BleepingComputer.com: Infected with Win32/OpenCandy

I'm not quite sure how I got this but MSE detected on a routine scan but was not able to clean it.

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by MARK at 9:51:28.23 on Fri 04/08/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1466 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ===============
.
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee Security Scan\3.0.199\SSScheduler.exe
C:\Program Files\Secunia\PSI\psi_tray.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\MARK.HOME-25C2EBD7EB\My Documents\Downloads\dds.scr
.
============== Pseudo HJT Report ===============
.
mStart Page = hxxp://www.msn.com
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: {f83c6003-6fe1-4814-9b52-272bd8a64c77} - No File
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {f83c6003-6fe1-4814-9b52-272bd8a64c77} - No File
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [Trend Micro RUBotted V2.0 Beta] c:\program files\trend micro\rubotted\RUBottedGUI.exe
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRunOnce: [NvRegisterMCTrayNview] RUNDLL32.EXE c:\windows\system32\nvmctray.dll,nvmcregisterapp c:\windows\system32\nView.dll
mRunOnce: [NvRegisterMCTray] RUNDLL32.EXE c:\windows\system32\nvmctray.dll,nvmcregisterapp c:\windows\system32\NvCpl.dll
mRunOnce: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.0.199\SSScheduler.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1285291667437
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPID.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/da2/PCPitStop2.cab
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
================= FIREFOX ===================
.
FF - ProfilePath -
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 165264]
R1 MpKsl2cbf1f26;MpKsl2cbf1f26;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{018c6245-79d6-4688-be63-d92447595872}\mpksl2cbf1f26.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{018c6245-79d6-4688-be63-d92447595872}\MpKsl2cbf1f26.sys [?]
R1 MpKsl5a6f8310;MpKsl5a6f8310;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c6c7c656-0205-4aea-a715-62b9453945ba}\MpKsl5a6f8310.sys [2011-4-8 28752]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2010-12-9 54760]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe [2010-12-12 88176]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]
R2 RUBotSrv;Trend Micro RUBotted Service;c:\program files\trend micro\rubotted\RUBotSrv.exe [2011-4-5 439632]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2010-12-21 399416]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [2009-6-4 171032]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [2009-6-4 1324056]
R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [2009-6-4 72728]
S1 CSN5PDTS82;CSN5PDTS82 NDIS Protocol Driver;c:\windows\system32\drivers\csn5pdts82.sys --> c:\windows\system32\drivers\CSN5PDTS82.sys [?]
S1 CSN5PDTS82x64;CSN5PDTS82x64 NDIS Protocol Driver;c:\windows\system32\drivers\csn5pdts82x64.sys --> c:\windows\system32\drivers\CSN5PDTS82x64.sys [?]
S1 MpKsl02657b36;MpKsl02657b36;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{eb18dced-0f1b-47ac-a8c5-680b46021f4a}\mpksl02657b36.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{eb18dced-0f1b-47ac-a8c5-680b46021f4a}\MpKsl02657b36.sys [?]
S1 MpKsl032e2d4d;MpKsl032e2d4d;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{eb18dced-0f1b-47ac-a8c5-680b46021f4a}\mpksl032e2d4d.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{eb18dced-0f1b-47ac-a8c5-680b46021f4a}\MpKsl032e2d4d.sys [?]
S1 MpKsl129b536e;MpKsl129b536e;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b7de3a1f-d2c0-485c-b440-f1a107e16abb}\mpksl129b536e.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b7de3a1f-d2c0-485c-b440-f1a107e16abb}\MpKsl129b536e.sys [?]
S1 MpKsl292c7f37;MpKsl292c7f37;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c02ae1a8-b204-407c-9928-3d4930469fb3}\mpksl292c7f37.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c02ae1a8-b204-407c-9928-3d4930469fb3}\MpKsl292c7f37.sys [?]
S1 MpKsl3c16c053;MpKsl3c16c053;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7c37b72f-a5f9-4170-9938-3aeeed7c5222}\mpksl3c16c053.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7c37b72f-a5f9-4170-9938-3aeeed7c5222}\MpKsl3c16c053.sys [?]
S1 MpKsl4566c622;MpKsl4566c622;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7c37b72f-a5f9-4170-9938-3aeeed7c5222}\mpksl4566c622.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7c37b72f-a5f9-4170-9938-3aeeed7c5222}\MpKsl4566c622.sys [?]
S1 MpKsl6718aeec;MpKsl6718aeec;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{907e3398-f21e-49fb-bf2f-361867704105}\mpksl6718aeec.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{907e3398-f21e-49fb-bf2f-361867704105}\MpKsl6718aeec.sys [?]
S1 MpKsl7e2cdb2a;MpKsl7e2cdb2a;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a0e1260f-e28d-46bc-a6b8-00113c815265}\mpksl7e2cdb2a.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a0e1260f-e28d-46bc-a6b8-00113c815265}\MpKsl7e2cdb2a.sys [?]
S1 MpKsl8a2d700d;MpKsl8a2d700d;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{fbef70e5-0438-4a13-94c2-c729f9af3d4a}\mpksl8a2d700d.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{fbef70e5-0438-4a13-94c2-c729f9af3d4a}\MpKsl8a2d700d.sys [?]
S1 MpKsl8d4ef5c8;MpKsl8d4ef5c8;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{4e746987-25c2-4296-86c9-60b53beb6da5}\mpksl8d4ef5c8.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{4e746987-25c2-4296-86c9-60b53beb6da5}\MpKsl8d4ef5c8.sys [?]
S1 MpKsl952aba1f;MpKsl952aba1f;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5611c779-35e9-4aa3-a940-08b3f08232c7}\mpksl952aba1f.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5611c779-35e9-4aa3-a940-08b3f08232c7}\MpKsl952aba1f.sys [?]
S1 MpKsl9a469887;MpKsl9a469887;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{54cee7ed-33fe-488b-82e0-4ce116284d2e}\mpksl9a469887.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{54cee7ed-33fe-488b-82e0-4ce116284d2e}\MpKsl9a469887.sys [?]
S1 MpKsla1021ab0;MpKsla1021ab0;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{907e3398-f21e-49fb-bf2f-361867704105}\mpksla1021ab0.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{907e3398-f21e-49fb-bf2f-361867704105}\MpKsla1021ab0.sys [?]
S1 MpKslae9b75db;MpKslae9b75db;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a0e1260f-e28d-46bc-a6b8-00113c815265}\mpkslae9b75db.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a0e1260f-e28d-46bc-a6b8-00113c815265}\MpKslae9b75db.sys [?]
S1 MpKslba6770ec;MpKslba6770ec;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0715a85f-e9d6-4c3b-98ee-b8b1a559c2f2}\mpkslba6770ec.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0715a85f-e9d6-4c3b-98ee-b8b1a559c2f2}\MpKslba6770ec.sys [?]
S1 MpKsle4205969;MpKsle4205969;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7c37b72f-a5f9-4170-9938-3aeeed7c5222}\mpksle4205969.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7c37b72f-a5f9-4170-9938-3aeeed7c5222}\MpKsle4205969.sys [?]
S1 MpKslfebd8124;MpKslfebd8124;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b0f4ad70-ab04-4567-a753-77bb40b5d35e}\mpkslfebd8124.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b0f4ad70-ab04-4567-a753-77bb40b5d35e}\MpKslfebd8124.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-12-27 135664]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2010-9-23 79360]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [2009-6-4 171032]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [2009-6-4 1324056]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [2009-6-4 72728]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.0.199\McCHSvc.exe [2011-2-23 237008]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
S4 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2010-12-21 987704]
S4 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336]
S4 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-04-08 05:01:00 -------- d-sh--w- c:\documents and settings\mark.home-25c2ebd7eb\IECompatCache
2011-04-08 05:00:45 -------- d-sh--w- c:\documents and settings\mark.home-25c2ebd7eb\PrivacIE
2011-04-08 04:57:13 -------- d-----w- c:\docume~1\mark~1.hom\applic~1\Windows Search
2011-04-08 04:53:31 -------- d-----w- c:\docume~1\mark~1.hom\applic~1\Malwarebytes
2011-04-08 03:45:19 -------- d-----w- c:\docume~1\mark~1.hom\locals~1\applic~1\Google
2011-04-08 02:44:26 -------- d-----w- c:\docume~1\mark~1.hom\locals~1\applic~1\Identities
2011-04-08 02:44:25 -------- d-----w- c:\docume~1\mark~1.hom\applic~1\Windows Desktop Search
2011-04-07 04:41:21 266360 ----a-w- c:\windows\system32\TweakUI.exe
2011-04-06 03:22:05 -------- d-----w- c:\program files\WinPcap
2011-04-03 16:59:37 8704 ----a-w- c:\windows\system32\kbdjpn.dll
2011-04-03 16:59:37 8192 ----a-w- c:\windows\system32\kbdkor.dll
2011-04-03 16:59:37 6144 ----a-w- c:\windows\system32\kbd106.dll
2011-04-03 16:59:37 6144 ----a-w- c:\windows\system32\kbd101c.dll
2011-04-03 16:59:37 6144 ----a-w- c:\windows\system32\kbd101b.dll
2011-04-03 16:59:37 5632 ----a-w- c:\windows\system32\kbd103.dll
2011-04-03 15:54:33 -------- d-----w- C:\New Folder (2)
2011-04-03 14:38:05 -------- d-----w- c:\docume~1\alluse~1\applic~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-04-03 14:28:46 -------- d-----w- C:\New Folder
2011-04-03 05:22:10 -------- d-----w- c:\docume~1\alluse~1\applic~1\McAfee Security Scan
2011-04-03 05:21:57 -------- d-----w- c:\program files\McAfee Security Scan
2011-03-31 17:01:02 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2011-03-31 17:01:02 728024 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2011-03-31 17:01:02 1874904 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2011-03-31 17:01:02 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2011-03-31 17:01:01 1893336 ----a-w- c:\program files\mozilla firefox\d3dx9_42.dll
2011-03-31 17:01:01 142296 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2011-03-31 17:01:01 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-03-31 17:01:00 1975768 ----a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll
2011-03-31 15:21:18 -------- d-----w- c:\program files\TweetDeck
2011-03-13 04:04:52 -------- d-----w- c:\program files\MP3 Rocket
.
==================== Find3M ====================
.
2011-04-08 02:41:33 252080 ----a-w- c:\windows\system32\nvdrsdb1.bin
2011-04-08 02:41:33 1 ----a-w- c:\windows\system32\nvdrssel.bin
2011-04-08 02:41:31 252080 ----a-w- c:\windows\system32\nvdrsdb0.bin
2011-02-22 23:51:58 4280320 ----a-w- c:\windows\system32\GPhotos.scr
2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-03 03:40:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-03 01:19:39 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-01 22:49:29 28472832 ----a-w- c:\program files\go_virtual.msi
.
============= FINISH: 9:51:46.87 ===============
 ark.txt.txt (1.33K)
Number of downloads: 1

Hi,

Please do the following:

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

• Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

• Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

• Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

I'm afraid I won't be able to do that right now. I was gone for a few hours today and when I came home, I discovered my computer had been rendered useless. I am on my girlfriends system at the moment. I tried to log on to mine and immediately noticed that the security settings were modified. I went into administrative tools and changed a few of my own before it shut down. I was able to restart in the setting where directory services are the option? Can't remember what it was called exactly. I have made a few logfiles but i have no real way to transfer them. No printer and I disconnected it from the router. I will try to manually copy them and post them next. I have no idea what to do now though if you could help me with that maybe? Or at least move my post to the proper topic. ANY help would be most appreciated.

I did notice that the way they took over was through windows power shell.

Exactly what is the status of your computer now? Will it boot?

Can you boot into safe mode?

ComboFix will run from a USB if you are able to boot into safe mode, try running it from there.

Did you try "Last Known Good Configuration"?

To Enter Safemode

• Go to Start> Shut off your Computer> Restart
  
• As the computer starts to boot-up, Tap the F8 KEY repeatedly,
  
• this will bring up a menu.
  
• Use the Up and Down Arrow Keys to scroll up to Safemode
  
• Then press the Enter Key on your Keyboard
  
• go into your usual account

Sorry about the delay. I reformatted my hard drive and reinstalled windows. I am now totally paranoid of everything on my computer. I noticed from the previous problem that the hacker altered my security settings. How do I go about changing my settings to where I am the only one who is able to do that?

I don't believe there is any way to do that, malware, once on your system can compromise even the best security.

the best thing is safe browsing practices.

Use one antivirus,
one or two anti spyware programs

a firewall if you wish or make your router very secure.

Use a program like the Web of Trust to warn you against dangerous websites

avoid peer to peer and torrents and just be careful what you download

Myself, I use Microsoft Security Essentials, the paid version of MalwareBytes, Web of Trust and I'm behind a secured router.

http://www.microsoft.com/en-ca/security_essentials/default.aspx
http://www.malwarebytes.org/mbam.php
http://www.mywot.com/en/download
http://ask-leo.com/how_do_i_secure_my_router.html


If you have any further questions feel free to ask

Okay thank you very much.

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.