20
Description =

Error - 6/1/2010 11:46:07 AM | Computer Name = LAPTOP | Source = Google Update | ID = 20
Description =

Error - 6/2/2010 6:43:40 PM | Computer Name = LAPTOP | Source = Google Update | ID = 20
Description =

Error - 6/2/2010 6:46:09 PM | Computer Name = LAPTOP | Source = Google Update | ID = 20
Description =

[ System Events ]
Error - 6/1/2010 11:47:05 AM | Computer Name = LAPTOP | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {25E8A7CA-5874-4F85-BC00-35210131C444}.
The
error: "%1450" Happened while starting this command: "C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe"
-Embedding

Error - 6/1/2010 11:47:25 AM | Computer Name = LAPTOP | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {25E8A7CA-5874-4F85-BC00-35210131C444}.
The
error: "%193" Happened while starting this command: "C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe"
-Embedding

Error - 6/1/2010 11:47:45 AM | Computer Name = LAPTOP | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {25E8A7CA-5874-4F85-BC00-35210131C444}.
The
error: "%193" Happened while starting this command: "C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe"
-Embedding

Error - 6/1/2010 11:48:05 AM | Computer Name = LAPTOP | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {25E8A7CA-5874-4F85-BC00-35210131C444}.
The
error: "%193" Happened while starting this command: "C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe"
-Embedding

Error - 6/1/2010 11:48:25 AM | Computer Name = LAPTOP | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {25E8A7CA-5874-4F85-BC00-35210131C444}.
The
error: "%193" Happened while starting this command: "C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe"
-Embedding

Error - 6/1/2010 11:48:45 AM | Computer Name = LAPTOP | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {25E8A7CA-5874-4F85-BC00-35210131C444}.
The
error: "%193" Happened while starting this command: "C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe"
-Embedding

Error - 6/2/2010 6:43:36 PM | Computer Name = LAPTOP | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 6/2/2010 6:43:36 PM | Computer Name = LAPTOP | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 6/2/2010 6:44:44 PM | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7000
Description = The LogMeIn Kernel Information Provider service failed to start due
to the following error: %%2

Error - 6/2/2010 6:44:44 PM | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7000
Description = The Cyberlink RichVideo Service(CRVS) service failed to start due
to the following error: %%3


< End of report >

Hello.

Please run OTL.exe.

• Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  
  :OTL
  PRC - [2010/05/30 19:07:44 | 000,030,212 | -H-- | M] () -- C:\DOCUME~1\LIBRES~1\LOCALS~1\Temp\cmd.exe
  PRC - [2010/05/24 15:55:06 | 000,030,001 | -H-- | M] () -- C:\DOCUME~1\LIBRES~1\LOCALS~1\Temp\vgp9gqbc6.exe
  PRC - [2010/05/24 15:54:54 | 000,164,352 | ---- | M] () -- C:\DOCUME~1\LIBRES~1\LOCALS~1\Temp\Ycx.exe
  PRC - [2010/05/24 15:54:48 | 000,180,224 | ---- | M] () -- C:\WINDOWS\Yvyroa.exe
  O4 - HKLM..\Run: [] File not found
  O4 - HKLM..\Run: [datvvrfy] C:\Documents and Settings\Libre Soy\Local Settings\Application Data\licpwtblb\gdsedtctssd.exe File not found
  O4 - HKLM..\Run: [ffldlpmn] C:\Documents and Settings\Libre Soy\Local Settings\Application Data\twetylupq\xcfadlptssd.exe File not found
  O4 - HKLM..\Run: [kxaaweik] C:\Documents and Settings\Libre Soy\Local Settings\Application Data\xjengqxdd\ocdswqctssd.exe File not found
  O4 - HKLM..\Run: [uoaedjjd] C:\Documents and Settings\Libre Soy\Local Settings\Application Data\mqhbwofjk\bnafxgctssd.exe File not found
  O4 - HKCU..\Run: [datvvrfy] C:\Documents and Settings\Libre Soy\Local Settings\Application Data\licpwtblb\gdsedtctssd.exe File not found
  O4 - HKCU..\Run: [ffldlpmn] C:\Documents and Settings\Libre Soy\Local Settings\Application Data\twetylupq\xcfadlptssd.exe File not found
  O4 - HKCU..\Run: [hsfe8owijfisjhgs7ye39gjsoighsd7y3eu] C:\DOCUME~1\LIBRES~1\LOCALS~1\Temp\vgp9gqbc6.exe ()
  O4 - HKCU..\Run: [hsfg9w8gujsokgahi8gysgnsdgefshyjy] C:\DOCUME~1\LIBRES~1\LOCALS~1\Temp\cmd.exe ()
  O4 - HKCU..\Run: [kxaaweik] C:\Documents and Settings\Libre Soy\Local Settings\Application Data\xjengqxdd\ocdswqctssd.exe File not found
  O4 - HKCU..\Run: [M5T8QL3YW3] C:\DOCUME~1\LIBRES~1\LOCALS~1\Temp\Ycx.exe ()
  O4 - HKCU..\Run: [mcexecwin] C:\Documents and Settings\Libre Soy\Local Settings\Temp\txquclg5.dll ()
  O4 - HKCU..\Run: [QZAIB7KITK] C:\WINDOWS\Yvyroa.exe ()
  O4 - HKCU..\Run: [uoaedjjd] C:\Documents and Settings\Libre Soy\Local Settings\Application Data\mqhbwofjk\bnafxgctssd.exe File not found
  O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
  O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
  O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.164.136,93.188.166.233
  O22 - SharedTaskScheduler: {C7BA40A1-74F2-52BD-F411-04B15A2C8953} - har98fefiesjfs93s8i9sejsdf - C:\WINDOWS\system32\h14k827.dll ()
  O36 - AppCertDlls: AppSecDll - (C:\Documents and Settings\Libre Soy\Local Settings\Application Data\Windows Server\hcdqyx.dll) - C:\Documents and Settings\Libre Soy\Local Settings\Application Data\Windows Server\hcdqyx.dll File not found
  [2010/05/26 19:07:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Libre Soy\Local Settings\Application Data\twetylupq
  [2010/05/25 22:47:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Libre Soy\Local Settings\Application Data\licpwtblb
  [2010/05/25 22:28:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Libre Soy\Local Settings\Application Data\mqhbwofjk
  [2010/05/24 15:56:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Libre Soy\Local Settings\Application Data\xjengqxdd
  [2010/05/24 15:54:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Libre Soy\Local Settings\Application Data\Windows Server
  [2010/06/02 19:02:58 | 000,000,254 | -H-- | M] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
  [2010/06/02 18:44:16 | 000,000,296 | -H-- | M] () -- C:\WINDOWS\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
  [2010/05/24 15:54:56 | 000,030,000 | ---- | M] () -- C:\WINDOWS\System32\h14k827.dll
  [2010/05/24 15:54:48 | 000,180,224 | ---- | M] () -- C:\WINDOWS\Yvyroa.exe
  [2010/05/24 15:54:38 | 000,075,776 | ---- | M] () -- C:\WINDOWS\System32\ernel32.dll
  
  :commands
  [emptytemp]
  [reboot]
  
  
  
• Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
  
  
• Click the red Run Fix button.
  
• A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  
• Close OTL.exe
  

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Sorry it took me so long. I cant log in from my laptop so I had to wait to get to work. Now my modem is acting up too and I cant connect to the internet with none of my devices. Is it possible that the virus got to the modem? Anyways here is the log and thanks for all your help

All processes killed
========== OTL ==========
No active process named cmd.exe was found!
No active process named vgp9gqbc6.exe was found!
No active process named Ycx.exe was found!
No active process named Yvyroa.exe was found!
Registry value HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun deleted successfully.
Registry value HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRundatvvrfy deleted successfully.
Registry value HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRunffldlpmn deleted successfully.
Registry value HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRunkxaaweik deleted successfully.
Registry value HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRunuoaedjjd deleted successfully.
Registry value HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRundatvvrfy deleted successfully.
Registry value HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRunffldlpmn deleted successfully.
Registry value HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRunhsfe8owijfisjhgs7ye39gjsoighsd7y3eu deleted successfully.
C:Documents and SettingsLibre SoyLocal SettingsTempvgp9gqbc6.exe moved successfully.
Registry value HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRunhsfg9w8gujsokgahi8gysgnsdgefshyjy deleted successfully.
C:Documents and SettingsLibre SoyLocal SettingsTempcmd.exe moved successfully.
Registry value HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRunkxaaweik deleted successfully.
Registry value HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRunM5T8QL3YW3 deleted successfully.
C:Documents and SettingsLibre SoyLocal SettingsTempYcx.exe moved successfully.
Registry value HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRunmcexecwin deleted successfully.
C:Documents and SettingsLibre SoyLocal SettingsTemptxquclg5.dll moved successfully.
Registry value HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRunQZAIB7KITK deleted successfully.
C:WINDOWSYvyroa.exe moved successfully.
Registry value HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRunuoaedjjd deleted successfully.
Registry value HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorerNoFolderOptions deleted successfully.
Registry value HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystemDisableRegistryTools deleted successfully.
HKEY_LOCAL_MACHINESystemCurrentControlSetServicesTcpipParametersNameServer| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerSharedTaskScheduler{C7BA40A1-74F2-52BD-F411-04B15A2C8953} deleted successfully.
Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{C7BA40A1-74F2-52BD-F411-04B15A2C8953} deleted successfully.
C:WINDOWSsystem32h14k827.dll moved successfully.
Registry value HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSession ManagerAppCertDllsAppSecDll:C:Documents and SettingsLibre SoyLocal SettingsApplication DataWindows Serverhcdqyx.dll deleted successfully.
C:Documents and SettingsLibre SoyLocal SettingsApplication Datatwetylupq folder moved successfully.
C:Documents and SettingsLibre SoyLocal SettingsApplication Datalicpwtblb folder moved successfully.
C:Documents and SettingsLibre SoyLocal SettingsApplication Datamqhbwofjk folder moved successfully.
C:Documents and SettingsLibre SoyLocal SettingsApplication Dataxjengqxdd folder moved successfully.
C:Documents and SettingsLibre SoyLocal SettingsApplication DataWindows Server folder moved successfully.
C:WINDOWStasks{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job moved successfully.
C:WINDOWStasks{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job moved successfully.
File C:WINDOWSSystem32h14k827.dll not found.
File C:WINDOWSYvyroa.exe not found.
C:WINDOWSsystem32ernel32.dll moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes

User: All Users

User: NetworkService
->Temp folder emptied: 428816 bytes
->Temporary Internet Files folder emptied: 323637507 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 98706 bytes

User: Libre Soy
->Temp folder emptied: 111316 bytes
->Temporary Internet Files folder emptied: 23446868 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 29689705 bytes
->Apple Safari cache emptied: 50122344 bytes
->Flash cache emptied: 47197 bytes

User: LogMeInRemoteUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes

User: LogMeInRemoteUser.YOLYLAPTOP
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes

User: Guest
->Temp folder emptied: 10036813 bytes
->Temporary Internet Files folder emptied: 10431571 bytes
->Flash cache emptied: 775 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%System32 .tmp files removed: 2832913 bytes
%systemroot%System32dllcache .tmp files removed: 0 bytes
%systemroot%System32drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 187278 bytes
%systemroot%system32configsystemprofileLocal SettingsTemp folder emptied: 0 bytes
%systemroot%system32configsystemprofileLocal SettingsTemporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 430.00 mb


OTL by OldTimer - Version 3.2.5.3 log created on 06052010_112016

FilesFolders moved on Reboot...
C:Documents and SettingsLibre SoyLocal SettingsTemptxquclg5.dll moved successfully.

Registry entries deleted on Reboot...

Hello.

• Download combofix from here
  Link 1
  Link 2
  
  1. If you are using Firefox, make sure that your download settings are as follows:
  
  * Tools->Options->Main tab
  * Set to "Always ask me where to Save the files".
  
  2. During the download, rename Combofix to Combo-Fix as follows:
  
  
  
  
  
  3. It is important you rename Combofix during the download, but not after.
  4. Please do not rename Combofix to other names, but only to the one indicated.
  5. Close any open browsers.
  6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  
  
• We need to disable your local AV (Anti-virus) before running Combofix.
  
• See HERE for how to disable your AV.
  
• Double click on ComboFix.exe.
  
• Follow the prompts. NOTE:
  
• ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
  ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
  
  **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
  
  
  
• The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
  
  
  
  
• Allow ComboFix to download the Recovery Console.
  
• Accept the End-User License Agreement.
  
• The Recovery Console will be installed.
  
• You will then get this next prompt that asks if you want to continue the malware scan, select yes
  
  
  
  
• Allow combofix to run
  
• Post C:combofix.txt back here.
  
  Note:
  Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  

Sorry it took me so long but I've been having all kinds of problems with my laptop. I think its good now.

ComboFix 10-06-30.03 - Libre Soy 07/01/2010 10:57:03.1.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.651 [GMT -4:00]
Running from: F:\Combo-Fix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Shared
c:\program files\WinPCap
c:\program files\WinPCap\daemon_mgm.exe
c:\program files\WinPCap\npf_mgm.exe
c:\program files\WinPCap\rpcapd.exe
c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll

Infected copy of c:\windows\system32\drivers\pcmcia.sys was found and disinfected
Restored copy from - Kitty had a snack :p
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2010-06-01 to 2010-07-01 )))))))))))))))))))))))))))))))
.

2010-07-01 13:52 . 2010-07-01 13:52 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-06-29 21:12 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr
2010-06-29 21:06 . 2010-06-29 21:06 -------- d-----w- C:\Combo-Fix
2010-06-22 02:56 . 2010-06-22 02:56 -------- d-----w- c:\documents and settings\Libre Soy\Local Settings\Application Data\yxexcnseo
2010-06-20 16:08 . 2010-06-20 16:08 -------- d-----w- C:\FOUND.003
2010-06-14 23:23 . 2010-06-28 20:32 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-14 23:23 . 2010-06-28 20:37 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-14 23:23 . 2010-06-28 20:33 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-14 23:23 . 2010-06-28 20:37 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-14 23:23 . 2010-06-28 20:32 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-06-14 23:23 . 2010-06-28 20:32 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-06-14 23:23 . 2010-06-28 20:32 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-06-14 23:23 . 2010-06-28 20:57 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-14 23:23 . 2010-06-14 23:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-06-11 23:47 . 2010-06-11 23:47 -------- d-----w- C:\FOUND.002
2010-06-09 23:55 . 2010-06-09 23:55 -------- d-----w- C:\FOUND.001
2010-06-09 23:40 . 2010-06-09 23:40 -------- d-----w- C:\FOUND.000

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-23 19:46 . 2009-12-29 21:01 95056 ----a-w- c:\documents and settings\Libre Soy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-23 17:45 . 2010-05-22 15:28 116458 ----a-w- c:\windows\hpoins11.dat
2010-05-22 15:09 . 2010-05-22 15:09 10134 ----a-r- c:\documents and settings\Libre Soy\Application Data\Microsoft\Installer\{4CCC7F68-A437-4559-A840-F5E010934951}\ARPPRODUCTICON.exe
2007-03-17 17:15 . 2007-03-17 17:15 774144 ----a-w- c:\program files\RngInterstitial.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-07-05 14:10 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-03-24 18:17 952768 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-01-22 15:13 152872 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2008-04-08 13:56 1647912 ----a-w- c:\program files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [6/14/2010 7:23 PM 165456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6/14/2010 7:23 PM 17744]
S2 0281491276128437mcinstcleanup;McAfee Application Installer Cleanup (0281491276128437);c:\docume~1\LIBRES~1\LOCALS~1\Temp\028149~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\docume~1\LIBRES~1\LOCALS~1\Temp\028149~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/6/2010 1:41 PM 136176]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\LogMeIn\x86\RaInfo.sys --> c:\program files\LogMeIn\x86\RaInfo.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-07-01 c:\windows\Tasks\User_Feed_Synchronization-{4C59B68C-66ED-4BB9-A80C-A0FEC974F7F6}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]

2010-07-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-06 17:41]

2010-07-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-06 17:41]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.yahoo.com/
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride =
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {413D6754-BFD4-47FE-9346-319559290BFA} - hxxps://www.webpcfos.com/webpcfos/websabre/HTEweb_new.cab
DPF: {EA7F451B-94DD-4009-A8BF-8F977B0B2696} - hxxp://pbells.broadjump.com/wizlet/StandardInstall/static/controls/WebflowActiveXInstaller_4-2-0.cab
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - (no file)
MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe
MSConfigStartUp-ldikajhk - c:\documents and settings\Libre Soy\Local Settings\Application Data\yxexcnseo\emngyrytssd.exe
MSConfigStartUp-mcagent_exe - c:\program files\McAfee.com\Agent\mcagent.exe
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\qttask.exe
MSConfigStartUp-TkBellExe - c:\program files\Common Files\Real\Update_OB\realsched.exe
AddRemove-MSC - c:\program files\McAfee\MSC\mcuninst.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-01 11:06
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(776)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\LMIinit.dll

- - - - - - - > 'explorer.exe'(2008)
c:\windows\system32\WININET.dll
c:\program files\Common Files\Ahead\Lib\NeroSearchBar.dll
c:\program files\Common Files\Ahead\Lib\MFC71U.DLL
c:\program files\Common Files\Ahead\Lib\BCGCBPRO860un71.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\LMIRfsClientNP.dll
c:\program files\Microsoft Office\OFFICE11\msohev.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\acer\Empowering Technology\admServ.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\IoctlSvc.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\Windows Media Player\WMPNetwk.exe
.
**************************************************************************
.
Completion time: 2010-07-01 11:09:03 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-01 15:09

Pre-Run: 18,826,461,184 bytes free
Post-Run: 18,762,006,528 bytes free

- - End Of File - - F9FEB1DF45294AB5CC2A7B8FAD8AE12F

Hello.

1. Close any open browsers.
   
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   
3. Open notepad and copy/paste the text in the quotebox below into it:
   

   Code:

   
KILLALL::

Folder::
c:\documents and settings\Libre Soy\Local Settings\Application Data\yxexcnseo
C:\FOUND.003
C:\FOUND.002
C:\FOUND.001
C:\FOUND.000

Driver::
0281491276128437mcinstcleanup
LMIInfo

DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride =

   
   
4. Save this as CFScript.txt, in the same location as ComboFix.exe
   
   
   
   
5. Referring to the picture above, drag CFScript into ComboFix.exe
   
6. When finished, it shall produce a log for you at C:\ComboFix.txt
   
7. Please post the contents of the log in your next reply.
   

Ooops I already deleted the found folders manually

Don't matter, run CFScript anyway cause it will remove some other leftovers.

A pop up said while combo fix was running and actually still running - c/recycle bin damaged or corrupted would you like to delete

ComboFix 10-06-30.03 - Libre Soy 07/01/2010 11:45:34.2.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.566 [GMT -4:00]
Running from: c:\documents and settings\Libre Soy\My Documents\Combo-Fix.exe
Command switches used :: c:\documents and settings\Libre Soy\My Documents\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Libre Soy\Local Settings\Application Data\yxexcnseo

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_0281491276128437MCINSTCLEANUP
-------\Legacy_LMIINFO
-------\Service_0281491276128437mcinstcleanup
-------\Service_LMIInfo


((((((((((((((((((((((((( Files Created from 2010-06-01 to 2010-07-01 )))))))))))))))))))))))))))))))
.

2010-07-01 15:33 . 2010-07-01 15:33 -------- d-----w- c:\program files\ESET
2010-07-01 13:52 . 2010-07-01 13:52 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-06-29 21:12 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr
2010-06-29 21:06 . 2010-06-29 21:06 -------- d-----w- C:\Combo-Fix
2010-06-14 23:23 . 2010-06-28 20:32 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-14 23:23 . 2010-06-28 20:37 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-14 23:23 . 2010-06-28 20:33 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-14 23:23 . 2010-06-28 20:37 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-14 23:23 . 2010-06-28 20:32 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-06-14 23:23 . 2010-06-28 20:32 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-06-14 23:23 . 2010-06-28 20:32 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-06-14 23:23 . 2010-06-28 20:57 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-14 23:23 . 2010-06-14 23:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-23 19:46 . 2009-12-29 21:01 95056 ----a-w- c:\documents and settings\Libre Soy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-23 17:45 . 2010-05-22 15:28 116458 ----a-w- c:\windows\hpoins11.dat
2010-05-22 15:09 . 2010-05-22 15:09 10134 ----a-r- c:\documents and settings\Libre Soy\Application Data\Microsoft\Installer\{4CCC7F68-A437-4559-A840-F5E010934951}\ARPPRODUCTICON.exe
2007-03-17 17:15 . 2007-03-17 17:15 774144 ----a-w- c:\program files\RngInterstitial.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-07-05 14:10 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-03-24 18:17 952768 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-01-22 15:13 152872 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2008-04-08 13:56 1647912 ----a-w- c:\program files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [6/14/2010 7:23 PM 165456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6/14/2010 7:23 PM 17744]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/6/2010 1:41 PM 136176]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-07-01 c:\windows\Tasks\User_Feed_Synchronization-{4C59B68C-66ED-4BB9-A80C-A0FEC974F7F6}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]

2010-07-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-06 17:41]

2010-07-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-06 17:41]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.yahoo.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {413D6754-BFD4-47FE-9346-319559290BFA} - hxxps://www.webpcfos.com/webpcfos/websabre/HTEweb_new.cab
DPF: {EA7F451B-94DD-4009-A8BF-8F977B0B2696} - hxxp://pbells.broadjump.com/wizlet/StandardInstall/static/controls/WebflowActiveXInstaller_4-2-0.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-01 12:02
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(776)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\LMIinit.dll

- - - - - - - > 'explorer.exe'(604)
c:\windows\system32\WININET.dll
c:\program files\Common Files\Ahead\Lib\NeroSearchBar.dll
c:\program files\Common Files\Ahead\Lib\MFC71U.DLL
c:\program files\Common Files\Ahead\Lib\BCGCBPRO860un71.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\acer\Empowering Technology\admServ.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\IoctlSvc.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\Windows Media Player\WMPNetwk.exe
.
**************************************************************************
.
Completion time: 2010-07-01 12:04:25 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-01 16:04
ComboFix2.txt 2010-07-01 15:09

Pre-Run: 18,723,110,912 bytes free
Post-Run: 18,714,951,680 bytes free

- - End Of File - - 0BD37D8ADE593466B3CC236191AD7934

Hello.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

Run ESET Online Scan
Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.

• Check (tick) this box: YES, I accept the Terms of Use.
  
• Click on the Start button next to it.
  
• When prompted to run ActiveX. click Yes.
  
• You will be asked to install an ActiveX. Click Install.
  
• Once installed, the scanner will be initialized.
  
• After the scanner is initialized, click Start.
  
• Check (tick) Remove found threats box.
  
• Check (tick) Scan unwanted applications.
  
• Click on Scan.
  
• It will start scanning. Please be patient.
  
• Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.
  

Ok see like combofix is running again

Running online scan now

ComboFix 10-06-30.03 - Libre Soy 07/01/2010 12:20:16.3.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.595 [GMT -4:00]
Running from: c:\documents and settings\Libre Soy\My Documents\Combo-Fix.exe
Command switches used :: / uninstall
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((( Files Created from 2010-06-01 to 2010-07-01 )))))))))))))))))))))))))))))))
.

2010-07-01 15:33 . 2010-07-01 15:33 -------- d-----w- c:\program files\ESET
2010-07-01 13:52 . 2010-07-01 13:52 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-06-29 21:12 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr
2010-06-29 21:06 . 2010-06-29 21:06 -------- d-----w- C:\Combo-Fix
2010-06-14 23:23 . 2010-06-28 20:32 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-14 23:23 . 2010-06-28 20:37 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-14 23:23 . 2010-06-28 20:33 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-14 23:23 . 2010-06-28 20:37 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-14 23:23 . 2010-06-28 20:32 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-06-14 23:23 . 2010-06-28 20:32 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-06-14 23:23 . 2010-06-28 20:32 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-06-14 23:23 . 2010-06-28 20:57 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-14 23:23 . 2010-06-14 23:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-23 19:46 . 2009-12-29 21:01 95056 ----a-w- c:\documents and settings\Libre Soy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-23 17:45 . 2010-05-22 15:28 116458 ----a-w- c:\windows\hpoins11.dat
2010-05-22 15:09 . 2010-05-22 15:09 10134 ----a-r- c:\documents and settings\Libre Soy\Application Data\Microsoft\Installer\{4CCC7F68-A437-4559-A840-F5E010934951}\ARPPRODUCTICON.exe
2007-03-17 17:15 . 2007-03-17 17:15 774144 ----a-w- c:\program files\RngInterstitial.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-07-05 14:10 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-03-24 18:17 952768 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-01-22 15:13 152872 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2008-04-08 13:56 1647912 ----a-w- c:\program files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [6/14/2010 7:23 PM 165456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6/14/2010 7:23 PM 17744]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/6/2010 1:41 PM 136176]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-07-01 c:\windows\Tasks\User_Feed_Synchronization-{4C59B68C-66ED-4BB9-A80C-A0FEC974F7F6}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]

2010-07-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-06 17:41]

2010-07-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-06 17:41]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.yahoo.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {413D6754-BFD4-47FE-9346-319559290BFA} - hxxps://www.webpcfos.com/webpcfos/websabre/HTEweb_new.cab
DPF: {EA7F451B-94DD-4009-A8BF-8F977B0B2696} - hxxp://pbells.broadjump.com/wizlet/StandardInstall/static/controls/WebflowActiveXInstaller_4-2-0.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-01 12:23
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(776)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\LMIinit.dll

- - - - - - - > 'explorer.exe'(1004)
c:\windows\system32\WININET.dll
c:\program files\Common Files\Ahead\Lib\NeroSearchBar.dll
c:\program files\Common Files\Ahead\Lib\MFC71U.DLL
c:\program files\Common Files\Ahead\Lib\BCGCBPRO860un71.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2010-07-01 12:25:09
ComboFix-quarantined-files.txt 2010-07-01 16:25
ComboFix2.txt 2010-07-01 16:04
ComboFix3.txt 2010-07-01 15:09

Pre-Run: 18,732,548,096 bytes free
Post-Run: 18,711,642,112 bytes free

- - End Of File - - A9B1C8061B8259273C4191591B0CB478

Please run the ESET online scan now, then we'll finish this off.

Doingg it now. I'm on my work computer but I brought my laptop. It was the only way I can get this going. Its on 20%. Thank you

46% done, it found a win32/olmaric/zc so far

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=7d1b65a1e2fbfb46b918b36d245041ec
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-07-01 05:36:34
# local_time=2010-07-01 01:36:34 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=768 16777215 100 0 88252804 88252804 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=79846
# found=1
# cleaned=1
# scan_time=3965
C:\System Volume Information\_restore{B87F36FC-155B-443C-B65A-D13BE62F944B}\RP12\A0004871.sys Win32/Olmarik.ZC trojan (cleaned - quarantined) 00000000000000000000000000000000 C

Hello.

How is the machine running now?

Its running pretty good. Am I safe?

We need to make a new restore point.

To turn off System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.
4. Click Yes when you receive the prompt to the turn off System Restore.

Now we need to make a new restore point.
To turn on System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (To turn on System Restore), and then click OK.

---

The machine looks good now.

Thank you. Did it. I will be sending a small donation for your help. Thank you very much