Might need you guys again. I think I ran some crap I shouldn't have and Search and Destroy is going fruity. Here is the hijack log.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:18:52 PM, on 11/10/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\BMExtreme\BMExtreme.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\CyberLink\Shared Files\brs.exe
C:\Program Files\FlashGet\flashget.exe
C:\Windows\System32\CtHelper.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Windows\SOUNDMAN.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Chameleon Clock\ChamClock.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\wdisplay\WeatherD.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Easy Ejector\cdeject.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Windows\ehome\ehtray.exe
C:\Users\Kamakzie\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\SnapStream Media\Beyond TV\BTVAgent2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\WUHU\WUHU.exe
C:\Program Files\BORGChat\BORGChat.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\SnapStream Media\Beyond TV\BTVSettingsService.exe
C:\Program Files\SnapStream Media\Beyond TV\BTVTaskManagerService.exe
C:\Program Files\SnapStream Media\Beyond TV\BTVNetworkService.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\SnapStream Media\Beyond TV\BTVSchedulerService.exe
C:\Program Files\SnapStream Media\Beyond TV\BTVRecordingEngine.exe
C:\Program Files\SnapStream Media\Beyond TV\BTVRecordingEngine.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\ircN\SYSTEM\mirc.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\SnapStream Media\Beyond TV\BTVD3DShell.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\OBroker.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\SnapStream Media\Beyond TV\BTVRecordingEngine.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O2 - BHO: (no name) - {2B9B3748-46B0-4898-809A-99551708C983} - C:\Windows\system32\mlJCvTlk.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: CitiUS Shared Browser Helper Object - {387EDF53-1CF2-4523-BC2F-13462651BE8C} - C:\Program Files\Virtual Account Numbers\BhoCitUS.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AD204A12-B816-4AE3-A331-EB98CA9368E2} - C:\Windows\system32\yayyvwUm.dll (file missing)
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [BMExtreme] "C:\Program Files\BMExtreme\BMExtreme.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] "C:\Program Files\Cyberlink\Shared Files\brs.exe"
O4 - HKLM\..\Run: [Flashget] "C:\Program Files\FlashGet\FlashGet.exe" /min
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [Citi Virtual Account Numbers] "C:\PROGRA~1\VIRTUA~1\CitiVAN.exe" /lang=en_RG /dontopenmycards
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SweetIM] "C:\Program Files\SweetIM\Messenger\SweetIM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AppleSyncNotifier] "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\fccCUkkI.dll,#1
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [HomeAlarm] "C:\Program Files\Chameleon Clock\ChamClock.exe"
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [Delphi 3#Autostart] "C:\wdisplay\WeatherD.exe"
O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [cdeject] "C:\Program Files\Easy Ejector\cdeject.exe" /tray
O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Kamakzie\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Messenger (Yahoo!)] ~"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'Default user')
O4 - Startup: BORGChat.lnk = C:\Program Files\BORGChat\BORGChat.exe
O4 - Global Startup: Alt.Binz.lnk = C:\Program Files\AltBinz\altbinz.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: Beyond TV.lnk = C:\Program Files\SnapStream Media\Beyond TV\BTVAgent2.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: WUHU Weather.lnk = C:\Program Files\WUHU\WUHU.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll
O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Virtual Account Numbers - {DE700910-58F7-4D2E-B7E6-3BA2DA1B6806} - C:\PROGRA~1\VIRTUA~1\CitiVAN.exe
O9 - Extra button: Loki - {71723167-B414-4a79-81D6-ACA7B85BB52E} - C:\Program Files\Skyhook Wireless\Loki\LokiPlugin.dll (HKCU)
O13 - Gopher Prefix:
O15 - Trusted Zone: http://*.mlb.com
O15 - Trusted Zone: http://www.time.gov
O15 - Trusted IP range: http://24.236.250.155
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {C32FE9F1-A857-48B0-B7BF-065B5792F28D} (CAxMP4Dec Class) - http://24.236.250.155:8085/activex/decoder...l_mpeg4_dec.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shock...ash/swflash.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://24.236.250.155:8085/activex/AMC.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - AppInit_DLLs: qnbshz.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Chameleon Clock Set Time for Vista (ChamClock Set Time Service for Vista) - Unknown owner - C:\Program Files\Chameleon Clock\settime.exe
O23 - Service: CLHNService3 - Unknown owner - C:\Program Files\DirecTV\DirecTV\Kernel\DMP\CLHNService.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional Home XII.SP2c\RpcAgentSrv.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\winvnc4.exe

--
End of file - 16966 bytes

Hello Kamakzie

Welcome to BleepingComputer
========================
Before running a new scan let's clean out the temporary folders.

Download ATF Cleaner to your Desktop.

• Double-click ATF-Cleaner.exe to run the program.
• Click Select All found at the bottom of the list.
• Click the Empty Selected button.

If you use Firefox browser, do this also:

• Click Firefox at the top and choose Select All from the list.
• Click the Empty Selected button.
• NOTE : If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser, do this also:

• Click Opera at the top and choose Select All from the list.
• Close ALL Internet browsers (very important).
• Click the Empty Selected button.
• NOTE : If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
===========================================
Download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.

• Close ALL OTHER PROGRAMS.
• Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
• In the Drivers section click on Non-Microsoft.
• Under Additional Scans click the checkboxes in front of the following items to select them:
  Reg - BotCheck
  File - Additional Folder Scans
  FIle - Lop check
  File - Purity Scan
  Under Basic scans:
  Rootkit Search -Yes
  Drivers -Non Microsoft
  
• Do not change any other settings.
• Now click the Run Scan button on the toolbar.
• Let it run unhindered until it finishes.
• When the scan is complete Notepad will open with the report file loaded in it.
• Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Use the Add Reply button and Attach the information back here. I will review it when it comes in.

Crap it was too big to attach here. Any suggestions? Its 765k.

Click Here to upload the file please.

Thanks file submitted.

Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the Run Fix button.



The fix should only take a very short time. When the fix is completed either a message box will popup telling you that it is finished or you will be asked to reboot to finish the fix. If it is finished, click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here.
If a reboot is required, click the "Yes" button to reboot the machine. After the reboot, OTScanIt will finish moving any files that could not be moved during the fix and NotePad will open with the final results at that time. Post that information back here.
I will review the information when it comes back in.
Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.
=================================================
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.
============
Then:

• Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
• Double click on RSIT.exe to run RSIT.
• Click Continue at the disclaimer screen.
• Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Spybot S&D is trying to block some things.

Here is the info the other program spit out after I ran it.


Explorer killed successfully
[Registry - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\MSServer deleted successfully.
DllUnregisterServer procedure not found in C:\Windows\System32\fccCUkkI.dll
C:\Windows\System32\fccCUkkI.dll NOT unregistered.
File move failed. C:\Windows\System32\fccCUkkI.dll scheduled to be moved on reboot.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:qnbshz.dll deleted successfully.
DllUnregisterServer procedure not found in C:\Windows\System32\qnbshz.dll
C:\Windows\System32\qnbshz.dll NOT unregistered.
C:\Windows\System32\qnbshz.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:xmfrgq.dll deleted successfully.
DllUnregisterServer procedure not found in C:\Windows\System32\xmfrgq.dll
C:\Windows\System32\xmfrgq.dll NOT unregistered.
C:\Windows\System32\xmfrgq.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{81EA3F36-357A-435A-8741-52C27CCC9F21} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{81EA3F36-357A-435A-8741-52C27CCC9F21}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{9950772D-AF73-4AEA-80B6-C251EC40EA30} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9950772D-AF73-4AEA-80B6-C251EC40EA30}\ deleted successfully.
DllUnregisterServer procedure not found in C:\Windows\System32\fccCUkkI.dll
C:\Windows\System32\fccCUkkI.dll NOT unregistered.
File move failed. C:\Windows\System32\fccCUkkI.dll scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AD204A12-B816-4AE3-A331-EB98CA9368E2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AD204A12-B816-4AE3-A331-EB98CA9368E2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ddd47634-7acc-4545-800d-b47631ea31d2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ddd47634-7acc-4545-800d-b47631ea31d2}\ deleted successfully.
File C:\Windows\System32\xmfrgq.dll not found.
[Registry - Additional Scans - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages:C:\Windows\system32\mlJCvTlk deleted successfully.
DllUnregisterServer procedure not found in C:\Windows\System32\mlJCvTlk.dll
C:\Windows\System32\mlJCvTlk.dll NOT unregistered.
C:\Windows\System32\mlJCvTlk.dll moved successfully.
[Files/Folders - Created Within 30 days]
DllUnregisterServer procedure not found in C:\Windows\System32\ddcAsrSj.dll
C:\Windows\System32\ddcAsrSj.dll NOT unregistered.
C:\Windows\System32\ddcAsrSj.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\System32\fccCUkkI.dll
C:\Windows\System32\fccCUkkI.dll NOT unregistered.
File move failed. C:\Windows\System32\fccCUkkI.dll scheduled to be moved on reboot.
DllUnregisterServer procedure not found in C:\Windows\System32\iisxwyii.dll
C:\Windows\System32\iisxwyii.dll NOT unregistered.
C:\Windows\System32\iisxwyii.dll moved successfully.
C:\Windows\System32\iiywxsii.ini moved successfully.
DllUnregisterServer procedure not found in C:\Windows\System32\ikbpdyce.dll
C:\Windows\System32\ikbpdyce.dll NOT unregistered.
C:\Windows\System32\ikbpdyce.dll moved successfully.
C:\Windows\System32\klTvCJlm.ini moved successfully.
C:\Windows\System32\klTvCJlm.ini2 moved successfully.
File C:\Windows\System32\mlJCvTlk.dll not found!
DllUnregisterServer procedure not found in C:\Windows\System32\pqjeydqo.dll
C:\Windows\System32\pqjeydqo.dll NOT unregistered.
C:\Windows\System32\pqjeydqo.dll moved successfully.
File C:\Windows\System32\qnbshz.dll not found!
File C:\Windows\System32\xmfrgq.dll not found!
[Files/Folders - Modified Within 30 days]
File C:\Windows\System32\ddcAsrSj.dll not found!
DllUnregisterServer procedure not found in C:\Windows\System32\fccCUkkI.dll
C:\Windows\System32\fccCUkkI.dll NOT unregistered.
File move failed. C:\Windows\System32\fccCUkkI.dll scheduled to be moved on reboot.
File C:\Windows\System32\iisxwyii.dll not found!
File C:\Windows\System32\iiywxsii.ini not found!
File C:\Windows\System32\ikbpdyce.dll not found!
File C:\Windows\System32\klTvCJlm.ini not found!
File C:\Windows\System32\klTvCJlm.ini2 not found!
File C:\Windows\System32\mlJCvTlk.dll not found!
File C:\Windows\System32\pqjeydqo.dll not found!
File C:\Windows\System32\qnbshz.dll not found!
File C:\Windows\System32\xmfrgq.dll not found!
[Empty Temp Folders]
File delete failed. C:\Users\Kamakzie\AppData\Local\Temp\etilqs_6QKybIAbNCNcSL5M6kFk scheduled to be deleted on reboot.
File delete failed. C:\Users\Kamakzie\AppData\Local\Temp\etilqs_6QKybIAbNCNcSL5M6kFk-journal scheduled to be deleted on reboot.
File delete failed. C:\Users\Kamakzie\AppData\Local\Temp\etilqs_krXUlRgCwhFLML61uoMm scheduled to be deleted on reboot.
File delete failed. C:\Users\Kamakzie\AppData\Local\Temp\ppcrlui_7280_2 scheduled to be deleted on reboot.
File delete failed. C:\Users\Kamakzie\AppData\Local\Temp\~DF4D9.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Kamakzie\AppData\Local\Temp\~DFB27E.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Kamakzie\AppData\Local\Temp\~DFB690.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
File delete failed. C:\Users\Kamakzie\AppData\Local\Mozilla\Firefox\Profiles\ucpxg7yk.default\OfflineCache\index.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Users\Kamakzie\AppData\Local\Mozilla\Firefox\Profiles\ucpxg7yk.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Kamakzie\AppData\Local\Mozilla\Firefox\Profiles\ucpxg7yk.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Kamakzie\AppData\Local\Mozilla\Firefox\Profiles\ucpxg7yk.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Kamakzie\AppData\Local\Mozilla\Firefox\Profiles\ucpxg7yk.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Kamakzie\AppData\Local\Mozilla\Firefox\Profiles\ucpxg7yk.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Users\Kamakzie\AppData\Local\Mozilla\Firefox\Profiles\ucpxg7yk.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
RecycleBin -> emptied.
Explorer started successfully
< End of fix log >
OTScanIt by OldTimer - Version 1.0.19.0 fix logfile created on 11102008_221839

Files moved on Reboot...
C:\Windows\System32\fccCUkkI.dll moved successfully.
File C:\Users\Kamakzie\AppData\Local\Temp\etilqs_6QKybIAbNCNcSL5M6kFk not found!
File C:\Users\Kamakzie\AppData\Local\Temp\etilqs_6QKybIAbNCNcSL5M6kFk-journal not found!
File C:\Users\Kamakzie\AppData\Local\Temp\etilqs_krXUlRgCwhFLML61uoMm not found!
C:\Users\Kamakzie\AppData\Local\Temp\ppcrlui_7280_2 moved successfully.
File C:\Users\Kamakzie\AppData\Local\Temp\~DF4D9.tmp not found!
File C:\Users\Kamakzie\AppData\Local\Temp\~DFB27E.tmp not found!
File C:\Users\Kamakzie\AppData\Local\Temp\~DFB690.tmp not found!
C:\Users\Kamakzie\AppData\Local\Mozilla\Firefox\Profiles\ucpxg7yk.default\OfflineCache\index.sqlite moved successfully.
C:\Users\Kamakzie\AppData\Local\Mozilla\Firefox\Profiles\ucpxg7yk.default\Cache\_CACHE_001_ moved successfully.
C:\Users\Kamakzie\AppData\Local\Mozilla\Firefox\Profiles\ucpxg7yk.default\Cache\_CACHE_002_ moved successfully.
C:\Users\Kamakzie\AppData\Local\Mozilla\Firefox\Profiles\ucpxg7yk.default\Cache\_CACHE_003_ moved successfully.
C:\Users\Kamakzie\AppData\Local\Mozilla\Firefox\Profiles\ucpxg7yk.default\Cache\_CACHE_MAP_ moved successfully.
C:\Users\Kamakzie\AppData\Local\Mozilla\Firefox\Profiles\ucpxg7yk.default\urlclassifier3.sqlite moved successfully.
C:\Users\Kamakzie\AppData\Local\Mozilla\Firefox\Profiles\ucpxg7yk.default\XUL.mfl moved successfully.

While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent HijackThis from fixing certain things.
Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your HijackThis log is clean.

• Open Spybot Search & Destroy.
• In the Mode menu click "Advanced mode" if not already selected.
• Choose "Yes" at the Warning prompt.
• Expand the "Tools" menu.
• Click "Resident".
• Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
• In the File menu click "Exit" to exit Spybot Search & Destroy.

=======
Then please proceed with MalwareBYtes and the Rsit tool

Thanks I think all is well again.

Hi I will need to have those scan results to determine whether or not you are clean.

Explorer killed successfully
[Registry - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\MSServer deleted successfully.
File C:\Windows\System32\fccCUkkI.dll not found.
Unable to delete registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:qnbshz.dll .
File C:\Windows\System32\qnbshz.dll not found.
Unable to delete registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:xmfrgq.dll .
File C:\Windows\System32\xmfrgq.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{81EA3F36-357A-435A-8741-52C27CCC9F21} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{81EA3F36-357A-435A-8741-52C27CCC9F21}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{9950772D-AF73-4AEA-80B6-C251EC40EA30} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9950772D-AF73-4AEA-80B6-C251EC40EA30}\ deleted successfully.
File C:\Windows\System32\fccCUkkI.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AD204A12-B816-4AE3-A331-EB98CA9368E2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AD204A12-B816-4AE3-A331-EB98CA9368E2}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ddd47634-7acc-4545-800d-b47631ea31d2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ddd47634-7acc-4545-800d-b47631ea31d2}\ not found.
File C:\Windows\System32\xmfrgq.dll not found.
[Registry - Additional Scans - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages:C:\Windows\system32\mlJCvTlk deleted successfully.
File C:\Windows\System32\mlJCvTlk.dll not found.
[Files/Folders - Created Within 30 days]
File C:\Windows\System32\ddcAsrSj.dll not found!
File C:\Windows\System32\fccCUkkI.dll not found!
File C:\Windows\System32\iisxwyii.dll not found!
File C:\Windows\System32\iiywxsii.ini not found!
File C:\Windows\System32\ikbpdyce.dll not found!
File C:\Windows\System32\klTvCJlm.ini not found!
File C:\Windows\System32\klTvCJlm.ini2 not found!
File C:\Windows\System32\mlJCvTlk.dll not found!
File C:\Windows\System32\pqjeydqo.dll not found!
File C:\Windows\System32\qnbshz.dll not found!
File C:\Windows\System32\xmfrgq.dll not found!
[Files/Folders - Modified Within 30 days]
File C:\Windows\System32\ddcAsrSj.dll not found!
File C:\Windows\System32\fccCUkkI.dll not found!
File C:\Windows\System32\iisxwyii.dll not found!
File C:\Windows\System32\iiywxsii.ini not found!
File C:\Windows\System32\ikbpdyce.dll not found!
File C:\Windows\System32\klTvCJlm.ini not found!
File C:\Windows\System32\klTvCJlm.ini2 not found!
File C:\Windows\System32\mlJCvTlk.dll not found!
File C:\Windows\System32\pqjeydqo.dll not found!
File C:\Windows\System32\qnbshz.dll not found!
File C:\Windows\System32\xmfrgq.dll not found!
[Empty Temp Folders]
File delete failed. C:\Users\Kamakzie\AppData\Local\Temp\etilqs_M5cmyuNDVYIdxkBWfCUA scheduled to be deleted on reboot.
File delete failed. C:\Users\Kamakzie\AppData\Local\Temp\fla8A40.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Kamakzie\AppData\Local\Temp\ppcrlui_5888_2 scheduled to be deleted on reboot.
File delete failed. C:\Users\Kamakzie\AppData\Local\Temp\~DF3756.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
File delete failed. C:\Users\Kamakzie\AppData\Local\Mozilla\Firefox\Profiles\ucpxg7yk.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Kamakzie\AppData\Local\Mozilla\Firefox\Profiles\ucpxg7yk.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Kamakzie\AppData\Local\Mozilla\Firefox\Profiles\ucpxg7yk.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Kamakzie\AppData\Local\Mozilla\Firefox\Profiles\ucpxg7yk.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Kamakzie\AppData\Local\Mozilla\Firefox\Profiles\ucpxg7yk.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Users\Kamakzie\AppData\Local\Mozilla\Firefox\Profiles\ucpxg7yk.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
RecycleBin -> emptied.
Explorer started successfully
< End of fix log >
OTScanIt by OldTimer - Version 1.0.19.0 fix logfile created on 11112008_013222

Files moved on Reboot...
File C:\Users\Kamakzie\AppData\Local\Temp\etilqs_M5cmyuNDVYIdxkBWfCUA not found!
File C:\Users\Kamakzie\AppData\Local\Temp\fla8A40.tmp not found!
C:\Users\Kamakzie\AppData\Local\Temp\ppcrlui_5888_2 moved successfully.
C:\Users\Kamakzie\AppData\Local\Temp\~DF3756.tmp moved successfully.
C:\Users\Kamakzie\AppData\Local\Mozilla\Firefox\Profiles\ucpxg7yk.default\Cache\_CACHE_001_ moved successfully.
C:\Users\Kamakzie\AppData\Local\Mozilla\Firefox\Profiles\ucpxg7yk.default\Cache\_CACHE_002_ moved successfully.
C:\Users\Kamakzie\AppData\Local\Mozilla\Firefox\Profiles\ucpxg7yk.default\Cache\_CACHE_003_ moved successfully.
C:\Users\Kamakzie\AppData\Local\Mozilla\Firefox\Profiles\ucpxg7yk.default\Cache\_CACHE_MAP_ moved successfully.
C:\Users\Kamakzie\AppData\Local\Mozilla\Firefox\Profiles\ucpxg7yk.default\urlclassifier3.sqlite moved successfully.
C:\Users\Kamakzie\AppData\Local\Mozilla\Firefox\Profiles\ucpxg7yk.default\XUL.mfl moved successfully.

Sorry MalwareBytes and the Rsit logs I meant.

Can you link me to the programs and instructions? Thanks.

http://www.bleepingcomputer.com/forums/ind...t&p=1003062

After the Ot scan it instructions.

Malwarebytes' Anti-Malware 1.30
Database version: 1387
Windows 6.0.6001 Service Pack 1

11/11/2008 11:15:43 PM
mbam-log-2008-11-11 (23-15-43).txt

Scan type: Quick Scan
Objects scanned: 50022
Time elapsed: 3 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 6
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\Windows\System32\fnpjreor.dll (Trojan.Vundo) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\System32\fnpjreor.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Windows\System32\roerjpnf.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.

Logfile of random's system information tool 1.04 (written by random/random)
Run by Kamakzie at 2008-11-11 23:25:52
Microsoft® Windows Vista™ Ultimate Service Pack 1
System drive C: has 35 GB (49%) free of 71 GB
Total RAM: 2047 MB (41% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:26:09 PM, on 11/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\BMExtreme\BMExtreme.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\CyberLink\Shared Files\brs.exe
C:\Program Files\FlashGet\flashget.exe
C:\Program Files\Virtual Account Numbers\CitiVAN.exe
C:\Windows\System32\CtHelper.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Windows\SOUNDMAN.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\OBroker.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Chameleon Clock\ChamClock.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\wdisplay\WeatherD.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Windows\ehome\ehtray.exe
C:\Users\Kamakzie\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Easy Ejector\cdeject.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SnapStream Media\Beyond TV\BTVAgent2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\WUHU\WUHU.exe
C:\Program Files\BORGChat\BORGChat.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\SnapStream Media\Beyond TV\BTVSettingsService.exe
C:\Program Files\SnapStream Media\Beyond TV\BTVTaskManagerService.exe
C:\Program Files\SnapStream Media\Beyond TV\BTVNetworkService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\SnapStream Media\Beyond TV\BTVSchedulerService.exe
C:\Program Files\SnapStream Media\Beyond TV\BTVRecordingEngine.exe
C:\Program Files\SnapStream Media\Beyond TV\BTVRecordingEngine.exe
C:\Program Files\SnapStream Media\Beyond TV\BTVRecordingEngine.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Kamakzie\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Kamakzie.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O2 - BHO: (no name) - {2B9B3748-46B0-4898-809A-99551708C983} - C:\Windows\system32\mlJCvTlk.dll (file missing)
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: CitiUS Shared Browser Helper Object - {387EDF53-1CF2-4523-BC2F-13462651BE8C} - C:\Program Files\Virtual Account Numbers\BhoCitUS.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AD204A12-B816-4AE3-A331-EB98CA9368E2} - (no file)
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [BMExtreme] "C:\Program Files\BMExtreme\BMExtreme.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] "C:\Program Files\Cyberlink\Shared Files\brs.exe"
O4 - HKLM\..\Run: [Flashget] "C:\Program Files\FlashGet\FlashGet.exe" /min
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [Citi Virtual Account Numbers] "C:\PROGRA~1\VIRTUA~1\CitiVAN.exe" /lang=en_RG /dontopenmycards
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SweetIM] "C:\Program Files\SweetIM\Messenger\SweetIM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AppleSyncNotifier] "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [HomeAlarm] "C:\Program Files\Chameleon Clock\ChamClock.exe"
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [Delphi 3#Autostart] "C:\wdisplay\WeatherD.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Kamakzie\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Messenger (Yahoo!)] ~"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [cdeject] "C:\Program Files\Easy Ejector\cdeject.exe" /tray
O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'Default user')
O4 - Startup: BORGChat.lnk = C:\Program Files\BORGChat\BORGChat.exe
O4 - Global Startup: Alt.Binz.lnk = C:\Program Files\AltBinz\altbinz.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: Beyond TV.lnk = C:\Program Files\SnapStream Media\Beyond TV\BTVAgent2.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: WUHU Weather.lnk = C:\Program Files\WUHU\WUHU.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll
O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Virtual Account Numbers - {DE700910-58F7-4D2E-B7E6-3BA2DA1B6806} - C:\PROGRA~1\VIRTUA~1\CitiVAN.exe
O9 - Extra button: Loki - {71723167-B414-4a79-81D6-ACA7B85BB52E} - C:\Program Files\Skyhook Wireless\Loki\LokiPlugin.dll (HKCU)
O13 - Gopher Prefix:
O15 - Trusted Zone: http://*.mlb.com
O15 - Trusted Zone: http://www.time.gov
O15 - Trusted IP range: http://24.236.250.155
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {C32FE9F1-A857-48B0-B7BF-065B5792F28D} (CAxMP4Dec Class) - http://24.236.250.155:8085/activex/decoder...l_mpeg4_dec.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shock...ash/swflash.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://24.236.250.155:8085/activex/AMC.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - AppInit_DLLs:
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Chameleon Clock Set Time for Vista (ChamClock Set Time Service for Vista) - Unknown owner - C:\Program Files\Chameleon Clock\settime.exe
O23 - Service: CLHNService3 - Unknown owner - C:\Program Files\DirecTV\DirecTV\Kernel\DMP\CLHNService.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional Home XII.SP2c\RpcAgentSrv.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\winvnc4.exe

--
End of file - 16436 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUser.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2B9B3748-46B0-4898-809A-99551708C983}]
C:\Windows\system32\mlJCvTlk.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]
FGCatchUrl - C:\Program Files\FlashGet\jccatch.dll [2007-08-06 94308]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{387EDF53-1CF2-4523-BC2F-13462651BE8C}]
CitiUSBrowserHelper Class - C:\Program Files\Virtual Account Numbers\BhoCitUS.dll [2007-12-07 143360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AD204A12-B816-4AE3-A331-EB98CA9368E2}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F156768E-81EF-470C-9057-481BA8380DBA}]
FlashGet GetFlash Class - C:\Program Files\FlashGet\getflash.dll [2007-05-18 163840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{724d43a0-0d85-11d4-9908-00400523e39a} - &RoboForm - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [2008-06-02 5751624]
{EEE6C35B-6118-11DC-9C72-001320C79847} - SweetIM Toolbar for Internet Explorer - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2008-07-06 1164600]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"BMExtreme"=C:\Program Files\BMExtreme\BMExtreme.exe [2008-05-15 178176]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2006-11-22 107112]
"vptray"=C:\PROGRA~1\SYMANT~1\VPTray.exe [2006-11-28 134808]
"Kernel and Hardware Abstraction Layer"=C:\Windows\KHALMNPR.EXE [2008-02-29 76304]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-12-10 49152]
"RemoteControl8"=C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe [2008-03-20 83240]
"PDVD8LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe [2007-12-14 50472]
"BDRegion"=C:\Program Files\Cyberlink\Shared Files\brs.exe [2008-03-21 91432]
"Flashget"=C:\Program Files\FlashGet\FlashGet.exe [2007-09-25 2007088]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-09 153136]
"DiskeeperSystray"=C:\Program Files\Executive Software\Diskeeper\DkIcon.exe [2004-10-04 176216]
"Citi Virtual Account Numbers"=C:\PROGRA~1\VIRTUA~1\CitiVAN.exe [2007-12-07 270336]
"CTHelper"=C:\Windows\system32\CTHELPER.EXE [2008-06-27 19456]
"SweetIM"=C:\Program Files\SweetIM\Messenger\SweetIM.exe [2008-07-06 111928]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"SoundMan"=C:\Windows\SOUNDMAN.EXE [2007-03-09 598016]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-09-03 111936]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-10-07 13584928]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-10-07 92704]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"SpySweeper"=C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-01-04 5367664]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"HomeAlarm"=C:\Program Files\Chameleon Clock\ChamClock.exe [2007-12-10 709632]
"RoboForm"=C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2008-06-02 160592]
"Delphi 3#Autostart"=C:\wdisplay\WeatherD.exe [2008-06-02 23374848]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-03-12 153136]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-18 125952]
"Google Update"=C:\Users\Kamakzie\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-02 133104]
"Messenger (Yahoo!)"=~C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe -quiet []
"cdeject"=C:\Program Files\Easy Ejector\cdeject.exe [2008-06-02 28011]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2008-04-17 98616]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]
C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe [2007-09-04 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-18 1233920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
C:\Program Files\Windows Defender\MSASCui.exe [2008-01-18 1008184]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Alt.Binz.lnk - C:\Program Files\AltBinz\altbinz.exe
APC UPS Status.lnk - C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe
Beyond TV.lnk - C:\Program Files\SnapStream Media\Beyond TV\BTVAgent2.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe
WUHU Weather.lnk - C:\Program Files\WUHU\WUHU.exe

C:\Users\Kamakzie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
BORGChat.lnk - C:\Program Files\BORGChat\BORGChat.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=" "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WebrootSpySweeperService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Promixis\Girder5\girder.exe"="C:\Program Files\Promixis\Girder5\girder.exe:*:Enabled:Trust Girder"
"C:\Program Files\Promixis\Girder5\grunt.exe"="C:\Program Files\Promixis\Girder5\grunt.exe:*:Enabled:Trust Girder Runtime"
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe"="C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"C:\Program Files\Promixis\Girder5\girder.exe"="C:\Program Files\Promixis\Girder5\girder.exe:*:Enabled:Trust Girder"
"C:\Program Files\Promixis\Girder5\grunt.exe"="C:\Program Files\Promixis\Girder5\grunt.exe:*:Enabled:Trust Girder Runtime"
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe"="C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d801cb06-305b-11dd-b840-806e6f6e6963}]
shell\AutoRun\command - H:\setup\rsrc\Autorun.exe
shell\dinstall\command - H:\Directx\dxsetup.exe


======List of files/folders created in the last 1 months======

2008-11-11 23:25:52 ----D---- C:\rsit
2008-11-11 23:08:46 ----D---- C:\Users\Kamakzie\AppData\Roaming\Malwarebytes
2008-11-11 23:08:37 ----D---- C:\ProgramData\Malwarebytes
2008-11-11 23:08:37 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-11-10 22:18:39 ----D---- C:\_OTScanIt
2008-11-10 20:17:59 ----D---- C:\Program Files\Trend Micro
2008-11-10 18:32:39 ----A---- C:\Windows\system32\a7f5484e-.txt
2008-11-10 01:07:12 ----A---- C:\Windows\system32\javaws.exe
2008-11-10 01:07:12 ----A---- C:\Windows\system32\javaw.exe
2008-11-10 01:07:12 ----A---- C:\Windows\system32\java.exe
2008-11-08 01:15:49 ----SHD---- C:\Config.Msi
2008-11-01 20:31:03 ----D---- C:\Program Files\SystemRequirementsLab
2008-11-01 20:30:59 ----D---- C:\Users\Kamakzie\AppData\Roaming\SystemRequirementsLab
2008-11-01 19:41:42 ----D---- C:\ProgramData\WindowsSearch
2008-11-01 01:11:23 ----D---- C:\Program Files\VisualRoute
2008-11-01 01:03:17 ----D---- C:\Program Files\VisualRoute Lite Edition
2008-10-28 14:46:49 ----A---- C:\Windows\system32\win32spl.dll
2008-10-24 23:01:57 ----D---- C:\Windows\Sun
2008-10-23 17:31:27 ----A---- C:\Windows\system32\netapi32.dll
2008-10-21 12:12:50 ----D---- C:\Program Files\DirecTV
2008-10-14 19:35:47 ----A---- C:\Windows\system32\ntoskrnl.exe
2008-10-14 19:35:47 ----A---- C:\Windows\system32\ntkrnlpa.exe
2008-10-14 19:35:39 ----A---- C:\Windows\system32\mshtml.dll
2008-10-14 19:35:38 ----A---- C:\Windows\system32\ieframe.dll
2008-10-14 19:35:37 ----A---- C:\Windows\system32\wininet.dll
2008-10-14 19:35:37 ----A---- C:\Windows\system32\urlmon.dll
2008-10-14 19:35:36 ----A---- C:\Windows\system32\iertutil.dll
2008-10-14 19:35:35 ----A---- C:\Windows\system32\mstime.dll
2008-10-14 19:35:34 ----A---- C:\Windows\system32\jsproxy.dll

======List of files/folders modified in the last 1 months======

2008-11-11 23:26:03 ----D---- C:\Windows\Prefetch
2008-11-11 23:23:57 ----D---- C:\Windows\Temp
2008-11-11 23:23:36 ----D---- C:\Program Files\Mozilla Firefox
2008-11-11 23:20:34 ----D---- C:\Program Files\Chameleon Clock
2008-11-11 23:20:15 ----D---- C:\Program Files\BMExtreme
2008-11-11 23:19:35 ----D---- C:\Windows\system32\drivers
2008-11-11 23:19:35 ----D---- C:\Windows\System32
2008-11-11 23:08:37 ----RD---- C:\Program Files
2008-11-11 23:08:37 ----HD---- C:\ProgramData
2008-11-11 08:44:42 ----SHD---- C:\System Volume Information
2008-11-11 01:41:30 ----D---- C:\Windows\inf
2008-11-11 01:41:30 ----A---- C:\Windows\system32\PerfStringBackup.INI
2008-11-10 21:44:03 ----D---- C:\Users\Kamakzie\AppData\Roaming\Image Zone Express
2008-11-10 19:31:19 ----D---- C:\Windows\system32\WDI
2008-11-10 19:06:38 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-11-10 18:59:54 ----D---- C:\ProgramData\Spybot - Search & Destroy
2008-11-10 18:53:55 ----D---- C:\Windows
2008-11-10 18:39:31 ----D---- C:\Program Files\FlashGet
2008-11-10 01:07:22 ----SHD---- C:\Windows\Installer
2008-11-10 01:07:11 ----D---- C:\Program Files\Java
2008-11-08 01:16:59 ----D---- C:\ProgramData\Adobe
2008-11-08 01:16:44 ----D---- C:\Program Files\Common Files\Adobe
2008-11-08 01:16:44 ----D---- C:\Program Files\Adobe
2008-11-06 17:33:28 ----D---- C:\ProgramData\Yahoo!
2008-11-04 02:14:43 ----D---- C:\Program Files\AltBinz
2008-11-01 22:29:14 ----A---- C:\Windows\NeroDigital.ini
2008-11-01 22:27:28 ----D---- C:\ProgramData\NVIDIA
2008-11-01 22:22:43 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-11-01 22:22:43 ----D---- C:\Program Files\AGEIA Technologies
2008-11-01 22:21:02 ----D---- C:\Windows\system32\catroot
2008-11-01 18:54:33 ----D---- C:\Windows\LiveKernelReports
2008-10-29 00:27:46 ----D---- C:\Windows\winsxs
2008-10-23 22:02:35 ----D---- C:\Windows\system32\Macromed
2008-10-23 22:02:34 ----D---- C:\Program Files\Microsoft Silverlight
2008-10-23 13:11:24 ----D---- C:\Windows\system32\Tasks
2008-10-23 03:10:50 ----D---- C:\Windows\system32\catroot2
2008-10-22 15:02:05 ----SD---- C:\Windows\Downloaded Program Files
2008-10-21 18:53:49 ----D---- C:\Program Files\WUHU
2008-10-21 14:58:41 ----D---- C:\ProgramData\CyberLink
2008-10-21 14:58:15 ----HD---- C:\Program Files\InstallShield Installation Information
2008-10-21 14:54:31 ----AD---- C:\ProgramData\TEMP
2008-10-18 17:04:24 ----D---- C:\mirc
2008-10-14 23:59:28 ----D---- C:\Windows\system32\migration
2008-10-14 10:20:36 ----D---- C:\Program Files\CyberLink
2008-10-14 06:16:50 ----D---- C:\Windows\Tasks

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 archlp;archlp; C:\Windows\system32\drivers\archlp.sys [2008-01-25 10624]
R1 CSC;Offline Files Driver; C:\Windows\system32\drivers\csc.sys [2008-01-18 350720]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [2008-09-05 371248]
R1 hmonitor;hmonitor; \??\C:\Windows\system32\drivers\hmonitor.sys [2008-05-27 10536]
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [2006-10-06 406672]
R1 SRTSP;SRTSP; C:\Windows\System32\Drivers\SRTSP.SYS [2006-11-22 247144]
R1 SRTSPX;SRTSPX; C:\Windows\System32\Drivers\SRTSPX.SYS [2006-11-22 25448]
R1 SYMTDI;SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [2006-10-26 185744]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}; \??\C:\Program Files\CyberLink\PowerDVD8\000.fcl [2008-10-07 61424]
R2 ntk3;ntk3; \??\C:\Program Files\DirecTV\DirecTV\Kernel\DMP\ntk3.sys [2008-09-26 120048]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\Windows\system32\drivers\RTKVAC.SYS [2008-03-25 4137312]
R3 E100B;Intel® PRO Adapter Driver; C:\Windows\system32\DRIVERS\e100b325.sys [2003-08-21 140800]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-09-05 99376]
R3 FTDIBUS;USB Serial Converter Driver; C:\Windows\system32\drivers\ftdibus.sys [2007-06-27 53184]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 hcw18bda;Hauppauge WinTV 418 Driver; C:\Windows\system32\drivers\hcw18bda.sys [2007-04-18 366080]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys [2008-02-29 35344]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys [2008-02-29 36880]
R3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\Windows\System32\Drivers\LUsbFilt.Sys [2008-02-29 28944]
R3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-18 5504]
R3 NAVENG;NAVENG; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20081107.008\NAVENG.SYS [2008-08-25 89104]
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20081107.008\NAVEX15.SYS [2008-08-25 873552]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-10-07 7380896]
R3 NVR0Dev;NVR0Dev; \??\C:\Windows\nvoclock.sys [2007-09-04 29696]
R3 SSKBFD;Webroot Spy Sweeper Keylogger Shield Keyboard Filter; C:\Windows\System32\Drivers\sskbfd.sys [2008-01-04 23920]
R3 StillCam;Still Serial Digital Camera Driver; C:\Windows\system32\DRIVERS\serscan.sys [2008-01-18 9216]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2008-06-02 109744]
R3 SYMREDRV;SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [2006-10-26 26384]
R3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2008-10-01 32000]
R3 vncmirror;vncmirror; C:\Windows\system32\DRIVERS\vncmirror.sys [2007-08-14 3072]
S3 af2kxrw7;af2kxrw7; C:\Windows\system32\drivers\af2kxrw7.sys []
S3 COMMONFX.SYS;COMMONFX.SYS; C:\Windows\System32\drivers\COMMONFX.SYS [2008-06-27 99352]
S3 COMMONFX;COMMONFX; C:\Windows\system32\drivers\COMMONFX.SYS [2008-06-27 99352]
S3 ctac32k;Creative AC3 Software Decoder; C:\Windows\system32\drivers\ctac32k.sys [2008-07-07 511000]
S3 ctaud2k;Creative Audio Driver (WDM); C:\Windows\system32\drivers\ctaud2k.sys [2008-07-07 532376]
S3 CTAUDFX.SYS;CTAUDFX.SYS; C:\Windows\System32\drivers\CTAUDFX.SYS [2008-06-27 555032]
S3 CTAUDFX;CTAUDFX; C:\Windows\system32\drivers\CTAUDFX.SYS [2008-06-27 555032]
S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\Windows\system32\drivers\ctdvda2k.sys [2008-07-07 347080]
S3 CTERFXFX.SYS;CTERFXFX.SYS; C:\Windows\System32\drivers\CTERFXFX.SYS [2008-06-27 100888]
S3 CTERFXFX;CTERFXFX; C:\Windows\system32\drivers\CTERFXFX.SYS [2008-06-27 100888]
S3 ctprxy2k;Creative Proxy Driver; C:\Windows\system32\drivers\ctprxy2k.sys [2008-07-07 14360]
S3 CTSBLFX.SYS;CTSBLFX.SYS; C:\Windows\System32\drivers\CTSBLFX.SYS [2008-06-27 566296]
S3 CTSBLFX;CTSBLFX; C:\Windows\system32\drivers\CTSBLFX.SYS [2008-06-27 566296]
S3 ctsfm2k;Creative SoundFont Management Device Driver; C:\Windows\system32\drivers\ctsfm2k.sys [2008-07-07 157208]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-18 5632]
S3 emupia;E-mu Plug-in Architecture Driver; C:\Windows\system32\drivers\emupia2k.sys [2008-07-07 92696]
S3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\Windows\system32\drivers\ha10kx2k.sys [2008-07-07 797720]
S3 hap16v2k;Creative P16V HAL Driver; C:\Windows\system32\drivers\hap16v2k.sys [2008-07-07 162840]
S3 hap17v2k;Creative P17V HAL Driver; C:\Windows\system32\drivers\hap17v2k.sys [2008-07-07 189464]
S3 HidBatt;HID UPS Battery Driver; C:\Windows\system32\DRIVERS\HidBatt.sys [2008-01-18 21504]
S3 kxwdmdrv;kX WDM Driver Service; C:\Windows\system32\drivers\kx.sys []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-18 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-18 5888]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-18 6016]
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2008-01-29 1042464]
S3 ossrv;Creative OS Services Driver; C:\Windows\system32\drivers\ctoss2k.sys [2008-07-07 127512]
S3 SANDRA;SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Professional Home XII.SP2c\WNt500x86\Sandra.sys [2008-03-10 21408]
S3 SRTSPL;SRTSPL; C:\Windows\System32\Drivers\SRTSPL.SYS [2006-11-22 274328]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-18 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-18 83328]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-06-14 611664]
R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2008-04-17 102712]
R2 APC UPS Service;APC UPS Service; C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe [2007-07-19 689408]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2006-11-22 107624]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2006-11-22 107624]
R2 ChamClock Set Time Service for Vista;Chameleon Clock Set Time for Vista; C:\Program Files\Chameleon Clock\settime.exe [2007-06-27 58880]
R2 CLHNService3;CLHNService3; C:\Program Files\DirecTV\DirecTV\Kernel\DMP\CLHNService.exe [2008-09-26 98304]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2008-01-18 21504]
R2 DefWatch;Symantec AntiVirus Definition Watcher; C:\Program Files\Symantec AntiVirus\DefWatch.exe [2006-11-28 30872]
R2 Diskeeper;Diskeeper; C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe [2008-04-04 1123608]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2008-01-18 21504]
R2 HPSLPSVC;HP Network Devices Support; C:\Windows\system32\svchost.exe [2008-01-18 21504]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-18 21504]
R2 nTuneService;nTune Service; C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe [2007-09-04 131072]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-10-07 203296]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-18 21504]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2008-06-03 66872]
R2 SandraAgentSrv;SiSoftware Deployment Agent Service; C:\Program Files\SiSoftware\SiSoftware Sandra Professional Home XII.SP2c\RpcAgentSrv.exe [2008-04-23 98488]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-08-14 809296]
R2 Symantec AntiVirus;Symantec AntiVirus; C:\Program Files\Symantec AntiVirus\Rtvscan.exe [2006-11-28 1962136]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine; C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe [2008-01-04 3572592]
R2 WinVNC4;VNC Server Version 4; C:\Program Files\RealVNC\VNC4\winvnc4.exe [2007-08-14 914160]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-18 21504]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-03-12 271920]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2008-01-18 21504]
S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe [2008-01-18 523776]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe [2008-05-02 121360]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-10-31 2541248]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-03-14 779824]
S3 SavRoam;SAVRoam; C:\Program Files\Symantec AntiVirus\SavRoam.exe [2006-11-28 122008]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2008-01-18 21504]
S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe [2008-01-18 917504]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

-----------------EOF-----------------


info.txt logfile of random's system information tool 1.04 2008-11-11 23:26:13

======Uninstall list======

-->C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Windows\UNNeroBackItUp.exe /UNINSTALL
-->C:\Windows\UNNeroMediaHome.exe /UNINSTALL
-->C:\Windows\UNNeroShowTime.exe /UNINSTALL
-->C:\Windows\UNNeroVision.exe /UNINSTALL
-->C:\Windows\UNRecode.exe /UNINSTALL
-->MsiExec /X{A7E07C2B-2220-4415-87E3-784D5814BC93}
-->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B9AE66C-2A8F-4FB2-85D7-416AFFAE8408}\setup.exe" -l0x9
32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003}
AI RoboForm (All Users)-->"C:\Program Files\Siber Systems\AI RoboForm\rfwipeout.exe"
Alt.Binz 0.25.0-->C:\Program Files\AltBinz\uninst.exe
AnswerWorks 5.0 English Runtime-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}\setup.exe" -l0x9 -uninst -removeonly
APC PowerChute Personal Edition-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5A0C892E-FD1C-4203-941E-0956AED20A6A}\Setup.exe" -l0x9
Apple Mobile Device Support-->MsiExec.exe /I{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ArcSoft TotalMedia Theatre-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{587FD9A4-65A2-423E-AB1D-3BE7F1890AD5}\Setup.exe" -l0x9
AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe"
AVS DVDMenu Editor 1.2.1.19-->"C:\Program Files\Common Files\AVSMedia\AVS DVDMenu Editor\unins000.exe"
AVS Video Editor 3.5-->"C:\Program Files\AVSMedia\AVSVideoEditor\unins000.exe"
AVS Video Tools 5.6-->"C:\Program Files\AVSMedia\VideoTools\unins000.exe"
AXIS Media Control Embedded-->C:\Program Files\Axis Communications\AXIS Media Control Embedded\setup.exe setup.rem remove
BD Advisor 2.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}\Setup.exe" -uninstall
Beyond TV DVD Burning Foundation-->MsiExec.exe /I{C29B13CC-F0C5-4973-8980-2BCDC7C44E39}
Bionic Commando Rearmed-->"C:\Program Files\InstallShield Installation Information\{DB219559-1F78-4343-9A6E-C2E987AD47A3}\setup.exe" -runfromtemp -l0x0009 -removeonly
BMExtreme-->"C:\Program Files\BMExtreme\uninstall.exe"
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
BORGChat (remove only)-->"C:\Program Files\BORGChat\BORG-Uninst.exe"
Call of Duty® 4 - Modern Warfare™ 1.6 Patch-->C:\Program Files\InstallShield Installation Information\{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}\setup.exe -runfromtemp -l0x0409
Call of Duty® 4 - Modern Warfare™-->C:\Program Files\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x0409
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
CDDRV_Installer-->MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A}
Chameleon Clock 5.1-->"C:\Program Files\Chameleon Clock\unins000.exe"
Chinese Traditional Fonts Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-2448-0000-800000000003}
Combined Community Codec Pack 2008-01-24-->"C:\Program Files\Combined Community Codec Pack\unins000.exe"
Creative Audio Console-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B9AE66C-2A8F-4FB2-85D7-416AFFAE8408}\setup.exe" -l0x9 /remove
CuteFTP 8 Professional-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{91F34319-08DE-457A-99C0-0BCDFAC145B9}\Setup.exe" -l0x9
CyberLink PowerDVD 8-->"C:\Program Files\InstallShield Installation Information\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}\setup.exe" /z-uninstall
DIRECTV2PC Playback Advisor-->"C:\Program Files\InstallShield Installation Information\{479F8C12-576B-4A58-AB78-4B70F7012AA8}\Setup.exe" /z-uninstall
DIRECTV2PC Playback Advisor-->"C:\Program Files\InstallShield Installation Information\{479F8C12-576B-4A58-AB78-4B70F7012AA8}\Setup.exe" /z-uninstall
DIRECTV2PC™-->"C:\Program Files\InstallShield Installation Information\{E9B10AA5-E5F6-4DEF-A435-FB20704AF1E8}\Setup.exe" /z-uninstall
DIRECTV2PC™-->"C:\Program Files\InstallShield Installation Information\{E9B10AA5-E5F6-4DEF-A435-FB20704AF1E8}\Setup.exe" /z-uninstall
Diskeeper 2008 Professional-->MsiExec.exe /X{8A30D293-C0CF-4DE0-922C-1DCA60F7E559}
Diskeeper Professional Edition-->MsiExec.exe /I{E87BE7F8-3077-40C1-8592-956F649A2781}
DVD Decrypter (Remove Only)-->"C:\Program Files\DVD Decrypter\uninstall.exe"
DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe"
Easy Ejector-->C:\Program Files\Easy Ejector\Uninst.exe
FlashGet 1.9.6.1073-->C:\Program Files\FlashGet\uninst.exe
GrabIt 1.7.2 Beta 2 (build 994)-->"C:\Program Files\GrabIt\unins000.exe"
Hardware sensors monitor 4.4-->"C:\Program Files\Hmonitor\unins000.exe"
Hauppauge WinTV-->C:\PROGRA~1\WinTV\UNTV6.EXE C:\PROGRA~1\WinTV\WINTV6.LOG
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Customer Participation Program 8.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Imaging Device Functions 8.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP OCR Software 8.0-->C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
HP Photosmart Essential-->MsiExec.exe /X{EB21A812-671B-4D08-B974-2A347F0D8F70}
HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B-->C:\Program Files\HP\Digital Imaging\{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}\setup\hpzscr01.exe -datfile hposcr19.dat -onestop -showdisconnect -forcereboot
HP Solution Center 8.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{7059BDA7-E1DB-442C-B7A1-6144596720A4}
HPSSupply-->MsiExec.exe /X{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}
Intel® Network Connections 13.2.8.0-->MsiExec.exe /i{AAA4850F-7E20-40D7-A4C3-3697E7FA4A54} ARPREMOVE=1
Intel® Network Connections 13.2.8.0-->MsiExec.exe /i{AAA4850F-7E20-40D7-A4C3-3697E7FA4A54} ARPREMOVE=1
Intelliremote 2.6.1.646-->"C:\Windows\Intelliremote\uninstall.exe" "/U:C:\Program Files\Melloware\Intelliremote\irunin.xml"
iTunes-->MsiExec.exe /I{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}
Java™ 6 Update 4-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
KhalInstallWrapper-->MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355}
LiveUpdate 3.2 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Logitech Desktop Messenger-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\setup.exe" -l0x9 UNINSTALL
Logitech Harmony Remote Software 7-->C:\Program Files\InstallShield Installation Information\{5C6F884D-680C-448B-B4C9-22296EE1B206}\setup.exe -runfromtemp -l0x0009 -removeonly
Logitech SetPoint-->C:\Program Files\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe -runfromtemp -l0x0009 -removeonly
Loki 2.2-->C:\Program Files\Skyhook Wireless\Loki\uninst.exe
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
mIRC-->C:\mirc\uninstall.exe _?=C:\mirc
MobileMe Control Panel-->MsiExec.exe /I{6DA9102E-199F-43A0-A36B-6EF48081A658}
Mozilla Firefox (3.0.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.17)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
MP3 WAV Converter 2.68-->C:\PROGRA~1\MP3WAV~1\UNWISE.EXE C:\PROGRA~1\MP3WAV~1\INSTALL.LOG
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
Nero 7 Ultra Edition-->MsiExec.exe /I{43FFE159-3199-4188-A1CD-629166AD1033}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NewsBin Pro-->C:\Program Files\NewsBin\uninst.exe
NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
NVIDIA nTune-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF} /l1033
NVIDIA PhysX v8.09.04-->MsiExec.exe /X{A7E07C2B-2220-4415-87E3-784D5814BC93}
OpenAL-->"C:\Program Files\OpenAL\oalinst.exe" /U
OpenOffice.org 2.4-->MsiExec.exe /I{2CD2C0DB-81C3-416B-9FA6-589B9235359B}
PQ DVD to iPod Video Suite (remove only)-->"C:\Program Files\PQDVD\PQ DVD to iPod Video Suite\bt-uninst.exe"
Promixis Girder 5.0.0.523-->"C:\Program Files\Promixis\Girder5\unins000.exe"
Quicken 2008-->MsiExec.exe /X{3B0F52AC-EF5C-4831-B221-06C782E41280}
QuickPar 0.9-->C:\Program Files\QuickPar\uninst.exe
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
Real Alternative 1.9.0-->"C:\Program Files\Real Alternative\unins000.exe"
Realtek AC'97 Audio-->Alcrmv.exe -r -m
Remote Control USB Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8471021C-F529-43DE-84DF-3612E10F58C4}\setup.exe" -l0x9 -removeonly
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
SiSoftware Sandra Professional Home XII.SP2c-->"C:\Program Files\SiSoftware\SiSoftware Sandra Professional Home XII.SP2c\unins000.exe"
SlingPlayer-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{004B0DCB-4C60-465B-8F01-44B0A4111187} /l1033
SnapStream Beyond TV 4.8.2-->"C:\Program Files\SnapStream Media\Beyond TV\uninstall-btv.exe"
SnapStream Firefly Mini 1.0.2-->"C:\Program Files\SnapStream Media\Firefly Mini\Uninstall.exe"
SpeedFan (remove only)-->"C:\Program Files\SpeedFan\uninstall.exe"
Spy Sweeper-->"C:\Program Files\Webroot\Spy Sweeper\unins000.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SweetIM for Messenger 2.5-->MsiExec.exe /X{CFA9C824-A778-47EB-90CD-BB4DB82CF348}
SweetIM Toolbar for Internet Explorer 3.2-->MsiExec.exe /X{83FA27D5-25B5-4D24-B796-DF742F08A5CF}
Symantec AntiVirus-->MsiExec.exe /I{7C9E6E52-EB11-44DB-A761-82D5D873A8D9}
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
VideoLAN VLC media player 0.8.6h-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Videora iPod touch Converter 3.08-->C:\Program Files\Red Kawa\Video Converter 3\uninstaller.exe
Virtual Account Numbers-->"C:\Program Files\InstallShield Installation Information\{DE700910-58F7-4D2E-B7E6-3BA2DA1B6806}\setup.exe" -runfromtemp -l0x0009 -removeonly
Visual Studio 2005 Redist Package-->MsiExec.exe /I{D8C2C5B1-1A88-4B87-9116-59D082B1CE30}
VisualRoute Lite Edition-->"C:\Program Files\VisualRoute Lite Edition\Uninstall.exe" "C:\Program Files\VisualRoute Lite Edition"
VisualRoute-->"C:\Program Files\VisualRoute\Uninstall.exe" "C:\Program Files\VisualRoute"
VNC Enterprise Edition E4.3.1-->"C:\Program Files\RealVNC\VNC4\unins000.exe"
VNC Mirror Driver 1.7-->"C:\Program Files\RealVNC\VNC4\Mirror Driver\unins000.exe"
VSO Image Resizer 2.0.1.5-->"C:\Program Files\VSO\Image Resizer\unins000.exe"
WD Diagnostics-->MsiExec.exe /X{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}
Weather Display 10.37k-->"c:\wdisplay\unins000.exe"
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WUHU-->C:\Windows\IsUninst.exe -f"C:\Program Files\WUHU\Uninst.isu"
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG

======Security center information======

AV: Symantec AntiVirus
AS: Spybot - Search and Destroy
AS: Symantec AntiVirus
AS: Windows Defender
AS: Spy Sweeper

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=C:\Program Files\Common Files\ArcSoft\Bin;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Executive Software\Diskeeper\;C:\PROGRA~1\DISKEE~1\DISKEE~1\;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Intel\DMIX
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 35 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=2302
"NUMBER_OF_PROCESSORS"=2
"SAN_DIR"=C:\Program Files\SiSoftware\SiSoftware Sandra Professional Home XII.SP2c
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_04\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_04\lib\ext\QTJava.zip

-----------------EOF-----------------

Download FindAWF.exe from here or here, and save it to your desktop.

• Double-click on the FindAWF.exe file to run it.
• It will open a command prompt and ask you to "Press any key to continue".
• You will be presented with a Menu.
  

  1. Press 1 then Enter to scan for bak folders
  2. Press 2 then Enter to restore files from bak folders
  3. Press 3 then Enter to remove bak folders
  4. Press 4 then Enter to reset domain zones
  5. Press E then Enter to EXIT

• Press 1, then press Enter
• It may take a few minutes to complete so be patient.
• When it is complete, it will open a text file in notepad called AWF.txt.
• Please copy and paste the contents of the AWF.txt file in your next reply.

Find AWF report by noahdfear ©2006
Version 1.40

The current date is: Wed 11/12/2008
The current time is: 12:42:13.59


bak folders found
~~~~~~~~~~~



Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~



end of report

Please re-open Hijackthis and click on "Do a system scan only"
Then place a check mark next to these entries below:

O2 - BHO: (no name) - {2B9B3748-46B0-4898-809A-99551708C983} - C:\Windows\system32\mlJCvTlk.dll (file missing)
O2 - BHO: (no name) - {AD204A12-B816-4AE3-A331-EB98CA9368E2} - (no file)
O20 - AppInit_DLLs:



Now click on Fix Checked and then close Hijackthis.
=========================
Cleanup:

Please download OT CLeanit from Here save it to your desktop.
Double click on OT Clean it to run it.
Then click on Clean up.
Restart your computer when prompted.
This will remove what tools we used.
===============
Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:

• Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
• Scroll down to where it says "Java SE Runtime Environment (JRE) 6 Update 10...allows end-users to run Java applications".
• Click the "Download" button to the right.
• Select your Platform: "Windows".
• Select your Language: "Multi-language".
• Read the License Agreement, and then check the box that says: "Accept License Agreement".
• Click Continue and the page will refresh.
• Click on the link to download Windows Offline Installation and save the file to your desktop.
• Close any programs you may have running - especially your web browser.
• Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
• Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove each Java versions.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on jre-6u10-windows-i586-p.exe to install the newest version.

======================
Delete\uninstall anything else that we have used.

System Restore
Then I will need you to reset your System Restore points.
The link below shows how to create a clean restore point.
How to Turn On and Turn Off System Restore in Windows XP
http://support.microsoft.com/kb/310405/en-us

If you are using Vista then see this link > http://www.bleepingcomputer.com/tutorials/...143.html#manual
=====================================
After that your log is clean.

The following is a list of tools and utilities that I like to suggest to people.
You do not have to have all or any of them they are only suggestions.
This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.

Spybot Search & Destroy-Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.

Spyware Blaster - Great prevention tool to keep nasties from installing on your system.

Spywareguard-Works as a Spyware "Shield" to protect your computer from getting malware in the first place.

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Prevention article To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections please read the Prevention artice by Miekiemoes.

Okay all done. I made a new system restore. Do I disable it after I make it or allow it to make a new one from time to time?

No you basically turn it off then turn it back on.

You are welcome


Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If your the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.