Prifti

Thank you. I thought everything was fixed but I have another virus and my Yahoo account was hacked so I am wondering if I have a keylogger or something now. 1. MBAM Malwarebytes' Anti-Malware 1.51.0.1200 www.malwarebytes.org Database version: 6814 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 6/8/2011 5:53:50 PM mbam-log-2011-06-08 (17-53-30).txt Scan type: Quick scan Objects scanned: 191916 Time elapsed: 5 minute(s), 11 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 1 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\LOCAL ACCOUNT AUTHORITY SERVICE (Trojan.Agent) -> No action taken. Registry Values Infected: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Local Account Authority Service\ImagePath (Trojan.Agent) -> Value: ImagePath -> No action taken. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) 2. ESET log ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - delete file error:Access is denied. OnlineScanner.ocx - copy file error :The process cannot access the file because it is being used by another process. OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6522 # api_version=3.0.2 # EOSSerial=77ff271d863ce64585d7b84c1cf133e4 # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-06-09 03:31:53 # local_time=2011-06-08 11:31:53 (-0500, Eastern Daylight Time) # country="United States" # lang=9 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=512 16777215 100 0 0 0 0 0 # compatibility_mode=3584 16777215 100 0 0 0 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=93223 # found=0 # cleaned=0 # scan_time=5740 3. checkup log Results of screen317's Security Check version 0.99.13 Windows XP Service Pack 3 Internet Explorer 8 `````````````````````````````` Antivirus/Firewall Check: Windows Security Center service is not running! This report may not be accurate! Windows Firewall Disabled! ESET Online Scanner v3 WMI entry may not exist for antivirus; attempting automatic update. ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware Java 6 Update 24 Java SE Runtime Environment 6 Update 1 Java 6 Update 3 Java 6 Update 5 Java 6 Update 7 Out of date Java installed! Adobe Flash Player 10.3.181.22 Adobe Reader 9.3.3 Out of date Adobe Reader installed! Mozilla Firefox (3.6.17) Firefox Out of Date! ```````````````````````````````` Process Check: objlist.exe by Laurent ``````````End of Log```````````` Thank you!

3. dds log . DDS (Ver_11-05-19.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24 Run by Erin at 23:02:33 on 2011-06-01 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.479.201 [GMT -4:00] . . ============== Running Processes =============== . C:\WINDOWS\system32\svchost.exe -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\rundll32.exe svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Secunia\PSI\PSIA.exe svchost.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\Program Files\Secunia\PSI\sua.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Lexmark X125\LEX125SU.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Secunia\PSI\psi_tray.exe C:\WINDOWS\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe F:\dds.scr C:\WINDOWS\system32\WSCRIPT.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.yahoo.com/ uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop uInternet Settings,ProxyOverride = *.local BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" mRun: [MsmqIntCert] regsvr32 /s mqrt.dll mRun: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\lexmar~1.lnk - c:\program files\lexmark x125\LEX125SU.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll DPF: {6F750202-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\erin\application data\mozilla\firefox\profiles\wire1zvk.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=ZUGO&form=ZGAADF&q= FF - prefs.js: network.proxy.type - 0 FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff . ============= SERVICES / DRIVERS =============== . R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656] R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-6 99328] R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-4-19 993848] R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2011-4-19 399416] R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-8 135664] S2 Local Account Authority Service;Local Account Authority Service;c:\windows\temp\localaccountauthority.bat --> c:\windows\temp\LocalAccountAuthority.bat [?] S3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;c:\windows\system32\drivers\5U870CAP.sys [2006-6-6 61952] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-8 135664] . =============== Created Last 30 ================ . 2011-06-02 02:07:14 -------- d-sha-r- C:\cmdcons 2011-06-02 01:43:54 98816 ----a-w- c:\windows\sed.exe 2011-06-02 01:43:54 518144 ----a-w- c:\windows\SWREG.exe 2011-06-02 01:43:54 256512 ----a-w- c:\windows\PEV.exe 2011-06-02 01:43:54 208896 ----a-w- c:\windows\MBR.exe 2011-05-25 20:11:29 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-05-25 20:08:21 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-05-25 20:08:21 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll 2011-05-25 20:01:54 -------- d-----w- c:\documents and settings\erin\local settings\application data\Secunia PSI 2011-05-25 20:01:39 -------- d-----w- c:\program files\Secunia 2011-05-25 09:56:16 -------- d-----w- c:\documents and settings\all users\application data\iG28601IlPfN28601 2011-05-25 02:18:04 0 ----a-w- c:\windows\Wnafuhuhiqo.bin 2011-05-25 02:16:55 102912 --sha-r- c:\windows\system32\tsbyuvl.dll 2011-05-25 02:16:55 102912 --sha-r- c:\windows\system32\tapisrvk.dll . ==================== Find3M ==================== . 2011-05-25 20:07:30 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-04-21 01:12:57 52352 ----a-w- c:\windows\system32\drivers\volsnap.sys 2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll . ============= FINISH: 23:03:48.44 ===============

Thank you so much for your help.. 1. MBAM quick scan log Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 6727 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 6/1/2011 9:29:26 PM mbam-log-2011-06-01 (21-28-54).txt Scan type: Quick scan Objects scanned: 127835 Time elapsed: 4 minute(s), 50 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 1 Registry Data Items Infected: 1 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\SYSTEM UPDATER (Trojan.Agent) -> No action taken. Registry Values Infected: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\System Updater\ImagePath (Trojan.Agent) -> Value: ImagePath -> No action taken. Registry Data Items Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogoff (PUM.Hijack.StartMenu) -> Bad: (1) Good: (0) -> No action taken. Folders Infected: (No malicious items detected) Files Infected: c:\WINDOWS\cftnom.bat (Trojan.Agent) -> No action taken. 2. Combofix log ComboFix 11-06-01.04 - Erin 06/01/2011 22:12:29.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.479.225 [GMT -4:00] Running from: c:\documents and settings\Erin\Desktop\ComboFix.exe . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Erin\Application Data\Adobe\plugs c:\documents and settings\Erin\Application Data\Adobe\shed c:\documents and settings\Erin\Local Settings\Application Data\{FA70364B-017D-475D-AC27-0FF15B5C958E} c:\documents and settings\Erin\Local Settings\Application Data\{FA70364B-017D-475D-AC27-0FF15B5C958E}\chrome.manifest c:\documents and settings\Erin\Local Settings\Application Data\{FA70364B-017D-475D-AC27-0FF15B5C958E}\chrome\content\_cfg.js c:\documents and settings\Erin\Local Settings\Application Data\{FA70364B-017D-475D-AC27-0FF15B5C958E}\chrome\content\overlay.xul c:\documents and settings\Erin\Local Settings\Application Data\{FA70364B-017D-475D-AC27-0FF15B5C958E}\install.rdf c:\documents and settings\Erin\My Documents\explorer.exe c:\windows\cftnom.bat c:\windows\system32\User.ini D:\Autorun.inf . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_6TO4 -------\Legacy_IAS -------\Legacy_INPUT_MANAGER -------\Legacy_ITLPERF -------\Legacy_MOUSEDRIVER -------\Legacy_PLUG_MANAGER -------\Legacy_SYSTEM_UPDATER -------\Service_6to4 -------\Service_Ias -------\Service_Input Manager -------\Service_itlperf -------\Service_MouseDriver -------\Service_Plug Manager -------\Service_System Updater . . ((((((((((((((((((((((((( Files Created from 2011-05-02 to 2011-06-02 ))))))))))))))))))))))))))))))) . . 2011-05-31 01:46 . 2011-05-31 01:48 -------- d-----w- c:\documents and settings\Internet 2011-05-28 16:19 . 2011-05-28 16:21 -------- d-----w- c:\documents and settings\Xtract 2011-05-25 20:11 . 2011-05-25 20:16 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-05-25 20:08 . 2011-05-25 20:07 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll 2011-05-25 20:08 . 2011-05-25 20:07 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-05-25 20:01 . 2011-05-25 20:01 -------- d-----w- c:\documents and settings\Erin\Local Settings\Application Data\Secunia PSI 2011-05-25 20:01 . 2011-05-25 20:01 -------- d-----w- c:\program files\Secunia 2011-05-25 18:05 . 2011-05-25 18:05 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2011-05-25 16:30 . 2011-05-25 16:31 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe 2011-05-25 09:56 . 2011-05-25 19:47 -------- d-----w- c:\documents and settings\All Users\Application Data\iG28601IlPfN28601 2011-05-25 02:18 . 2011-05-25 05:23 0 ----a-w- c:\windows\Wnafuhuhiqo.bin 2011-05-25 02:16 . 2011-05-25 02:16 102912 --sha-r- c:\windows\system32\tsbyuvl.dll 2011-05-25 02:16 . 2011-05-25 02:16 102912 --sha-r- c:\windows\system32\tapisrvk.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-05-25 20:07 . 2007-07-12 13:32 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-04-21 01:12 . 2006-03-16 04:00 52352 ----a-w- c:\windows\system32\drivers\volsnap.sys 2011-03-07 05:33 . 2006-03-16 04:00 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-03-04 06:37 . 2006-03-16 04:00 420864 ----a-w- c:\windows\system32\vbscript.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-11 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsmqIntCert"="mqrt.dll" [2009-06-25 177152] "High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 61952] "QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 163840] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-18 7585792] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888] . c:\documents and settings\Administrator\Start Menu\Programs\Startup\ Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [N/A] . c:\documents and settings\Xtract\Start Menu\Programs\Startup\ Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [N/A] . c:\documents and settings\Internet\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [N/A] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Lexmark X125 Settings Utility.lnk - c:\program files\Lexmark X125\LEX125SU.exe [2007-11-27 1810432] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-4-19 291896] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk] backup=c:\windows\pss\HP Photosmart Premier Fast Start.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^Erin^Start Menu^Programs^StartUp^Vongo Tray.lnk] backup=c:\windows\pss\Vongo Tray.lnkStartup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Search Protection HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 3] 2011-03-22 17:53 2403024 ----a-w- c:\program files\IObit\Advanced SystemCare 3\AWC.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset] 2006-05-30 23:02 40960 ----a-w- c:\program files\Hewlett-Packard\Default Settings\Cpqset.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray] 2005-08-06 04:56 64512 ----a-w- c:\windows\ehome\ehtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2008-12-08 20:50 54576 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant] 2006-05-04 05:58 458752 ----a-w- c:\program files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] 2005-08-11 23:30 249856 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] 2005-08-11 23:30 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2010-04-28 19:06 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] 2006-08-18 08:00 7585792 ----a-w- c:\windows\system32\nvcpl.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] 2006-08-18 08:00 86016 ----a-w- c:\windows\system32\nvmctray.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] 2006-08-18 08:00 1617920 ----a-w- c:\windows\system32\nwiz.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-03-18 01:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecGuard] 2005-10-11 17:23 1187840 -c----w- c:\windows\SMINST\Recguard.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] 2011-03-16 22:24 2423752 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2009-02-11 04:13 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh] 2006-04-01 05:01 761946 -c--a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "gupdate"=3 (0x3) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled] "QPService"="c:\program files\HP\QuickPlay\QPService.exe" . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableNotifications"= 1 (0x1) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\mqsvc.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\LMpdpsrv.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= . R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656] R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [4/19/2011 2:44 AM 993848] R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [4/19/2011 2:44 AM 399416] R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [9/1/2010 4:30 AM 15544] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/8/2010 6:12 PM 135664] S2 Local Account Authority Service;Local Account Authority Service;c:\windows\temp\LocalAccountAuthority.bat --> c:\windows\temp\LocalAccountAuthority.bat [?] S3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;c:\windows\system32\drivers\5U870CAP.sys [6/6/2006 4:39 PM 61952] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/8/2010 6:12 PM 135664] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WUAUSERV . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] getPlusHelper REG_MULTI_SZ getPlusHelper itlsvc REG_MULTI_SZ itlperf . Contents of the 'Scheduled Tasks' folder . 2011-06-02 c:\windows\Tasks\GlaryInitialize.job - c:\program files\Glary Utilities\initialize.exe [2011-04-19 21:24] . 2011-06-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-08 22:12] . 2011-06-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-08 22:12] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/ uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html TCP: DhcpNameServer = 192.168.0.1 FF - ProfilePath - c:\documents and settings\Erin\Application Data\Mozilla\Firefox\Profiles\wire1zvk.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=ZUGO&form=ZGAADF&q= FF - prefs.js: network.proxy.type - 0 FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff . - - - - ORPHANS REMOVED - - - - . Notify-itlntfy - itlnfw32.dll SafeBoot-klmdb.sys MSConfigStartUp-osCheck - c:\program files\Norton 360\osCheck.exe MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-06-01 22:32 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Local Account Authority Service] "ImagePath"="%SystemRoot%\temp\LocalAccountAuthority.bat" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(908) c:\program files\SUPERAntiSpyware\SASWINLO.DLL c:\windows\system32\WININET.dll . - - - - - - - > 'explorer.exe'(3124) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\rundll32.exe c:\windows\system32\msdtc.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\windows\system32\nvsvc32.exe c:\windows\ehome\mcrdsvc.exe c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe . ************************************************************************** . Completion time: 2011-06-01 22:37:13 - machine was rebooted ComboFix-quarantined-files.txt 2011-06-02 02:37 . Pre-Run: 36,738,961,408 bytes free Post-Run: 37,027,577,856 bytes free . - - End Of File - - 87595E738E700FCFA763BB7E6B072B7C

Thank you! I was away from my computer for the weekend and so am just doing these scans now. I am attaching the two logs you requested. 1. MBAM log Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 6727 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 5/30/2011 11:37:49 PM mbam-log-2011-05-30 (23-37-41).txt Scan type: Full scan (C:\|D:\|E:\|F:\|) Objects scanned: 286298 Time elapsed: 50 minute(s), 42 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 2 Registry Values Infected: 1 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\1U0WFOHZPQ (Trojan.FakeAlert.SA) -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\SYSTEM UPDATER (Trojan.Agent) -> No action taken. Registry Values Infected: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\System Updater\ImagePath (Trojan.Agent) -> Value: ImagePath -> No action taken. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: c:\WINDOWS\cftnom.bat (Trojan.Agent) -> No action taken. 2. dds log . DDS (Ver_11-05-19.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24 Run by Erin at 23:41:18 on 2011-05-30 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.479.244 [GMT -4:00] . . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\rundll32.exe svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Secunia\PSI\PSIA.exe svchost.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Secunia\PSI\sua.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Lexmark X125\LEX125SU.exe C:\Program Files\Secunia\PSI\psi_tray.exe F:\dds.scr C:\WINDOWS\system32\WSCRIPT.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.yahoo.com/ uSearch Page = uSearch Bar = uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop uInternet Settings,ProxyOverride = *.local mSearchAssistant = BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" mRun: [MsmqIntCert] regsvr32 /s mqrt.dll mRun: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\lexmar~1.lnk - c:\program files\lexmark x125\LEX125SU.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll DPF: {6F750202-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL Notify: itlnfw32 - itlnfw32.dll Notify: itlntfy - itlnfw32.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL LSA: Notification Packages = . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\erin\application data\mozilla\firefox\profiles\wire1zvk.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=ZUGO&form=ZGAADF&q= FF - prefs.js: network.proxy.type - 0 FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff FF - Ext: XULRunner: {FA70364B-017D-475D-AC27-0FF15B5C958E} - c:\documents and settings\erin\local settings\application data\{FA70364B-017D-475D-AC27-0FF15B5C958E} . ============= SERVICES / DRIVERS =============== . R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656] R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-6 99328] R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-4-19 993848] R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2011-4-19 399416] R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-8 135664] S2 Ias;MicroSoft Logging Utility;c:\windows\system32\svchost.exe -k netsvcs [2006-3-16 14336] S2 Input Manager;Input Manager;c:\windows\temp\Input.bat [2011-5-24 45] S2 itlperf;Intel CPU;c:\windows\system32\svchost.exe -k itlsvc [2006-3-16 14336] S2 Local Account Authority Service;Local Account Authority Service;c:\windows\temp\LocalAccountAuthority.bat [2011-5-24 44] S2 System Updater;System Updater;c:\windows\cftnom.bat [2011-5-24 39] S3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;c:\windows\system32\drivers\5U870CAP.sys [2006-6-6 61952] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-8 135664] S3 rootrepeal3;rootrepeal3;c:\windows\system32\drivers\rootrepeal3.sys [2011-4-19 34816] . =============== Created Last 30 ================ . 2011-05-25 20:11:29 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-05-25 20:08:21 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-05-25 20:08:21 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll 2011-05-25 20:01:54 -------- d-----w- c:\documents and settings\erin\local settings\application data\Secunia PSI 2011-05-25 20:01:39 -------- d-----w- c:\program files\Secunia 2011-05-25 09:56:16 -------- d-----w- c:\documents and settings\all users\application data\iG28601IlPfN28601 2011-05-25 02:20:07 39 ---h--w- c:\windows\cftnom.bat 2011-05-25 02:18:04 0 ----a-w- c:\windows\Wnafuhuhiqo.bin 2011-05-25 02:18:01 -------- d-----w- c:\documents and settings\erin\local settings\application data\{FA70364B-017D-475D-AC27-0FF15B5C958E} 2011-05-25 02:16:55 102912 --sha-r- c:\windows\system32\tsbyuvl.dll 2011-05-25 02:16:55 102912 --sha-r- c:\windows\system32\tapisrvk.dll . ==================== Find3M ==================== . 2011-05-25 20:07:30 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-04-21 01:12:57 52352 ----a-w- c:\windows\system32\drivers\volsnap.sys 2011-04-19 14:49:54 34816 ----a-w- c:\windows\system32\drivers\rootrepeal3.sys 2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll 2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys . ============= FINISH: 23:42:08.82 =============== I hope this is helpful. Thank you so much.

I seem to have a TDSS infection that has completely messed up my system. I get error messages on startup and I have a bunch of files under system32 - where the S in system is lower case and not uppercase. I will appreciate nay help at all. Thank you.