THINKPOINT removed, hopefully?? BUT, now another problem arrived...

First topic message reminder :

alright, so i followed all instructions thus far from these forums... OTL, then RKILLA, and then malware bytes... the THINKPOINT appears to be gone, but now my laptop goes into the blue screen of death, and i have to turn the computer off... same thing keeps happening... here is the OTL logs...

OTL logfile created on: 10/18/2010 7:05:35 PM - Run 1
OTL by OldTimer - Version 3.2.15.2 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 784.00 Mb Available Physical Memory | 77.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93.15 Gb Total Space | 54.82 Gb Free Space | 58.85% Space Free | Partition Type: NTFS

Computer Name: ANONYMOUS | User Name: Owner | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/10/18 18:31:29 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2009/04/20 11:17:01 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/14 05:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\savedump.exe


========== Modules (SafeList) ==========

MOD - [2010/10/18 18:31:29 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008/04/14 05:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\WINDOWS\System32\wscsvc.dll -- (wscsvc)
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\System32\spoolsv.exe -- (Spooler)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/11/24 15:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/11/24 15:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/11/24 15:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/11/24 15:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009/02/10 00:01:49 | 000,116,104 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2006/08/11 19:09:18 | 000,176,128 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2005/04/27 12:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\UPHClean\uphclean.exe -- (UPHClean)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\DMusic.sys -- (DMusic)
DRV - [2010/10/18 17:44:34 | 000,841,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Verizon Wireless\VZAccess Manager\smsivzam5.sys -- (SMSIVZAM5)
DRV - [2009/11/24 15:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009/11/24 15:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009/11/24 15:47:54 | 000,027,408 | ---- | M] (ALWIL Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/09/15 03:56:14 | 000,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009/09/15 03:55:30 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2009/09/15 03:55:19 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/01/21 12:49:40 | 000,118,656 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rtnicxp.sys -- (RTL8023xp)
DRV - [2008/04/14 05:00:00 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/01/07 05:36:16 | 002,216,064 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel(R)
DRV - [2006/09/24 06:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2005/08/09 16:43:00 | 003,855,360 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2000/12/05 16:18:02 | 000,003,952 | ---- | M] (Sony Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\DMICall.sys -- (DMICall)
DRV - [1996/04/03 12:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)
========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{68D4B3CD-C7E0-4B95-94BA-DD5EFD9B4246}: C:\Documents and Settings\Owner\Local Settings\Application Data\{68D4B3CD-C7E0-4B95-94BA-DD5EFD9B4246} [2010/10/18 17:42:24 | 000,000,000 | ---D | M]

[2010/05/01 02:44:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2010/05/01 02:44:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\IMVUClientXUL@imvu.com
[2010/10/07 09:06:22 | 000,002,077 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google_search.xml

O1 HOSTS File: ([2008/04/14 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [Hqomixudu] C:\WINDOWS\awekisoxebuxe.DLL (MPC-HC Team)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [oxmencarsw.tmp] C:\Documents and Settings\Owner\Local Settings\Temp\oxmencarsw.tmp ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime Alternative\QTTask.exe (Apple Inc.)
O4 - HKCU..\Run: [bbotxxxxxx.exe] C:\bbotxxxxxx.exe\bbotxxxxxx.exe (XeLgbt5pL)
O4 - HKCU..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe File not found
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\WePrint Server.lnk = C:\Program Files\WePrint\WePrint Server.exe (EuroSmartz Ltd)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe (Yahoo! Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MaxRecentDocs = 18
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MemCheckBoxInRunDlg = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: verbosestatus = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetIcon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 1
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Owner\Start Menu\Programs\IMVU\Run IMVU.lnk ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_13)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\WINDOWS\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\My Documents\My Pictures\BlackBerry\wallpapers\brooklyn bridge.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\My Documents\My Pictures\BlackBerry\wallpapers\brooklyn bridge.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/04/29 11:46:07 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{e54aee1b-53bf-11df-8b9e-00014aca0f2e}\Shell - "" = AutoRun
O33 - MountPoints2\{e54aee1b-53bf-11df-8b9e-00014aca0f2e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e54aee1b-53bf-11df-8b9e-00014aca0f2e}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/10/18 18:43:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/10/18 18:42:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2010/10/18 18:41:52 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/10/18 18:41:51 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/10/18 18:41:51 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/18 18:41:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/10/18 18:41:24 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup-1.46.exe
[2010/10/18 18:37:44 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/10/18 18:37:44 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/10/18 18:37:44 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/10/18 18:37:44 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/10/18 18:37:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/10/18 18:37:27 | 000,000,000 | --SD | C] -- C:\Combo-Fix
[2010/10/18 18:37:04 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/10/18 18:31:26 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/10/18 18:25:22 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2010/10/18 17:49:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/10/18 17:48:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/10/18 17:42:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\{68D4B3CD-C7E0-4B95-94BA-DD5EFD9B4246}
[2010/10/18 17:40:47 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/10/18 17:40:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Ozec
[2010/10/18 17:40:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Iker
[2010/10/18 17:40:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Update
[2010/10/18 17:39:37 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Documents\Server
[2010/10/18 17:38:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\A10DFFEE3DDF0ED363D35DEF678DEA61
[2010/10/14 15:04:12 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srvsvc.dll
[2010/10/14 15:04:08 | 001,289,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ole32.dll
[2010/10/14 15:04:06 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\licmgr10.dll
[2010/10/14 15:04:05 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmled.dll
[2010/10/14 15:03:39 | 000,954,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40.dll
[2010/10/14 15:03:38 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll
[2010/10/14 15:03:38 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2010/10/14 15:03:34 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2010/10/05 04:44:52 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/10/05 04:44:38 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/18 19:06:55 | 000,841,216 | ---- | M] () -- C:\WINDOWS\System32\drivers\Fdc.sys
[2010/10/18 19:04:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/18 19:02:48 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/18 18:46:36 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/18 18:41:35 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup-1.46.exe
[2010/10/18 18:40:40 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/18 18:36:44 | 003,879,667 | R--- | M] () -- C:\Documents and Settings\Owner\Desktop\Combo-Fix.exe
[2010/10/18 18:31:29 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/10/18 17:55:32 | 000,000,006 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\completescan
[2010/10/18 17:42:26 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Ysiru.dat
[2010/10/18 17:42:26 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Ekazohitozofane.bin
[2010/10/18 17:41:55 | 000,000,010 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\install
[2010/10/18 17:41:13 | 000,000,414 | ---- | M] () -- C:\WINDOWS\tasks\Updater.job
[2010/10/18 17:36:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/18 17:19:55 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{D234445B-94E0-465E-BAC5-C146C4ABF596}.job
[2010/10/18 04:07:32 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/18 04:07:27 | 000,333,072 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/18 03:56:32 | 000,444,596 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/10/18 03:56:32 | 000,072,306 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/10/18 03:12:30 | 000,002,155 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2010/10/14 14:34:07 | 000,035,502 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\IMG00136-20101014-1406.jpg
[2010/10/05 04:50:10 | 000,001,664 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk
[2010/09/22 19:31:02 | 000,000,671 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\WePrint Server.lnk
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/18 18:46:36 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/18 18:37:44 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/10/18 18:37:44 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/10/18 18:37:44 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/10/18 18:37:44 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/10/18 18:37:44 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/10/18 18:36:23 | 003,879,667 | R--- | C] () -- C:\Documents and Settings\Owner\Desktop\Combo-Fix.exe
[2010/10/18 17:55:32 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\completescan
[2010/10/18 17:42:26 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Ysiru.dat
[2010/10/18 17:42:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Ekazohitozofane.bin
[2010/10/18 17:41:55 | 000,000,010 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\install
[2010/10/18 17:41:13 | 000,000,414 | ---- | C] () -- C:\WINDOWS\tasks\Updater.job
[2010/10/14 14:31:17 | 000,035,502 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\IMG00136-20101014-1406.jpg
[2010/10/05 04:50:10 | 000,001,664 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk
[2010/10/05 04:49:55 | 000,002,155 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2010/08/31 01:17:27 | 000,188,512 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/08/26 13:51:45 | 000,000,154 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Rim.Desktop.Exception.log
[2010/08/10 20:53:48 | 000,000,759 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Rim.Desktop.HttpServerSetup.log
[2010/06/10 15:47:19 | 000,006,144 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/06 03:14:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VAIOUpdt.INI
[2010/04/29 23:54:20 | 000,000,971 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\BBMS_EXCEPTION.txt
[2010/04/29 12:03:16 | 000,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/04/29 12:03:14 | 002,255,360 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2010/04/29 12:03:14 | 000,795,648 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/04/29 12:03:14 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/04/29 12:03:13 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2010/04/29 12:03:12 | 000,067,584 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/04/29 06:32:51 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/04/20 11:25:16 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\msvcrt10.dll
[2008/04/14 05:00:00 | 000,841,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\Fdc.sys
[2008/04/14 05:00:00 | 000,027,392 | ---- | C] () -- C:\WINDOWS\System32\drivers\Fdc.sys.bak
[1996/04/03 12:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

< End of report >

Please be patient. We all work very busy lives, and forums are just our hobby work. However, still taking all of our tasks seriously, we cannot compete by ourselves with all of the virus makers. We have tons to work for, so we cannot usually get to everyone more than once a day.

Do you have a XP cd?

We need to replace a file that is infected. It is the same file that keeps on spawning the blue screen of death.

sorry if i seem impatient, but i have never seen the warning message from an internet provider before... i don't want to find out if they are bluffing about cancelling my internet service, lol...

and no, i no longer have any of the xp disks...

If they did not tell you directly, then I would not worry about it. It may be a scare tactic by the malware.

It may be able to be disinfected with this removal disc:

• Kaspersky RescueDisk
  If you encounter problems running the RescueDisk, you can get further assistance at the Kaspersky Support Forum.
  

If you are not sure how to burn an image, please read How to write a CD/DVD image or ISO. If you need a FREE utility to burn the ISO image, download and use ImgBurn.

Let me know how it goes.

they did tell me directly, it was a message from roadrunner themselves... *crap* thank you though for all your assistance and patience...

Contact them back, and tell them to hold off, as you are in the process of getting professional help on removal. Tell them it takes a bit longer than just a day or two to get it disinfected.

Let me know on the progress of the Kaspersky rescue disc.

running it again as we speak... said some of the viruses are "postponed" ?? option B is to take a bullet to the laptop...

so this is from the first scan... what does the malfunction and postponed mean??

Objects Scan: malfunction (events: 3, objects: 2, time: Unknown)

10/20/10 3:18 AM Task started

10/20/10 4:49 AM Detected: Trojan.Win32.Clicker.hd C:/Documents and Settings/Owner/DoctorWeb/Quarantine/A0002048.exe/data0004

10/20/10 4:49 AM Untreated: Trojan.Win32.Clicker.hd C:/Documents and Settings/Owner/DoctorWeb/Quarantine/A0002048.exe/data0004 Postponed


Objects Scan: completed 1 hour ago (events: 17, objects: 368315, time: 06:43:17)

10/20/10 6:35 AM Task started

10/20/10 7:58 AM Detected: HEUR:Trojan.Win32.Generic C:/Documents and Settings/Owner/DoctorWeb/Quarantine/A0002015.dll

10/20/10 7:58 AM Untreated: HEUR:Trojan.Win32.Generic C:/Documents and Settings/Owner/DoctorWeb/Quarantine/A0002015.dll Postponed

10/20/10 8:23 AM Detected: Trojan.Win32.Clicker.hd C:/Qoobox/Quarantine/C/Program Files/Mozilla Firefox/searchplugins/google_search.xml.vir

10/20/10 8:23 AM Untreated: Trojan.Win32.Clicker.hd C:/Qoobox/Quarantine/C/Program Files/Mozilla Firefox/searchplugins/google_search.xml.vir Postponed

10/20/10 8:26 AM Detected: Trojan-Spy.Win32.SpyEyes.crp C:/System Volume Information/_restore{6E532223-F595-472D-9374-5FBA01B53D99}/RP0/A0002049.exe/UPX

10/20/10 8:26 AM Untreated: Trojan-Spy.Win32.SpyEyes.crp C:/System Volume Information/_restore{6E532223-F595-472D-9374-5FBA01B53D99}/RP0/A0002049.exe/UPX Postponed

10/20/10 8:26 AM Detected: Trojan.Win32.FakeAV.ngj C:/System Volume Information/_restore{6E532223-F595-472D-9374-5FBA01B53D99}/RP0/A0002047.exe

10/20/10 8:26 AM Untreated: Trojan.Win32.FakeAV.ngj C:/System Volume Information/_restore{6E532223-F595-472D-9374-5FBA01B53D99}/RP0/A0002047.exe Postponed

10/20/10 8:35 AM Detected: HEUR:Trojan.Win32.Generic C:/Documents and Settings/Owner/DoctorWeb/Quarantine/A0002015.dll

10/20/10 1:18 PM Detected: Trojan.Win32.Clicker.hd C:/Qoobox/Quarantine/C/Program Files/Mozilla Firefox/searchplugins/google_search.xml.vir

10/20/10 1:18 PM Deleted: Trojan.Win32.Clicker.hd C:/Qoobox/Quarantine/C/Program Files/Mozilla Firefox/searchplugins/google_search.xml.vir

10/20/10 1:18 PM Detected: Trojan.Win32.FakeAV.ngj C:/System Volume Information/_restore{6E532223-F595-472D-9374-5FBA01B53D99}/RP0/A0002047.exe

10/20/10 1:18 PM Deleted: Trojan.Win32.FakeAV.ngj C:/System Volume Information/_restore{6E532223-F595-472D-9374-5FBA01B53D99}/RP0/A0002047.exe

10/20/10 1:18 PM Detected: Trojan-Spy.Win32.SpyEyes.crp C:/System Volume Information/_restore{6E532223-F595-472D-9374-5FBA01B53D99}/RP0/A0002049.exe/UPX

10/20/10 1:18 PM Deleted: Trojan-Spy.Win32.SpyEyes.crp C:/System Volume Information/_restore{6E532223-F595-472D-9374-5FBA01B53D99}/RP0/A0002049.exe

10/20/10 1:18 PM Task completed


Objects Scan: running (events: 3, objects: 158691, time: 01:21:47)

10/20/10 1:23 PM Task started

10/20/10 1:25 PM Task stopped

10/20/10 1:29 PM Task started

It means that the removal tool found the threats in a Quarantine folder (where they belong), but cannot remove them, because the quarantine is locked. But, they are safe to be in quarantine, so that is not a big deal.

We need to figure out how to disinfect fdc.sys.

Please give me a few hours, as I have to contact a couple of colleagues on obtaining the correct file replacement for your operating system.

As of right now, you can tell RoadRunner, that your computer is disinfected.

thank you for the better news !!! lol... look forward to your reply...

Hi.

Thanks for your patience. I have obtained a copy of the file.

Please download ComboFix from BleepingComputer.com

Save it to your Desktop, and do NOT run it, yet.


===========

Then, download this file: [You must be registered and logged in to see this link.]
and save it to your Desktop, and do NOT run it, either.

===========

Running ComboFix to remove infections:

• Close any open browsers.
  
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  
• Open notepad and copy/paste the text in the quotebox below into it:
  

  
  FCopy::
  C:\documents and settings\owner\desktop\fdc.sys | C:\windows\system32\drivers\fdc.sys
  

• Save this as CFScript.txt, in the same location as ComboFix.exe
  
  
  
  
• Referring to the picture above, drag CFScript into ComboFix.exe
  
• When finished, it shall produce a log for you at C:\ComboFix.txt
  
• Please post the contents of the log in your next reply.

NOTE:

• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

• Click on Yes, to continue scanning for malware.

Well, I'm not sure what to do at this point... roadrunner shut me down, and the department they need me to speak with is already closed for the day... =( I got slapped with the "unacceptable activity" notice...

I'm responding from my blackberry incidently, so if it takes me awhile to respond or you don't hear anything for awhile, you know why... I hate viruses, I hate hackers (the bad ones, lol) and I hate channel 131... and I guess I can blame myself as well, lol...

i can't download the FDC thing... getting an error message and it says it can't download from the source file or disk...

Are you sure you clicked Save and not Open when the file began download?

yes...

I'm back up and running on the Internet, now I just need the blue screen of death to go away...

Let's try this once more...

(If you have ComboFix already downloaded...good, no need to download again.)

Please download ComboFix from BleepingComputer.com

Save it to your Desktop, and do NOT run it, yet.


===========

Then, download this file: [You must be registered and logged in to see this link.]
and save it to your Desktop, and do NOT run it, either.

===========

Running ComboFix to remove infections:

• Close any open browsers.
  
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  
• Open notepad and copy/paste the text in the quotebox below into it:
  

  
  FCopy::
  C:\documents and settings\owner\desktop\fdc.sys | C:\windows\system32\drivers\fdc.sys
  

• Save this as CFScript.txt, in the same location as ComboFix.exe
  
  
  
  
• Referring to the picture above, drag CFScript into ComboFix.exe
  
• When finished, it shall produce a log for you at C:\ComboFix.txt
  
• Please post the contents of the log in your next reply.

NOTE:

• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

• Click on Yes, to continue scanning for malware.

sorry for the delay, i had to go out of town for a couple of days... but i'm back now and the link didn't work... won't let me download, gives me the same error message...

here is what it says...

"cannot copy FDC[1]: cannot read from source file or disk..."

Please reboot to Safe Mode with Networking (tap the F8 key just before Windows starts to load and select the Safe Mode with Networking option from the menu).

I've been doing all this from safe mode unfortunately, otherwise I can't get onto the computer, or rather log into windows... I get that blue screen shortly after logging in...

1. Please download The Avenger by Swandog46 to your Desktop.

• Right click on the Avenger.zip folder and select "Extract All..."
  
• Follow the prompts and extract the avenger folder to your desktop
  

2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Files to move:
C:\documents and settings\owner\desktop\fdc.sys | C:\windows\system32\drivers\fdc.sys

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, open the avenger folder and start The Avenger program by clicking on its icon.

• Right click on the window under Input script here:, and select Paste.
  
• You can also click on this window and press (Ctrl+V) to paste the contents of the clipboard.
  
• Click on Execute
  
• Answer "Yes" twice when prompted.
  

4. The Avenger will automatically do the following:

• It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete", The Avenger will actually restart your system twice.)
  
• On reboot, it will briefly open a black command window on your desktop, this is normal.
  
• After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  
• The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
  

5. Please copy/paste the content of c:\avenger.txt into your reply.

on reboot, hits the blue screen of death... and i tried running the program and rebooting back into safemode, and it does nothing...

i'm seriously contemplating taking a .40 bullet to the laptop right about now, lol...