[MellowFellow]

Really appreciate your help. I've got what seems to be a particularly nasty problem.

I followed all the instructions in the "You Must Read This" post and nothing has worked.

When I tried to run Malwarebytes I get a "Run-time error '372'" and a notice that there's a failure to "load control vbalGrid from vbalsgrid6.ocx" and the my version of "vbalsgrid6.ocx" may be outdated.

The copy/cut/paste functions have been disabled in most programs, but luckily not in "Notepad."

I tried installing a number of programs including "SUPERAntiSpyware" but get a notice that "The Windows Installer Service could not be accessed." The same notice supposes that I'm in safe mode (I'm not) or the Windows Installer is not correctly installed (possibly disabled?).

I cannot drag and drop files. Nor can I copy or paste them from drive to drive. That's not a real problem, yet; I would, however, really like to back up my files if I have to wipe my system.

I have AVG Free 8.0 on my system, but the virus/malware seems to have slipped through. I was able to run an update for AVG and a full scan but it came up with nothing.

I tried SDFix, but couldn't get into safe mode.

I tried booting in safe mode to run a couple of programs recommended on a post a read on a possible trojan, but when I got to the screen where I usually choose which mode to boot in, the "up" and "down" arrows don't work. I'm guessing they've been disabled? (In fact, I mashed every button on the keyboard in the boot option screen and nothing happened. It counted down and I was forced to boot normally.)

I lieu of SDFix in safe mode, I ran SDFIX in normal mode and tried using Norman Malware Cleaner. That seems to have detected and removed two items that AVG didn't detect, but it still didn't fix the problem.

I tried ComboFix, but now read here that that may have been a bad idea. Hopefully I haven't gone and shot system in the foot. . .

Any help you can provide would be greatly appreciated. This sounds like a Darwinized, naturally selected, beefed-up, hormone injected, radiation infused version of some of the trojan stuff I've read online. If you're able to clear this up, I'll be happy to make a small donation in your screen name to the charity of your choice. Seriously.

Thanks for your help!

My logfile is as follows:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:29:01 PM, on 1/6/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\MD\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\\nTune.exe" clear
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [UltraMon] "C:\Program Files\UltraMon\UltraMon.exe" /auto
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKUS\S-1-5-21-1123561945-1390067357-839522115-1003\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1 (User '?')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User '?')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - https://desktop.pill...ca32/wficat.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zone...anner371420.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WUSB54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

--
End of file - 6877 bytes

[Advertisements]

Hello MellowFellow,

Welcome to Geekstogo.

This sounds like a Darwinized, naturally selected, beefed-up, hormone injected, radiation infused version of some of the trojan stuff I've read online

That's the best description I have seen in a long time.

Well, lets see what we can find.

Download GMER from here:

http://www.gmer.net/files.php

Unzip it to the desktop.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised by a trained Security Analyst.

Open the program and click on the Rootkit tab.
Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
Click on Scan.
When the scan has run click Copy and paste the results (if any) into this thread.

Next

• Please download random's system information tool (RSIT) by random/random from here.
• It is important that is saved to your desktop.
• Double click on RSIT.exe to run RSIT.
• Click Continue at the disclaimer screen.
• Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

When you return please post

• GMER Rootkit Revealer report
• the two RSIT logs - log.txt and info.txt

Note: Unless otherwise instructed always post the logs in the forum. It is likely these reports will not fit on one post. It might be necessary to break the logs up to get them on the forum. Just use as many posts as you need, that's fine.

[emeraldnzl]

Hello MellowFellow,

Welcome to Geekstogo.

This sounds like a Darwinized, naturally selected, beefed-up, hormone injected, radiation infused version of some of the trojan stuff I've read online

That's the best description I have seen in a long time.

Well, lets see what we can find.

Download GMER from here:

http://www.gmer.net/files.php

Unzip it to the desktop.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised by a trained Security Analyst.

Open the program and click on the Rootkit tab.
Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
Click on Scan.
When the scan has run click Copy and paste the results (if any) into this thread.

Next

• Please download random's system information tool (RSIT) by random/random from here.
• It is important that is saved to your desktop.
• Double click on RSIT.exe to run RSIT.
• Click Continue at the disclaimer screen.
• Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

When you return please post

• GMER Rootkit Revealer report
• the two RSIT logs - log.txt and info.txt

Note: Unless otherwise instructed always post the logs in the forum. It is likely these reports will not fit on one post. It might be necessary to break the logs up to get them on the forum. Just use as many posts as you need, that's fine.

[MellowFellow]

Happy to provide some amusement, considering I'm putting you through all this trouble. I totally really appreciate your help.

The GMER results are as follows:

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-01-13 21:14:34
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.14 ----

SSDT sptd.sys ZwCreateKey [0xF72C1AC8]
SSDT sptd.sys ZwEnumerateKey [0xF72C1C22]
SSDT sptd.sys ZwEnumerateValueKey [0xF72C1F9A]
SSDT sptd.sys ZwOpenKey [0xF72C198E]
SSDT sptd.sys ZwQueryKey [0xF72C2064]
SSDT sptd.sys ZwQueryValueKey [0xF72C1EFC]
SSDT sptd.sys ZwSetValueKey [0xF72C20EC]

---- Kernel code sections - GMER 1.0.14 ----

? C:\WINDOWS\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process.
? C:\WINDOWS\System32\Drivers\SPTD3325.SYS The process cannot access the file because it is being used by another process.
.text dtscsi.sys!A0DB34FC6FE35D429A28ADDE5467D4D7 F66204F0 16 Bytes [ 6B, 49, 6F, 69, 2D, FD, A8, ... ]
.text dtscsi.sys!A0DB34FC6FE35D429A28ADDE5467D4D7 + 11 F6620501 7 Bytes [ F0, 61, F6, 12, B4, 4A, C7 ]
.text dtscsi.sys!A0DB34FC6FE35D429A28ADDE5467D4D7 + 19 F6620509 23 Bytes [ D8, DD, 86, 98, 86, 2C, 94, ... ]
? C:\WINDOWS\System32\Drivers\dtscsi.sys The process cannot access the file because it is being used by another process.

---- Kernel IAT/EAT - GMER 1.0.14 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F72BDAD2] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F72BDC0E] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F72BDB96] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F72BE76C] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F72BE642] sptd.sys

---- Devices - GMER 1.0.14 ----

Device \FileSystem\Ntfs \Ntfs 86D8D0E8
Device \FileSystem\Fastfat \FatCdrom 866298A0
Device \Driver\dmio \Device\DmControl\DmIoDaemon 86DD9BF8
Device \Driver\dmio \Device\DmControl\DmConfig 86DD9BF8
Device \Driver\dmio \Device\DmControl\DmPnP 86DD9BF8
Device \Driver\dmio \Device\DmControl\DmInfo 86DD9BF8
Device \Driver\00000112 \Device\00000054 sptd.sys
Device \Driver\NetBT \Device\NetBT_Tcpip_{F13C56DC-6F2F-4FC0-B572-357AE40C41A5} 862A87F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 86DD9EB0
Device \Driver\Ftdisk \Device\HarddiskVolume2 86DD9EB0
Device \Driver\Cdrom \Device\CdRom0 86D0CD78
Device \FileSystem\Rdbss \Device\FsWrap 863437F8
Device \Driver\Cdrom \Device\CdRom1 86D0CD78
Device \Driver\Cdrom \Device\CdRom2 86D0CD78
Device \Driver\NetBT \Device\NetBt_Wins_Export 862A87F8
Device \Driver\NetBT \Device\NetbiosSmb 862A87F8
Device \Driver\USBSTOR \Device\00000085 866668A0
Device \Driver\USBSTOR \Device\00000089 866668A0
Device \Driver\Disk \Device\Harddisk0\DR0 86DD93D0
Device \Driver\Disk \Device\Harddisk1\DR1 86DD93D0
Device \Driver\Disk \Device\Harddisk2\DR4 86DD93D0
Device \Driver\Disk \Device\Harddisk2\DP(1)0-0+6 86DD93D0
Device \Driver\Disk \Device\Harddisk3\DR5 86DD93D0
Device \Driver\Disk \Device\Harddisk3\DP(1)0-0+7 86DD93D0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 862F07F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 862F07F8
Device \FileSystem\Npfs \Device\NamedPipe 862CB7F8
Device \Driver\Ftdisk \Device\FtControl 86DD9EB0
Device \Driver\USBSTOR \Device\0000008a 866668A0
Device \FileSystem\Msfs \Device\Mailslot 862D57F8
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port7Path0Target0Lun0 86B6E7B0
Device \Driver\imagedrv \Device\Scsi\imagedrv1 86DD9688
Device \Driver\imagedrv \Device\Scsi\imagedrv1Port6Path0Target0Lun0 86DD9688
Device \Driver\dtscsi \Device\Scsi\dtscsi1 86B6E7B0
Device \FileSystem\Fastfat \Fat 866298A0

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs 865E78A0

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s0 -725480318
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 749779752
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 -1290234405
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xAE 0xF6 0x79 0x4E ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x7B 0xEB 0x2E 0x1C ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x44 0x4F 0x32 0xB8 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xAE 0xF6 0x79 0x4E ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x7B 0xEB 0x2E 0x1C ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x44 0x4F 0x32 0xB8 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xAE 0xF6 0x79 0x4E ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x7B 0xEB 0x2E 0x1C ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x44 0x4F 0x32 0xB8 ...

---- EOF - GMER 1.0.14 ----

[MellowFellow]

I downloaded the RSIT .exe file and tried to run the program. When I hit "Continue" the program starts a "Writing Header" information function but commits some kind of error:

"AutoIt Error:

Error: Incorrect number of paramters in function call."

Not sure if I'm doing something wrong. Sorry it doesn't seem to work. If there's something else I should try, please let me know.

Much appreciated.

[emeraldnzl]

Hmm...try this one:

Download OTViewIt to your desktop.

• Close all windows and open it
• Click Run Scan and let the program run uninterrupted
• It will produce two logs for you, one will pop up called OTViewIt.txt, the other will be saved on your desktop and called Extras. Post both those logs here.
• You may need more than one post to get it all on the forum; that's fine.

[MellowFellow]

Ahhhh, OTViewIt worked! The .txt file is as follows:

OTViewIt logfile created on: 1/14/2009 8:59:29 PM - Run
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\MD\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.41 Mb Total Physical Memory | 389.76 Mb Available Physical Memory | 38.12% Memory free
2.40 Gb Paging File | 1.97 Gb Available in Paging File | 81.89% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 73.93 Gb Free Space | 31.75% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 279.47 Gb Total Space | 31.55 Gb Free Space | 11.29% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive V: | 400.60 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: NIGHTCRAWLER
Current User Name: MD
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2008/09/23 18:53:28 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
[2007/09/17 00:07:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
[2004/02/06 22:56:14 | 00,041,025 | ---- | M] (GEMTEKS) -- C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
[2004/05/04 17:37:00 | 05,208,576 | ---- | M] (Linksys) -- C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
[2008/09/23 18:53:30 | 00,287,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
[2005/09/12 19:25:32 | 00,077,824 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
[2004/11/02 20:24:46 | 00,032,768 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
[2008/06/10 03:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[2006/10/12 20:27:20 | 00,304,640 | ---- | M] (Realtime Soft) -- C:\Program Files\UltraMon\UltraMon.exe
[2008/04/13 16:12:33 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2008/11/27 09:47:08 | 01,261,336 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
[2008/12/03 00:46:45 | 00,185,872 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[2008/12/17 09:10:37 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2009/01/14 20:59:12 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\MD\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2006/01/10 02:01:27 | 00,068,096 | ---- | M] () -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
[2008/09/23 18:53:28 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
[2007/01/03 17:40:21 | 00,136,120 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
[2005/11/14 01:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2007/09/17 00:07:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
[2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2007/03/25 21:58:37 | 01,174,152 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC [Auto | Stopped])
[2006/10/18 19:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [Auto | Stopped])
File not found -- -- (WUSB54Gv4SVC [Auto | Running])

========== Driver Services ==========

[2006/01/12 01:43:10 | 00,019,915 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP [Auto | Running])
[2005/09/12 19:25:26 | 02,319,680 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Running])
[2008/09/23 18:53:39 | 00,097,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
[2008/09/23 18:53:38 | 00,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
[2005/02/01 18:18:38 | 00,017,992 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\bcm42rly.sys -- (BCM42RLY [On_Demand | Stopped])
[2003/11/25 07:50:00 | 00,003,151 | ---- | M] (hiyohiyo) -- C:\Program Files\OCCT\CpuInfo.sys -- (CrystalCpuInfo [On_Demand | Stopped])
[2006/01/05 21:26:22 | 00,223,128 | ---- | M] () -- C:\WINDOWS\system32\drivers\dtscsi.sys -- (dtscsi [On_Demand | Running])
[2005/05/03 07:34:02 | 00,027,392 | ---- | M] (SlySoft, Inc.) -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL [On_Demand | Running])
[2005/04/21 03:40:36 | 00,010,624 | ---- | M] (Elaborate Bytes AG) -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO [Auto | Running])
[2004/10/25 20:02:00 | 00,021,664 | ---- | M] (EnTech Taiwan) -- C:\WINDOWS\system32\drivers\Entech.sys -- (ENTECH [On_Demand | Stopped])
[2009/01/13 21:00:14 | 00,085,969 | ---- | M] (GMER) -- C:\WINDOWS\system32\drivers\gmer.sys -- (gmer [On_Demand | Stopped])
[2004/03/03 21:30:54 | 00,005,504 | ---- | M] (Ahead Software AG) -- C:\WINDOWS\system32\drivers\imagedrv.sys -- (imagedrv [Boot | Running])
[2004/03/03 21:30:54 | 00,125,184 | ---- | M] (Ahead Software AG) -- C:\WINDOWS\system32\drivers\imagesrv.sys -- (imagesrv [Boot | Running])
[2001/08/17 05:51:32 | 00,018,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir [On_Demand | Running])
[2008/04/13 10:39:48 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Running])
[2007/09/17 00:07:00 | 06,853,088 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running])
[2005/09/12 19:26:36 | 00,053,376 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvax.sys -- (nvax [On_Demand | Stopped])
[2005/09/12 19:26:46 | 00,033,536 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD [On_Demand | Running])
[2005/09/12 19:26:46 | 00,012,928 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus [On_Demand | Running])
[2005/09/12 19:26:36 | 00,414,464 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvapu.sys -- (nvnforce [On_Demand | Stopped])
[2004/08/04 04:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2006/09/27 13:53:22 | 00,036,560 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2005/10/19 23:00:04 | 00,243,328 | R--- | M] (Ralink Technology Inc.) -- C:\WINDOWS\system32\drivers\RT2500.sys -- (RT2500 [On_Demand | Stopped])
[2007/01/19 23:11:07 | 00,031,644 | ---- | M] (PowerISO Computing, Inc.) -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu [System | Running])
[2007/11/13 02:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2006/01/05 21:15:14 | 00,664,064 | ---- | M] () -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd [Boot | Running])
[2007/02/15 13:14:28 | 00,019,840 | ---- | M] (Generic) -- C:\WINDOWS\system32\drivers\StMp3Rec.sys -- (StMp3Rec [On_Demand | Stopped])
[2006/01/06 14:33:51 | 00,010,344 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd [Auto | Running])
[2006/09/24 20:23:14 | 00,003,584 | ---- | M] (Realtime Soft) -- C:\WINDOWS\system32\drivers\UltraMonMirror.sys -- (UltraMonMirror [On_Demand | Running])
[2006/09/24 20:22:52 | 00,011,776 | ---- | M] (Realtime Soft) -- C:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys -- (UltraMonUtility [Auto | Running])
[2002/11/02 16:40:06 | 00,090,496 | R--- | M] (ATMEL) -- C:\WINDOWS\system32\drivers\WLUSBXP2.sys -- (USBFVNETR [On_Demand | Stopped])
[2004/08/04 04:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys -- (WS2IFSL [System | Running])
[2004/05/04 17:25:00 | 00,239,488 | R--- | M] (Ralink Technology Inc.) -- C:\WINDOWS\system32\drivers\rt2500usb.sys -- (WUSB54GPV4SRV [On_Demand | Stopped])
[2004/08/19 07:21:00 | 00,189,568 | ---- | M] (Marvell) -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp [On_Demand | Stopped])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
"provider"=

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

========== (O1) Hosts File ==========

HOSTS File = (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{3049C3E9-B461-4BC5-8870-4C09146192CA} (HKLM) -- C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (HKLM) -- C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
{A057A204-BACC-4D26-9990-79A187E2698E} (HKLM) -- C:\Program Files\AVG\AVG8\avgtoolbar.dll (AVG, Technologies CZ, s.r.o )

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{A057A204-BACC-4D26-9990-79A187E2698E}" (HKLM) -- C:\Program Files\AVG\AVG8\avgtoolbar.dll (AVG, Technologies CZ, s.r.o )

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{C4069E3A-68F1-403E-B40E-20066696354B}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
"{A057A204-BACC-4D26-9990-79A187E2698E}" (HKLM) -- C:\Program Files\AVG\AVG8\avgtoolbar.dll (AVG, Technologies CZ, s.r.o )

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s (SlySoft, Inc.)
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\\nTune.exe" clear (NVIDIA)
"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
"NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" (NVIDIA Corporation)
"nwiz"=nwiz.exe /install ()
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" (Cyberlink Corp.)
"SoundMan"=SOUNDMAN.EXE (Realtek Semiconductor Corp.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.)
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
"UltraMon"="C:\Program Files\UltraMon\UltraMon.exe" /auto (Realtime Soft)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1 (Adobe Systems Incorporated)

========== (O4) Startup Folders ==========

[1999/11/04 15:06:48 | 00,113,664 | ---- | M] (Adobe Systems, Inc.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
[2005/09/23 22:05:26 | 00,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableRegistryTools"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2003/08/13 02:34:38 | 10,073,144 | ---- | M] (Microsoft Corporation)

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [2008/06/10 03:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [2003/07/14 22:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
{B13B4423-2647-4cfc-A4B3-C7D56CB83487}: Button: Share in Hello -- %ProgramFiles%\Hello\PicasaCapture.dll [2005/01/11 18:09:26 | 00,303,104 | ---- | M] (Picasa, Inc.)
{B13B4423-2647-4cfc-A4B3-C7D56CB83487}: Menu: Share in H&ello -- %ProgramFiles%\Hello\PicasaCapture.dll [2005/01/11 18:09:26 | 00,303,104 | ---- | M] (Picasa, Inc.)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008/04/13 10:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 16:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 16:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> [2008/06/10 03:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{461CC20B-FB6E-4f16-8FE8-C29359DB100E} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/14 22:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\{B13B4423-2647-4cfc-A4B3-C7D56CB83487} [HKLM] -> %ProgramFiles%\Hello\PicasaCapture.dll [IECmdExecute Class] -> [2005/01/11 18:09:26 | 00,303,104 | ---- | M] (Picasa, Inc.)
CmdMapping\\{D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 10:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 16:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.micro...d...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{238F6F83-B8B4-11CF-8771-00A024541EE3}: https://desktop.pill...ca32/wficat.cab -- Citrix ICA Client
{7F8C8173-AD80-4807-AA75-5672F22B4582}: http://download.zone...anner371420.cab -- ICSScanner Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}: http://java.sun.com/...indows-i586.cab -- Java Plug-in 1.5.0_06
{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}: http://java.sun.com/...indows-i586.cab -- Java Plug-in 1.5.0_11
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}: http://java.sun.com/...indows-i586.cab -- Java Plug-in 1.6.0_01
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}: http://java.sun.com/...indows-i586.cab -- Java Plug-in 1.6.0_03
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}: http://java.sun.com/...indows-i586.cab -- Java Plug-in 1.6.0_05
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/...indows-i586.cab -- Java Plug-in 1.6.0_07
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload.ma...ash/swflash.cab -- Shockwave Flash Object

========== (O17) DNS Name Servers ==========

{1D518D19-F9C8-45FA-A495-7A3292CB9A16} (Servers: | Description: Compex iWavePort WLU11A Mod2)
{3AA7DD55-83CE-4C3A-82ED-F845AEEAEE63} (Servers: | Description: Marvell Yukon 88E8001/8003/8010 PCI Gigabit Ethernet Controller)
{684C85FE-D5EF-40A8-A7AD-F34BD6637623} (Servers: | Description: Linksys Wireless-G PCI Adapter)
{9B22FA66-3812-4B36-88C7-DC43A1EC6AC0} (Servers: | Description: 1394 Net Adapter)
{B4D893FF-E36A-47EA-AE79-929083227F37} (Servers: | Description: Linksys Wireless-G USB Network Adapter)
{F13C56DC-6F2F-4FC0-B572-357AE40C41A5} (Servers: | Description: )

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2006/01/04 22:20:36 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

AUTORUN.INF [[autorun] | OPEN=SETUP.EXE /AUTORUN | ICON=SETUP.EXE,1 | | shell\configure=&Configure... | shell\configure\command=SETUP.EXE | | shell\install=&Install... | shell\install\command=SETUP.EXE | ]
[2003/08/14 18:13:50 | 00,000,184 | RH-- | M] () -- V:\AUTORUN.INF -- [ CDFS ]


========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4df0b066-a7bf-11da-8d4f-000129d3cb90}\Shell\AutoRun\command]
""=D:\setupSNK.exe -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{74d07948-7db8-11da-94a6-806d6172696f}\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{74d07948-7db8-11da-94a6-806d6172696f}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{74d07948-7db8-11da-94a6-806d6172696f}\Shell\AutoRun\command]
""=D:\SETUP.EXE -- File not found

========== Files/Folders - Created Within 30 Days ==========

[4 C:\WINDOWS\*.tmp files]
[2009/01/14 20:48:40 | 00,422,912 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\MD\Desktop\OTViewIt.exe
[2009/01/13 21:17:50 | 00,000,000 | ---D | C] -- C:\rsit
[2009/01/13 21:17:37 | 00,781,851 | ---- | C] () -- C:\Documents and Settings\MD\Desktop\RSIT.exe
[2009/01/13 21:00:15 | 00,000,250 | ---- | C] () -- C:\WINDOWS\gmer.ini
[2009/01/13 21:00:14 | 00,884,736 | ---- | C] () -- C:\WINDOWS\gmer.dll
[2009/01/13 21:00:14 | 00,811,008 | ---- | C] () -- C:\WINDOWS\gmer.exe
[2009/01/13 21:00:14 | 00,085,969 | ---- | C] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2009/01/13 21:00:14 | 00,000,080 | ---- | C] () -- C:\WINDOWS\gmer_uninstall.cmd
[2009/01/13 20:59:57 | 00,811,008 | ---- | C] () -- C:\Documents and Settings\MD\Desktop\gmer.exe
[2009/01/07 00:11:06 | 04,557,944 | ---- | C] (W3i, LLC) -- C:\Documents and Settings\MD\Desktop\ffdshow.exe
[2009/01/06 23:26:11 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/01/06 23:26:11 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/01/06 23:26:08 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/01/06 23:26:07 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/01/06 23:15:28 | 02,697,296 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\MD\Desktop\mbam-setup.exe
[2009/01/06 23:11:07 | 00,000,000 | ---D | C] -- C:\BACKUP REGISTRY
[2009/01/06 23:10:28 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\MD\Desktop\NTREGOPT.lnk
[2009/01/06 23:10:27 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\MD\Desktop\ERUNT.lnk
[2009/01/06 23:10:23 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/01/06 23:09:42 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\MD\Desktop\erunt_setup.exe
[2009/01/06 23:09:10 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/01/06 23:03:39 | 00,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\MD\Desktop\HiJackThis.exe
[2009/01/06 22:42:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2009/01/06 22:38:23 | 00,000,000 | ---D | C] -- C:\ComboFix
[2009/01/06 21:50:01 | 00,000,000 | ---D | C] -- C:\SAV32CLI
[2009/01/06 21:40:02 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/01/06 21:39:59 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/01/06 21:39:54 | 00,000,000 | ---D | C] -- C:\cmdcons
[2009/01/06 21:39:00 | 00,028,672 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/01/06 21:38:59 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/01/06 21:38:59 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/01/06 21:38:59 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/01/06 21:38:59 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/01/06 21:38:59 | 00,089,504 | ---- | C] (Smallfrogs Studio) -- C:\WINDOWS\fdsv.exe
[2009/01/06 21:38:59 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/01/06 21:38:59 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/01/06 21:38:59 | 00,049,152 | ---- | C] () -- C:\WINDOWS\VFIND.exe
[2009/01/06 20:13:20 | 00,000,000 | ---D | C] -- C:\SDFix
[2009/01/06 20:13:07 | 01,529,241 | ---- | C] () -- C:\SDFix.exe
[2009/01/06 19:46:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/01/06 19:46:42 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/01/06 19:41:07 | 02,911,074 | R--- | C] () -- C:\Documents and Settings\MD\Desktop\ComboFix.exe
[2009/01/06 19:37:50 | 00,000,000 | ---D | C] -- C:\RESTORE
[2009/01/06 19:25:53 | 00,002,026 | ---- | C] () -- C:\VArestorepolicies.inf
[2009/01/06 19:24:27 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2009/01/06 19:24:12 | 05,824,544 | ---- | C] () -- C:\Documents and Settings\MD\Desktop\SUPERAntiSpyware.exe
[2009/01/06 19:20:29 | 00,000,724 | ---- | C] () -- C:\Documents and Settings\MD\Desktop\Firefox.lnk
[2008/12/21 13:24:28 | 05,790,043 | ---- | C] () -- C:\Documents and Settings\MD\Desktop\Zoom.Player.Home.MAX.v6.00_CRKEXE.rar
[2008/12/17 13:05:26 | 00,000,000 | ---D | C] -- C:\spoolerlogs

========== Files - Modified Within 30 Days ==========

[3 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2009/01/14 20:59:12 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\MD\Desktop\OTViewIt.exe
[2009/01/14 02:55:39 | 31,971,582 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/01/13 21:47:36 | 00,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/01/13 21:47:25 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/01/13 21:17:37 | 00,781,851 | ---- | M] () -- C:\Documents and Settings\MD\Desktop\RSIT.exe
[2009/01/13 21:00:15 | 00,000,250 | ---- | M] () -- C:\WINDOWS\gmer.ini
[2009/01/13 21:00:14 | 00,884,736 | ---- | M] () -- C:\WINDOWS\gmer.dll
[2009/01/13 21:00:14 | 00,085,969 | ---- | M] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2009/01/13 21:00:14 | 00,000,080 | ---- | M] () -- C:\WINDOWS\gmer_uninstall.cmd
[2009/01/13 20:46:12 | 00,050,725 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/01/07 00:11:07 | 04,557,944 | ---- | M] (W3i, LLC) -- C:\Documents and Settings\MD\Desktop\ffdshow.exe
[2009/01/06 23:26:11 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/01/06 23:15:30 | 02,697,296 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\MD\Desktop\mbam-setup.exe
[2009/01/06 23:10:28 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\MD\Desktop\NTREGOPT.lnk
[2009/01/06 23:10:27 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\MD\Desktop\ERUNT.lnk
[2009/01/06 23:09:42 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\MD\Desktop\erunt_setup.exe
[2009/01/06 23:03:39 | 00,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\MD\Desktop\HiJackThis.exe
[2009/01/06 22:40:47 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/01/06 21:40:02 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/01/06 21:38:37 | 02,911,074 | R--- | M] () -- C:\Documents and Settings\MD\Desktop\ComboFix.exe
[2009/01/06 21:29:57 | 00,096,384 | ---- | M] () -- C:\WINDOWS\System32\drivers\sptd3325.sys
[2009/01/06 20:13:10 | 01,529,241 | ---- | M] () -- C:\SDFix.exe
[2009/01/06 19:24:18 | 05,824,544 | ---- | M] () -- C:\Documents and Settings\MD\Desktop\SUPERAntiSpyware.exe
[2009/01/06 19:21:19 | 00,000,724 | ---- | M] () -- C:\Documents and Settings\MD\Desktop\Firefox.lnk
[2009/01/05 13:48:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/01/04 18:41:24 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/01/04 18:41:20 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/01/03 13:40:39 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/12/22 09:21:15 | 00,368,010 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2008/12/21 13:26:53 | 05,790,043 | ---- | M] () -- C:\Documents and Settings\MD\Desktop\Zoom.Player.Home.MAX.v6.00_CRKEXE.rar
< End of report >


---------------------Extras.txt file is in the next post.

[MellowFellow]

The Extras.txt file is as follows:

OTViewIt Extras logfile created on: 1/14/2009 8:59:29 PM - Run
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\MD\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.41 Mb Total Physical Memory | 389.76 Mb Available Physical Memory | 38.12% Memory free
2.40 Gb Paging File | 1.97 Gb Available in Paging File | 81.89% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 73.93 Gb Free Space | 31.75% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 279.47 Gb Total Space | 31.55 Gb Free Space | 11.29% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive V: | 400.60 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: NIGHTCRAWLER
Current User Name: MD
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=1
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=1
"DisableNotifications"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/13 16:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/04/13 10:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/13 16:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/03/22 23:58:09 | 00,106,496 | ---- | M] () -- C:\Program Files\Steam\SteamApps\mellowfellow\counter-strike source\hl2.exe:*:Enabled:hl2
[2006/01/05 10:57:58 | 04,666,928 | ---- | M] (SmartFTP GmbH) -- C:\Program Files\SmartFTP Client 2.0\SmartFTP.exe:*:Enabled:SmartFTP Client 2.0
[2008/12/17 09:10:37 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox
[2007/04/16 09:47:34 | 00,148,384 | ---- | M] (Azureus, Inc) -- C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus
[2008/04/13 10:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008/09/23 18:53:29 | 00,641,304 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe
[2008/10/22 04:30:37 | 00,270,128 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]
[2003/07/11 02:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]
[2008/09/23 18:53:34 | 00,079,128 | ---- | M] (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG8\avgpp.dll (linkscanner:{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} (HKLM) [XPLPPFilter Class])
msdaipp: [HKLM - No CLSID value]
[2003/07/11 02:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]
[2003/07/11 02:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]
[2003/08/04 13:19:34 | 07,330,360 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (mso-offdap:{3D9F03FA-7A94-11D3-BE81-0050048385D1} (HKLM) [Data Page Pluggable Protocol mso-offdap Handler])
[2003/08/01 15:09:04 | 08,086,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} (HKLM) [Data Page Plugable Protocal mso-offdap11 Handler])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2003/07/14 22:45:12 | 00,039,488 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL text/xml:{807553E5-5146-11D5-A672-00B0D022E945} (HKLM) [Reg Error: Value does not exist or could not be read.]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{004B0DCB-4C60-465B-8F01-44B0A4111187}"=SlingPlayer
"{01ADCF35-18EE-4346-A536-FE45B94F778A}"=COWON iAUDIO U2 Digital Audio Player
"{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}"=Symantec KB-DocID:2003093015493306
"{2624B680-02BC-4CBC-839C-DA20DF6EF6EC}"=Citrix Presentation Server Client
"{2DF7B278-D3B6-40A4-B25C-0E7149F439EA}"=3DMark05
"{3248F0A8-6813-11D6-A77B-00B0D0150060}"=J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150110}"=J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}"=Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160030}"=Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}"=Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{3B0F52AC-EF5C-4831-B221-06C782E41280}"=Quicken 2008
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}"=Windows Genuine Advantage v1.3.0254.0
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}"=PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}"=Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}"=Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}"=NVIDIA nTune
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}"=Microsoft Silverlight
"{8DC42D05-680B-41B0-8878-6C14D24602DB}"=QuickTime
"{90110409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Professional Edition 2003
"{AC76BA86-7AD7-1033-7B44-A70000000000}"=Adobe Reader 7.0.7
"{C169D3BB-9A27-43F5-9979-09A0D65FE95C}"=SmartFTP Client 2.0
"{C7EEF2B9-8C16-4A04-B98D-B1A952A47E55}"=Linksys Wireless-G USB Network Adapter
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}"=Marvell Miniport Driver
"{D7A6C517-11F2-419F-B5BB-27772B939698}"=NvMixer
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}"=AnswerWorks 5.0 English Runtime
"{E67FF1A2-23C1-4102-84E9-42115F77AD32}"=UltraMon
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}"=Adobe Photoshop CS
"{FB08F381-6533-4108-B7DD-039E11FBC27E}"=Realtek AC'97 Audio
"Active Desktop Calendar"=Active Desktop Calendar
"Adobe Flash Player Plugin"=Adobe Flash Player 10 Plugin
"Adobe Shockwave Player"=Adobe Shockwave Player 11
"AV Music Morpher Gold"=AV Music Morpher Gold
"AVG8Uninstall"=AVG Free 8.0
"Azureus Vuze"=Azureus Vuze
"CDex"=CDex extraction audio
"Citrix ICA Web Client"=MetaFrame Presentation Server Web Client for Win32
"CloneCD"=CloneCD
"ERUNT_is1"=ERUNT 1.1j
"EVEREST Home Edition_is1"=EVEREST Home Edition v2.20
"FLAC"=FLAC 1.2.0a (remove only)
"Guild Wars"=Guild Wars
"HijackThis"=HijackThis 2.0.2
"InstallShield_{004B0DCB-4C60-465B-8F01-44B0A4111187}"=SlingPlayer
"InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}"=NVIDIA nTune
"KLiteCodecPack_is1"=K-Lite Codec Pack 3.1.0 Full
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"MLUpdater"=iRiver Updater
"Mozilla Firefox (3.0.5)"=Mozilla Firefox (3.0.5)
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Music Assistant"=MSN Music Assistant
"Nero - Burning Rom!UninstallKey"=Nero 6 Enterprise Edition
"NVIDIA Drivers"=NVIDIA Drivers
"OCCT_is1"=OCCT v0.91
"Picasa2"=Picasa 2
"PicasaNet"=Hello (remove only)
"PowerISO"=PowerISO
"RealPlayer 6.0"=RealPlayer
"ShockwaveFlash"=Macromedia Flash Player 8
"SmartFTP Client 2.0 Setup Files"=SmartFTP Client 2.0 Setup Files (remove only)
"Steam App 220"=Half-Life 2
"Steam App 340"=Half-Life 2: Lost Coast
"Steam App 3483"=Peggle Extreme
"Steam App 380"=Half-Life 2: Episode One
"Steam App 400"=Portal
"Steam App 420"=Half-Life 2: Episode Two
"Steam App 440"=Team Fortress 2
"Steam™"=Steam™
"VobSub"=VobSub v2.23 (Remove Only)
"Winamp"=Winamp
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"Windows XP Service Pack"=Windows XP Service Pack 3
"WinRAR archiver"=WinRAR archiver
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent"=µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/14/2009 1:47:30 AM | Computer Name = NIGHTCRAWLER | Source = Userenv | ID = 1500
Description = Windows cannot log you on because your profile cannot be loaded. Check
that you are connected to the network, or that your network is functioning correctly.
If this problem persists, contact your network administrator. DETAIL - Access is
denied.

Error - 1/14/2009 1:47:40 AM | Computer Name = NIGHTCRAWLER | Source = Userenv | ID = 1500
Description = Windows cannot log you on because your profile cannot be loaded. Check
that you are connected to the network, or that your network is functioning correctly.
If this problem persists, contact your network administrator. DETAIL - Access is
denied.

Error - 1/14/2009 1:47:43 AM | Computer Name = NIGHTCRAWLER | Source = Userenv | ID = 1500
Description = Windows cannot log you on because your profile cannot be loaded. Check
that you are connected to the network, or that your network is functioning correctly.
If this problem persists, contact your network administrator. DETAIL - Access is
denied.

Error - 1/14/2009 1:47:44 AM | Computer Name = NIGHTCRAWLER | Source = Userenv | ID = 1500
Description = Windows cannot log you on because your profile cannot be loaded. Check
that you are connected to the network, or that your network is functioning correctly.
If this problem persists, contact your network administrator. DETAIL - Access is
denied.

Error - 1/14/2009 1:55:29 AM | Computer Name = NIGHTCRAWLER | Source = Userenv | ID = 1500
Description = Windows cannot log you on because your profile cannot be loaded. Check
that you are connected to the network, or that your network is functioning correctly.
If this problem persists, contact your network administrator. DETAIL - Access is
denied.

Error - 1/14/2009 1:55:29 AM | Computer Name = NIGHTCRAWLER | Source = Userenv | ID = 1500
Description = Windows cannot log you on because your profile cannot be loaded. Check
that you are connected to the network, or that your network is functioning correctly.
If this problem persists, contact your network administrator. DETAIL - Access is
denied.

Error - 1/14/2009 2:16:23 AM | Computer Name = NIGHTCRAWLER | Source = Userenv | ID = 1500
Description = Windows cannot log you on because your profile cannot be loaded. Check
that you are connected to the network, or that your network is functioning correctly.
If this problem persists, contact your network administrator. DETAIL - Access is
denied.

Error - 1/14/2009 2:16:23 AM | Computer Name = NIGHTCRAWLER | Source = Userenv | ID = 1500
Description = Windows cannot log you on because your profile cannot be loaded. Check
that you are connected to the network, or that your network is functioning correctly.
If this problem persists, contact your network administrator. DETAIL - Access is
denied.

Error - 1/14/2009 2:16:23 AM | Computer Name = NIGHTCRAWLER | Source = Userenv | ID = 1500
Description = Windows cannot log you on because your profile cannot be loaded. Check
that you are connected to the network, or that your network is functioning correctly.
If this problem persists, contact your network administrator. DETAIL - Access is
denied.

Error - 1/14/2009 2:31:55 AM | Computer Name = NIGHTCRAWLER | Source = Userenv | ID = 1500
Description = Windows cannot log you on because your profile cannot be loaded. Check
that you are connected to the network, or that your network is functioning correctly.
If this problem persists, contact your network administrator. DETAIL - Access is
denied.

[ System Events ]
Error - 1/2/2009 6:03:12 AM | Computer Name = NIGHTCRAWLER | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume C:.

Error - 1/4/2009 2:33:15 AM | Computer Name = NIGHTCRAWLER | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume C:.

Error - 1/6/2009 11:28:18 PM | Computer Name = NIGHTCRAWLER | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume C:.

Error - 1/6/2009 11:42:03 PM | Computer Name = NIGHTCRAWLER | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume C:.

Error - 1/7/2009 1:51:32 AM | Computer Name = NIGHTCRAWLER | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume C:.

Error - 1/7/2009 4:09:33 AM | Computer Name = NIGHTCRAWLER | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume C:.

Error - 1/8/2009 3:38:37 AM | Computer Name = NIGHTCRAWLER | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume C:.

Error - 1/13/2009 1:57:13 AM | Computer Name = NIGHTCRAWLER | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume C:.

Error - 1/14/2009 1:40:50 AM | Computer Name = NIGHTCRAWLER | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume C:.

Error - 1/14/2009 2:29:16 AM | Computer Name = NIGHTCRAWLER | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume C:.


< End of report >


----------------


Thanks again for your help. Let me know if you need anything else.

[emeraldnzl]

Hello MellowFellow,

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zone...anner371420.cab

Close all windows other than HiJackThis, then click Fix Checked.

Close HiJackThis.

Now

Please download the OTMoveIt3 by OldTimer.

• Save it to your desktop.
• Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
• Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  

  :processes
  explorer.exe
  
  :reg
  [-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4df0b066-a7bf-11da-8d4f-000129d3cb90}\Shell\AutoRun\command]
  [-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{74d07948-7db8-11da-94a6-806d6172696f}\Shell]
  [-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{74d07948-7db8-11da-94a6-806d6172696f}\Shell\AutoRun]
  [-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{74d07948-7db8-11da-94a6-806d6172696f}\Shell\AutoRun\command]
  
  :commands
  [purity]
  [emptytemp]
  [start explorer]
  [Reboot]

• Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  
• Click the red Moveit! button.
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
• Close OTMoveIt3

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Next

Please run chkdsk.

Go to Windows XP chkdsk for some helpful instructions.

When you return please post

• OTMoveIt3 log report
• a new HijackThis log

[MellowFellow]

I'm about to do the step that uses OTMoveIt3.exe.

I cannot, however, paste the code into the box. The cut and paste commands don't work either by hot key and right click. (that sneaky malware/virus/trogan/evilsonofabiyach)

Any ideas on a work around? I'm willing to type it in, if necessary, but it looks like this changes stuff in the registry and I thought I'd check and see if you had any better ideas before I tried to accurately type in a long, seemingly random series of strings of numbers, letters, dashes, and symbols.

If typing it in is what it takes, I'll just have to make sure I get it right the first time.

[emeraldnzl]

Lets try repairing a few things and see if that helps.

Have you run chkdsk?

If not do that and then do this:

Please run System File Checker, to make sure your protected files are not corrupt.

The scan will automatically replace any corrupt files that it finds.

Click Start
Select Run
At the prompt type sfc /scannow Please note that there is a single space between sfc and /scannow.

Typing this will start the program, and a box should appear telling you how much longer the process should take.

Sometimes the scan will prompt you for your Windows XP disc upon starting the scan. if this happens please make sure that you can view protected files:
My Computer
Tools
Folder Options
View
"Uncheck" Hide protected operating system files.

Then rerun the scan. If this still asks you to put in your windows XP CD, and you do not have the CD (If you bought it preinstalled) post back for more tips, otherwise enter Windows CD.

Once the scan is complete:

Check your Windows Updates! After using the File Protection Service, you might need to reapply some updates.

Please reboot, and let me know if anything has changed.

Also, please rehide the protected files:
My Computer
Tools
Folder Options
View
"Check" Hide protected operating system files.

[MellowFellow]

I ran chkdsk, but I can't get to the "Run" because I don't have a "Start" button.

Can I run the command using the command prompt that comes up with the "cmd.exe" file in the "WINDOWS/system32" folder?

Sorry this is so complicated.

[emeraldnzl]

Hello again MellowFellow,

Would you try this then to run it manually.

You can manually run the chkdsk command to check for problems.

To do this:

*Click Start, select Run,

Then type cmd in the box; to get to the Command Prompt utility

*Click Ok

*Run the chkdsk utility by typing in the following command:

chkdsk c:

..or

chkdsk c: /f /r

NOTE: The /f command automatically fixes any errors encountered, the /r command locates bad sectors and recovers readable information.

[MellowFellow]

I'm sorry, but I should have clarified.


I was able to run chkdsk. The system rebooted and completed the process.

I was not, however, able to get to the next step of running "System File Checker" or this portion of your instructions:

>>Please run System File Checker, to make sure your protected files are not corrupt.

>>The scan will automatically replace any corrupt files that it finds.

>>Click Start
>>Select Run
>>At the prompt type sfc /scannow Please note that there is a single space between sfc and /scannow.

>>Typing this will start the program, and a box should appear telling you how much longer the process should take.

The reason I cannot run "System File Checker" is because the trojan/virus/whatever has removed my taskbar and my "Start" button. The only way I know how to get to the "Run" function is through the "Start" button.

In order to run "System File Checker" I need to get to the "Run" function in some way other than the "Start" button.

Hopefully this all makes sense.

Again, sorry this is so complicated. If I could find the person who got me in this mess, I would punch them in the kidneys. A lot.

[emeraldnzl]

Hi MellowFellow,

Again, sorry this is so complicated.

No problem. We have some other options.

Lets see if this one will work.

Please run System File Checker, to make sure your protected files are not corrupt.

The scan will automatically replace any corrupt files that it finds.

Click Start
Select Run
At the prompt type sfc /scannow Please note that there is a single space between sfc and /scannow.

Typing this will start the program, and a box should appear telling you how much longer the process should take.

Sometimes the scan will prompt you for your Windows XP disc upon starting the scan. if this happens please make sure that you can view protected files:
My Computer
Tools
Folder Options
View
"Uncheck" Hide protected operating system files.

Then rerun the scan. If this still asks you to put in your windows XP CD, and you do not have the CD (If you bought it preinstalled) post back for more tips, otherwise enter Windows CD.

Once the scan is complete:

Check your Windows Updates! After using the File Protection Service, you might need to reapply some updates.

Please reboot, and let me know if anything has changed.

Also, please rehide the protected files:
My Computer
Tools
Folder Options
View
"Check" Hide protected operating system files.

[MellowFellow]

Okay, I ran "OTMoveIt3". This the the log file:

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4df0b066-a7bf-11da-8d4f-000129d3cb90}\Shell\AutoRun\command\\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{74d07948-7db8-11da-94a6-806d6172696f}Shell\\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{74d07948-7db8-11da-94a6-806d6172696f}\Shell\Autorun\\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{74d07948-7db8-11da-94a6-806d6172696f}\Shell\AutoRun\command\\ not found.
========== COMMANDS ==========
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\MD\Local Settings\Application Data\Mozilla\Firefox\Profiles\7af5dtmr.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\MD\Local Settings\Application Data\Mozilla\Firefox\Profiles\7af5dtmr.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\MD\Local Settings\Application Data\Mozilla\Firefox\Profiles\7af5dtmr.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\MD\Local Settings\Application Data\Mozilla\Firefox\Profiles\7af5dtmr.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\MD\Local Settings\Application Data\Mozilla\Firefox\Profiles\7af5dtmr.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\MD\Local Settings\Application Data\Mozilla\Firefox\Profiles\7af5dtmr.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01162009_205331

Files moved on Reboot...
C:\Documents and Settings\MD\Local Settings\Application Data\Mozilla\Firefox\Profiles\7af5dtmr.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\MD\Local Settings\Application Data\Mozilla\Firefox\Profiles\7af5dtmr.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\MD\Local Settings\Application Data\Mozilla\Firefox\Profiles\7af5dtmr.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\MD\Local Settings\Application Data\Mozilla\Firefox\Profiles\7af5dtmr.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\MD\Local Settings\Application Data\Mozilla\Firefox\Profiles\7af5dtmr.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\MD\Local Settings\Application Data\Mozilla\Firefox\Profiles\7af5dtmr.default\XUL.mfl moved successfully.

--------------------

I need to run "chkdsk" next, then a new "HijackThis" log. That will come in the next post.