rundll32.exe 0xC0000005 repeatedly

**Rorschach112** · 2008-05-26, 01:44

Do this

Download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.

Open the OTScanIt folder and double-click on OTScanIt.exe to start the program.
Under Additional Scans check the boxes beside Reg - Bot Check, Reg - Desktop Components, Reg - Disabled MS Config Items, Reg Mountpoints2, File - Additional Folder Scans, File - Lop Check, and File - Purity Scan.
Under Drivers change it to Non-Microsoft.
Under Files Created Within and Files Modified Within change it to 90 days.
Now click the Run Scan button on the toolbar.
When the scan is complete Notepad will open with the report file loaded in it.
Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Use the Add Reply button and post the information back here in an attachment. I will review it when it comes in. The last line is < End of Report >, so make sure that is the last line in the attached report.

Make sure you attach the report in your reply. If it is too big to upload, then zip the text file and upload it that way

**srcbeck** · 2008-05-26, 11:34

Hi Rorschach112, that ran ok and have attached the notepad file.

**Rorschach112** · 2008-05-26, 14:36

A lot of malware on your PC

Start OTScanIt. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Unregister Dlls]
[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> BMe76ddc0b -> %SystemRoot%\system32\wgbqfykx.dll [Rundll32.exe "C:\WINDOWS\system32\wgbqfykx.dll",s]
YY -> e45eef97 -> %SystemRoot%\system32\mtfntssf.dll [rundll32.exe "C:\WINDOWS\system32\mtfntssf.dll",b]
YN -> NWEReboot -> []
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe [C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe]
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls
YY -> C:\WINDOWS\system32\__c0066644.dat -> %SystemRoot%\system32\__c0066644.dat
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YY -> {3F567BD3-529D-43AD-866D-D8C1D657AFAF} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\wvUlMCUM.dll [Reg Error: Value does not exist or could not be read.]
YN -> {7E853D72-626A-48EC-A868-BA8D5E23E045} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {82283E81-8733-475A-9575-A5DEA5C8A003} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\xxyyaXPI.dll [Reg Error: Value does not exist or could not be read.]
YN -> {916E3AB7-E3BD-48A5-AA78-746DE1F005F6} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\mlJCVpMF.dll [Reg Error: Value does not exist or could not be read.]
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
YN -> &Google Search ->
YN -> Backward Links ->
YN -> Cached Snapshot of Page ->
YN -> Similar Pages ->
YN -> Translate into English ->
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
YN -> ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
YN -> msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
[Registry - Additional Scans - All]
< BotCheck > ->
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages
YY -> C:\WINDOWS\system32\wvUlMCUM -> %SystemRoot%\system32\wvUlMCUM.dll
< BotCheck > ->
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe -> C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe [C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe:*:enabled:BullGuard]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\BullGuard Software\BullGuard\BullGuardUpdate.exe -> C:\Program Files\BullGuard Software\BullGuard\BullGuardUpdate.exe [C:\Program Files\BullGuard Software\BullGuard\BullGuardUpdate.exe:*:enabled:BullGuard Update]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe -> C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe [C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe:*:enabled:BullGuard]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\BullGuard Software\BullGuard\BullGuardUpdate.exe -> C:\Program Files\BullGuard Software\BullGuard\BullGuardUpdate.exe [C:\Program Files\BullGuard Software\BullGuard\BullGuardUpdate.exe:*:enabled:BullGuard Update]
< MountPoints2 > ->
*~EmptyValue* -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{34779710-2965-11db-bbad-806d6172696f}\_Autorun\DefaultIcon\\
YY -> E:\setup.exe -> E:\setup.exe
< MountPoints2 > ->
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e60e1df4-c864-11db-900f-806d6172696f}\_Autorun\DefaultIcon\\ -> E:\Setup.EXE [E:\Setup.EXE]
[Files/Folders - Created Within 90 days]
NY -> is154323.exe -> %SystemDrive%\is154323.exe
NY -> VundoFix Backups -> %SystemDrive%\VundoFix Backups
NY -> ahnawmun.dll -> %SystemRoot%\System32\ahnawmun.dll
NY -> awfepmow.exe -> %SystemRoot%\System32\awfepmow.exe
NY -> bceKkUvw.ini -> %SystemRoot%\System32\bceKkUvw.ini
NY -> buxixguy.dll -> %SystemRoot%\System32\buxixguy.dll
NY -> cefkstcx.dll -> %SystemRoot%\System32\cefkstcx.dll
NY -> dbmcvxke.ini -> %SystemRoot%\System32\dbmcvxke.ini
NY -> eeuqnphu.dll -> %SystemRoot%\System32\eeuqnphu.dll
NY -> erkoxceg.dll -> %SystemRoot%\System32\erkoxceg.dll
NY -> fioaowjx.dll -> %SystemRoot%\System32\fioaowjx.dll
NY -> fjllnuwl.dll -> %SystemRoot%\System32\fjllnuwl.dll
NY -> fkfvipoq.dll -> %SystemRoot%\System32\fkfvipoq.dll
NY -> FMpVCJlm.ini -> %SystemRoot%\System32\FMpVCJlm.ini
NY -> FMpVCJlm.ini2 -> %SystemRoot%\System32\FMpVCJlm.ini2
NY -> frlnqupk.dll -> %SystemRoot%\System32\frlnqupk.dll
NY -> fsstnftm.ini -> %SystemRoot%\System32\fsstnftm.ini
NY -> gojucnel.dll -> %SystemRoot%\System32\gojucnel.dll
NY -> hyhqeedv.dll -> %SystemRoot%\System32\hyhqeedv.dll
NY -> immjygvn.dll -> %SystemRoot%\System32\immjygvn.dll
NY -> IPXayyxx.ini -> %SystemRoot%\System32\IPXayyxx.ini
NY -> IPXayyxx.ini2 -> %SystemRoot%\System32\IPXayyxx.ini2
NY -> jiPsvyay.ini -> %SystemRoot%\System32\jiPsvyay.ini
NY -> jiPsvyay.ini2 -> %SystemRoot%\System32\jiPsvyay.ini2
NY -> jngawune.exe -> %SystemRoot%\System32\jngawune.exe
NY -> 3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
NY -> kwrvwdwx.dll -> %SystemRoot%\System32\kwrvwdwx.dll
NY -> lencujog.ini -> %SystemRoot%\System32\lencujog.ini
NY -> loijmifa.dll -> %SystemRoot%\System32\loijmifa.dll
NY -> lsmhjfcs.ini -> %SystemRoot%\System32\lsmhjfcs.ini
NY -> mlJDurrP.dll -> %SystemRoot%\System32\mlJDurrP.dll
NY -> movupigy.ini -> %SystemRoot%\System32\movupigy.ini
NY -> mrlyerho.exe -> %SystemRoot%\System32\mrlyerho.exe
NY -> mtfntssf.dll -> %SystemRoot%\System32\mtfntssf.dll
NY -> MUCMlUvw.ini -> %SystemRoot%\System32\MUCMlUvw.ini
NY -> MUCMlUvw.ini2 -> %SystemRoot%\System32\MUCMlUvw.ini2
NY -> murspirh.dll -> %SystemRoot%\System32\murspirh.dll
NY -> mynacwop.dll -> %SystemRoot%\System32\mynacwop.dll
NY -> njuydnne.ini -> %SystemRoot%\System32\njuydnne.ini
NY -> nlkeowtt.dll -> %SystemRoot%\System32\nlkeowtt.dll
NY -> nnspecis.exe -> %SystemRoot%\System32\nnspecis.exe
NY -> ohjupgdx.dll -> %SystemRoot%\System32\ohjupgdx.dll
NY -> oxkyplge.dll -> %SystemRoot%\System32\oxkyplge.dll
NY -> pextdxrv.exe -> %SystemRoot%\System32\pextdxrv.exe
NY -> pfihwuuj.dll -> %SystemRoot%\System32\pfihwuuj.dll
NY -> pwwdarnu.dll -> %SystemRoot%\System32\pwwdarnu.dll
NY -> qdcardjd.dll -> %SystemRoot%\System32\qdcardjd.dll
NY -> qncktruh.dll -> %SystemRoot%\System32\qncktruh.dll
NY -> rsmkwkgo.dll -> %SystemRoot%\System32\rsmkwkgo.dll
NY -> ruuubfws.dll -> %SystemRoot%\System32\ruuubfws.dll
NY -> scfjhmsl.dll -> %SystemRoot%\System32\scfjhmsl.dll
NY -> srdqibyg.ini -> %SystemRoot%\System32\srdqibyg.ini
NY -> ssqoMeDw.dll -> %SystemRoot%\System32\ssqoMeDw.dll
NY -> swwhcnji.dll -> %SystemRoot%\System32\swwhcnji.dll
NY -> tausqfjj.dll -> %SystemRoot%\System32\tausqfjj.dll
NY -> txfyjpvk.dll -> %SystemRoot%\System32\txfyjpvk.dll
NY -> uenwyumd.exe -> %SystemRoot%\System32\uenwyumd.exe
NY -> vtUlMefg.dll -> %SystemRoot%\System32\vtUlMefg.dll
NY -> vtUolMcC.dll -> %SystemRoot%\System32\vtUolMcC.dll
NY -> wbocqysk.dll -> %SystemRoot%\System32\wbocqysk.dll
NY -> wchodbwb.dll -> %SystemRoot%\System32\wchodbwb.dll
NY -> wgbqfykx.dll -> %SystemRoot%\System32\wgbqfykx.dll
NY -> wlsitwym.dll -> %SystemRoot%\System32\wlsitwym.dll
NY -> wvUlMCUM.dll -> %SystemRoot%\System32\wvUlMCUM.dll
NY -> xcavygwf.exe -> %SystemRoot%\System32\xcavygwf.exe
NY -> xjwoaoif.ini -> %SystemRoot%\System32\xjwoaoif.ini
NY -> yaywvSJA.dll -> %SystemRoot%\System32\yaywvSJA.dll
NY -> ygipuvom.dll -> %SystemRoot%\System32\ygipuvom.dll
NY -> yugxixub.ini -> %SystemRoot%\System32\yugxixub.ini
NY -> yxmgwutn.dll -> %SystemRoot%\System32\yxmgwutn.dll
NY -> __c00495FA.dat -> %SystemRoot%\System32\__c00495FA.dat
NY -> __c006001.dat -> %SystemRoot%\System32\__c006001.dat
NY -> __c0060EB8.dat -> %SystemRoot%\System32\__c0060EB8.dat
NY -> __c0060F37.dat -> %SystemRoot%\System32\__c0060F37.dat
NY -> __c0066644.dat -> %SystemRoot%\System32\__c0066644.dat
NY -> __c009B271.dat -> %SystemRoot%\System32\__c009B271.dat
NY -> __c00E78B5.dat -> %SystemRoot%\System32\__c00E78B5.dat
NY -> BMe76ddc0b.xml -> %SystemRoot%\BMe76ddc0b.xml
NY -> cookies.ini -> %SystemRoot%\cookies.ini
NY -> 5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
NY -> pskt.ini -> %SystemRoot%\pskt.ini
[Files Created - Additional Folder Scans - All]
NY -> ComboFix.exe -> %UserProfile%\Desktop\ComboFix.exe
NY -> dss.exe -> %UserProfile%\Desktop\dss.exe
NY -> Nigel.exe -> %UserProfile%\Desktop\Nigel.exe
NY -> VundoFix.exe -> %UserProfile%\Desktop\VundoFix.exe
[Files/Folders - Modified Within 90 days]
NY -> is154323.exe -> %SystemDrive%\is154323.exe
NY -> VundoFix Backups -> %SystemDrive%\VundoFix Backups
NY -> ahnawmun.dll -> %SystemRoot%\System32\ahnawmun.dll
NY -> awfepmow.exe -> %SystemRoot%\System32\awfepmow.exe
NY -> bceKkUvw.ini -> %SystemRoot%\System32\bceKkUvw.ini
NY -> bceKkUvw.ini2 -> %SystemRoot%\System32\bceKkUvw.ini2
NY -> buxixguy.dll -> %SystemRoot%\System32\buxixguy.dll
NY -> 3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
NY -> cefkstcx.dll -> %SystemRoot%\System32\cefkstcx.dll
NY -> dbmcvxke.ini -> %SystemRoot%\System32\dbmcvxke.ini
NY -> eeuqnphu.dll -> %SystemRoot%\System32\eeuqnphu.dll
NY -> erkoxceg.dll -> %SystemRoot%\System32\erkoxceg.dll
NY -> fioaowjx.dll -> %SystemRoot%\System32\fioaowjx.dll
NY -> fjllnuwl.dll -> %SystemRoot%\System32\fjllnuwl.dll
NY -> fkfvipoq.dll -> %SystemRoot%\System32\fkfvipoq.dll
NY -> FMpVCJlm.ini -> %SystemRoot%\System32\FMpVCJlm.ini
NY -> FMpVCJlm.ini2 -> %SystemRoot%\System32\FMpVCJlm.ini2
NY -> frlnqupk.dll -> %SystemRoot%\System32\frlnqupk.dll
NY -> fsstnftm.ini -> %SystemRoot%\System32\fsstnftm.ini
NY -> FxsTmp -> %SystemRoot%\System32\FxsTmp
NY -> gojucnel.dll -> %SystemRoot%\System32\gojucnel.dll
NY -> hyhqeedv.dll -> %SystemRoot%\System32\hyhqeedv.dll
NY -> immjygvn.dll -> %SystemRoot%\System32\immjygvn.dll
NY -> IPXayyxx.ini -> %SystemRoot%\System32\IPXayyxx.ini
NY -> IPXayyxx.ini2 -> %SystemRoot%\System32\IPXayyxx.ini2
NY -> jiPsvyay.ini -> %SystemRoot%\System32\jiPsvyay.ini
NY -> jiPsvyay.ini2 -> %SystemRoot%\System32\jiPsvyay.ini2
NY -> jngawune.exe -> %SystemRoot%\System32\jngawune.exe
NY -> kwrvwdwx.dll -> %SystemRoot%\System32\kwrvwdwx.dll
NY -> lencujog.ini -> %SystemRoot%\System32\lencujog.ini
NY -> loijmifa.dll -> %SystemRoot%\System32\loijmifa.dll
NY -> lsmhjfcs.ini -> %SystemRoot%\System32\lsmhjfcs.ini
NY -> mlJDurrP.dll -> %SystemRoot%\System32\mlJDurrP.dll
NY -> movupigy.ini -> %SystemRoot%\System32\movupigy.ini
NY -> mrlyerho.exe -> %SystemRoot%\System32\mrlyerho.exe
NY -> mtfntssf.dll -> %SystemRoot%\System32\mtfntssf.dll
NY -> MUCMlUvw.ini -> %SystemRoot%\System32\MUCMlUvw.ini
NY -> MUCMlUvw.ini2 -> %SystemRoot%\System32\MUCMlUvw.ini2
NY -> murspirh.dll -> %SystemRoot%\System32\murspirh.dll
NY -> mynacwop.dll -> %SystemRoot%\System32\mynacwop.dll
NY -> njuydnne.ini -> %SystemRoot%\System32\njuydnne.ini
NY -> nlkeowtt.dll -> %SystemRoot%\System32\nlkeowtt.dll
NY -> nnspecis.exe -> %SystemRoot%\System32\nnspecis.exe
NY -> ohjupgdx.dll -> %SystemRoot%\System32\ohjupgdx.dll
NY -> oxkyplge.dll -> %SystemRoot%\System32\oxkyplge.dll
NY -> pextdxrv.exe -> %SystemRoot%\System32\pextdxrv.exe
NY -> pfihwuuj.dll -> %SystemRoot%\System32\pfihwuuj.dll
NY -> pwwdarnu.dll -> %SystemRoot%\System32\pwwdarnu.dll
NY -> qdcardjd.dll -> %SystemRoot%\System32\qdcardjd.dll
NY -> qncktruh.dll -> %SystemRoot%\System32\qncktruh.dll
NY -> rsmkwkgo.dll -> %SystemRoot%\System32\rsmkwkgo.dll
NY -> ruuubfws.dll -> %SystemRoot%\System32\ruuubfws.dll
NY -> scfjhmsl.dll -> %SystemRoot%\System32\scfjhmsl.dll
NY -> srdqibyg.ini -> %SystemRoot%\System32\srdqibyg.ini
NY -> ssqoMeDw.dll -> %SystemRoot%\System32\ssqoMeDw.dll
NY -> swwhcnji.dll -> %SystemRoot%\System32\swwhcnji.dll
NY -> tausqfjj.dll -> %SystemRoot%\System32\tausqfjj.dll
NY -> txfyjpvk.dll -> %SystemRoot%\System32\txfyjpvk.dll
NY -> uenwyumd.exe -> %SystemRoot%\System32\uenwyumd.exe
NY -> vtUlMefg.dll -> %SystemRoot%\System32\vtUlMefg.dll
NY -> vtUolMcC.dll -> %SystemRoot%\System32\vtUolMcC.dll
NY -> wbocqysk.dll -> %SystemRoot%\System32\wbocqysk.dll
NY -> wchodbwb.dll -> %SystemRoot%\System32\wchodbwb.dll
NY -> wgbqfykx.dll -> %SystemRoot%\System32\wgbqfykx.dll
NY -> wlsitwym.dll -> %SystemRoot%\System32\wlsitwym.dll
NY -> wvUlMCUM.dll -> %SystemRoot%\System32\wvUlMCUM.dll
NY -> xcavygwf.exe -> %SystemRoot%\System32\xcavygwf.exe
NY -> xjwoaoif.ini -> %SystemRoot%\System32\xjwoaoif.ini
NY -> yaywvSJA.dll -> %SystemRoot%\System32\yaywvSJA.dll
NY -> ygipuvom.dll -> %SystemRoot%\System32\ygipuvom.dll
NY -> yugxixub.ini -> %SystemRoot%\System32\yugxixub.ini
NY -> yxmgwutn.dll -> %SystemRoot%\System32\yxmgwutn.dll
NY -> __c00495FA.dat -> %SystemRoot%\System32\__c00495FA.dat
NY -> __c006001.dat -> %SystemRoot%\System32\__c006001.dat
NY -> __c0060EB8.dat -> %SystemRoot%\System32\__c0060EB8.dat
NY -> __c0060F37.dat -> %SystemRoot%\System32\__c0060F37.dat
NY -> __c0066644.dat -> %SystemRoot%\System32\__c0066644.dat
NY -> __c009B271.dat -> %SystemRoot%\System32\__c009B271.dat
NY -> __c00E78B5.dat -> %SystemRoot%\System32\__c00E78B5.dat
NY -> 5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
NY -> BMe76ddc0b.xml -> %SystemRoot%\BMe76ddc0b.xml
NY -> pskt.ini -> %SystemRoot%\pskt.ini
[Empty Temp Folders]
[Start Explorer]
[Reboot]

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here

I will review the information when it comes back in.

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Then reboot and try this

Please visit this web page for instructions for downloading and running ComboFix

http://www.bleepingcomputer.com/comb...o-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.

Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. Don't select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

**srcbeck** · 2008-05-26, 22:27

OTScanIt ran, well sort of, not quite as you described.

It ran for a few minutes after I pasted that info in and then it got a error message box that said:

"OTScanIT.exe - Bad Image - The application or DLL C:\WINDOWS\SYSTEM32\yaywvSJA.dll is not a valid windows image. PLease check this against your installation diskette"

I only had the option to choose ok, which I did. The scan then seemed to keep going and then came back with another message box:

"Machine needs to reboot to remove files. Continue Yes or No."

I chose to reboot. On reboot it then came up with the Notepad output: Here it is

Explorer killed successfully
[Registry - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\BMe76ddc0b deleted successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\wgbqfykx.dll
C:\WINDOWS\system32\wgbqfykx.dll NOT unregistered.
C:\WINDOWS\system32\wgbqfykx.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\e45eef97 deleted successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\mtfntssf.dll
C:\WINDOWS\system32\mtfntssf.dll NOT unregistered.
C:\WINDOWS\system32\mtfntssf.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\NWEReboot deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\swg deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\WINDOWS\system32\__c0066644.dat deleted successfully.
File move failed. C:\WINDOWS\system32\__c0066644.dat scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3F567BD3-529D-43AD-866D-D8C1D657AFAF}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3F567BD3-529D-43AD-866D-D8C1D657AFAF}\ not found.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\wvUlMCUM.dll
C:\WINDOWS\system32\wvUlMCUM.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\wvUlMCUM.dll scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{82283E81-8733-475A-9575-A5DEA5C8A003}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{82283E81-8733-475A-9575-A5DEA5C8A003}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{916E3AB7-E3BD-48A5-AA78-746DE1F005F6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{916E3AB7-E3BD-48A5-AA78-746DE1F005F6}\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Google Search\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Backward Links\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Cached Snapshot of Page\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Similar Pages\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Translate into English\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ipp\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\ deleted successfully.
[Registry - Additional Scans - All]
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages:C:\WINDOWS\system32\wvUlMCUM deleted successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\wvUlMCUM.dll
C:\WINDOWS\system32\wvUlMCUM.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\wvUlMCUM.dll scheduled to be moved on reboot.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\BullGuard Software\BullGuard\BullGuardUpdate.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\BullGuard Software\BullGuard\BullGuardUpdate.exe deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{34779710-2965-11db-bbad-806d6172696f}\_Autorun\DefaultIcon\\:E:\setup.exe deleted successfully.
File E:\setup.exe not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e60e1df4-c864-11db-900f-806d6172696f}\_Autorun\DefaultIcon\\ deleted successfully.
[Files/Folders - Created Within 90 days]
C:\is154323.exe moved successfully.
C:\VundoFix Backups folder moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\ahnawmun.dll
C:\WINDOWS\System32\ahnawmun.dll NOT unregistered.
C:\WINDOWS\System32\ahnawmun.dll moved successfully.
C:\WINDOWS\System32\awfepmow.exe moved successfully.
C:\WINDOWS\System32\bceKkUvw.ini moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\buxixguy.dll
C:\WINDOWS\System32\buxixguy.dll NOT unregistered.
C:\WINDOWS\System32\buxixguy.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\cefkstcx.dll
C:\WINDOWS\System32\cefkstcx.dll NOT unregistered.
C:\WINDOWS\System32\cefkstcx.dll moved successfully.
C:\WINDOWS\System32\dbmcvxke.ini moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\eeuqnphu.dll
C:\WINDOWS\System32\eeuqnphu.dll NOT unregistered.
C:\WINDOWS\System32\eeuqnphu.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\erkoxceg.dll
C:\WINDOWS\System32\erkoxceg.dll NOT unregistered.
C:\WINDOWS\System32\erkoxceg.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\fioaowjx.dll
C:\WINDOWS\System32\fioaowjx.dll NOT unregistered.
C:\WINDOWS\System32\fioaowjx.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\fjllnuwl.dll
C:\WINDOWS\System32\fjllnuwl.dll NOT unregistered.
C:\WINDOWS\System32\fjllnuwl.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\fkfvipoq.dll
C:\WINDOWS\System32\fkfvipoq.dll NOT unregistered.
C:\WINDOWS\System32\fkfvipoq.dll moved successfully.
C:\WINDOWS\System32\FMpVCJlm.ini moved successfully.
C:\WINDOWS\System32\FMpVCJlm.ini2 moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\frlnqupk.dll
C:\WINDOWS\System32\frlnqupk.dll NOT unregistered.
C:\WINDOWS\System32\frlnqupk.dll moved successfully.
C:\WINDOWS\System32\fsstnftm.ini moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\gojucnel.dll
C:\WINDOWS\System32\gojucnel.dll NOT unregistered.
C:\WINDOWS\System32\gojucnel.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\hyhqeedv.dll
C:\WINDOWS\System32\hyhqeedv.dll NOT unregistered.
C:\WINDOWS\System32\hyhqeedv.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\immjygvn.dll
C:\WINDOWS\System32\immjygvn.dll NOT unregistered.
C:\WINDOWS\System32\immjygvn.dll moved successfully.
C:\WINDOWS\System32\IPXayyxx.ini moved successfully.
C:\WINDOWS\System32\IPXayyxx.ini2 moved successfully.
C:\WINDOWS\System32\jiPsvyay.ini moved successfully.
C:\WINDOWS\System32\jiPsvyay.ini2 moved successfully.
C:\WINDOWS\System32\jngawune.exe moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\kwrvwdwx.dll
C:\WINDOWS\System32\kwrvwdwx.dll NOT unregistered.
C:\WINDOWS\System32\kwrvwdwx.dll moved successfully.
C:\WINDOWS\System32\lencujog.ini moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\loijmifa.dll
C:\WINDOWS\System32\loijmifa.dll NOT unregistered.
C:\WINDOWS\System32\loijmifa.dll moved successfully.
C:\WINDOWS\System32\lsmhjfcs.ini moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\mlJDurrP.dll
C:\WINDOWS\System32\mlJDurrP.dll NOT unregistered.
C:\WINDOWS\System32\mlJDurrP.dll moved successfully.
C:\WINDOWS\System32\movupigy.ini moved successfully.
C:\WINDOWS\System32\mrlyerho.exe moved successfully.
File C:\WINDOWS\System32\mtfntssf.dll not found!
C:\WINDOWS\System32\MUCMlUvw.ini moved successfully.
C:\WINDOWS\System32\MUCMlUvw.ini2 moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\murspirh.dll
C:\WINDOWS\System32\murspirh.dll NOT unregistered.
C:\WINDOWS\System32\murspirh.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\mynacwop.dll
C:\WINDOWS\System32\mynacwop.dll NOT unregistered.
C:\WINDOWS\System32\mynacwop.dll moved successfully.
C:\WINDOWS\System32\njuydnne.ini moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\nlkeowtt.dll
C:\WINDOWS\System32\nlkeowtt.dll NOT unregistered.
C:\WINDOWS\System32\nlkeowtt.dll moved successfully.
C:\WINDOWS\System32\nnspecis.exe moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\ohjupgdx.dll
C:\WINDOWS\System32\ohjupgdx.dll NOT unregistered.
C:\WINDOWS\System32\ohjupgdx.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\oxkyplge.dll
C:\WINDOWS\System32\oxkyplge.dll NOT unregistered.
C:\WINDOWS\System32\oxkyplge.dll moved successfully.
C:\WINDOWS\System32\pextdxrv.exe moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\pfihwuuj.dll
C:\WINDOWS\System32\pfihwuuj.dll NOT unregistered.
C:\WINDOWS\System32\pfihwuuj.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\pwwdarnu.dll
C:\WINDOWS\System32\pwwdarnu.dll NOT unregistered.
C:\WINDOWS\System32\pwwdarnu.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\qdcardjd.dll
C:\WINDOWS\System32\qdcardjd.dll NOT unregistered.
C:\WINDOWS\System32\qdcardjd.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\qncktruh.dll
C:\WINDOWS\System32\qncktruh.dll NOT unregistered.
C:\WINDOWS\System32\qncktruh.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\rsmkwkgo.dll
C:\WINDOWS\System32\rsmkwkgo.dll NOT unregistered.
C:\WINDOWS\System32\rsmkwkgo.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\ruuubfws.dll
C:\WINDOWS\System32\ruuubfws.dll NOT unregistered.
C:\WINDOWS\System32\ruuubfws.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\scfjhmsl.dll
C:\WINDOWS\System32\scfjhmsl.dll NOT unregistered.
C:\WINDOWS\System32\scfjhmsl.dll moved successfully.
C:\WINDOWS\System32\srdqibyg.ini moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\ssqoMeDw.dll
C:\WINDOWS\System32\ssqoMeDw.dll NOT unregistered.
C:\WINDOWS\System32\ssqoMeDw.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\swwhcnji.dll
C:\WINDOWS\System32\swwhcnji.dll NOT unregistered.
C:\WINDOWS\System32\swwhcnji.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\tausqfjj.dll
C:\WINDOWS\System32\tausqfjj.dll NOT unregistered.
C:\WINDOWS\System32\tausqfjj.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\txfyjpvk.dll
C:\WINDOWS\System32\txfyjpvk.dll NOT unregistered.
C:\WINDOWS\System32\txfyjpvk.dll moved successfully.
C:\WINDOWS\System32\uenwyumd.exe moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\vtUlMefg.dll
C:\WINDOWS\System32\vtUlMefg.dll NOT unregistered.
C:\WINDOWS\System32\vtUlMefg.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\vtUolMcC.dll
C:\WINDOWS\System32\vtUolMcC.dll NOT unregistered.
C:\WINDOWS\System32\vtUolMcC.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\wbocqysk.dll
C:\WINDOWS\System32\wbocqysk.dll NOT unregistered.
C:\WINDOWS\System32\wbocqysk.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\wchodbwb.dll
C:\WINDOWS\System32\wchodbwb.dll NOT unregistered.
C:\WINDOWS\System32\wchodbwb.dll moved successfully.
File C:\WINDOWS\System32\wgbqfykx.dll not found!
DllUnregisterServer procedure not found in C:\WINDOWS\System32\wlsitwym.dll
C:\WINDOWS\System32\wlsitwym.dll NOT unregistered.
C:\WINDOWS\System32\wlsitwym.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\wvUlMCUM.dll
C:\WINDOWS\System32\wvUlMCUM.dll NOT unregistered.
File move failed. C:\WINDOWS\System32\wvUlMCUM.dll scheduled to be moved on reboot.
C:\WINDOWS\System32\xcavygwf.exe moved successfully.
C:\WINDOWS\System32\xjwoaoif.ini moved successfully.
LoadLibrary failed for C:\WINDOWS\System32\yaywvSJA.dll
C:\WINDOWS\System32\yaywvSJA.dll NOT unregistered.
C:\WINDOWS\System32\yaywvSJA.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\ygipuvom.dll
C:\WINDOWS\System32\ygipuvom.dll NOT unregistered.
C:\WINDOWS\System32\ygipuvom.dll moved successfully.
C:\WINDOWS\System32\yugxixub.ini moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\yxmgwutn.dll
C:\WINDOWS\System32\yxmgwutn.dll NOT unregistered.
C:\WINDOWS\System32\yxmgwutn.dll moved successfully.
C:\WINDOWS\System32\__c00495FA.dat moved successfully.
C:\WINDOWS\System32\__c006001.dat moved successfully.
C:\WINDOWS\System32\__c0060EB8.dat moved successfully.
C:\WINDOWS\System32\__c0060F37.dat moved successfully.
File move failed. C:\WINDOWS\System32\__c0066644.dat scheduled to be moved on reboot.
C:\WINDOWS\System32\__c009B271.dat moved successfully.
C:\WINDOWS\System32\__c00E78B5.dat moved successfully.
C:\WINDOWS\BMe76ddc0b.xml moved successfully.
C:\WINDOWS\cookies.ini moved successfully.
C:\WINDOWS\msdownld.tmp folder deleted successfully.
C:\WINDOWS\pskt.ini moved successfully.
[Files Created - Additional Folder Scans - All]
C:\Documents and Settings\Nigel\Desktop\ComboFix.exe moved successfully.
C:\Documents and Settings\Nigel\Desktop\dss.exe moved successfully.
C:\Documents and Settings\Nigel\Desktop\Nigel.exe moved successfully.
C:\Documents and Settings\Nigel\Desktop\VundoFix.exe moved successfully.
[Files/Folders - Modified Within 90 days]
File C:\is154323.exe not found!
File C:\VundoFix Backups not found!
File C:\WINDOWS\System32\ahnawmun.dll not found!
File C:\WINDOWS\System32\awfepmow.exe not found!
File C:\WINDOWS\System32\bceKkUvw.ini not found!
C:\WINDOWS\System32\bceKkUvw.ini2 moved successfully.
File C:\WINDOWS\System32\buxixguy.dll not found!
File C:\WINDOWS\System32\cefkstcx.dll not found!
File C:\WINDOWS\System32\dbmcvxke.ini not found!
File C:\WINDOWS\System32\eeuqnphu.dll not found!
File C:\WINDOWS\System32\erkoxceg.dll not found!
File C:\WINDOWS\System32\fioaowjx.dll not found!
File C:\WINDOWS\System32\fjllnuwl.dll not found!
File C:\WINDOWS\System32\fkfvipoq.dll not found!
File C:\WINDOWS\System32\FMpVCJlm.ini not found!
File C:\WINDOWS\System32\FMpVCJlm.ini2 not found!
File C:\WINDOWS\System32\frlnqupk.dll not found!
File C:\WINDOWS\System32\fsstnftm.ini not found!
C:\WINDOWS\System32\FxsTmp folder moved successfully.
File C:\WINDOWS\System32\gojucnel.dll not found!
File C:\WINDOWS\System32\hyhqeedv.dll not found!
File C:\WINDOWS\System32\immjygvn.dll not found!
File C:\WINDOWS\System32\IPXayyxx.ini not found!
File C:\WINDOWS\System32\IPXayyxx.ini2 not found!
File C:\WINDOWS\System32\jiPsvyay.ini not found!
File C:\WINDOWS\System32\jiPsvyay.ini2 not found!
File C:\WINDOWS\System32\jngawune.exe not found!
File C:\WINDOWS\System32\kwrvwdwx.dll not found!
File C:\WINDOWS\System32\lencujog.ini not found!
File C:\WINDOWS\System32\loijmifa.dll not found!
File C:\WINDOWS\System32\lsmhjfcs.ini not found!
File C:\WINDOWS\System32\mlJDurrP.dll not found!
File C:\WINDOWS\System32\movupigy.ini not found!
File C:\WINDOWS\System32\mrlyerho.exe not found!
File C:\WINDOWS\System32\mtfntssf.dll not found!
File C:\WINDOWS\System32\MUCMlUvw.ini not found!
File C:\WINDOWS\System32\MUCMlUvw.ini2 not found!
File C:\WINDOWS\System32\murspirh.dll not found!
File C:\WINDOWS\System32\mynacwop.dll not found!
File C:\WINDOWS\System32\njuydnne.ini not found!
File C:\WINDOWS\System32\nlkeowtt.dll not found!
File C:\WINDOWS\System32\nnspecis.exe not found!
File C:\WINDOWS\System32\ohjupgdx.dll not found!
File C:\WINDOWS\System32\oxkyplge.dll not found!
File C:\WINDOWS\System32\pextdxrv.exe not found!
File C:\WINDOWS\System32\pfihwuuj.dll not found!
File C:\WINDOWS\System32\pwwdarnu.dll not found!
File C:\WINDOWS\System32\qdcardjd.dll not found!
File C:\WINDOWS\System32\qncktruh.dll not found!
File C:\WINDOWS\System32\rsmkwkgo.dll not found!
File C:\WINDOWS\System32\ruuubfws.dll not found!
File C:\WINDOWS\System32\scfjhmsl.dll not found!
File C:\WINDOWS\System32\srdqibyg.ini not found!
File C:\WINDOWS\System32\ssqoMeDw.dll not found!
File C:\WINDOWS\System32\swwhcnji.dll not found!
File C:\WINDOWS\System32\tausqfjj.dll not found!
File C:\WINDOWS\System32\txfyjpvk.dll not found!
File C:\WINDOWS\System32\uenwyumd.exe not found!
File C:\WINDOWS\System32\vtUlMefg.dll not found!
File C:\WINDOWS\System32\vtUolMcC.dll not found!
File C:\WINDOWS\System32\wbocqysk.dll not found!
File C:\WINDOWS\System32\wchodbwb.dll not found!
File C:\WINDOWS\System32\wgbqfykx.dll not found!
File C:\WINDOWS\System32\wlsitwym.dll not found!
DllUnregisterServer procedure not found in C:\WINDOWS\System32\wvUlMCUM.dll
C:\WINDOWS\System32\wvUlMCUM.dll NOT unregistered.
File move failed. C:\WINDOWS\System32\wvUlMCUM.dll scheduled to be moved on reboot.
File C:\WINDOWS\System32\xcavygwf.exe not found!
File C:\WINDOWS\System32\xjwoaoif.ini not found!
File C:\WINDOWS\System32\yaywvSJA.dll not found!
File C:\WINDOWS\System32\ygipuvom.dll not found!
File C:\WINDOWS\System32\yugxixub.ini not found!
File C:\WINDOWS\System32\yxmgwutn.dll not found!
File C:\WINDOWS\System32\__c00495FA.dat not found!
File C:\WINDOWS\System32\__c006001.dat not found!
File C:\WINDOWS\System32\__c0060EB8.dat not found!
File C:\WINDOWS\System32\__c0060F37.dat not found!
File move failed. C:\WINDOWS\System32\__c0066644.dat scheduled to be moved on reboot.
File C:\WINDOWS\System32\__c009B271.dat not found!
File C:\WINDOWS\System32\__c00E78B5.dat not found!
File C:\WINDOWS\BMe76ddc0b.xml not found!
File C:\WINDOWS\pskt.ini not found!
[Empty Temp Folders]
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
RecycleBin -> emptied.
Explorer started successfully
< End of fix log >
OTScanIt by OldTimer - Version 1.0.15.0 fix logfile created on 05272008_061115

Files moved on Reboot...
File move failed. C:\WINDOWS\system32\__c0066644.dat scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\wvUlMCUM.dll scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
=========================

Do you want me to proceed to the Malware install anyway?

Thanks for all your help.

**Rorschach112** · 2008-05-27, 01:52

Yes go on with the next steps

**srcbeck** · 2008-05-27, 13:09

Hi Rorschach112,

well that was all positive. I managed to install Malwarebytes Anti-malware and scanned and removed infected files. Here is the log from that run:

Malwarebytes' Anti-Malware 1.12
Database version: 789

Scan type: Quick Scan
Objects scanned: 50417
Time elapsed: 13 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 13
Registry Values Infected: 2
Registry Data Items Infected: 3
Folders Infected: 7
Files Infected: 16

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\wvUlMCUM.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\__c0027240.dat (Trojan.Agent) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4e12af61-2dc4-4085-82bc-5712227e1281} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{4e12af61-2dc4-4085-82bc-5712227e1281} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{1a7793de-2598-4fa8-9ec5-9442cde5e1cc} (Adware.Comet) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1a7793de-2598-4fa8-9ec5-9442cde5e1cc} (Adware.Comet) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2c70f37f-144a-49b4-bc53-3cb658e6d247} (Adware.Comet) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2c70f37f-144a-49b4-bc53-3cb658e6d247} (Adware.Comet) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Screensavers.com (Adware.Comet) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\e45eef97 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BMe76ddc0b (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\wvulmcum -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Agent) -> Data: c:\windows\system32\__c0027240.dat -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\wvulmcum -> Delete on reboot.

Folders Infected:
C:\Program Files\Screensavers.com (Adware.Comet) -> Quarantined and deleted successfully.
C:\Program Files\Screensavers.com\SSSInst (Adware.Comet) -> Quarantined and deleted successfully.
C:\Program Files\Screensavers.com\Wallpaper (Adware.Comet) -> Quarantined and deleted successfully.
C:\Program Files\Screensavers.com\SSSInst\bin (Adware.Comet) -> Quarantined and deleted successfully.
C:\Program Files\Screensavers.com\SSSInst\Ready (Adware.Comet) -> Quarantined and deleted successfully.
C:\Program Files\Screensavers.com\SSSInst\temp (Adware.Comet) -> Quarantined and deleted successfully.
C:\Program Files\Screensavers.com\SSSInst\Upload (Adware.Comet) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\dnxotnly.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ylntoxnd.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gxyouccx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xccuoyxg.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wvUlMCUM.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\MUCMlUvw.ini (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\MUCMlUvw.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sam\Local Settings\Temporary Internet Files\Content.IE5\CCBC3TOJ\kb516107[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\Screensavers.com\SSSInst\bin\sinstaller2.exe (Adware.Comet) -> Quarantined and deleted successfully.
C:\Program Files\Screensavers.com\SSSInst\bin\SSSInst.dll (Adware.Comet) -> Quarantined and deleted successfully.
C:\Program Files\Screensavers.com\SSSInst\bin\SSSUninst.exe (Adware.Comet) -> Quarantined and deleted successfully.
C:\Program Files\Screensavers.com\Wallpaper\swpstart.exe (Adware.Comet) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qjsdilol.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c0027240.dat (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\__c0066644.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Nigel\Desktop\Malwareprob.txt (Rogue.MalwarePro) -> Quarantined and deleted successfully.
====================================================

I then re-installed ComboFix and Windows XP Recovery Console and ran ComboFix successfully. Here is the log from this run:

ComboFix 08-05-26.2 - Nigel 2008-05-27 20:42:57.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.109 [GMT 10:00]
Running from: C:\Documents and Settings\Nigel\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Nigel\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BMe76ddc0b.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\alwvwmhf.exe
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\phywhtvv.exe
C:\WINDOWS\system32\wvUlMCUM.dll

.
((((((((((((((((((((((((( Files Created from 2008-04-27 to 2008-05-27 )))))))))))))))))))))))))))))))
.

2008-05-27 20:07 . 2008-05-27 20:07 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-27 20:07 . 2008-05-27 20:07 <DIR> d-------- C:\Documents and Settings\Nigel\Application Data\Malwarebytes
2008-05-27 20:07 . 2008-05-27 20:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-27 20:07 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-27 20:07 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-27 19:40 . 2008-05-27 19:41 51,200 --a------ C:\WINDOWS\system32\ypyxglij.dll
2008-05-27 06:29 . 2008-05-27 06:29 51,200 --a------ C:\WINDOWS\system32\ohgsmbpi.dll
2008-05-27 06:23 . 2008-05-27 06:23 51,200 --a------ C:\WINDOWS\system32\youjnetb.dll
2008-05-26 19:52 . 2008-05-26 19:52 124,928 --a------ C:\WINDOWS\system32\wydggbkp.dll
2008-05-25 15:55 . 2008-05-25 15:55 <DIR> d-------- C:\Deckard
2008-05-23 19:13 . 2008-05-23 19:13 <DIR> d-------- C:\_OTMoveIt
2008-05-23 19:12 . 2008-05-23 19:12 291,328 --a------ C:\Documents and Settings\LocalService\OTMoveIt2.exe
2008-05-22 14:38 . 2008-05-22 14:38 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-22 14:38 . 2008-05-22 14:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-21 23:10 . 2008-05-22 22:45 616 --a------ C:\WINDOWS\wininit.ini
2008-05-21 21:33 . 2008-05-21 20:38 691,545 --a------ C:\WINDOWS\unins000.exe
2008-05-21 21:33 . 2008-05-21 21:33 2,546 --a------ C:\WINDOWS\unins000.dat
2008-05-02 16:41 . 2008-05-02 16:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-05-02 16:30 . 2007-02-20 16:04 2,463,976 --a------ C:\WINDOWS\system32\NPSWF32.dll
2008-05-02 16:30 . 2007-02-20 16:04 190,696 --a------ C:\WINDOWS\system32\NPSWF32_FlashUtil.exe
2008-05-02 16:27 . 2008-05-02 16:27 <DIR> d-------- C:\Program Files\Bonjour
2008-05-02 16:17 . 2008-05-02 16:17 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-25 09:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-23 14:09 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-05-21 11:51 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-05-17 02:54 --------- d-----w C:\Documents and Settings\Nat\Application Data\Skype
2008-05-02 06:27 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-10 06:03 --------- d-----w C:\Documents and Settings\Sam\Application Data\Skype
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2007-08-06 01:15 468 ----a-w C:\Documents and Settings\Chris\Application Data\wklnhst.dat
2007-07-21 03:47 210,416 ----a-w C:\Documents and Settings\Nigel\zaSetup_en.exe
2007-05-16 02:28 886 ----a-w C:\Documents and Settings\Nat\Application Data\wklnhst.dat
2007-04-25 14:48 130 ----a-w C:\Documents and Settings\Nigel\Application Data\wklnhst.dat
2006-08-14 10:06 8 --sh--r C:\WINDOWS\system32\5DDEA58DCA.sys
2006-08-14 10:06 4,704 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

------- Sigcheck -------

2005-03-03 04:19 577024 1800f293bccc8ede8a70e12b88d80036 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
2007-03-09 01:48 578048 7aa4f6c00405dfc4b70ed4214e7d687b C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
2006-02-28 22:00 577024 c72661f8552ace7c5c85e16a3cf505c4 C:\WINDOWS\$NtUninstallKB890859$\user32.dll
2005-03-03 04:09 577024 de2db164bbb35db061af0997e4499054 C:\WINDOWS\$NtUninstallKB925902$\user32.dll
2007-03-09 01:36 577536 b409909f6e2e8a7067076ed748abf1e7 C:\WINDOWS\system32\user32.dll
2007-03-09 01:36 577536 b409909f6e2e8a7067076ed748abf1e7 C:\WINDOWS\system32\dllcache\user32.dll

2005-03-02 10:36 2056832 d8aba3eab509627e707a3b14f00fbb6b C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
2007-02-28 19:15 2059392 4d3dbdccbf97f5ba1e74f322b155c3ba C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
2006-02-28 22:00 2056832 947fb1d86d14afcffdb54bf837ec25d0 C:\WINDOWS\$NtUninstallKB890859$\ntkrnlpa.exe
2005-03-02 10:34 2056832 81013f36b21c7f72cf784cc6731e0002 C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe
2007-02-28 18:38 2057600 515d30e2c90a3665a2739309334c9283 C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
2007-02-28 18:38 2057600 515d30e2c90a3665a2739309334c9283 C:\WINDOWS\system32\ntkrnlpa.exe
2007-02-28 18:38 2057600 515d30e2c90a3665a2739309334c9283 C:\WINDOWS\system32\dllcache\ntkrnlpa.exe

2005-03-02 11:04 2179456 28187802b7c368c0d3aef7d4c382aabb C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
2007-02-28 19:55 2182144 5a5c8db4aa962c714c8371fbdf189fc9 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
2006-02-28 22:00 2180992 ce218bc7088681faa06633e218596ca7 C:\WINDOWS\$NtUninstallKB890859$\ntoskrnl.exe
2005-03-02 10:59 2179328 4d4cf2c14550a4b7718e94a6e581856e C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe
2007-02-28 19:10 2180352 582a8dbaa58c3b1f176eb2817daee77c C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
2007-02-28 19:10 2180352 582a8dbaa58c3b1f176eb2817daee77c C:\WINDOWS\system32\ntoskrnl.exe
2007-02-28 19:10 2180352 582a8dbaa58c3b1f176eb2817daee77c C:\WINDOWS\system32\dllcache\ntoskrnl.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-02 04:32 94208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 22:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-04-27 18:48 7561216]
"nwiz"="nwiz.exe" [2006-04-27 18:48 1519616 C:\WINDOWS\system32\nwiz.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2005-12-12 22:50 88204 C:\WINDOWS\AGRSMMSG.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-09 22:26 794713]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-13 07:40 155648]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 22:50 71216]
"AOL Spyware Protection"="C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-03-20 05:17 78960]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-08-14 18:31 155648]
"Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-20 00:43 57344]
"HostManager"="C:\Program Files\Common Files\AOL\1177019576\ee\AOLSoftware.exe" [2006-09-26 10:52 50736]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-08-14 18:29 180269]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2004-12-11 09:02 67184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.mpegacm"= mpegacm.acm
"msacm.ulmp3acm"= ulmp3acm.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLACSD.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDIAL.exe"=
"C:\\WINDOWS\\system32\\fxsclnt.exe"=
"C:\\Program Files\\NetMeeting\\Conf.exe"=
"C:\\Program Files\\InterVideo\\DVD7\\WinDVD.exe"=
"C:\\Program Files\\InterVideo\\MediaOne Gallery\\mediaone.exe"=
"C:\\WINDOWS\\system32\\LEXPPS.EXE"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=

R3 nvsmu;nvsmu;C:\WINDOWS\system32\DRIVERS\nvsmu.sys [2006-03-07 13:49]
R3 W33ND;W89C33 mPCI 802.11 Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\W33ND.SYS [2006-02-22 10:32]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{18B0E5C0-4FCB-11CF-AAX5-004016608512}]
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1113\iuhi32.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-27 20:50:02
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
.
**************************************************************************
.
Completion time: 2008-05-27 20:57:53 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-27 10:57:32

Pre-Run: 47,036,878,848 bytes free
Post-Run: 47,144,022,016 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

168 --- E O F --- 2008-05-14 22:32:00

====================================================

I then ran HijackThis successfully and here is the log from this:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:00:05 PM, on 27/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Common Files\AOL\1177019576\ee\AOLSoftware.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Nigel\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.smh.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.medion.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1177019576\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/...oUploader3.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1155351588921
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - https://www.bigphoto.com.au/ImageUpl...eUploader4.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 9245 bytes

=======================================================

On reboot the machine actually boots up normal now and I can logon to accounts without the Rundll32.exe messages so on the surface it looks like this may have fixed everything but I will wait for your confirmation of anything else you think I need to do.

This is truly wonderful, thanks for your patience.

Nigel.

**Rorschach112** · 2008-05-27, 14:32

Hello

1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\WINDOWS\system32\ypyxglij.dll
C:\WINDOWS\system32\ohgsmbpi.dll
C:\WINDOWS\system32\youjnetb.dll
C:\WINDOWS\system32\wydggbkp.dll
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1113\iuhi32.exe

Folder::

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{18B0E5C0-4FCB-11CF-AAX5-004016608512}]
[-HKEY_CLASSES_ROOT\CLSID\{18B0E5C0-4FCB-11CF-AAX5-004016608512}]

Driver::

Save this as CFScript.txt, in the same location as ComboFix.exe

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Also post a new HijackThis log

**srcbeck** · 2008-05-28, 13:48

Hi,

I tried running the script through ComboFix. Unfortunately part way through my machine died, dead battery, not sure where it got to. I restarted under AC power and tried running it again and it got all way through to after changing clock then Completed upto Stage 30 and then froze for an hour so I killed it and tried again, this time froze at stage 17 for over an hour.

I thought best not to run again and just ran a HJT and here is it's log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:43, on 2008-05-28
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Common Files\AOL\1177019576\ee\AOLSoftware.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Nigel\Desktop\HiJackThis.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.smh.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.medion.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1177019576\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/...oUploader3.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1155351588921
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - https://www.bigphoto.com.au/ImageUpl...eUploader4.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 9116 bytes

I will await your advise.

**Rorschach112** · 2008-05-28, 18:03

Do this

Please download Deckard's System Scanner (DSS) and save it to your Desktop.

Close all other windows before proceeding.
Double-click on dss.exe and follow the prompts.
If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

**srcbeck** · 2008-05-29, 11:01

Installed and ran dss.exe successfully. Here is the Main.txt:

Deckard's System Scanner v20071014.68
Run by Nigel on 2008-05-29 18:55:59
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
60: 2008-05-29 08:56:10 UTC - RP258 - Deckard's System Scanner Restore Point
59: 2008-05-28 11:32:45 UTC - RP257 - ComboFix created restore point
58: 2008-05-28 10:57:54 UTC - RP256 - ComboFix created restore point
57: 2008-05-28 10:21:47 UTC - RP255 - ComboFix created restore point
56: 2008-05-28 10:00:35 UTC - RP254 - ComboFix created restore point

-- First Restore Point --
1: 2008-05-16 06:31:41 UTC - RP199 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 447 MiB (512 MiB recommended).

-- HijackThis (run as Nigel.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:57, on 2008-05-29
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Common Files\AOL\1177019576\ee\AOLSoftware.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\lexpps.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Nigel\Desktop\dss.exe
C:\DOCUME~1\Nigel\Desktop\Nigel.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.smh.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.medion.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1177019576\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/...oUploader3.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1155351588921
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - https://www.bigphoto.com.au/ImageUpl...eUploader4.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 9118 bytes

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 AgereSoftModem (Agere Systems Soft Modem) - c:\windows\system32\drivers\agrsm.sys <Not Verified; Agere Systems; Agere SoftModem Driver>
R3 Iviaspi (IVI ASPI Shell) - c:\windows\system32\drivers\iviaspi.sys <Not Verified; InterVideo, Inc.; InterVideo ASPI Shell>
R3 STHDA (SigmaTel High Definition Audio CODEC) - c:\windows\system32\drivers\sthda.sys <Not Verified; SigmaTel, Inc.; C-Major Audio>
R3 W33ND (W89C33 mPCI 802.11 Wireless LAN Adapter Driver) - c:\windows\system32\drivers\w33nd.sys <Not Verified; Winbond Electronics Corp.; Winbond W89C33 mPCI 802.11 Wireless LAN Adapter>
R3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys <Not Verified; America Online, Inc.; Wan Miniport (ATW)>

S3 catchme - c:\combofix\catchme.sys (file missing)
S3 U81xbus (LGE U8XXX driver (WDM)) - c:\windows\system32\drivers\u81xbus.sys <Not Verified; MCCI; LG Electronics U8110>
S3 U81xmdfl (LGE U8XXX USB WMC Modem Filter) - c:\windows\system32\drivers\u81xmdfl.sys <Not Verified; MCCI; LG Electronics U8110 USB WMC Modem Filter Driver>
S3 U81xmdm (LGE U8XXX USB WMC Modem Driver) - c:\windows\system32\drivers\u81xmdm.sys <Not Verified; MCCI; LG Electronics U8110 USB WMC Modem>
S3 U81xmgmt (LGE U8XXX USB WMC Device Management Drivers (WDM)) - c:\windows\system32\drivers\u81xmgmt.sys <Not Verified; MCCI; LG Electronics U8110 USB WMC Device Management>
S3 U81xobex (LGE U8XXX USB WMC OBEX Interface) - c:\windows\system32\drivers\u81xobex.sys <Not Verified; MCCI; LG Electronics U8110 USB WMC OBEX Interface>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>

S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Files created between 2008-04-29 and 2008-05-29 -----------------------------

2008-05-27 20:40:28 0 d-------- C:\cmdcons
2008-05-27 20:38:46 68096 --a------ C:\WINDOWS\zip.exe
2008-05-27 20:38:46 49152 --a------ C:\WINDOWS\VFind.exe
2008-05-27 20:38:46 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-05-27 20:38:46 98816 --a------ C:\WINDOWS\sed.exe
2008-05-27 20:38:46 80412 --a------ C:\WINDOWS\grep.exe
2008-05-27 20:38:46 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-05-27 20:38:45 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-05-27 20:38:45 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-05-27 20:07:37 0 d-------- C:\Documents and Settings\Nigel\Application Data\Malwarebytes
2008-05-27 20:07:17 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-27 20:07:15 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-23 19:12:24 291328 --a------ C:\Documents and Settings\LocalService\OTMoveIt2.exe <Not Verified; OldTimer Tools; OTMoveIt>
2008-05-22 14:38:46 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-22 14:38:43 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-21 21:33:49 691545 --a------ C:\WINDOWS\unins000.exe
2008-05-21 21:33:48 2546 --a------ C:\WINDOWS\unins000.dat
2008-05-02 16:41:51 0 d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-05-02 16:27:44 0 d-------- C:\Program Files\Bonjour
2008-05-02 16:17:22 0 d-------- C:\Program Files\Common Files\Macrovision Shared

-- Find3M Report ---------------------------------------------------------------

2008-05-24 00:09:28 0 d-------- C:\Program Files\Symantec AntiVirus
2008-05-02 16:27:39 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-02 16:17:22 0 d-------- C:\Program Files\Common Files

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-04-27 18:48]
"nwiz"="nwiz.exe" [2006-04-27 18:48 C:\WINDOWS\system32\nwiz.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2005-12-12 22:50 C:\WINDOWS\AGRSMMSG.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-09 22:26]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-13 07:40]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 22:50]
"AOL Spyware Protection"="C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-03-20 05:17]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-08-14 18:31]
"Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-20 00:43]
"HostManager"="C:\Program Files\Common Files\AOL\1177019576\ee\AOLSoftware.exe" [2006-09-26 10:52]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-08-14 18:29]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2004-12-11 09:02]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-02 04:32]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 22:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)
"disableregistrytools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{18B0E5C0-4FCB-11CF-AAX5-004016608512}]
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1113\iuhi32.exe

-- End of Deckard's System Scanner: finished at 2008-05-29 18:58:24 ------------

========================================================

Here is the extra.txt:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Turion(tm) 64 Mobile Technology MK-36
Percentage of Memory in Use: 63%
Physical Memory (total/avail): 446.6 MiB / 164.02 MiB
Pagefile Memory (total/avail): 1051.94 MiB / 785.36 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1934.39 MiB

C: is Fixed (NTFS) - 64.77 GiB total, 43.94 GiB free.
D: is Fixed (FAT32) - 9.75 GiB total, 4.31 GiB free.
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - WDC WD800VE-00KWT0 - 74.53 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 64.77 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 9.76 GiB - D:

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.

AV: Symantec AntiVirus Corporate Edition v9.0.3.1000 (Symantec Corporation) Disabled

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:enabled:Remote Assistance"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:enabled:Windows Messenger"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLACSD.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLACSD.exe:*:enabled:AOL 9.0 (Connectivity Service)"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDIAL.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDIAL.exe:*:enabled:AOL 9.0 (Connectivity Service Dialer)"
"C:\\WINDOWS\\system32\\fxsclnt.exe"="C:\\WINDOWS\\system32\\fxsclnt.exe:*:enabled:Microsoft Fax"
"C:\\Program Files\\NetMeeting\\Conf.exe"="C:\\Program Files\\NetMeeting\\Conf.exe:*:enabled:NetMeeting"
"C:\\Program Files\\InterVideo\\DVD7\\WinDVD.exe"="C:\\Program Files\\InterVideo\\DVD7\\WinDVD.exe:*:enabled:WinDVD 7"
"C:\\Program Files\\InterVideo\\MediaOne Gallery\\mediaone.exe"="C:\\Program Files\\InterVideo\\MediaOne Gallery\\mediaone.exe:*:enabled:MediaOne Gallery"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:enabled:Remote Assistance"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLACSD.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLACSD.exe:*:enabled:AOL 9.0 (Connectivity Service)"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDIAL.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDIAL.exe:*:enabled:AOL 9.0 (Connectivity Service Dialer)"
"C:\\WINDOWS\\system32\\fxsclnt.exe"="C:\\WINDOWS\\system32\\fxsclnt.exe:*:enabled:Microsoft Fax"
"C:\\Program Files\\NetMeeting\\Conf.exe"="C:\\Program Files\\NetMeeting\\Conf.exe:*:enabled:NetMeeting"
"C:\\Program Files\\InterVideo\\DVD7\\WinDVD.exe"="C:\\Program Files\\InterVideo\\DVD7\\WinDVD.exe:*:enabled:WinDVD 7"
"C:\\Program Files\\InterVideo\\MediaOne Gallery\\mediaone.exe"="C:\\Program Files\\InterVideo\\MediaOne Gallery\\mediaone.exe:*:enabled:MediaOne Gallery"
"C:\\WINDOWS\\system32\\LEXPPS.EXE"="C:\\WINDOWS\\system32\\LEXPPS.EXE:*:Enabled:LEXPPS.EXE"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. Take a deep breath "
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Nigel\Application Data
CLASSPATH=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=BECKMANLAPTOP
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Nigel
LOGONSERVER=\\BECKMANLAPTOP
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Common Files\Ulead Systems\MPEG
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 76 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=4c02
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Nigel\LOCALS~1\Temp
TMP=C:\DOCUME~1\Nigel\LOCALS~1\Temp
USERDOMAIN=BECKMANLAPTOP
USERNAME=Nigel
USERPROFILE=C:\Documents and Settings\Nigel
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI

-- User Profiles ---------------------------------------------------------------

Nigel (admin)
Sam (admin)
Karen (admin)
Chris (admin)
Nat (admin)
Tim (admin)

-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\InstallShield Installation Information\{3AD59E07-5D54-4142-8505-62889FEDFA59}\setup.exe" REMOVEALL
--> "C:\Program Files\InstallShield Installation Information\{F37167DD-4436-4641-90B6-329D60632DDA}\Setup.exe" REMOVEALL --u:{F37167DD-4436-4641-90B6-329D60632DDA}
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FA7621DC-7144-4A24-973C-B9BC0E945628}\setup.exe" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3Planesoft Screensaver Manager 1.1 --> "C:\Program Files\3Planesoft Screensaver Manager\unins000.exe"
ABBYY FineReader 5.0 Sprint --> MsiExec.exe /X{D1696920-9794-4BBC-8A30-7A88763DE5A2}
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color Common Settings --> MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe Download Manager 2.0 (Remove Only) --> "C:\Program Files\Common Files\Adobe\ESD\uninst.exe"
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Flash CS3 --> MsiExec.exe /I{6B52140A-F189-4945-BFFC-DB3F00B8C589}
Adobe Flash CS3 Professional --> C:\Program Files\Common Files\Adobe\Installers\c3c7fe8b09d497ab2b3fd91c9353390\Setup.exe
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Flash Player 9 ActiveX --> MsiExec.exe /X{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}
Adobe Flash Player 9 Plugin --> MsiExec.exe /X{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Video Encoder --> MsiExec.exe /I{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}
Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Reader 7.0.8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70800000002}
Adobe Setup --> MsiExec.exe /I{FFC1ADE3-944B-4231-894E-3903C37271D2}
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Agere Systems HDA Modem --> agrsmdel
AOL Coach Version 1.0(Build:20040229.1 en) --> C:\Program Files\Common Files\aolshare\Coach\AolCInUn.exe
AOL Spyware Protection --> C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\UNWISE.EXE C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\INSTALL.LOG
AOL Toolbar --> "C:\Program Files\AOL Toolbar\UNWISE.EXE" /u "C:\Program Files\AOL Toolbar\INSTALL.LOG"
AOL Uninstaller (Choose which Products to Remove) --> C:\Program Files\Common Files\AOL\uninstaller.exe
AOL You've Got Pictures Screensaver --> C:\Program Files\Common Files\AOL\Screensaver\uninst_ygpss.exe
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Pro --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
FaxTools --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F45298E5-0083-426F-A668-1A2C5F04B8A0}\setup.exe" -l0x9 ControlPanel
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2 --> "C:\Documents and Settings\Nigel\Desktop\HijackThis.exe" /uninstall
Hotfix for Windows Media Format SDK (KB902344) --> "C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
Hypercube version 2 --> C:\Program Files\Valve\Steam\SteamApps\SourceMods\hypercube\Uninstal.exe
Informations about your PC --> MsiExec.exe /I{0AB149EB-2AE0-466C-9BA4-3A718CF06432}
InterVideo MediaOne Gallery --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34F0D55F-C386-4195-9A5B-961D3F6ACD46}\setup.exe" REMOVEALL
InterVideo WinDVD 7 --> "C:\Program Files\InstallShield Installation Information\{90885A82-9673-49EA-AB39-AF776639C67C}\setup.exe" REMOVEALL
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
Lagoon 3D Screensaver 1.0 --> "C:\Program Files\Lagoon 3D Screensaver\unins000.exe"
Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe
Lexmark X1100 Series --> C:\WINDOWS\system32\spool\drivers\w32x86\3\LXBKUN5C.EXE -dLexmark X1100 Series
LG Phone Manager --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{D130E8E3-C39F-4572-A622-8636BBB09865} /l1033
LiveUpdate 2.6 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{91110409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Standard Edition 2003 --> MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Windows Journal Viewer --> MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA7}
Microsoft Works --> MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
Nero 7 Essentials --> MsiExec.exe /I{C06BEA8D-E886-49FF-B772-A9C550741033}
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
Pure Networks Port Magic --> C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe -Uninstall -ShowUI
QuickTime --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{929408E6-D265-4174-805F-81D1D914E2A4} /l1033
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek USB 2.0 Card Reader --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DC24971E-1946-445D-8A82-CE685433FA7D}\setup.exe" -l0x9 -removeonly
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
SigmaTel Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
Skype 3.1 --> "C:\Program Files\Skype\Phone\unins000.exe"
Skype add-on for IE --> rundll32 "C:\Program Files\Skype\Phone\IEPlugin\SkypeIEPlugin.dll",FriendlyUnregisterServer 0
Skype Plugin Manager --> MsiExec.exe /I{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}
SmartSound Quicktracks Plugin --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins001.exe"
Spybot - Search & Destroy 1.5.2.20 --> "C:\WINDOWS\unins000.exe"
Symantec AntiVirus --> MsiExec.exe /I{848AC794-8B81-440A-81AE-6474337DB527}
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Ulead DVD MovieFactory 4.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{448AB2CB-C94A-47DE-80B8-9D7824DEFA57}\setup.exe" -l0x9
Ulead VideoStudio 9.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8EAB2384-C794-40ED-A9DD-3270A0D2BB76}\setup.exe" -l0x9
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Winbond WLAN --> C:\PROGRA~1\winbond\w89c33\UNWISE.EXE C:\PROGRA~1\winbond\w89c33\INSTALL.LOG
Windows Backup Utility --> MsiExec.exe /I{76EFFC7C-17A6-479D-9E47-8E658C1695AE}
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (04/28/2006 1.3.1.0) --> C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /d /u C:\WINDOWS\system32\DRVSTORE\amdk8_9EA6D2FA46FEFFB7011ED0B6015B626D07F1EEF7\amdk8.inf
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live Sign-in Assistant --> MsiExec.exe /I{22B3CC30-77B8-419C-AA4B-F571FDF5D66D}
Windows Media Connect --> "C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
Windows Media Encoder 9 Series --> msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series --> MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"

-- Application Event Log -------------------------------------------------------

Event Record #/Type10287 / Error
Event Submitted/Written: 05/29/2008 06:57:47 PM
Event ID/Source: 11 / crypt32
Event Description:
Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Event Record #/Type10285 / Error
Event Submitted/Written: 05/28/2008 10:17:32 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 6.0.2900.2180, faulting module unknown, version 0.0.0.0, fault address 0x02859350.
Processing media-specific event for [iexplore.exe!ws!]

Event Record #/Type10284 / Error
Event Submitted/Written: 05/28/2008 10:17:27 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 6.0.2900.2180, faulting module unknown, version 0.0.0.0, fault address 0x02859350.
Processing media-specific event for [iexplore.exe!ws!]

Event Record #/Type10211 / Error
Event Submitted/Written: 05/27/2008 07:58:53 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 6.0.2900.2180, faulting module unknown, version 0.0.0.0, fault address 0x02d29350.
Processing media-specific event for [iexplore.exe!ws!]

Event Record #/Type10210 / Error
Event Submitted/Written: 05/27/2008 07:58:49 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 6.0.2900.2180, faulting module unknown, version 0.0.0.0, fault address 0x02d29350.
Processing media-specific event for [iexplore.exe!ws!]

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type39796 / Warning
Event Submitted/Written: 05/29/2008 06:52:03 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0060B34ECE38. The following
error occurred:
%%10038.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type39663 / Warning
Event Submitted/Written: 05/28/2008 07:56:14 PM
Event ID/Source: 8021 / BROWSER
Event Description:
The browser was unable to retrieve a list of servers from the browser master \\USER-BECKMAN on the network \Device\NetBT_Tcpip_{CB85A3C5-7451-4845-A26C-F590D64A9D88}.
The data is the error code.

Event Record #/Type39658 / Warning
Event Submitted/Written: 05/28/2008 06:55:51 PM
Event ID/Source: 8021 / BROWSER
Event Description:
The browser was unable to retrieve a list of servers from the browser master \\USER-BECKMAN on the network \Device\NetBT_Tcpip_{CB85A3C5-7451-4845-A26C-F590D64A9D88}.
The data is the error code.

Event Record #/Type39657 / Warning
Event Submitted/Written: 05/27/2008 09:32:38 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type39467 / Error
Event Submitted/Written: 05/27/2008 06:19:32 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Application Layer Gateway Service service failed to start due to the following error:
%%1053

-- End of Deckard's System Scanner: finished at 2008-05-29 18:58:24 ------------

Please advise next steps.

Thread: rundll32.exe 0xC0000005 repeatedly

Thread Tools

Display

Finally, something ran

Ran - sort of

Suceess

Posting Permissions