Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:07:48 PM, on 10/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.com/g/startpage.html?Ch...DTP&M=T5052
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll (file missing)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll (file missing)
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll (file missing)
O2 - BHO: McAfee Anti-Phishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (file missing)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll (file missing)
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll (file missing)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll (file missing)
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [brastk] brastk.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - S-1-5-21-412732495-3789247047-277270637-1006 Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE (User '?')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send Image to Phone - http://www.freeringers.net/ezimage.php
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (file missing)
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll (file missing)
O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {01016526-5E80-11D8-9E86-0007E96C65AE} (SmartAccess Ctl Class) - https://install.charter.com/diskless/bin/ssctlsma.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (Automatic Driver Installation Control) - http://inst.c-wss.com/n042p/EN/install/gtdownlr.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1193766645109
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O20 - AppInit_DLLs: karna.dat
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)

--
End of file - 7903 bytes

Hello

Before we begin, you should save these instructions in Notepad to your desktop, or print them, for easy reference. Much of our fix will be done in Safe mode, and you will be unable to access this thread at that time. If you have questions at any point, or are unsure of the instructions, feel free to post here and ask for clarification before proceeding.


Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :

• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
• Instead of Windows loading as normal, the Advanced Options Menu should appear;
• Select the first option, to run Windows in Safe Mode, then press Enter.
• Choose your usual account.

• Open the extracted SDFix folder and double click RunThis.bat to start the script.
• Type Y to begin the cleanup process.
• It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
• Press any Key and it will restart the PC.
• When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
• Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
  (Report.txt will also be copied to Clipboard ready for posting back on the forum).
• Finally paste the contents of the Report.txt back on the forum.

Disable resident protections (Antivirus...); you'll re-enable them after the scan

Download Lop S&D < here

Double-click Lop S&D.exe
Choose the language, then choose Option 1 (Search)
Wait till the end of the scan
Post the log which is created: (%SystemDrive%\lopR.txt)

ok here are my logs... and thank you again for the help.


SDFix: Version 1.237
Run by Owner on Sat 10/25/2008 at 02:13 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDfix\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\DOCUME~1\OWNER~1.YOU\LOCALS~1\Temp\tmp28.tmp - Deleted
C:\DOCUME~1\OWNER~1.YOU\LOCALS~1\Temp\tmp4E.tmp - Deleted
C:\DOCUME~1\OWNER~1.YOU\LOCALS~1\Temp\tmpA1.tmp - Deleted
C:\DOCUME~1\OWNER~1.YOU\LOCALS~1\Temp\TMPB9.tmp - Deleted
C:\WINDOWS\system32\dllcache\figaro.sys - Deleted





Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-25 14:25:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000000
"ujdew"=hex:74,44,d5,fa,8e,38,c8,c2,d2,f2,e5,0b,13,63,e4,a1,9d,40,41,ed,63,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000000
"ujdew"=hex:74,44,d5,fa,8e,38,c8,c2,d2,f2,e5,0b,13,63,e4,a1,9d,40,41,ed,63,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000000
"ujdew"=hex:74,44,d5,fa,8e,38,c8,c2,d2,f2,e5,0b,13,63,e4,a1,9d,40,41,ed,63,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"="C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe:*:Disabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"="C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe:*:Disabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"="C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe:*:Disabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"="C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe:*:Disabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Disabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Disabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\1159909523\\EE\\AOLServiceHost.exe"="C:\\Program Files\\Common Files\\AOL\\1159909523\\EE\\AOLServiceHost.exe:*:Disabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Disabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Disabled:AOL Application Loader"
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"="C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe:*:Disabled:AOLTopSpeed"
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"="C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe:*:Disabled:AOLTsMon"
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"="C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\\Program Files\\DNA\\btdna.exe"="C:\\Program Files\\DNA\\btdna.exe:*:Enabled:DNA"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\WINDOWS\\ehome\\ehshell.exe"="C:\\WINDOWS\\ehome\\ehshell.exe:LocalSubNet:Enabled:Media Center"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Documents and Settings\\Owner.YOUR-B056543DD8\\Desktop\\utorrent.exe"="C:\\Documents and Settings\\Owner.YOUR-B056543DD8\\Desktop\\utorrent.exe:*:Enabled:ćTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files :


File Backups: - C:\SDfix\SDFix\backups\backups.zip

Files with Hidden Attributes :

Mon 15 Sep 2008 1,562,960 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll"
Mon 7 Jul 2008 1,429,840 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 7 Jul 2008 4,891,472 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 7 Jul 2008 2,156,368 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Fri 24 Oct 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Sat 25 Oct 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv03.tmp"
Thu 7 Feb 2008 11,116 A.SH. --- "C:\Documents and Settings\Owner.YOUR-B056543DD8\My Documents\My Music\License Backup\drmv2key.bak"

Finished!


********************************************************************************
****************


--------------------\\ Lop S&D 4.2.4-7 XP/Vista


"C:\Lop SD" ( MAJ : 23-10-2008|23:15 )
Option : [1] ( Sat 10/25/2008|14:31 )

--------------------\\ Listing folders in APPLIC~1

[10/03/2006|04:16] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> ATI
[06/17/2006|04:41] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Identities
[10/24/2008|02:51] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Microsoft
[10/03/2006|04:07] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> SampleView
[10/03/2006|04:06] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> You've Got Pictures Screensaver

[11/06/2007|08:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe
[06/30/2007|09:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Ahead
[01/04/2007|10:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL
[10/24/2008|02:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> avg8
[10/24/2008|01:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AVS4YOU
[12/10/2007|06:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> CanonBJ
[06/22/2007|12:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Google
[12/10/2007|06:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Gtek
[03/01/2008|05:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Hewlett-Packard
[07/17/2008|04:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Hot Lava Games
[10/24/2008|02:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Lavasoft
[10/25/2008|11:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Malwarebytes
[10/24/2008|02:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> McAfee
[10/30/2007|02:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> McAfee.com
[06/09/2008|01:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft
[07/17/2008|04:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Mozilla
[10/03/2006|04:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Napster
[06/30/2007|09:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Nero
[05/24/2008|11:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Prevx
[06/19/2006|01:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Prism Deploy
[10/03/2006|04:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Pure Networks
[04/06/2008|04:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> QuickTime
[10/24/2008|02:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SiteAdvisor
[12/20/2007|03:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Sprint
[10/24/2008|02:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Spybot - Search & Destroy
[08/05/2008|04:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> TEMP
[10/03/2006|04:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Viewpoint
[05/24/2008|12:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Webroot
[01/06/2007|09:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> WildTangent
[07/06/2007|03:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Genuine Advantage
[10/17/2008|06:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Yahoo!
[01/03/2008|07:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Yahoo! Companion

[10/03/2006|04:16] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> ATI
[06/17/2006|04:41] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Identities
[10/03/2006|04:06] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft
[10/03/2006|04:07] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> SampleView
[10/03/2006|04:06] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> You've Got Pictures Screensaver

[01/05/2007|11:50] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> AOL
[10/24/2008|02:51] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft
[05/24/2008|12:03] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Webroot

[10/03/2006|04:16] C:\DOCUME~1\MCX1\APPLIC~1\<DIR> ATI
[06/17/2006|04:41] C:\DOCUME~1\MCX1\APPLIC~1\<DIR> Identities
[10/24/2008|02:51] C:\DOCUME~1\MCX1\APPLIC~1\<DIR> Microsoft
[10/03/2006|04:07] C:\DOCUME~1\MCX1\APPLIC~1\<DIR> SampleView
[10/03/2006|04:06] C:\DOCUME~1\MCX1\APPLIC~1\<DIR> You've Got Pictures Screensaver

[10/03/2006|04:16] C:\DOCUME~1\MCX2\APPLIC~1\<DIR> ATI
[10/24/2008|01:00] C:\DOCUME~1\MCX2\APPLIC~1\<DIR> DivX
[06/17/2006|04:41] C:\DOCUME~1\MCX2\APPLIC~1\<DIR> Identities
[10/24/2008|02:51] C:\DOCUME~1\MCX2\APPLIC~1\<DIR> Microsoft
[10/03/2006|04:07] C:\DOCUME~1\MCX2\APPLIC~1\<DIR> SampleView
[10/03/2006|04:06] C:\DOCUME~1\MCX2\APPLIC~1\<DIR> You've Got Pictures Screensaver

[10/24/2008|02:51] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft
[10/24/2008|04:38] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Webroot


[01/04/2008|08:20] C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\<DIR> Active Disk
[01/03/2008|06:56] C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\<DIR> Adobe
[10/24/2008|02:34] C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\<DIR> AdobeUM
[06/30/2007|09:08] C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\<DIR> Ahead
[07/06/2007|11:50] C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\<DIR> AOL
[10/03/2006|04:16] C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\<DIR> ATI
[10/24/2008|01:38] C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\<DIR> AVS4YOU
[04/30/2008|01:55] C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\<DIR> BitTorrent
[09/10/2008|07:23] C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\<DIR> DNA
[06/22/2007|12:49] C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\<DIR> GetRightToGo
[04/10/2008|10:16] C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\<DIR> Google
[12/10/2007|06:24] C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\<DIR> Gtek
[04/08/2008|09:50] C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\<DIR> Help
[06/17/2006|04:41] C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\<DIR> Identities
[06/22/2007|12:49] C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\<DIR> InstallShield
[10/24/2008|01:57] C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\<DIR> Lavasoft
[09/16/2008|04:07] C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\<DIR> Leadertech
[11/20/2007|06:40] C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\<DIR> Macromedia
[10/25/2008|11:42] C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\<DIR> Malwarebytes
[12/21/2007|02:51] C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\<DIR> Media Player Classic
[10/24/2008|02:51] C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\<DIR> Microsoft
[07/17/2008|04:26] C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\<DIR> Mozilla
[05/24/2008|12:04] C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\<DIR> PC Tools
[10/03/2006|04:07] C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\<DIR> SampleView
[12/11/2007|05:51] C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\<DIR> Sun
[07/17/2008|04:27] C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\<DIR> Talkback
[06/14/2008|03:29] C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\<DIR> teamspeak2
[10/24/2008|01:49] C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\<DIR> uTorrent
[03/29/2008|11:38] C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\<DIR> Ventrilo
[04/20/2008|03:45] C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\<DIR> VTExtra
[05/24/2008|12:03] C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\<DIR> Webroot
[01/07/2007|11:06] C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\<DIR> WildTangent
[12/19/2007|04:15] C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\<DIR> WinRAR
[01/16/2008|04:34] C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\<DIR> Yahoo!
[10/03/2006|04:06] C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\<DIR> You've Got Pictures Screensaver

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[10/24/2008 03:00 PM][--a------] C:\WINDOWS\tasks\Norton Security Scan.job
[01/03/2007 08:03 PM][--a------] C:\WINDOWS\tasks\ISP signup reminder 3.job
[01/03/2007 08:03 PM][--a------] C:\WINDOWS\tasks\ISP signup reminder 2.job
[10/25/2008 09:21 AM][--ah-----] C:\WINDOWS\tasks\SA.DAT
[08/10/2004 02:00 PM][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Program Files

[12/11/2007|10:35] C:\Program Files\<DIR> Adobe
[10/24/2008|02:57] C:\Program Files\<DIR> AVG
[10/24/2008|02:31] C:\Program Files\<DIR> BigFix
[10/24/2008|02:31] C:\Program Files\<DIR> Cell Phone Manager
[10/24/2008|02:54] C:\Program Files\<DIR> Common Files
[10/24/2008|02:32] C:\Program Files\<DIR> Digital Media Reader
[10/25/2008|01:04] C:\Program Files\<DIR> ERUNT
[10/24/2008|02:39] C:\Program Files\<DIR> HP
[10/24/2008|02:39] C:\Program Files\<DIR> InstallShield Installation Information
[10/24/2008|02:39] C:\Program Files\<DIR> Internet Explorer
[10/24/2008|02:39] C:\Program Files\<DIR> Iomega
[04/13/2008|02:18] C:\Program Files\<DIR> Java
[10/24/2008|02:45] C:\Program Files\<DIR> Lavasoft
[10/25/2008|11:42] C:\Program Files\<DIR> Malwarebytes' Anti-Malware
[10/24/2008|02:39] C:\Program Files\<DIR> Microsoft Digital Image 2006
[06/17/2006|04:41] C:\Program Files\<DIR> microsoft frontpage
[10/24/2008|02:54] C:\Program Files\<DIR> Microsoft Office
[10/24/2008|02:39] C:\Program Files\<DIR> Microsoft Works
[10/24/2008|02:39] C:\Program Files\<DIR> Movie Maker
[06/17/2006|04:35] C:\Program Files\<DIR> MSN Gaming Zone
[10/24/2008|02:39] C:\Program Files\<DIR> NCSoft
[10/24/2008|02:40] C:\Program Files\<DIR> NetMeeting
[10/24/2008|02:40] C:\Program Files\<DIR> Outlook Express
[10/24/2008|02:42] C:\Program Files\<DIR> QuickTime
[10/24/2008|02:42] C:\Program Files\<DIR> Spybot - Search & Destroy
[10/25/2008|01:05] C:\Program Files\<DIR> Trend Micro
[05/24/2008|12:03] C:\Program Files\<DIR> Webroot
[10/25/2008|09:00] C:\Program Files\<DIR> Windows Media Player
[10/24/2008|02:42] C:\Program Files\<DIR> Windows NT
[06/17/2006|04:41] C:\Program Files\<DIR> xerox
[10/24/2008|02:42] C:\Program Files\<DIR> Yahoo!

--------------------\\ Listing Folders in C:\Program Files\Common Files

[10/24/2008|02:31] C:\Program Files\Common Files\<DIR> Adobe
[10/24/2008|02:31] C:\Program Files\Common Files\<DIR> Ahead
[10/24/2008|02:31] C:\Program Files\Common Files\<DIR> aolshare
[10/24/2008|02:31] C:\Program Files\Common Files\<DIR> L&H
[10/24/2008|02:55] C:\Program Files\Common Files\<DIR> Microsoft Shared
[06/17/2006|04:38] C:\Program Files\Common Files\<DIR> MSSoap
[06/19/2006|01:36] C:\Program Files\Common Files\<DIR> New Boundary
[06/16/2006|09:31] C:\Program Files\Common Files\<DIR> SpeechEngines
[10/24/2008|02:38] C:\Program Files\Common Files\<DIR> System
[10/24/2008|02:44] C:\Program Files\Common Files\<DIR> Wise Installation Wizard

--------------------\\ Process

( 13 Processes )

... OK !

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

No Lop folder found !

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-25 14:32:47
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Searching for other infections


No other infections found !

[F:5][D:28]-> C:\DOCUME~1\OWNER~1.YOU\LOCALS~1\Temp
[F:1][D:0]-> C:\DOCUME~1\OWNER~1.YOU\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - Sat 10/25/2008|14:33 - Option : [1]

--------------------\\ Scan completed at 14:33:33

Hello

• Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
• Double click on RSIT.exe to run RSIT.
• Click Continue at the disclaimer screen.
• Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

cant get it to run... I get this error after I hit continue

Autoit Error

Error: Incorrect number of parameters in function call

Can you go into the Rsit folder and post the log there, there should be some writing there for me

I checked... even put it in a different folder and reran it and checked. No log at all.

It's not getting to run at all... stopping at header before it even runs

Again error info is

Autoit Error

Line1:
Error : Incorrect number of parameters in function call


anything else I can try?

Yep go and do this for me

Download OTScanIt2.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt2 on your desktop.

• Open the OTScanIt2 folder and double-click on OTScanIt.exe to start the program.
• Under File Age at the top, change it from 30 days to 90 days
• Under Additional Scans check the boxes beside Reg - App Paths, Reg - Desktop Components, Reg - Disabled MS Config Items, Reg - File Associations, Reg - Protocol Filters, Reg - Protocol Handlers[/b], File - Lop Check, File - Purity Scan, Files - Signature Check, and Evnt - EventViewer Logs ( Last 10 Errors).
• Under Rootkit Search change it to Yes
• Now click the Run Scan button on the toolbar.
• When the scan is complete Notepad will open with the report file loaded in it.
• Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Use the Add Reply button and post the information back here in an attachment. I will review it when it comes in. The last line is < End of Report >, so make sure that is the last line in the attached report.


Make sure you attach the report in your reply. If it is too big to upload, then zip the text file and upload it that way

ok ... OTscanit2 hit an error

win32 error code:1717
The interface is unknown

but I happened to notice it hit the error when scanning event viewer logs so I uncheked that and tried again and it ran thru completely... so here is the log minus the event viewer logs


 OTScanIt.zip ( 32.36K ) Number of downloads: 15


This post has been edited by Fallenone27: Oct 25 2008, 03:18 PM

Can I get you to attach the log please

yeah I noticed it cut it off.. was editing the post to attach it =)

Hello

Start OTScanIt2. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.



The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here

I will review the information when it comes back in.



Also post a new HJT log

ok Ran into an error....

Otscanit2: Otscanit2.exe - Bad Image

The application or DLL C:\Doctuments and Settings\All users\vymsyvob.DLL is not a valid windows Image
Please check this against your installation diskette.

Removed the line associated with that and it ran thru fine and asked for reboot... log after reboot is below and after that a new HJT log


Unable to kill explorer.exe
[Win32 Services - Safe List]
Unable to stop service AOL ACS .
Unable to delete service AOL ACS .
File not found.
Unable to stop service AOL TopSpeedMonitor .
Unable to delete service AOL TopSpeedMonitor .
File not found.
Unable to stop service GameConsoleService .
Unable to delete service GameConsoleService .
File not found.
Unable to stop service gusvc .
Unable to delete service gusvc .
File not found.
Unable to stop service Iomega Activity Disk2 .
Unable to delete service Iomega Activity Disk2 .
File not found.
Unable to stop service Iomega App Services .
Unable to delete service Iomega App Services .
File not found.
Unable to stop service mcmscsvc .
Unable to delete service mcmscsvc .
File not found.
Unable to stop service McNASvc .
Unable to delete service McNASvc .
File not found.
Unable to stop service McODS .
Unable to delete service McODS .
File not found.
Unable to stop service McProxy .
Unable to delete service McProxy .
File not found.
Unable to stop service McShield .
Unable to delete service McShield .
File not found.
Unable to stop service McSysmon .
Unable to delete service McSysmon .
File not found.
Unable to stop service MpfService .
Unable to delete service MpfService .
File not found.
Unable to stop service MSK80Service .
Unable to delete service MSK80Service .
File not found.
Unable to stop service MskService .
Unable to delete service MskService .
File not found.
Unable to stop service sdAuxService .
Unable to delete service sdAuxService .
File not found.
Unable to stop service sdCoreService .
Unable to delete service sdCoreService .
File not found.
Unable to stop service SiteAdvisor Service .
Unable to delete service SiteAdvisor Service .
File not found.
Unable to stop service StarWindServiceAE .
Unable to delete service StarWindServiceAE .
File not found.
Unable to stop service WebrootSpySweeperService .
[Registry - Safe List]
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{ecdee021-0d17-467f-a1ff-c7a115230949} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ecdee021-0d17-467f-a1ff-c7a115230949}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{089FD14D-132B-48FC-8861-0048AE113215}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{089FD14D-132B-48FC-8861-0048AE113215}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{377C180E-6F0E-4D4C-980F-F45BD3D40CF4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{377C180E-6F0E-4D4C-980F-F45BD3D40CF4}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{41D68ED8-4CFF-4115-88A6-6EBB8AF19000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41D68ED8-4CFF-4115-88A6-6EBB8AF19000}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ecdee021-0d17-467f-a1ff-c7a115230949}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar\\{0BF43445-2F28-4351-9252-17FE6E806AA0} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BF43445-2F28-4351-9252-17FE6E806AA0}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar\\{ecdee021-0d17-467f-a1ff-c7a115230949} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ecdee021-0d17-467f-a1ff-c7a115230949}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{ECDEE021-0D17-467F-A1FF-C7A115230949} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ECDEE021-0D17-467F-A1FF-C7A115230949}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{39FD89BF-D3F1-45b6-BB56-3582CCF489E1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{39FD89BF-D3F1-45b6-BB56-3582CCF489E1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7DD73374-7187-4103-8F29-622AA25E7C40}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92780B25-18CC-41C8-B9BE-3C9C571A8263}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ not found.
Unable to delete registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:karna.datFIGURATIO .
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d006cbbe-83cc-11dd-89bf-00038a000015}\Shell\AutoRun\command\\ not found.
[Registry - Additional Scans - Safe List]
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk\ not found.
File not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk\ not found.
File not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk\ not found.
File not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Catalyst System Tray.lnk\ not found.
File not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk\ not found.
File not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk\ not found.
File not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AlcoholAutomount hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ not found.
File not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AOL Spyware Protection hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ not found.
File not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ATICCC hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ not found.
File not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ not found.
File not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\brastk hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ not found.
File not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Deskup hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ not found.
File not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Google Desktop Search hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ not found.
File not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HostManager hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ not found.
File not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\mcagent_exe hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ not found.
File not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSKAGENTEXE hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ not found.
File not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSKDetectorExe hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ not found.
File not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NeroFilterCheck hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ not found.
File not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Power2GoExpress hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ not found.
File not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SiteAdvisor hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ not found.
File not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SpyHunter Security Suite hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ not found.
File not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Yahoo! Pager hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ not found.
File not found.
[Files/Folders - Created Within 90 Days]
File C:\rsit not found!
File C:\Lop SD not found!
File C:\Avenger not found!
File C:\Documents and Settings\All Users\Application Data\elyt.dat not found!
File C:\Documents and Settings\All Users\Documents\mape.db not found!
File C:\Documents and Settings\All Users\Application Data\ejezas.ban not found!
File C:\Documents and Settings\Owner.YOUR-B056543DD8\Application Data\qywizekide.dat not found!
File C:\WINDOWS\System32\nefo._sy not found!
File C:\Documents and Settings\All Users\Documents\azebaby.dat not found!
File C:\Documents and Settings\Owner.YOUR-B056543DD8\Local Settings\Application Data\gizum.lib not found!
File C:\Documents and Settings\All Users\Application Data\ezybekid.lib not found!
File C:\Documents and Settings\Owner.YOUR-B056543DD8\Local Settings\Application Data\ryxyf.vbs not found!
File C:\Documents and Settings\Owner.YOUR-B056543DD8\Local Settings\Application Data\ipyl.db not found!
File C:\Documents and Settings\Owner.YOUR-B056543DD8\Local Settings\Application Data\ciwar.scr not found!
File C:\Documents and Settings\Owner.YOUR-B056543DD8\Application Data\luwyda.dat not found!
File C:\Documents and Settings\All Users\Documents\ogiw.exe not found!
File C:\WINDOWS\System32\yxawi._dl not found!
File C:\Documents and Settings\All Users\Documents\basopu.dl not found!
File C:\Documents and Settings\All Users\Documents\efawi._sy not found!
File C:\WINDOWS\tanab.vbs not found!
File C:\Documents and Settings\Owner.YOUR-B056543DD8\Application Data\wukyc.ban not found!
File C:\Documents and Settings\Owner.YOUR-B056543DD8\Application Data\zysaz.inf not found!
[Empty Temp Folders]
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_784.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
RecycleBin -> emptied.
Explorer started successfully
< End of fix log >
OTScanIt2 by OldTimer - Version 1.0.0.22b fix logfile created on 10252008_171237

Files moved on Reboot...
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat moved successfully.
File C:\WINDOWS\temp\Perflib_Perfdata_784.dat not found!

********************************************************************************
***********************
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:16:26 PM, on 10/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\ehome\RMSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.com/g/startpage.html?Ch...DTP&M=T5052
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKLM\..\Run: [SpyHunter Security Suite] "C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [readericon] "C:\Program Files\Digital Media Reader\readericon45G.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [MSKDetectorExe] "C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe" /startup
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1159909523\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [brastk] brastk.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [ADUserMon] "C:\Program Files\Iomega\AutoDisk\ADUserMon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9
O4 - HKCU\..\Run: [Power2GoExpress] NA
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O4 - Global Startup: Catalyst System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send Image to Phone - http://www.freeringers.net/ezimage.php
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {01016526-5E80-11D8-9E86-0007E96C65AE} (SmartAccess Ctl Class) - https://install.charter.com/diskless/bin/ssctlsma.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (Automatic Driver Installation Control) - http://inst.c-wss.com/n042p/EN/install/gtdownlr.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1193766645109
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O20 - AppInit_DLLs: karna.dat
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
O23 - Service: NBService - Unknown owner - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe (file missing)
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Office Source Engine (ose) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Unknown owner - C:\Program Files\Iomega\AutoDisk\ADService.exe (file missing)

--
End of file - 10026 bytes

Hello

• Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
• Double click on RSIT.exe to run RSIT.
• Click Continue at the disclaimer screen.
• Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Well, I feel better now RSIT runs now, so maybe we are making progress ... log files follow




Logfile of random's system information tool 1.04 (written by random/random)
Run by Owner at 2008-10-25 17:47:39
Microsoft Windows XP Professional Service Pack 2
System drive C: has 68 GB (63%) free of 109 GB
Total RAM: 1022 MB (73% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:47:41 PM, on 10/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\ehome\RMSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Trend Micro\rsit\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.com/g/startpage.html?Ch...DTP&M=T5052
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKLM\..\Run: [SpyHunter Security Suite] "C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [readericon] "C:\Program Files\Digital Media Reader\readericon45G.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [MSKDetectorExe] "C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe" /startup
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1159909523\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [brastk] brastk.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [ADUserMon] "C:\Program Files\Iomega\AutoDisk\ADUserMon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9
O4 - HKCU\..\Run: [Power2GoExpress] NA
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O4 - Global Startup: Catalyst System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send Image to Phone - http://www.freeringers.net/ezimage.php
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {01016526-5E80-11D8-9E86-0007E96C65AE} (SmartAccess Ctl Class) - https://install.charter.com/diskless/bin/ssctlsma.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (Automatic Driver Installation Control) - http://inst.c-wss.com/n042p/EN/install/gtdownlr.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1193766645109
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O20 - AppInit_DLLs: karna.dat
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
O23 - Service: NBService - Unknown owner - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe (file missing)
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Office Source Engine (ose) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Unknown owner - C:\Program Files\Iomega\AutoDisk\ADService.exe (file missing)

--
End of file - 10032 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\ISP signup reminder 2.job
C:\WINDOWS\tasks\ISP signup reminder 3.job
C:\WINDOWS\tasks\Norton Security Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2007-09-05 816400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
CBrowserHelperObject Object - c:\windows\system32\BAE.dll [2006-02-01 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2007-09-05 816400]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2008-10-22 1261200]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [2008-02-22 144784]
"SpySweeper"=C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe [2007-03-01 4865600]
"SpyHunter Security Suite"=C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe []
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2006-09-27 90112]
"SiteAdvisor"=C:\Program Files\SiteAdvisor\6253\SiteAdv.exe []
"Reminder"=C:\WINDOWS\Creator\Remind_XP.exe [2005-02-25 966656]
"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2002-09-14 212992]
"readericon"=C:\Program Files\Digital Media Reader\readericon45G.exe [2005-12-09 139264]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-10-03 98304]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-10-22 86016]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-10-22 7700480]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe []
"MSKDetectorExe"=C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup []
"MSKAGENTEXE"=C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe []
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey []
"Iomega Drive Icons"=C:\Program Files\Iomega\DriveIcons\ImgIcon.exe [2002-08-13 86016]
"HP Software Update"=c:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2004-02-12 49152]
"HP Component Manager"=C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2004-05-12 241664]
"HostManager"=C:\Program Files\Common Files\AOL\1159909523\EE\AOLHostManager.exe []
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe /startup []
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-08-05 64512]
"Deskup"=C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART []
"CHotkey"=C:\WINDOWS\zHotkey.exe [2004-12-08 550912]
"brastk"=brastk.exe []
"ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\cli.exe runtime []
"AOL Spyware Protection"=C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe []
"ADUserMon"=C:\Program Files\Iomega\AutoDisk\ADUserMon.exe [2002-09-24 147456]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-10 15360]
"Yahoo! Pager"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe -quiet []
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]
"Power2GoExpress"=NA []
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe []
"AlcoholAutomount"=C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe /automount []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
BigFix.lnk - C:\Program Files\BigFix\bigfix.exe
Catalyst System Tray.lnk - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
Extender Resource Monitor.lnk - C:\WINDOWS\ehome\RMSysTry.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

C:\Documents and Settings\Owner.YOUR-B056543DD8\Start Menu\Programs\Startup
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="karna.dat"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-09-27 47616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier]
C:\WINDOWS\system32\WRLogonNTF.dll [2007-03-01 233024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2004-08-10 239616]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WebrootSpySweeperService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoBandCustomize"=0
"NoMovingBands"=0
"NoCloseDragDropBands"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe"="C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Disabled:AOL"
"C:\Program Files\Common Files\AOL\System Information\sinf.exe"="C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Disabled:AOL"
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe"="C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Disabled:AOL"
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe"="C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Disabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Disabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Disabled:AOL"
"C:\Program Files\Common Files\AOL\1159909523\EE\AOLServiceHost.exe"="C:\Program Files\Common Files\AOL\1159909523\EE\AOLServiceHost.exe:*:Disabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Disabled:AOL"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Disabled:AOL Application Loader"
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe"="C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Disabled:AOLTopSpeed"
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe"="C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Disabled:AOLTsMon"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\WINDOWS\ehome\ehshell.exe"="C:\WINDOWS\ehome\ehshell.exe:LocalSubNet:Enabled:Media Center"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Documents and Settings\Owner.YOUR-B056543DD8\Desktop\utorrent.exe"="C:\Documents and Settings\Owner.YOUR-B056543DD8\Desktop\utorrent.exe:*:Enabled:µTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
shell\AutoRun\command - J:\start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1621fec3-5494-11db-8953-806d6172696f}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{41455fdf-531f-11db-b0a0-806d6172696f}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480


======List of files/folders created in the last 1 months======

2008-10-25 17:47:39 ----D---- C:\rsit
2008-10-25 17:08:08 ----D---- C:\_OTScanIt
2008-10-25 15:57:21 ----D---- C:\OTscanit
2008-10-25 14:31:44 ----A---- C:\lopR.txt
2008-10-25 13:05:46 ----D---- C:\Program Files\Trend Micro
2008-10-25 13:05:23 ----D---- C:\WINDOWS\ERDNT
2008-10-25 13:04:52 ----D---- C:\Program Files\ERUNT
2008-10-25 12:47:19 ----A---- C:\avenger.txt
2008-10-25 11:42:38 ----D---- C:\Documents and Settings\Owner.YOUR-B056543DD8\Application Data\Malwarebytes
2008-10-25 11:42:33 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-25 11:42:30 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-25 08:59:51 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2008-10-25 08:59:29 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-10-25 08:59:20 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP11$
2008-10-24 15:40:37 ----SHD---- C:\WINDOWS\CSC
2008-10-24 15:25:37 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-24 14:57:28 ----D---- C:\Program Files\AVG
2008-10-24 14:57:26 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2008-10-24 14:45:15 ----D---- C:\Program Files\Lavasoft
2008-10-24 14:45:14 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-10-24 14:44:20 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-24 13:38:59 ----D---- C:\Documents and Settings\Owner.YOUR-B056543DD8\Application Data\AVS4YOU
2008-10-24 13:38:55 ----D---- C:\Documents and Settings\All Users\Application Data\AVS4YOU
2008-10-24 13:38:02 ----A---- C:\WINDOWS\system32\msxml3a.dll
2008-10-24 13:10:06 ----D---- C:\ZCDivXtoDVD
2008-10-24 12:25:27 ----HDC---- C:\WINDOWS\$NtUninstallKB926239$
2008-10-24 12:24:39 ----N---- C:\WINDOWS\system32\spmsg.dll
2008-10-24 12:24:37 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2008-10-24 12:23:54 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
2008-10-24 12:22:53 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2008-10-24 12:22:17 ----D---- C:\WINDOWS\system32\LogFiles
2008-10-24 12:22:10 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$
2008-10-24 12:21:11 ----HDC---- C:\WINDOWS\$NtUninstallKB925766$
2008-10-15 03:04:12 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-15 03:04:03 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-15 03:03:54 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-15 03:02:03 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-15 03:01:48 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$

======List of files/folders modified in the last 1 months======

2008-10-25 17:47:18 ----D---- C:\WINDOWS\Prefetch
2008-10-25 17:14:46 ----D---- C:\WINDOWS\Temp
2008-10-25 17:14:29 ----D---- C:\WINDOWS\Registration
2008-10-25 17:14:17 ----D---- C:\WINDOWS
2008-10-25 17:12:51 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-25 17:10:45 ----D---- C:\WINDOWS\system32
2008-10-25 16:47:34 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-25 16:47:18 ----SHD---- C:\WINDOWS\Installer
2008-10-25 16:47:18 ----HD---- C:\Config.Msi
2008-10-25 16:44:52 ----RASH---- C:\boot.ini
2008-10-25 16:44:52 ----A---- C:\WINDOWS\win.ini
2008-10-25 16:44:52 ----A---- C:\WINDOWS\system.ini
2008-10-25 16:44:50 ----D---- C:\WINDOWS\pss
2008-10-25 15:29:13 ----D---- C:\tech stuff
2008-10-25 14:25:20 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-10-25 14:19:21 ----SHD---- C:\System Volume Information
2008-10-25 14:19:21 ----D---- C:\WINDOWS\system32\Restore
2008-10-25 14:12:35 ----A---- C:\WINDOWS\ntbtlog.txt
2008-10-25 13:05:46 ----D---- C:\Program Files
2008-10-25 12:47:19 ----D---- C:\WINDOWS\system32\drivers
2008-10-25 09:00:21 ----HD---- C:\WINDOWS\inf
2008-10-25 09:00:17 ----D---- C:\Program Files\Windows Media Player
2008-10-25 09:00:16 ----D---- C:\WINDOWS\system32\CatRoot
2008-10-25 08:59:32 ----A---- C:\WINDOWS\imsins.BAK
2008-10-24 15:24:49 ----HD---- C:\WINDOWS\$hf_mig$
2008-10-24 15:21:26 ----D---- C:\WINDOWS\system32\config
2008-10-24 15:21:02 ----D---- C:\WINDOWS\system32\wbem
2008-10-24 14:55:51 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-10-24 14:54:52 ----D---- C:\Program Files\Microsoft Office
2008-10-24 14:54:52 ----D---- C:\Program Files\Common Files
2008-10-24 14:51:17 ----SD---- C:\Documents and Settings\Owner.YOUR-B056543DD8\Application Data\Microsoft
2008-10-24 14:42:30 ----D---- C:\Program Files\Windows NT
2008-10-24 14:42:27 ----D---- C:\Program Files\Yahoo!
2008-10-24 14:42:20 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-10-24 14:42:19 ----D---- C:\Program Files\QuickTime
2008-10-24 14:40:19 ----D---- C:\Program Files\Outlook Express
2008-10-24 14:40:16 ----D---- C:\Program Files\NetMeeting
2008-10-24 14:39:57 ----D---- C:\Program Files\Movie Maker
2008-10-24 14:39:49 ----D---- C:\Program Files\NCSoft
2008-10-24 14:39:43 ----D---- C:\Program Files\Microsoft Works
2008-10-24 14:39:38 ----D---- C:\Program Files\Microsoft Digital Image 2006
2008-10-24 14:39:32 ----D---- C:\Program Files\Internet Explorer
2008-10-24 14:39:24 ----HD---- C:\Program Files\InstallShield Installation Information
2008-10-24 14:39:24 ----D---- C:\Program Files\Iomega
2008-10-24 14:39:24 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-24 14:39:23 ----D---- C:\Program Files\HP
2008-10-24 14:38:44 ----D---- C:\Program Files\Common Files\System
2008-10-24 14:34:19 ----D---- C:\Documents and Settings\Owner.YOUR-B056543DD8\Application Data\AdobeUM
2008-10-24 14:32:19 ----D---- C:\Program Files\Digital Media Reader
2008-10-24 14:31:40 ----D---- C:\Program Files\Common Files\L&H
2008-10-24 14:31:37 ----D---- C:\Program Files\Common Files\aolshare
2008-10-24 14:31:33 ----D---- C:\Program Files\Common Files\Ahead
2008-10-24 14:31:29 ----D---- C:\Program Files\Common Files\Adobe
2008-10-24 14:31:27 ----D---- C:\Program Files\Cell Phone Manager
2008-10-24 14:31:25 ----D---- C:\Program Files\BigFix
2008-10-24 14:26:33 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2008-10-24 14:23:30 ----SD---- C:\WINDOWS\Tasks
2008-10-24 14:02:00 ----D---- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-10-24 13:57:31 ----D---- C:\Documents and Settings\Owner.YOUR-B056543DD8\Application Data\Lavasoft
2008-10-24 13:49:52 ----D---- C:\Documents and Settings\Owner.YOUR-B056543DD8\Application Data\uTorrent
2008-10-24 13:03:09 ----D---- C:\WINDOWS\ehome
2008-10-24 12:59:01 ----D---- C:\Documents and Settings
2008-10-24 12:58:05 ----D---- C:\WINDOWS\Help
2008-10-24 12:57:31 ----HDC---- C:\WINDOWS\$NtUninstallKB905589$
2008-10-24 12:52:10 ----A---- C:\WINDOWS\NeroDigital.ini
2008-10-24 12:47:23 ----D---- C:\WINDOWS\AppPatch
2008-10-24 12:21:21 ----A---- C:\WINDOWS\ModemLog_PCI Soft Data Fax Modem with SmartCP.txt
2008-10-17 06:32:28 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-10-17 06:32:21 ----D---- C:\WINDOWS\WinSxS
2008-10-15 11:57:55 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-03 12:41:15 ----A---- C:\WINDOWS\system32\ieframe.dll
2008-09-26 05:55:58 ----A---- C:\Config_BackUp.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2004-11-10 44288]
R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2004-11-10 24832]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-10 36096]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2006-10-03 8552]
R2 MaVctrl;MaVctrl; C:\WINDOWS\system32\DRIVERS\MaVc2K.sys [2005-08-18 11473]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2006-09-27 3786944]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2006-07-18 990592]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2006-07-18 256128]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-10-22 3994624]
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2005-03-03 74496]
R3 SSKBFD;Webroot Spy Sweeper Keylogger Shield Keyboard Filter; C:\WINDOWS\System32\Drivers\sskbfd.sys [2007-03-01 21056]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-10 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-10 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2006-07-18 728192]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]
S1 mfehidk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfehidk.sys []
S1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys []
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-10 60800]
S3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-09-27 1379328]
S3 axe2xrdi;axe2xrdi; C:\WINDOWS\system32\drivers\axe2xrdi.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\OWNER~1.YOU\LOCALS~1\Temp\catchme.sys []
S3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-04 14080]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-06-22 51088]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-06-22 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-06-22 21744]
S3 IKFileSec;File Security Driver; C:\WINDOWS\system32\drivers\ikfilesec.sys [2008-02-01 42376]
S3 IKSysFlt;System Filter Driver; C:\WINDOWS\system32\drivers\iksysflt.sys [2007-12-10 66952]
S3 IKSysSec;System Security Driver; C:\WINDOWS\system32\drivers\iksyssec.sys [2007-12-10 81288]
S3 mam4410c;mam4410c; C:\WINDOWS\System32\Drivers\mam4410c.sys [2005-06-16 24784]
S3 mam4410m;mam4410m; C:\WINDOWS\System32\Drivers\mam4410m.sys [2005-06-16 25044]
S3 mam4410u;mam4410u; C:\WINDOWS\System32\Drivers\mam4410u.sys [2006-12-22 52565]
S3 mfeavfk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfeavfk.sys []
S3 mfebopk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfebopk.sys []
S3 mferkdk;McAfee Inc.; C:\WINDOWS\system32\drivers\mferkdk.sys []
S3 mfesmfk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfesmfk.sys []
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-10 61824]
S3 QWAVEDRV;QWAVE driver; C:\WINDOWS\system32\DRIVERS\qwavedrv.sys [2005-10-20 14336]
S3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2004-08-10 67584]
S3 usbbus;LGE CDMA Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys [2007-07-23 12416]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 UsbDiag;LGE CDMA USB Serial Port; C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys [2007-07-23 19840]
S3 USBIO;USBIO Driver (usbio.sys); C:\WINDOWS\System32\Drivers\usbio.sys [2001-05-07 19805]
S3 USBModem;LGE CDMA USB Modem; C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys [2007-07-23 21632]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-10 20480]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-04-10 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-10-20 96256]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-10-22 159810]
R2 PrismXL;PrismXL; C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS [2006-10-03 172032]
R2 RMSvc;Media Center Extender Resource Monitor; C:\WINDOWS\ehome\RMSvc.exe [2005-10-20 28160]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine; C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe [2007-03-01 3379264]
S2 _IOMEGA_ACTIVE_DISK_SERVICE_;Iomega Active Disk; C:\Program Files\Iomega\AutoDisk\ADService.exe []
S2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-09-27 389120]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2005-10-13 520192]
S2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe []
S2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2006-10-18 8704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2004-08-10 14336]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe []
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe []
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE []
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-03-18 65536]
S3 QWAVE;QWAVE service; C:\WINDOWS\system32\svchost.exe [2004-08-10 14336]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\wmpnetwk.exe [2006-10-18 913408]

-----------------EOF-----------------

**********************************

info.txt logfile of random's system information tool 1.04 2008-10-25 17:47:45

======Uninstall list======

-->c:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /appid=MSK /uninstall=1 /interact=1 /script_proactive=0 /start="c:\PROGRA~1\mcafee.com\agent\uninst\mskremui.dll::uninstall.htm"
-->C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Action Replay Code Manager-->"C:\Program Files\Datel\Action Replay Code Manager\unins000.exe"
Active Disk-->C:\WINDOWS\unvise32.exe C:\Program Files\Iomega\AutoDisk\uninstal.log
Ad-Aware SE Personal-->C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Photoshop 6.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 6.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 6.0\Uninst.dll"
Adobe Reader 7.0.9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
America Online (Choose which version to remove)-->C:\Program Files\Common Files\aolshare\aolunins_us.exe
AMT 2.0-->"C:\Program Files\InstallShield Installation Information\{80AAD9DF-7E64-40D2-80D2-BECA41593EEB}\setup.exe" -runfromtemp -l0x0009 -removeonly
AOL Coach Version 2.0(Build:20041026.5 en)-->C:\Program Files\Common Files\AolCoach\en_en\AolCInUn.exe -lang=en_en -ext=UDP
AOL Connectivity Services-->"C:\Program Files\Common Files\AOL\ACS\AcsUninstall.exe" /c
AOL Spyware Protection-->C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\UNWISE.EXE C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\INSTALL.LOG
AOL You've Got Pictures Screensaver-->C:\Program Files\Common Files\AOL\Screensaver\uninst_ygpss.exe
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center-->MsiExec.exe /I{452E2DC2-9391-470C-AAB2-D91750A6B891}
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Battle.net-->C:\WINDOWS\bnetunin.exe
Bejeweled 2 Deluxe-->"C:\Program Files\Gateway Games\Bejeweled 2 Deluxe\Uninstall.exe"
BigFix-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\BigFix\Uninst.isu" -c"C:\Program Files\BigFix\Lib\UninstallHelper.dll"
BitPim 1.0.3-->"C:\Program Files\BitPim\unins000.exe"
Blackhawk Striker 2-->"C:\Program Files\Gateway Games\Blackhawk Striker 2\Uninstall.exe"
Blasterball 2 Revolution-->"C:\Program Files\Gateway Games\Blasterball 2 Revolution\Uninstall.exe"
BoBaFeTT Diablo Trainer-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\BoBaFeTT Diablo Trainer\DUninst.isu"
Browser Address Error Redirector-->regsvr32 /u /s "c:\windows\system32\BAE.dll"
Canon iP1700-->"C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP1700\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP1700 /L0x0009
Charter High Speed Internet Self-Installation Wizard-->MsiExec.exe /I{5AF8C46D-A141-4E69-9EB5-76A43ED29281}
dBpoweramp m4a Codec-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp m4a Codec.dat
dBpowerAMP Mp4 Codec-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Mp4 Codec.dat
dBpowerAMP Music Converter-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Music Converter.dat
Diablo-->C:\WINDOWS\diabunin.exe
Digital Media Reader-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{4AC55A61-BA20-4DF5-ABFF-8F4819E0C875} /l1033
Diner Dash-->"C:\Program Files\Gateway Games\Diner Dash\Uninstall.exe"
Dungeon Runners-->C:\Program Files\InstallShield Installation Information\{DAB3C3BE-631F-4386-9AB8-F7A52290C52E}\setup.exe -runfromtemp -l0x0009 -removeonly
DVD Solution-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
Easy Image Relay v1.1-->"C:\WINDOWS\unins000.exe"
EnglishHarbourCasino-->C:\Program Files\InstallShield Installation Information\{DD74F997-797A-4CC7-B56E-A5540F5A6917}\setup.exe -runfromtemp -l0x0009 -removeonly
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
FATE-->"C:\Program Files\Gateway Games\FATE\Uninstall.exe"
FINAL FANTASY XI: Chains of Promathia-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{3C0619B4-4A2C-4244-8077-488E420DF907}
FINAL FANTASY XI: Treasures of Aht Urhgan-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{A606C6FF-12E7-40BE-B777-D8F360FF00CD}
FINAL FANTASY XI: Wings of the Goddess-->C:\Program Files\InstallShield Installation Information\{5B037ED7-0755-48D4-9554-808E5AF50F17}\setup.exe -runfromtemp -l0x0409
FINAL FANTASY XI-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{678F6475-D227-432A-94FF-806178A34520}
Fleet Street Games-->"C:\Program Files\Fleet Street Games\UninstallerData\Uninstall Fleet Street Games.exe"
free-downloads.net Toolbar-->C:\PROGRA~1\FREE-D~1.NET\UNWISE.EXE C:\PROGRA~1\FREE-D~1.NET\INSTALL.LOG
Gateway Game Console-->"C:\Program Files\WildTangent\Apps\Gateway Game Console\Uninstall.exe"
Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Earth-->MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hitman Pro-->"C:\Program Files\Hitman Pro\unins000.exe"
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 10 (KB903157)-->"C:\WINDOWS\$NtUninstallKB903157$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB888795)-->"C:\WINDOWS\$NtUninstallKB888795$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB891593)-->"C:\WINDOWS\$NtUninstallKB891593$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB895961)-->"C:\WINDOWS\$NtUninstallKB895961$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB896256)-->"C:\WINDOWS\$NtUninstallKB896256$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB899337)-->"C:\WINDOWS\$NtUninstallKB899337$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB899510)-->"C:\WINDOWS\$NtUninstallKB899510$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB902841)-->"C:\WINDOWS\$NtUninstallKB902841$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB906569)-->"C:\WINDOWS\$NtUninstallKB906569$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB909095)-->"C:\WINDOWS\$NtUninstallKB909095$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB910728)-->"C:\WINDOWS\$NtUninstallKB910728$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB912024)-->"C:\WINDOWS\$NtUninstallKB912024$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB914440)-->"C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB914906)-->"C:\WINDOWS\$NtUninstallKB914906$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HotPepperCasino-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{60066906-D484-4DDE-973D-B5D22E4DB41C}\Setup.exe" -l0x9 -uninst
HP Image Zone 4.2-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP PSC & OfficeJet 4.2-->"C:\Program Files\HP\Digital Imaging\{A1062847-0846-427A-92A1-BB8251A91E91}\setup\hpzscr01.exe" -datfile hposcr04.dat
HP Software Update-->MsiExec.exe /X{457791C5-D702-4143-A7B2-2744BE9573F2}
HP Unload DLL Patch-->MsiExec.exe /X{595D0DE8-C38A-4432-B851-47DECC1A99BD}
IomegaWare 4.0.2-->C:\WINDOWS\unvise32.exe C:\Program Files\Iomega\uninstal.log
J2SE Runtime Environment 5.0 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150020}
Java™ 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
K-Lite Codec Pack 3.5.7 Full-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
LG Fusic LX550 USB - Handset Manager V9.2-->MsiExec.exe /I{A918DE8A-98C8-0920-0000-000000200040}
Little Farm-->"C:\Program Files\Little Farm\ReflexiveArcade\unins000.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee SecurityCenter-->C:\Program Files\McAfee\MSC\mcuninst.exe
McAfee Uninstall Wizard-->C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /uninstall=1 /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\comrem.dll::uninstall.htm
Media Center Extender-->c:\WINDOWS\eHome\DvcConn.exe /uninstall
Media Center Extender-->MsiExec.exe /I{23FE964A-853B-4176-86D7-9E18B5CA1FC0}
Microsoft .NET Framework 1.0 Hotfix (KB887998)-->"C:\WINDOWS\$NtUninstallKB887998$\spuninst\spuninst.exe"
Microsoft .NET Framework 1.0 Hotfix (KB930494)-->"C:\WINDOWS\$NtUninstallKB930494$\spuninst\spuninst.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Digital Image Starter Edition 2006-->"C:\Program Files\Common Files\Microsoft Shared\Picture It!\RmvSuite.exe" ADDREMOVE=1 SKU=TRIAL VERSION=11
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Money 2006-->"C:\Program Files\Microsoft Money 2006\MNYCoreFiles\Setup\uninst.exe" /s:120
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Standard Edition 2003-->MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft Office XP Professional with FrontPage-->MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
MID Converter 4.2-->C:\Program Files\MID Converter 4.2\uninst.exe
Mighty Slots-->"C:\Program Files\Mighty Slots\Install.exe" -u
MobTime Cell Phone Manager 2007 V6.2.1-->"C:\Program Files\Cell Phone Manager\unins000.exe"
Mozilla Firefox (2.0.0.7)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
Multimedia Keyboard Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6E66ECBD-FCA7-4AE1-A8C5-1CA78BEEB057}\Setup.exe" -l0x9
My Interactive Pooh™-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Pooh\Uninst.isu"
Napster Burn Engine-->MsiExec.exe /I{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}
Napster-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSet