I have tried everything I can think of. I have ran multi spyware finders. They find them and get rid of them and then it pops back up. I can really only use my computer in safe mode due to the fact that the attack has hijacked my system when it is started up normaly. it has changed my time to read military time and it says virus alert next to it. I can not access my disk drives, both C and D. I can not use task manager nor display functions. I have to change my start bar to classic mode to see my program files. A pop up window constently pops up saying that I have a virus on my computer and click yes to get a program to get rid of it. Please Please Please help me out here. Here is the Trend Micro hijack log:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:26:57 AM, on 9/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Norton AntiVirus\navw32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {3E48B471-EB2E-4ccf-9EA9-8905F737B895} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {80613a08-438c-4afb-9be0-5c9d6d8f955d} - C:\WINDOWS\system32\betifupu.dll (file missing)
O2 - BHO: (no name) - {BEEC65A7-93C5-416B-A253-19E1058AF6ED} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &HughesNet Toolbar - {CB2D4F99-8F9E-4992-880E-5962045A36E1} - C:\Program Files\HughesNet\bar\2.bin\HGNBAR.DLL
O3 - Toolbar: (no name) - {B85684C0-6279-43AC-9158-AB96AA390B8D} - (no file)
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [muzewumoto] Rundll32.exe "C:\WINDOWS\system32\sovowuyi.dll",s
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-19\..\Run: [muzewumoto] Rundll32.exe "C:\WINDOWS\system32\sovowuyi.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [muzewumoto] Rundll32.exe "C:\WINDOWS\system32\sovowuyi.dll",s (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\WINDOWS\system32\fefiweta.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 7954 bytes

Hello

Disable resident protections (Antivirus...); you'll re-enable them after the scan

Download Lop S&D < here

Double-click Lop S&D.exe
Choose the language, then choose Option 1 (Search)
Wait till the end of the scan
Post the log which is created: (%SystemDrive%\lopR.txt)

how do I disable my protections? and do I have to keep them disabled? Here is the log you asked for. Thank you in advance for your help!:

--------------------\\ Lop S&D 4.2.4-4 XP/Vista

Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : Intel® Pentium® M processor 1.70GHz )
BIOS : Phoenix ROM BIOS PLUS Version 1.10 A06
USER : Administrator ( Administrator )
BOOT : Fail-safe with network boot
Antivirus : Norton AntiVirus 15.0.0.58 (Activated)
Firewall : Authentium Firewall 3.212 (Not Activated)
C:\ (Local Disk) - NTFS - Total : 52 Go Free : 23 Go
D:\ (CD or DVD) - CDFS - Total : 0 Go Free : 0 Go

"C:\Lop SD" ( MAJ : 19-09-2008|22:20 )
Option : [1] ( Sat 09/27/2008|12:10 )

--------------------\\ Listing folders in APPLIC~1

[09/24/2008|11:59] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Adobe
[09/27/2008|09:29] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Digital Support
[08/10/2004|03:08] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Identities
[09/24/2008|02:31] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Lavasoft
[09/24/2008|11:59] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Macromedia
[09/27/2008|09:40] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Malwarebytes
[09/24/2008|11:49] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Microsoft
[09/24/2008|03:23] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Mozilla
[09/25/2008|12:06] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> PC Tools
[11/24/2005|09:45] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Sun
[09/27/2008|09:13] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Uniblue
[09/27/2008|09:20] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> WinRAR

[01/08/2008|07:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> 7Wonders2
[09/17/2006|03:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe
[07/01/2007|12:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL
[07/01/2007|12:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL Downloads
[07/01/2007|12:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL OCP
[12/20/2006|10:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Avg7
[04/07/2008|02:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> BigFishGamesCache
[01/28/2006|11:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Broderbund Software
[12/03/2007|05:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Christmasville
[03/13/2008|07:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Dell
[09/17/2008|01:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> FLEXnet
[06/01/2007|09:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Friends Games
[11/24/2005|09:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> GTek
[07/09/2007|04:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> HP
[11/24/2005|09:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> InstallShield
[11/24/2005|09:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Intuit
[05/10/2008|04:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> iWin Games
[09/27/2008|09:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Malwarebytes
[06/16/2008|03:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft
[11/24/2005|09:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> QuickTime
[01/28/2006|12:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Riverdeep Interactive Learning Limited
[09/17/2008|01:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Rosetta Stone
[11/14/2007|10:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Sandlot Games
[08/10/2004|03:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SBSI
[03/10/2006|09:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Spybot - Search & Destroy
[02/11/2008|09:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SupportSoft
[09/08/2008|05:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Symantec
[09/27/2008|11:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> TEMP
[12/22/2005|10:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Trymedia
[07/29/2007|04:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Viewpoint
[09/08/2006|06:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Genuine Advantage
[08/29/2008|10:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Yahoo!
[03/25/2006|02:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Yahoo! Companion

[08/10/2004|03:08] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Identities
[11/24/2005|09:48] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft
[11/24/2005|09:45] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Sun

[10/17/2007|01:23] C:\DOCUME~1\DONNAW~1\APPLIC~1\<DIR> Abra Academy2
[07/01/2007|12:44] C:\DOCUME~1\DONNAW~1\APPLIC~1\<DIR> acccore
[01/10/2008|12:10] C:\DOCUME~1\DONNAW~1\APPLIC~1\<DIR> Adobe
[04/23/2006|09:12] C:\DOCUME~1\DONNAW~1\APPLIC~1\<DIR> AdobeAUM
[01/14/2007|10:29] C:\DOCUME~1\DONNAW~1\APPLIC~1\<DIR> AdobeUM
[02/01/2008|04:42] C:\DOCUME~1\DONNAW~1\APPLIC~1\<DIR> Big Fish Games
[02/01/2008|04:40] C:\DOCUME~1\DONNAW~1\APPLIC~1\<DIR> BloodTies
[04/23/2006|09:46] C:\DOCUME~1\DONNAW~1\APPLIC~1\<DIR> Corel
[01/14/2006|06:45] C:\DOCUME~1\DONNAW~1\APPLIC~1\<DIR> Corel Photo Album
[12/02/2005|02:51] C:\DOCUME~1\DONNAW~1\APPLIC~1\<DIR> CyberLink
[09/22/2008|12:13] C:\DOCUME~1\DONNAW~1\APPLIC~1\<DIR> Digsby
[01/08/2008|09:19] C:\DOCUME~1\DONNAW~1\APPLIC~1\<DIR> Disney Mix It Plug-in
[12/04/2005|09:34] C:\DOCUME~1\DONNAW~1\APPLIC~1\<DIR> Earthlink
[10/01/2007|12:09] C:\DOCUME~1\DONNAW~1\APPLIC~1\<DIR> ForgottenRiddles
[04/01/2006|09:51] C:\DOCUME~1\DONNAW~1\APPLIC~1\<DIR> FUJIFILM
[04/10/2007|09:16] C:\DOCUME~1\DONNAW~1\APPLIC~1\<DIR> Gtek
[12/17/2005|06:35] C:\DOCUME~1\DONNAW~1\APPLIC~1\<DIR> Help
[07/12/2007|09:53] C:\DOCUME~1\DONNAW~1\APPLIC~1\<DIR> HP
[08/10/2004|03:08] C:\DOCUME~1\DONNAW~1\APPLIC~1\<DIR> Identities
[02/07/2008|08:04] C:\DOCUME~1\DONNAW~1\APPLIC~1\<DIR> iWin
[05/10/2008|04:46] C:\DOCUME~1\DONNAW~1\APPLIC~1\<DIR> iWinArcade
[12/05/2005|08:42] C:\DOCUME~1\DONNAW~1\APPLIC~1\<DIR> Lavasoft
[01/08/2006|05:14] C:\DOCUME~1\DONNAW~1\APPLIC~1\<DIR> Leadertech
[10/11/2007|11:32] C:\DOCUME~1\DONNAW~1\APPLIC~1\<DIR> Legends of pirates
[09/23/2008|03:29] C:\DOCUME~1\DONNAW~1\APPLIC~1\<DIR> LucasArts
[07/01/2006|05:44] C:\DOCUME~1\DONNAW~1\APPLIC~1\<DIR> Macromedia
[10/29/2006|07:59] C:\DOCUME~1\DONNAW~1\APPLIC~1\<DIR> Magic Match
[09/26/2008|12:34] C:\DOCUME~1\DONNAW~1\APPLIC~1\<DIR> Microsoft
[07/01/2007|12:39] C:\DOCUME~1\DONNAW~1\APPLIC~1\<DIR> Mozilla
[08/10/2006|04:54] C:\DOCUME~1\DONNAW~1\APPLIC~1\<DIR> MySpace
[09/23/2008|03:31] C:\DOCUME~1\DONNAW~1\APPLIC~1\<DIR> Petroglyph
[09/01/2008|07:14] C:\DOCUME~1\DONNAW~1\APPLIC~1\<DIR> PlayFirst
[08/27/2006|04:22] C:\DOCUME~1\DONNAW~1\APPLIC~1\<DIR> Real
[09/08/2008|12:50] C:\DOCUME~1\DONNAW~1\APPLIC~1\<DIR> SecuROM
[01/08/2006|05:15] C:\DOCUME~1\DONNAW~1\APPLIC~1\<DIR> Sonic
[09/11/2008|06:21] C:\DOCUME~1\DONNAW~1\APPLIC~1\<DIR> SPORE
[11/24/2005|09:45] C:\DOCUME~1\DONNAW~1\APPLIC~1\<DIR> Sun
[09/24/2008|01:56] C:\DOCUME~1\DONNAW~1\APPLIC~1\<DIR> TmpRecentIcons
[01/09/2008|07:14] C:\DOCUME~1\DONNAW~1\APPLIC~1\<DIR> U3
[09/12/2008|04:14] C:\DOCUME~1\DONNAW~1\APPLIC~1\<DIR> Uniblue
[08/31/2007|08:02] C:\DOCUME~1\DONNAW~1\APPLIC~1\<DIR> VeniceMysteryData
[08/01/2007|03:43] C:\DOCUME~1\DONNAW~1\APPLIC~1\<DIR> Viewpoint
[09/16/2008|09:20] C:\DOCUME~1\DONNAW~1\APPLIC~1\<DIR> WinRAR

[12/11/2005|11:06] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Help
[12/20/2006|10:47] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft

[12/20/2006|10:47] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft

[01/11/2008|08:52] C:\DOCUME~1\WAYNEW~1\APPLIC~1\<DIR> Adobe
[09/10/2006|08:00] C:\DOCUME~1\WAYNEW~1\APPLIC~1\<DIR> CyberLink
[04/11/2007|08:23] C:\DOCUME~1\WAYNEW~1\APPLIC~1\<DIR> Gtek
[07/12/2007|09:52] C:\DOCUME~1\WAYNEW~1\APPLIC~1\<DIR> HP
[08/10/2004|03:08] C:\DOCUME~1\WAYNEW~1\APPLIC~1\<DIR> Identities
[09/24/2008|03:03] C:\DOCUME~1\WAYNEW~1\APPLIC~1\<DIR> Lavasoft
[08/04/2006|09:44] C:\DOCUME~1\WAYNEW~1\APPLIC~1\<DIR> Macromedia
[09/24/2008|03:02] C:\DOCUME~1\WAYNEW~1\APPLIC~1\<DIR> Microsoft
[08/12/2006|08:53] C:\DOCUME~1\WAYNEW~1\APPLIC~1\<DIR> Mozilla
[09/07/2008|02:51] C:\DOCUME~1\WAYNEW~1\APPLIC~1\<DIR> Real
[11/24/2005|09:45] C:\DOCUME~1\WAYNEW~1\APPLIC~1\<DIR> Sun
[09/24/2008|02:53] C:\DOCUME~1\WAYNEW~1\APPLIC~1\<DIR> TmpRecentIcons

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[09/26/2008 10:06 PM][--a------] C:\WINDOWS\tasks\bgzexnxn.job
[09/26/2008 10:26 PM][--a------] C:\WINDOWS\tasks\qrpqlxrh.job
[09/26/2008 10:26 PM][--a------] C:\WINDOWS\tasks\dpwdqtoi.job
[09/22/2008 08:24 PM][--a------] C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Donna Wall.job
[09/26/2008 10:26 PM][--ah-----] C:\WINDOWS\tasks\SA.DAT
[08/04/2004 07:00 AM][-r-h-c---] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Program Files

[12/04/2005|02:24] C:\Program Files\<DIR> Abbyy FineReader 6.0 Sprint
[08/28/2007|12:50] C:\Program Files\<DIR> Adobe
[02/13/2006|07:50] C:\Program Files\<DIR> Ahead
[07/01/2007|12:41] C:\Program Files\<DIR> AIM6
[09/06/2008|09:34] C:\Program Files\<DIR> Atari
[12/04/2007|07:36] C:\Program Files\<DIR> Atlantis
[09/04/2008|10:37] C:\Program Files\<DIR> Atlantis Quest
[08/18/2007|10:29] C:\Program Files\<DIR> BFG
[04/07/2008|02:03] C:\Program Files\<DIR> bfgclient
[09/26/2008|02:35] C:\Program Files\<DIR> Big Kahuna Reef
[01/30/2008|06:30] C:\Program Files\<DIR> Blood Ties
[08/28/2007|12:50] C:\Program Files\<DIR> CallWave
[09/25/2008|12:09] C:\Program Files\<DIR> Common Files
[11/24/2005|09:34] C:\Program Files\<DIR> CONEXANT
[11/24/2005|10:03] C:\Program Files\<DIR> Corel
[11/24/2005|09:49] C:\Program Files\<DIR> CyberLink
[09/01/2008|05:54] C:\Program Files\<DIR> Datel
[08/28/2007|12:50] C:\Program Files\<DIR> Dell
[02/11/2008|09:11] C:\Program Files\<DIR> Dell Support Center
[04/10/2007|09:12] C:\Program Files\<DIR> DellSupport
[11/24/2005|09:49] C:\Program Files\<DIR> Digital Line Detect
[09/22/2008|12:12] C:\Program Files\<DIR> Digsby
[01/08/2008|08:44] C:\Program Files\<DIR> Disney
[06/24/2007|08:31] C:\Program Files\<DIR> Dl_cats
[06/05/2006|08:36] C:\Program Files\<DIR> EarthLink TotalAccess
[12/01/2005|11:16] C:\Program Files\<DIR> eGames
[09/11/2008|05:05] C:\Program Files\<DIR> Electronic Arts
[08/28/2007|12:50] C:\Program Files\<DIR> FinePixViewer
[12/02/2005|03:09] C:\Program Files\<DIR> Grisoft
[07/09/2007|11:55] C:\Program Files\<DIR> Hewlett-Packard
[07/09/2007|04:29] C:\Program Files\<DIR> HP
[03/24/2007|07:36] C:\Program Files\<DIR> HughesNet
[01/09/2008|06:23] C:\Program Files\<DIR> Incomplete
[09/23/2008|03:06] C:\Program Files\<DIR> InstallShield Installation Information
[08/28/2007|12:50] C:\Program Files\<DIR> Intel
[03/05/2006|03:13] C:\Program Files\<DIR> InterActual
[08/16/2008|10:47] C:\Program Files\<DIR> Internet Explorer
[11/24/2005|09:54] C:\Program Files\<DIR> Intuit
[09/24/2008|05:50] C:\Program Files\<DIR> iWin Games
[06/16/2008|03:39] C:\Program Files\<DIR> iWin.com
[05/10/2008|04:19] C:\Program Files\<DIR> iWin.com Games
[12/04/2005|02:26] C:\Program Files\<DIR> Jasc Software Inc
[12/30/2007|07:56] C:\Program Files\<DIR> Java
[12/02/2005|03:11] C:\Program Files\<DIR> Lavasoft
[11/24/2005|09:53] C:\Program Files\<DIR> Learn2.com
[01/12/2008|11:57] C:\Program Files\<DIR> LimeWire
[09/23/2008|03:06] C:\Program Files\<DIR> LucasArts
[09/27/2007|09:54] C:\Program Files\<DIR> Magic Match The Genie`s Journey
[09/27/2008|09:40] C:\Program Files\<DIR> Malwarebytes' Anti-Malware
[08/16/2008|10:49] C:\Program Files\<DIR> Messenger
[06/17/2006|02:34] C:\Program Files\<DIR> Microsoft ActiveSync
[08/10/2004|03:04] C:\Program Files\<DIR> microsoft frontpage
[02/19/2006|04:50] C:\Program Files\<DIR> Microsoft Games
[06/17/2006|02:33] C:\Program Files\<DIR> Microsoft Office
[11/24/2005|09:51] C:\Program Files\<DIR> Microsoft Plus! Digital Media Edition
[11/24/2005|09:51] C:\Program Files\<DIR> Microsoft Plus! Photo Story 2 LE
[09/05/2008|02:13] C:\Program Files\<DIR> Mirai Gaming
[08/28/2007|12:50] C:\Program Files\<DIR> Modem Helper
[08/10/2004|03:02] C:\Program Files\<DIR> Movie Maker
[09/27/2008|10:55] C:\Program Files\<DIR> Mozilla Firefox
[08/10/2004|03:01] C:\Program Files\<DIR> MSN
[08/10/2004|03:01] C:\Program Files\<DIR> MSN Gaming Zone
[08/29/2006|01:27] C:\Program Files\<DIR> MSN Messenger
[09/01/2008|05:56] C:\Program Files\<DIR> MSXML 4.0
[12/30/2007|08:20] C:\Program Files\<DIR> MumboJumbo
[12/05/2005|08:58] C:\Program Files\<DIR> MUSICMATCH
[08/22/2007|10:51] C:\Program Files\<DIR> My Way Games
[11/27/2007|05:45] C:\Program Files\<DIR> Mystery Case Files - Huntsville
[12/01/2007|10:36] C:\Program Files\<DIR> Mystery Case Files - Madame Fate
[01/06/2008|05:22] C:\Program Files\<DIR> Mystery Case Files - Prime Suspects
[11/20/2007|10:51] C:\Program Files\<DIR> Mystery Case Files - Ravenhearst
[01/30/2008|06:32] C:\Program Files\<DIR> Mystery Case Files Madame Fate Strategy Guide
[01/13/2008|04:31] C:\Program Files\<DIR> Mystery in London
[08/10/2004|03:02] C:\Program Files\<DIR> NetMeeting
[01/08/2008|07:11] C:\Program Files\<DIR> Norton AntiVirus
[01/10/2007|07:06] C:\Program Files\<DIR> Oberon Media
[08/10/2004|03:01] C:\Program Files\<DIR> Online Services
[06/13/2007|01:10] C:\Program Files\<DIR> Outlook Express
[12/28/2007|09:37] C:\Program Files\<DIR> PartyGaming.Net
[01/14/2006|06:11] C:\Program Files\<DIR> PIXELA
[08/30/2008|11:58] C:\Program Files\<DIR> PlayFirst
[09/04/2008|06:41] C:\Program Files\<DIR> Polly Pride - Pet Detective
[01/25/2006|01:45] C:\Program Files\<DIR> PopCap Games
[08/28/2007|12:51] C:\Program Files\<DIR> Print Workshop 2005 LE
[11/24/2005|09:53] C:\Program Files\<DIR> QuickTime
[12/11/2005|11:14] C:\Program Files\<DIR> Real
[01/14/2006|06:06] C:\Program Files\<DIR> REGSHAVE
[01/28/2006|11:42] C:\Program Files\<DIR> Riverdeep
[09/16/2008|11:19] C:\Program Files\<DIR> Rosetta Stone
[11/24/2005|09:35] C:\Program Files\<DIR> Sigmatel
[11/24/2005|09:56] C:\Program Files\<DIR> Sonic
[02/12/2006|07:07] C:\Program Files\<DIR> Sony Pictures Games
[08/28/2007|12:51] C:\Program Files\<DIR> Spybot - Search & Destroy
[09/26/2008|09:52] C:\Program Files\<DIR> Spyware Doctor
[06/11/2008|05:58] C:\Program Files\<DIR> Symantec
[11/24/2005|09:46] C:\Program Files\<DIR> Synaptics
[09/20/2007|06:44] C:\Program Files\<DIR> The Print Shop 20
[08/26/2008|03:52] C:\Program Files\<DIR> The Weather Channel FW
[08/23/2007|09:54] C:\Program Files\<DIR> Tiki Boom Boom
[09/22/2008|06:59] C:\Program Files\<DIR> TouchStoneSoftware
[09/27/2008|09:03] C:\Program Files\<DIR> Trend Micro
[02/26/2006|09:40] C:\Program Files\<DIR> Ubisoft
[09/27/2008|09:13] C:\Program Files\<DIR> Uniblue
[09/24/2008|06:01] C:\Program Files\<DIR> Uninstall Information
[11/24/2005|09:53] C:\Program Files\<DIR> Viewpoint
[09/24/2008|06:02] C:\Program Files\<DIR> Web Publish
[11/24/2005|09:59] C:\Program Files\<DIR> WebCyberCoach
[06/17/2006|02:19] C:\Program Files\<DIR> WildGames
[06/17/2006|02:19] C:\Program Files\<DIR> WildTangent
[06/17/2006|02:15] C:\Program Files\<DIR> WildTangent Games
[09/24/2008|06:03] C:\Program Files\<DIR> Windows Media Player
[08/10/2004|03:01] C:\Program Files\<DIR> Windows NT
[01/06/2008|03:40] C:\Program Files\<DIR> Windows Sidebar
[09/16/2008|09:20] C:\Program Files\<DIR> WinRAR
[09/26/2008|08:14] C:\Program Files\<DIR> WinUtilities
[08/28/2007|12:51] C:\Program Files\<DIR> WordPerfect Office 12
[08/10/2004|03:04] C:\Program Files\<DIR> xerox
[09/08/2008|05:48] C:\Program Files\<DIR> YahELite
[08/29/2008|10:53] C:\Program Files\<DIR> Yahoo!

--------------------\\ Listing Folders in C:\Program Files\Common Files

[03/16/2006|08:29] C:\Program Files\Common Files\<DIR> Adobe
[11/24/2005|09:54] C:\Program Files\Common Files\<DIR> AnswerWorks 4.0
[08/28/2007|12:50] C:\Program Files\Common Files\<DIR> AOL
[11/24/2005|09:58] C:\Program Files\Common Files\<DIR> Borland Shared
[01/28/2006|11:41] C:\Program Files\Common Files\<DIR> Broderbund
[06/05/2006|08:30] C:\Program Files\Common Files\<DIR> Command Software
[11/24/2005|10:03] C:\Program Files\Common Files\<DIR> Corel
[06/17/2006|02:34] C:\Program Files\Common Files\<DIR> Designer
[09/27/2008|09:40] C:\Program Files\Common Files\<DIR> Download Manager
[07/09/2007|11:54] C:\Program Files\Common Files\<DIR> Hewlett-Packard
[07/09/2007|04:29] C:\Program Files\Common Files\<DIR> HP
[09/23/2008|03:03] C:\Program Files\Common Files\<DIR> InstallShield
[11/24/2005|09:59] C:\Program Files\Common Files\<DIR> InstallShieldold
[11/24/2005|09:55] C:\Program Files\Common Files\<DIR> Intuit
[12/04/2005|02:25] C:\Program Files\Common Files\<DIR> Jasc Software Inc
[11/24/2005|09:45] C:\Program Files\Common Files\<DIR> Java
[09/16/2008|11:24] C:\Program Files\Common Files\<DIR> Macrovision Shared
[01/06/2008|03:24] C:\Program Files\Common Files\<DIR> Microsoft Shared
[08/10/2004|03:02] C:\Program Files\Common Files\<DIR> MSSoap
[11/24/2005|09:53] C:\Program Files\Common Files\<DIR> Nullsoft
[08/23/2008|09:10] C:\Program Files\Common Files\<DIR> Real
[02/20/2006|02:02] C:\Program Files\Common Files\<DIR> Sandlot Shared
[08/10/2004|03:02] C:\Program Files\Common Files\<DIR> Services
[11/24/2005|09:57] C:\Program Files\Common Files\<DIR> Sonic Shared
[08/10/2004|02:57] C:\Program Files\Common Files\<DIR> SpeechEngines
[02/11/2008|09:10] C:\Program Files\Common Files\<DIR> supportsoft
[12/04/2005|09:28] C:\Program Files\Common Files\<DIR> SWF Studio
[09/23/2008|06:33] C:\Program Files\Common Files\<DIR> Symantec Shared
[06/13/2007|01:10] C:\Program Files\Common Files\<DIR> System
[08/23/2008|09:10] C:\Program Files\Common Files\<DIR> xing shared

--------------------\\ Process

( 23 Processes )

... OK !

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

No Lop folder found !

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-27 12:11:49
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Searching for other infections

C:\WINDOWS\system32\NprAaccf.ini
C:\WINDOWS\system32\NprAaccf.ini2
==> VUNDO <==



[F:51][D:4]-> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
[F:11][D:0]-> C:\DOCUME~1\ADMINI~1\Cookies
[F:213][D:17]-> C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - Sat 09/27/2008|12:23 - Option : [1]

--------------------\\ Scan completed at 12:23:41

Hello

Do these steps in normal mode


Please download the OTMoveIt3 by OldTimer.

• Save it to your desktop.
• Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
• Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  
  CODE
  :Processes
  explorer.exe
  pctsAuxs.exe
  pctsSvc.exe
  pctsTray.exe
  
  :Services
  
  :Reg
  
  :Files
  C:\WINDOWS\tasks\bgzexnxn.job
  C:\WINDOWS\tasks\qrpqlxrh.job
  C:\WINDOWS\tasks\dpwdqtoi.job
  C:\WINDOWS\system32\NprAaccf.ini
  C:\WINDOWS\system32\NprAaccf.ini2
  
  :Commands
  [purity]
  [emptytemp]
  [start explorer]
  [Reboot]
  
  
• Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  
• Click the red Moveit! button.
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
• Close OTMoveIt3

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

• Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
• Double click on RSIT.exe to run RSIT.
• Click Continue at the disclaimer screen.
• Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Couldnt run the first program in normal mode due to the system freezing up. I also only got one of the files from the RSIT and that was the log. This is the following log for the first program:

========== PROCESSES ==========
Process explorer.exe killed successfully.
Unable to kill process: pctsAuxs.exe
Unable to kill process: pctsSvc.exe
Process pctsTray.exe killed successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\WINDOWS\tasks\bgzexnxn.job moved successfully.
C:\WINDOWS\tasks\qrpqlxrh.job moved successfully.
C:\WINDOWS\tasks\dpwdqtoi.job moved successfully.
C:\WINDOWS\system32\NprAaccf.ini moved successfully.
C:\WINDOWS\system32\NprAaccf.ini2 moved successfully.
========== COMMANDS ==========
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\6tx6xcck.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\6tx6xcck.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\6tx6xcck.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\6tx6xcck.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\6tx6xcck.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.2.2 log created on 09272008_133951


This is the log file of RSIT:

Logfile of random's system information tool 1.02 (written by random/random)
Run by Administrator at 2008-09-27 13:43:37
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 24 GB (46%) free of 54 GB
Total RAM: 503 MB (43% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:43:38 PM, on 9/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Administrator.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {3E48B471-EB2E-4ccf-9EA9-8905F737B895} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {80613a08-438c-4afb-9be0-5c9d6d8f955d} - C:\WINDOWS\system32\betifupu.dll (file missing)
O2 - BHO: (no name) - {BEEC65A7-93C5-416B-A253-19E1058AF6ED} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &HughesNet Toolbar - {CB2D4F99-8F9E-4992-880E-5962045A36E1} - C:\Program Files\HughesNet\bar\2.bin\HGNBAR.DLL
O3 - Toolbar: (no name) - {B85684C0-6279-43AC-9158-AB96AA390B8D} - (no file)
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [muzewumoto] Rundll32.exe "C:\WINDOWS\system32\sovowuyi.dll",s
O4 - HKLM\..\RunOnce: [OTScanIt] C:\Documents and Settings\Administrator\Desktop\OTMoveIt3.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-19\..\Run: [muzewumoto] Rundll32.exe "C:\WINDOWS\system32\sovowuyi.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [muzewumoto] Rundll32.exe "C:\WINDOWS\system32\sovowuyi.dll",s (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\WINDOWS\system32\fefiweta.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 7881 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Donna Wall.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-08-23 308856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3E48B471-EB2E-4ccf-9EA9-8905F737B895}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2004-05-12 744960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\system32\dla\tfswshx.dll [2004-12-06 118842]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll [2007-09-25 501136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{80613a08-438c-4afb-9be0-5c9d6d8f955d}]
C:\WINDOWS\system32\betifupu.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BEEC65A7-93C5-416B-A253-19E1058AF6ED}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2005-08-04 343112]
{CB2D4F99-8F9E-4992-880E-5962045A36E1} - &HughesNet Toolbar - C:\Program Files\HughesNet\bar\2.bin\HGNBAR.DLL [2007-03-24 208896]
{B85684C0-6279-43AC-9158-AB96AA390B8D}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2005-12-15 49152]
"Corel Photo Downloader"=C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe [2005-08-31 106496]
"ISTray"=C:\Program Files\Spyware Doctor\pctsTray.exe [2008-08-25 1168264]
"DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2007-11-15 202544]
"muzewumoto"=C:\WINDOWS\system32\sovowuyi.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"OTScanIt"=C:\Documents and Settings\Administrator\Desktop\OTMoveIt3.exe [2008-09-27 335360]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"=C:\Program Files\DellSupport\DSAgnt.exe [2007-03-15 460784]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"Yahoo! Pager"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2007-08-30 4670704]
"Uniblue RegistryBooster 2"=C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe [2008-07-08 1923352]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\WINDOWS\system32\fefiweta.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2006-06-06 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{F77BBE3B-9C38-47F6-99D7-B79B453D0F50}"=C:\WINDOWS\system32\

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\fccaArpN
"authentication packages"=scecli
C:\WINDOWS\system32\fefiweta.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\Rosetta Stone\Rosetta Stone V3\support\bin\win\RosettaStoneLtdServices.exe"="C:\Program Files\Rosetta Stone\Rosetta Stone V3\support\bin\win\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Ltd Services"
"C:\Program Files\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe"="C:\Program Files\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone V3 Application"
"C:\Program Files\LucasArts\Star Wars Empire at War\GameData\sweaw.exe"="C:\Program Files\LucasArts\Star Wars Empire at War\GameData\sweaw.exe:*:Enabled:Star Wars: Empire at War"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Rosetta Stone\Rosetta Stone V3\support\bin\win\RosettaStoneLtdServices.exe"="C:\Program Files\Rosetta Stone\Rosetta Stone V3\support\bin\win\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Ltd Services"
"C:\Program Files\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe"="C:\Program Files\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone V3 Application"

======List of files/folders created in the last 1 months======

2008-09-27 13:39:51 ----D---- C:\_OTMoveIt
2008-09-27 12:45:17 ----D---- C:\rsit
2008-09-27 12:10:05 ----A---- C:\lopR.txt
2008-09-27 12:09:22 ----D---- C:\Lop SD
2008-09-27 09:40:50 ----D---- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-09-27 09:40:46 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-27 09:40:46 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-27 09:20:46 ----D---- C:\Documents and Settings\Administrator\Application Data\WinRAR
2008-09-27 09:13:33 ----D---- C:\Documents and Settings\Administrator\Application Data\Uniblue
2008-09-27 09:13:28 ----D---- C:\Program Files\Uniblue
2008-09-27 09:07:35 ----D---- C:\Documents and Settings\Administrator\Application Data\Digital Support
2008-09-27 09:03:24 ----D---- C:\Program Files\Trend Micro
2008-09-26 01:37:46 ----ASH---- C:\WINDOWS\system32\djwktxxq.ini
2008-09-25 00:10:45 ----D---- C:\Program Files\WinUtilities
2008-09-25 00:09:21 ----D---- C:\Program Files\Common Files\Download Manager
2008-09-25 00:06:05 ----D---- C:\Program Files\Spyware Doctor
2008-09-25 00:06:05 ----D---- C:\Documents and Settings\Administrator\Application Data\PC Tools
2008-09-24 23:59:41 ----D---- C:\Documents and Settings\Administrator\Application Data\Macromedia
2008-09-24 23:59:38 ----D---- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-09-24 06:01:33 ----HD---- C:\Program Files\Uninstall Information
2008-09-24 03:23:39 ----D---- C:\Documents and Settings\Administrator\Application Data\Mozilla
2008-09-24 02:31:08 ----D---- C:\Documents and Settings\Administrator\Application Data\Lavasoft
2008-09-24 02:26:40 ----ASH---- C:\Documents and Settings\Administrator\Application Data\desktop.ini
2008-09-24 02:26:29 ----SD---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-09-24 02:26:29 ----D---- C:\Documents and Settings\Administrator\Application Data\Sun
2008-09-24 02:26:29 ----D---- C:\Documents and Settings\Administrator\Application Data\Identities
2008-09-24 02:19:28 ----ASH---- C:\WINDOWS\system32\lpthrfsg.ini
2008-09-24 02:18:08 ----A---- C:\WINDOWS\system32\2bf8e981-.txt
2008-09-24 02:09:54 ----A---- C:\WINDOWS\ntbtlog.txt
2008-09-24 01:57:23 ----A---- C:\WINDOWS\system32\tdssserf1.dll
2008-09-24 01:54:08 ----A---- C:\WINDOWS\eofn.exe
2008-09-23 03:06:02 ----D---- C:\Program Files\LucasArts
2008-09-22 18:59:21 ----D---- C:\Program Files\TouchStoneSoftware
2008-09-22 00:08:55 ----D---- C:\Program Files\Digsby
2008-09-17 00:53:53 ----D---- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-09-16 23:24:44 ----D---- C:\Program Files\Common Files\Macrovision Shared
2008-09-16 23:19:46 ----D---- C:\Documents and Settings\All Users\Application Data\Rosetta Stone
2008-09-16 09:19:47 ----D---- C:\Program Files\WinRAR
2008-09-16 06:36:35 ----HDC---- C:\WINDOWS\$NtUninstallWdf01005$
2008-09-11 18:16:59 ----A---- C:\WINDOWS\system32\igfxres.dll
2008-09-11 17:36:32 ----D---- C:\Intel
2008-09-11 17:05:30 ----D---- C:\ProgramData
2008-09-11 17:04:32 ----D---- C:\Program Files\Common Files\InstallShield
2008-09-10 03:48:53 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-09-08 00:47:04 ----A---- C:\WINDOWS\system32\d3dx9_27.dll
2008-09-08 00:42:25 ----D---- C:\Program Files\Electronic Arts
2008-09-07 03:02:12 ----D---- C:\WINDOWS\system32\CatRoot_bak
2008-09-06 21:34:21 ----D---- C:\Program Files\Atari
2008-09-06 03:09:21 ----A---- C:\WINDOWS\YAHELITE_IGNORE.INI
2008-09-06 00:42:12 ----D---- C:\Program Files\YahELite
2008-09-06 00:25:24 ----A---- C:\WINDOWS\YAHELITE.INI
2008-09-05 02:13:02 ----D---- C:\Program Files\Mirai Gaming
2008-09-01 17:56:36 ----D---- C:\Program Files\MSXML 4.0
2008-09-01 17:54:38 ----D---- C:\Program Files\Datel
2008-09-01 15:57:00 ----A---- C:\WINDOWS\system32\OVUI2RC.dll
2008-09-01 15:57:00 ----A---- C:\WINDOWS\system32\OVUI2.dll
2008-09-01 15:57:00 ----A---- C:\WINDOWS\system32\OVComS.exe
2008-09-01 15:56:59 ----A---- C:\WINDOWS\system32\OVComC.dll
2008-09-01 15:56:59 ----A---- C:\WINDOWS\system32\OVCodec2.dll
2008-09-01 15:56:48 ----A---- C:\WINDOWS\system32\vfwwdm32.dll
2008-08-30 23:58:18 ----D---- C:\Program Files\PlayFirst
2008-08-29 22:56:49 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-08-29 22:54:14 ----A---- C:\YServer.txt

======List of files/folders modified in the last 1 months======

2008-09-27 13:43:11 ----D---- C:\Program Files\Mozilla Firefox
2008-09-27 13:41:59 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-27 13:41:30 ----D---- C:\WINDOWS\system32\drivers
2008-09-27 13:41:27 ----D---- C:\WINDOWS\Temp
2008-09-27 13:39:51 ----SD---- C:\WINDOWS\Tasks
2008-09-27 13:39:51 ----D---- C:\WINDOWS\system32
2008-09-27 13:28:31 ----D---- C:\WINDOWS\system32\CatRoot2
2008-09-27 13:28:18 ----D---- C:\WINDOWS
2008-09-27 13:24:46 ----A---- C:\WINDOWS\ModemLog_Conexant D110 MDC V.9x Modem.txt
2008-09-27 10:47:46 ----D---- C:\Program Files
2008-09-26 21:57:31 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-09-26 21:53:24 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-09-26 21:43:30 ----D---- C:\Documents and Settings
2008-09-26 20:04:30 ----D---- C:\WINDOWS\History
2008-09-26 20:04:04 ----D---- C:\WINDOWS\Minidump
2008-09-26 20:04:04 ----D---- C:\i386
2008-09-26 20:03:53 ----D---- C:\dell
2008-09-26 14:35:21 ----D---- C:\Program Files\Big Kahuna Reef
2008-09-25 00:09:21 ----D---- C:\Program Files\Common Files
2008-09-24 17:50:01 ----D---- C:\Program Files\iWin Games
2008-09-24 11:51:08 ----D---- C:\My Downloads
2008-09-24 11:47:44 ----A---- C:\WINDOWS\win.ini
2008-09-24 06:04:54 ----SHD---- C:\WINDOWS\Installer
2008-09-24 06:04:52 ----D---- C:\Config.Msi
2008-09-24 06:04:20 ----AC---- C:\WINDOWS\OEWABLog.txt
2008-09-24 06:03:13 ----D---- C:\Program Files\Windows Media Player
2008-09-24 06:02:37 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-09-24 06:02:37 ----D---- C:\Program Files\Web Publish
2008-09-24 02:35:10 ----SHD---- C:\RECYCLER
2008-09-24 02:16:58 ----D---- C:\WINDOWS\Prefetch
2008-09-24 02:16:28 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-09-24 02:04:42 ----RSD---- C:\WINDOWS\Fonts
2008-09-23 18:33:57 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-09-23 03:06:25 ----HD---- C:\Program Files\InstallShield Installation Information
2008-09-18 13:36:10 ----HD---- C:\WINDOWS\inf
2008-09-18 13:36:10 ----D---- C:\WINDOWS\Help
2008-09-16 23:19:46 ----D---- C:\Program Files\Rosetta Stone
2008-09-11 17:48:58 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-09-11 17:06:55 ----A---- C:\WINDOWS\system32\CmdLineExt.dll
2008-09-11 13:30:01 ----D---- C:\WINDOWS\system32\CatRoot
2008-09-11 13:29:05 ----A---- C:\WINDOWS\imsins.BAK
2008-09-11 13:28:29 ----D---- C:\WINDOWS\WinSxS
2008-09-10 03:47:35 ----HD---- C:\WINDOWS\$hf_mig$
2008-09-08 17:49:19 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2008-09-08 00:47:14 ----D---- C:\WINDOWS\system32\DirectX
2008-09-08 00:47:11 ----D---- C:\WINDOWS\Microsoft.NET
2008-09-07 03:02:11 ----D---- C:\WINDOWS\Debug
2008-09-04 22:37:30 ----D---- C:\Program Files\Atlantis Quest
2008-09-04 18:41:05 ----D---- C:\Program Files\Polly Pride - Pet Detective
2008-08-29 22:53:25 ----D---- C:\Program Files\Yahoo!

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 IKSysFlt;System Filter Driver; C:\WINDOWS\system32\drivers\iksysflt.sys [2008-08-25 66952]
R1 IKSysSec;System Security Driver; C:\WINDOWS\system32\drivers\iksyssec.sys [2008-08-25 81288]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\system32\DRIVERS\omci.sys [2004-02-13 17153]
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-07-14 5627]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-07-14 23545]
R3 BCM43XX;Dell Wireless WLAN Card Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2004-12-06 369024]
R3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-02-10 154112]
R3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2008-06-13 31280]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-06-24 190560]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2005-08-03 16128]
S1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
S1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
S1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
S1 SRTSP;SRTSP; C:\WINDOWS\System32\Drivers\SRTSP.SYS [2007-12-01 279088]
S1 SRTSPX;SRTSPX; C:\WINDOWS\System32\Drivers\SRTSPX.SYS [2007-12-01 43696]
S1 SYMTDI;SYMTDI; C:\WINDOWS\System