Yoog, Contextual, defender-review

[notforyou]

I know I have Yoog, I see it sitting up in the corner. Contextual by Globaladsolutions keeps popping up as well. And before a recent restore, I was having a ton of problems with defender-review.

I run Stop Sign on this comp, but it's not coming up with any problems and for the first time, they're being slow with getting back to me.

Thanks for any help you can give me.

Here's my HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:16:50 PM, on 12/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_productsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_svc.exe
C:\WINDOWS\Explorer.EXE
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe
C:\Program Files\eAcceleration\OnAccess\onaccess.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\eAcceleration\Station\station_bk.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\AGRSMMSG.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [webscan] "C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe" -k
O4 - HKLM\..\Run: [SoftwareStation] "C:\Program Files\eAcceleration\Station\station.exe" /b Startup
O4 - HKLM\..\Run: [OnAccess] "C:\Program Files\eAcceleration\OnAccess\onaccess.exe" -erk
O4 - HKLM\..\Run: [eanth_critical_update_alert] C:\PROGRA~1\ACCELE~1\ANTI-V~1\EANTH_~1.EXE /Startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: eAcceleration Notification Service (eac_notifysvc) - eAcceleration Corp - C:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_svc.exe
O23 - Service: eAcceleration Product Manager Service (eac_productsvc) - eAcceleration Corp - C:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_productsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: StopSign Antivirus Security Center Provider (sstsmonsvc) - eAcceleration Corp - C:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_svc.exe

--
End of file - 8481 bytes

[guestolo]

Can you do the following for me please
Download [color=\"blue\"]random's system information tool (RSIT)[/color] by [color=\"#6600cc\"]random/random[/color] from >>[color=\"red\"]here[/color]<< and save it to your desktop.

• Double click on RSIT.exe to launch program.
  
• Click Continue at the disclaimer screen.
  
• Your firewall may alert you that RSIT is requesting Internet access. Please allow it.
  
• Once it has finished, two logs will open:  log.txt[color=\"red\"]<-- this will be maximized[/color] and info.txt[color=\"red\"]<-- this will be minimized[/color].
  

Can you post Both those logs please

NOTE: If you do get an error message trying to post those logs back to the forum
Can you simply upload them, Use the Browse..>>UPLOAD buttons on the bottom right of a reply box
A copy of the files can also be found in this location
C:\rsit folder

[notforyou]

Logfile of random's system information tool 1.04 (written by random/random)
Run by HP_Owner at 2008-12-09 17:49:10
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 81 GB (55%) free of 147 GB
Total RAM: 895 MB (48% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:49:23 PM, on 12/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_productsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_svc.exe
C:\WINDOWS\Explorer.EXE
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe
C:\Program Files\eAcceleration\OnAccess\onaccess.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\eAcceleration\Station\station_bk.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\AGRSMMSG.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\HP_Owner.JONI\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\HP_Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [webscan] "C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe" -k
O4 - HKLM\..\Run: [SoftwareStation] "C:\Program Files\eAcceleration\Station\station.exe" /b Startup
O4 - HKLM\..\Run: [OnAccess] "C:\Program Files\eAcceleration\OnAccess\onaccess.exe" -erk
O4 - HKLM\..\Run: [eanth_critical_update_alert] C:\PROGRA~1\ACCELE~1\ANTI-V~1\EANTH_~1.EXE /Startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: eAcceleration Notification Service (eac_notifysvc) - eAcceleration Corp - C:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_svc.exe
O23 - Service: eAcceleration Product Manager Service (eac_productsvc) - eAcceleration Corp - C:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_productsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: StopSign Antivirus Security Center Provider (sstsmonsvc) - eAcceleration Corp - C:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_svc.exe

--
End of file - 8537 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 54248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-06 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-06 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-06 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - HP view - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll [2003-11-21 98304]


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SiSPower"=C:\WINDOWS\system32\SiSPower.dll [2005-01-04 49152]
"HPBootOp"=C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe [2005-02-25 245760]
"LSBWatcher"=c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe [2004-10-14 253952]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2005-07-13 180269]
"webscan"=C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe [2008-10-28 849248]
"SoftwareStation"=C:\Program Files\eAcceleration\Station\station.exe [2008-04-15 173392]
"OnAccess"=C:\Program Files\eAcceleration\OnAccess\onaccess.exe [2008-06-09 238944]
"eanth_critical_update_alert"=C:\PROGRA~1\ACCELE~1\ANTI-V~1\EANTH_~1.EXE [2008-12-06 105048]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-06 136600]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]
"AlcxMonitor"=C:\WINDOWS\ALCXMNTR.EXE [2004-09-07 57344]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"Aim6"=C:\Program Files\AIM6\aim6.exe [2008-03-25 50528]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\KEM.exe
Updates from HP.lnk - C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{42DD0873-5FA9-465D-90DE-0826020416A5}"=C:\Program Files\eAcceleration\OnAccess\onaccess_hk32.dll [2008-06-09 165216]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe"="C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe:*:Enabled:BackWeb for Pavilion"
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%ProgramFiles%\iTunes\iTunes.exe"="%ProgramFiles%\iTunes\iTunes.exe:*:enabled:iTunes"

======List of files/folders created in the last 1 months======

2008-12-09 17:49:10 ----D---- C:\rsit
2008-12-08 21:31:35 ----D---- C:\Documents and Settings\HP_Owner.JONI\Application Data\AdobeUM
2008-12-08 13:09:52 ----D---- C:\Documents and Settings\HP_Owner.JONI\Application Data\acccore
2008-12-08 04:50:51 ----N---- C:\WINDOWS\system32\tzchange.exe
2008-12-08 04:50:27 ----N---- C:\WINDOWS\system32\xpsp3res.dll
2008-12-08 03:02:03 ----D---- C:\WINDOWS\system32\PreInstall
2008-12-08 03:02:02 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2008-12-07 15:36:04 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-12-07 00:22:24 ----D---- C:\Documents and Settings\HP_Owner.JONI\Application Data\Adobe
2008-12-06 21:46:40 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-06 21:46:40 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-06 21:46:40 ----A---- C:\WINDOWS\system32\java.exe
2008-12-06 21:46:40 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-12-06 21:43:54 ----D---- C:\Documents and Settings\HP_Owner.JONI\Application Data\Sun
2008-12-06 21:37:47 ----D---- C:\Program Files\Trend Micro
2008-12-06 21:20:34 ----D---- C:\WINDOWS\Prefetch
2008-12-06 21:04:01 ----D---- C:\WINDOWS\system32\CatRoot_bak
2008-12-06 20:54:55 ----DC---- C:\WINDOWS\$NtUninstallKB956390$(2)
2008-12-06 20:50:40 ----D---- C:\WINDOWS\system32\en-us
2008-12-06 20:50:39 ----D---- C:\WINDOWS\system32\scripting
2008-12-06 20:17:45 ----D---- C:\Documents and Settings\HP_Owner.JONI\Application Data\eAcceleration
2008-12-06 20:16:13 ----D---- C:\Documents and Settings\All Users\Application Data\eAcceleration
2008-12-06 20:16:09 ----D---- C:\Program Files\eAcceleration
2008-12-06 19:30:08 ----A---- C:\WINDOWS\system32\LuResult.txt
2008-12-06 17:13:39 ----ASH---- C:\Documents and Settings\HP_Owner.JONI\Application Data\desktop.ini
2008-12-06 17:13:34 ----SD---- C:\Documents and Settings\HP_Owner.JONI\Application Data\Microsoft
2008-12-06 17:13:34 ----D---- C:\Documents and Settings\HP_Owner.JONI\Application Data\Symantec
2008-12-06 17:13:34 ----D---- C:\Documents and Settings\HP_Owner.JONI\Application Data\SampleView
2008-12-06 17:13:34 ----D---- C:\Documents and Settings\HP_Owner.JONI\Application Data\Real
2008-12-06 17:13:34 ----D---- C:\Documents and Settings\HP_Owner.JONI\Application Data\InterMute
2008-12-06 17:13:34 ----D---- C:\Documents and Settings\HP_Owner.JONI\Application Data\Identities
2008-12-06 17:13:34 ----D---- C:\Documents and Settings\HP_Owner.JONI\Application Data\Apple Computer
2008-12-06 17:09:01 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2008-12-06 16:24:51 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-12-06 15:56:32 ----A---- C:\WINDOWS\005313_.tmp
2008-12-06 15:41:47 ----RSHD---- C:\cmdcons
2008-12-06 15:41:10 ----D---- C:\WINDOWS\setupupd
2008-12-06 15:22:40 ----D---- C:\Documents and Settings\HP_Owner.JONI\Application Data\Mozilla
2008-12-06 15:19:24 ----D---- C:\Documents and Settings\HP_Owner.JONI\Application Data\Macromedia
2008-12-06 15:16:36 ----D---- C:\Documents and Settings\HP_Owner.JONI\Application Data\Logitech
2008-12-06 15:14:37 ----A---- C:\WINDOWS\system32\wmpns.dll
2008-12-06 14:08:14 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-12-06 14:08:06 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-12-06 14:08:00 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-12-06 14:07:53 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-12-06 14:07:44 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-12-06 14:07:28 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-12-06 14:07:19 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-12-06 13:29:02 ----AT---- C:\WINDOWS\004472_.tmp
2008-12-05 17:26:50 ----D---- C:\Program Files\Musaic Box
2008-12-03 06:19:17 ----HDC---- C:\WINDOWS\$NtUninstallKB956803_0$
2008-12-03 06:19:00 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-12-03 06:18:55 ----HDC---- C:\WINDOWS\$NtUninstallKB957095_0$
2008-12-03 06:18:36 ----HDC---- C:\WINDOWS\$NtUninstallKB954211_0$
2008-12-03 06:18:21 ----HDC---- C:\WINDOWS\$NtUninstallKB956841_0$
2008-12-03 06:16:34 ----HDC---- C:\WINDOWS\$NtUninstallKB957097_0$
2008-12-03 06:15:03 ----HDC---- C:\WINDOWS\$NtUninstallKB958644_0$
2008-12-03 06:14:57 ----HDC---- C:\WINDOWS\$NtUninstallKB955069_0$
2008-12-03 06:14:36 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$
2008-12-03 06:14:16 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
2008-12-02 06:46:05 ----A---- C:\WINDOWS\ayemesum.dll
2008-12-02 06:32:07 ----A---- C:\WINDOWS\gu58826.exe
2008-12-02 06:32:03 ----D---- C:\Program Files\ppcbooster
2008-12-02 06:31:56 ----A---- C:\WINDOWS\vtj708346.exe
2008-12-02 06:31:50 ----A---- C:\ptbbw.exe
2008-12-02 06:31:45 ----A---- C:\kuvj.exe
2008-12-02 06:31:38 ----A---- C:\WINDOWS\nohh06760.exe
2008-12-02 06:31:38 ----A---- C:\WINDOWS\Mvucumecah.dll
2008-12-02 06:31:37 ----A---- C:\nufymjpb.exe
2008-12-02 06:31:34 ----A---- C:\eiumhpw.exe._eac_qt_
2008-11-30 08:11:55 ----D---- C:\Program Files\Mystery Case Files - Return to Ravenhearst
2008-11-19 07:26:38 ----D---- C:\Documents and Settings\All Users\Application Data\Gogii Games
2008-11-19 02:39:38 ----D---- C:\Program Files\Book of Legends
2008-11-18 09:12:15 ----D---- C:\Program Files\Bodog Poker
2008-11-17 15:21:20 ----D---- C:\Program Files\10 Days Under The Sea
2008-11-16 16:53:47 ----D---- C:\Program Files\Sportsbook Poker
2008-11-16 16:34:53 ----D---- C:\Program Files\BetUSPoker
2008-11-16 12:22:44 ----D---- C:\Program Files\Treasure Seekers - Visions of Gold

======List of files/folders modified in the last 1 months======

2008-12-09 17:43:35 ----D---- C:\Program Files\Mozilla Firefox
2008-12-09 16:24:55 ----D---- C:\Program Files\PokerStars
2008-12-09 03:14:09 ----D---- C:\WINDOWS\Temp
2008-12-09 03:13:44 ----D---- C:\WINDOWS
2008-12-09 03:13:22 ----HD---- C:\Config.Msi
2008-12-09 03:13:22 ----D---- C:\WINDOWS\system32
2008-12-09 03:12:50 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-09 03:08:09 ----HD---- C:\WINDOWS\inf
2008-12-09 03:07:29 ----D---- C:\WINDOWS\system32\drivers
2008-12-09 03:07:28 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-12-09 03:07:22 ----A---- C:\WINDOWS\imsins.BAK
2008-12-09 03:07:18 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-12-09 03:07:07 ----D---- C:\Program Files\Messenger
2008-12-09 03:07:06 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-12-09 03:06:42 ----HDC---- C:\WINDOWS\$NtUninstallKB923723$
2008-12-09 03:06:13 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-12-09 03:06:02 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-12-09 03:05:07 ----SHD---- C:\WINDOWS\Installer
2008-12-09 03:03:58 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2008-12-09 03:03:39 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-12-09 03:03:15 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-12-09 03:03:04 ----HDC---- C:\WINDOWS\$NtUninstallKB923689$
2008-12-09 03:02:45 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-12-09 03:01:58 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-12-09 03:01:47 ----D---- C:\WINDOWS\WinSxS
2008-12-09 03:01:44 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-12-09 03:01:08 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-09 03:01:04 ----D---- C:\Program Files\Internet Explorer
2008-12-08 04:56:32 ----D---- C:\WINDOWS\system32\CatRoot
2008-12-08 03:02:02 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2008-12-07 15:38:53 ----D---- C:\Program Files\iTunes
2008-12-07 15:37:56 ----D---- C:\Program Files\QuickTime
2008-12-07 11:13:21 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-12-07 08:19:50 ----D---- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
2008-12-06 21:46:23 ----D---- C:\Program Files\Java
2008-12-06 21:37:47 ----D---- C:\Program Files
2008-12-06 21:33:12 ----SD---- C:\WINDOWS\Tasks
2008-12-06 21:33:12 ----D---- C:\Program Files\Easy Internet signup
2008-12-06 21:24:18 ----D---- C:\Program Files\Acceleration Software
2008-12-06 21:24:00 ----D---- C:\Program Files\Common Files\eAcceleration
2008-12-06 21:20:01 ----D---- C:\Program Files\Symantec
2008-12-06 21:20:01 ----D---- C:\Program Files\Common Files
2008-12-06 21:20:01 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2008-12-06 21:19:56 ----RSD---- C:\WINDOWS\Fonts
2008-12-06 21:19:56 ----D---- C:\WINDOWS\system32\wbem
2008-12-06 21:19:56 ----D---- C:\WINDOWS\AppPatch
2008-12-06 21:19:33 ----D---- C:\WINDOWS\system32\config
2008-12-06 21:18:44 ----D---- C:\WINDOWS\Registration
2008-12-06 21:17:02 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP10$
2008-12-06 21:15:05 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-12-06 21:12:33 ----D---- C:\WINDOWS\EHome
2008-12-06 21:05:36 ----D---- C:\WINDOWS\system32\usmt
2008-12-06 21:05:36 ----D---- C:\WINDOWS\system
2008-12-06 21:05:33 ----D---- C:\WINDOWS\system32\oobe
2008-12-06 21:05:30 ----D---- C:\WINDOWS\system32\Setup
2008-12-06 21:05:17 ----D---- C:\WINDOWS\Help
2008-12-06 21:05:17 ----D---- C:\Program Files\Common Files\System
2008-12-06 21:05:16 ----D---- C:\Program Files\Outlook Express
2008-12-06 21:05:12 ----D---- C:\Program Files\Windows NT
2008-12-06 21:05:12 ----D---- C:\Program Files\Windows Media Player
2008-12-06 21:05:10 ----D---- C:\WINDOWS\system32\Com
2008-12-06 21:05:10 ----D---- C:\Program Files\NetMeeting
2008-12-06 21:05:07 ----D---- C:\WINDOWS\ime
2008-12-06 21:05:06 ----D---- C:\WINDOWS\srchasst
2008-12-06 21:05:02 ----D---- C:\WINDOWS\msagent
2008-12-06 21:05:00 ----D---- C:\WINDOWS\system32\npp
2008-12-06 21:04:59 ----D---- C:\WINDOWS\system32\Restore
2008-12-06 21:04:56 ----D---- C:\Program Files\Movie Maker
2008-12-06 21:04:46 ----D---- C:\WINDOWS\PeerNet
2008-12-06 21:02:29 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-06 21:00:37 ----A---- C:\WINDOWS\ntbtlog.txt
2008-12-06 20:58:17 ----A---- C:\WINDOWS\setuplog.txt
2008-12-06 20:55:42 ----D---- C:\WINDOWS\security
2008-12-06 20:50:38 ----AD---- C:\WINDOWS\system32\en
2008-12-06 20:46:59 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-12-06 19:39:06 ----D---- C:\Documents and Settings\All Users\Application Data\Intuit
2008-12-06 19:34:39 ----SHD---- C:\RECYCLER
2008-12-06 17:13:33 ----D---- C:\Documents and Settings
2008-12-06 17:12:13 ----D---- C:\sysprep
2008-12-06 17:10:36 ----RASH---- C:\BOOT.BAK
2008-12-06 17:09:11 ----D---- C:\WINDOWS\SoftwareDistribution
2008-12-06 17:06:26 ----A---- C:\WINDOWS\system.ini
2008-12-06 16:45:26 ----HD---- C:\hp
2008-12-06 16:44:59 ----D---- C:\WINDOWS\I386
2008-12-06 16:42:14 ----D---- C:\Program Files\Common Files\Services
2008-12-06 16:41:52 ----D---- C:\WINDOWS\system32\ras
2008-12-06 16:41:23 ----D---- C:\WINDOWS\system32\icsxml
2008-12-06 16:41:22 ----D---- C:\WINDOWS\system32\ias
2008-12-06 16:39:24 ----RD---- C:\WINDOWS\Web
2008-12-06 16:39:24 ----D---- C:\WINDOWS\addins
2008-12-06 16:39:17 ----D---- C:\WINDOWS\Media
2008-12-06 16:39:04 ----D---- C:\WINDOWS\Cursors
2008-12-06 16:39:02 ----AHDC---- C:\WINDOWS\$NtUninstallKB891781$
2008-12-06 16:39:02 ----AHDC---- C:\WINDOWS\$NtUninstallKB890175$
2008-12-06 16:39:02 ----AHDC---- C:\WINDOWS\$NtUninstallKB888239$
2008-12-06 16:39:02 ----AHDC---- C:\WINDOWS\$NtUninstallKB888113$
2008-12-06 16:39:02 ----AHDC---- C:\WINDOWS\$NtUninstallKB887742$
2008-12-06 16:39:02 ----AHDC---- C:\WINDOWS\$NtUninstallKB885836$
2008-12-06 16:39:01 ----AHDC---- C:\WINDOWS\$NtUninstallKB885835$
2008-12-06 16:39:01 ----AHDC---- C:\WINDOWS\$NtUninstallKB885250$
2008-12-06 16:39:01 ----AHDC---- C:\WINDOWS\$NtUninstallKB883667$
2008-12-06 16:39:01 ----AHDC---- C:\WINDOWS\$NtUninstallKB873339$
2008-12-06 16:39:01 ----AHDC---- C:\WINDOWS\$NtUninstallKB867282$
2008-12-06 16:38:57 ----RHD---- C:\MSOCache
2008-12-06 16:38:34 ----RD---- C:\WINDOWS\Offline Web Pages
2008-12-06 16:38:33 ----RSD---- C:\WINDOWS\assembly
2008-12-06 15:42:58 ----RASH---- C:\boot. ini
2008-12-06 15:41:47 ----A---- C:\WINDOWS\UPGRADE.TXT
2008-12-06 15:17:46 ----A---- C:\WINDOWS\system32\ssmute.ini
2008-12-06 15:14:39 ----A---- C:\WINDOWS\OEWABLog.txt
2008-12-06 13:11:53 ----HDC---- C:\WINDOWS\ie7
2008-12-06 13:09:49 ----HDC---- C:\WINDOWS\$NtUninstallKB915865$
2008-12-06 13:08:25 ----HDC---- C:\WINDOWS\$NtUninstallKB904942$
2008-12-06 09:11:42 ----A---- C:\WINDOWS\IE4 Error Log.txt
2008-12-02 06:33:34 ----D---- C:\WINDOWS\Minidump
2008-11-30 21:48:12 ----D---- C:\Program Files\LimeWire
2008-11-24 02:21:22 ----D---- C:\Documents and Settings\All Users\Application Data\MysteryChronicles
2008-11-22 05:15:19 ----D---- C:\Program Files\Oberon Media
2008-11-15 04:19:38 ----D---- C:\Program Files\GameHouse
2008-11-13 11:58:07 ----D---- C:\Program Files\Full Tilt Poker.Net

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 SiSkp;SiSkp; C:\WINDOWS\system32\DRIVERS\srvkp.sys [2005-04-12 11904]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2004-06-29 1268204]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-04-20 2317696]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 HidBatt;HID UPS Battery Driver; C:\WINDOWS\system32\DRIVERS\HidBatt.sys [2001-08-17 19200]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-04 9600]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
R3 Ps2;PS2; C:\WINDOWS\system32\DRIVERS\PS2.sys [2001-06-04 14112]
R3 SiS315;SiS315; C:\WINDOWS\system32\DRIVERS\sisgrp.sys [2005-04-12 247296]
R3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\sisnic.sys [2003-07-11 32768]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys []
S3 PcdrNdisuio;PCDRNDISUIO Usermode I/O Protocol; C:\WINDOWS\system32\DRIVERS\pcdrndisuio.sys [2005-01-19 12416]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-10-01 32000]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2004-08-04 5504]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 eac_notifysvc;eAcceleration Notification Service; C:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_svc.exe [2008-10-22 111952]
R2 eac_productsvc;eAcceleration Product Manager Service; C:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_productsvc.exe [2008-10-22 263504]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-06 152984]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [2005-05-08 53248]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 sstsmonsvc;StopSign Antivirus Security Center Provider; C:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_svc.exe [2008-10-22 111952]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-09-29 69632]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-04 267776]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

-----------------EOF-----------------


info.txt logfile of random's system information tool 1.04 2008-12-09 17:49:25

======Uninstall list======

-->"C:\Program Files\Acceleration Software\Anti-Virus\ws_uninst.exe" -s
-->"C:\Program Files\eAcceleration\OnAccess\onaccess.exe" -u -s
-->"C:\Program Files\eAcceleration\Station\station.exe" /UnRegister
-->C:\PROGRA~1\ACCELE~1\ANTI-V~1\regsvr32.exe /u /s C:\PROGRA~1\ACCELE~1\ANTI-V~1\ssupload.dll
-->C:\PROGRA~1\ACCELE~1\ANTI-V~1\regsvr32.exe /u /s C:\PROGRA~1\ACCELE~1\ANTI-V~1\vclnr.dll
-->C:\PROGRA~1\COMMON~1\EACCEL~1\SysSnap\syssnap.exe -UnregServer
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E06E4F4E-72D6-4497-BFFD-BCB43077C2F4}\setup.exe" -l0x9  -uninst
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat - Reader 6.0.2 Update-->MsiExec.exe /I{AC76BA86-0000-0000-0000-6028747ADE01}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 6.0.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
Agere Systems PCI Soft Modem-->agrsmdel
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Big Fish Games Client-->C:\Program Files\bfgclient\Uninstall.exe
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Final Drive Nitro from Hewlett-Packard Desktops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\741C4983-B139-407A-AD4E-3D6C7B29704B\Uninstall.exe"
Help and Support Additions-->WScript.exe C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\eHelpSetup.jse eHelpUninstall
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Boot Optimizer-->MsiExec.exe /I{3BA95526-6AE0-4B87-A62D-17187EF565FC}
HP Deskjet Printer Preload-->MsiExec.exe /I{2C5D07FB-31A2-4F2D-9FDA-0B24ACD42BD0}
HP Image Zone 4.8.6-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Image Zone Plus 4.8.6-->C:\Program Files\HP\Digital Imaging\{32498B7B-E1F3-4ad5-A23B-F26414E94BE0}\setup\hpzscr01.exe -datfile hpdscr01.dat
HP Organize-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D0122362-6333-4DE4-93F6-A5A2F3CC101A}\Setup.exe" UNINSTALL
HP Photosmart Cameras 4.5-->C:\Program Files\HP\Digital Imaging\{ABA2B37F-AB88-486e-870A-52454A23FEE0}\setup\hpzscr01.exe -datfile hpiscr01.dat
HP PSC & OfficeJet 4.7-->"C:\Program Files\HP\Digital Imaging\{342C7C88-D335-4bc2-8CF1-281857629CE2}\setup\hpzscr01.exe" -datfile hposcr05.dat
HP Software Update-->MsiExec.exe /X{64FC0C98-B035-4530-B15D-3D30610B6DF1}
HPIZplus450-->MsiExec.exe /X{0E484A60-A429-49A8-982C-D6475F1E80A9}
IntelliMover Data Transfer Demo-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{14589F05-C658-4594-9429-D437BA688686}\Setup.exe" -l0x9
InterVideo WinDVD Player-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
J2SE Runtime Environment 5.0-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150000}
Java(tm) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
KBD-->C:\HP\KBD\KBD.EXE uninstalled
Lexibox Deluxe from Hewlett-Packard Desktops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\E2A4EA31-80A1-4460-9510-631AF4D6A636\Uninstall.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Office Standard Edition 2003-->MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft Plus! Dancer LE-->MsiExec.exe /X{1A103D70-5C9B-4E1A-B306-5106C68F9914}
Microsoft Plus! Digital Media Edition Installer-->MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE-->MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft Works-->MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Mozilla Firefox (3.0.4)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
muvee autoProducer 4.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC10C922-52E9-4739-ACD0-EB0FF035EE7E}\setup.exe" -l0x9
PC-Doctor for Windows-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{19C989C4-50AE-43A4-B06E-8C70FFFF852F} /l1033
Photosmart 320,370,7400,8100,8400 Series-->C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\setup\hpzscr01.exe -datfile hphscr01.dat
PS2-->C:\WINDOWS\system32\ps2.exe uninstall
Python 2.2 pywin32 extensions (build 203)-->"C:\Python22\Removepywin32.exe" -u "C:\Python22\pywin32-wininst.log"
Python 2.2.3-->C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Remove WeatherBug installer-->c:\\hp\\bin\\cloaker.exe commands /ww /lw:c:\\hp\\bin\\ifc\\WeatherBug\\lg.ini /c c:\\hp\\bin\\cloaker.exe c:\\hp\\bin\\ifc\\uninst.cmd ar
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Shooting Stars Pool from Hewlett-Packard Desktops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\14DD9322-0AAE-4DA4-90A9-EB42CF296127\Uninstall.exe"
SiS VGA Utilities-->Rundll32 SiSInst.dll,Uninstall VGA,R,oem1.inf
Slyder from Hewlett-Packard Desktops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\C2C3C2DB-7D8A-4E20-B527-E3149FAECC3A\Uninstall.exe"
Sonic Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD Plus-->MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow Audio-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
StopSign by eAcceleration-->C:\PROGRA~1\COMMON~1\EACCEL~1\INSTAL~1\eaccelsetup.exe -AddRemove
Super Granny from Hewlett-Packard Desktops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\3F34F72F-9BB0-4B73-8312-558953ACF56F\Uninstall.exe"
Tradewinds from Hewlett-Packard Desktops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\F5215F01-DFC0-475D-A910-6F1AF94E807E\Uninstall.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Updates from HP-->C:\WINDOWS\BWUnin-6.3.2.62.exe -AppId 309731
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows XP Hotfix - KB867282-->C:\WINDOWS\$NtUninstallKB867282$\spuninst\spuninst.exe
Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB883667-->C:\WINDOWS\$NtUninstallKB883667$\spuninst\spuninst.exe
Windows XP Hotfix - KB885250-->C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Hotfix - KB887742-->C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
Windows XP Hotfix - KB888113-->C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
Windows XP Hotfix - KB888239-->C:\WINDOWS\$NtUninstallKB888239$\spuninst\spuninst.exe
Windows XP Hotfix - KB890175-->C:\WINDOWS\$NtUninstallKB890175$\spuninst\spuninst.exe
Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe

======Security center information======

AV: StopSign Antivirus

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;c:\Python22;C:\Program Files\PC-Doctor for Windows\;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 12 Stepping 0, AuthenticAMD
"PROCESSOR_REVISION"=0c00
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=c:\Program Files\Common Files\Sonic Shared\Sonic Central\
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

[guestolo]

Can you copy and Paste these instructions to a Notepad file on desktop
I'll need you to close your browser windows for much of this

Next:
Download a couple tools for me please
Download > [color=\"red\"]OTMoveIt3[/color] <[/url] by OldTimer.
Save it to your desktop.
We'll need it in a bit

Then: download Malwarebytes' Anti-Malware from Here or Here
Save the installer to desktop
Again, we'll need it in a bit

From this point on, open and close your browsers only when I suggest please
See if we can kill this thing without opening browser windows
If your using Firefox at the moment
In Firefox, beside the address bar is the Search engine bar
Can you use the drop down arrow beside the search box, >>Select "Manage Search Engines"
If YOOG is listed, can you highlight it and remove it

Close Firefox and don't reopen till we are done please
Keep IE closed also
Access your Add and Remove Programs and remove older version of Java
J2SE Runtime Environment 5.0
Don't reboot yet if prompted

Keep your browser windows closed
Next, Copy the entries below (All the entries between the Dotted=====lines to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose "Copy"):

================================================

[color=\"#0000FF\"]
:Processes
explorer.exe
:Services
:Reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"=-
"QuickTime Task"=-
"AlcxMonitor"=-
:Files
C:\WINDOWS\ayemesum.dll
C:\WINDOWS\gu58826.exe
C:\Program Files\ppcbooster
C:\WINDOWS\vtj708346.exe
C:\ptbbw.exe
C:\kuvj.exe
C:\WINDOWS\nohh06760.exe
C:\WINDOWS\Mvucumecah.dll
C:\nufymjpb.exe
C:\eiumhpw.exe._eac_qt_
:Commands
[Purity]
[EmptyTemp]
[Start Explorer]
[Reboot]
[/color]

======================================================

• Return to OTMoveIt3, right-click on the "Paste List of Files/Folders to be Moved" window  and choose "Paste".
  
• Click the red "[color=\"red\"]MoveIt![/color]" button.
  
• Close OTMoveIt when it has completed.
  

[color=\"red\"]Note[/color]:  If an entry cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose "Yes".

If prompted on startup to Run OTMoveit again, allow it please

A Log should open
If no log opens
OTMoveIt would of created a log at this location
C:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log <-indicates date_time of log

I'll need to see that log later
Keep your browser windows closed
Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
     
  
• If an update is found, it will download and install the latest version.
• Once the program has loaded,  click Scan.
     
  
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
     
  
• Make sure that everything is checked, and click Remove Selected.
      * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
     
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

With the log from MBAM
Can you post that log from OTMoveit3 please and a fresh hijackthis log

[notforyou]

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\TkBellExe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\AlcxMonitor deleted successfully.
========== FILES ==========
C:\WINDOWS\ayemesum.dll NOT unregistered.
C:\WINDOWS\ayemesum.dll moved successfully.
C:\WINDOWS\gu58826.exe moved successfully.
C:\Program Files\ppcbooster moved successfully.
C:\WINDOWS\vtj708346.exe moved successfully.
C:\ptbbw.exe moved successfully.
C:\kuvj.exe moved successfully.
C:\WINDOWS\nohh06760.exe moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\Mvucumecah.dll
C:\WINDOWS\Mvucumecah.dll NOT unregistered.
C:\WINDOWS\Mvucumecah.dll moved successfully.
C:\nufymjpb.exe moved successfully.
C:\eiumhpw.exe._eac_qt_ moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\HP_OWN~1.JON\LOCALS~1\Temp\hpodvd09.log scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_5b8.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\~DF282E.tmp scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully
 
OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12092008_200257

Files moved on Reboot...
C:\DOCUME~1\HP_OWN~1.JON\LOCALS~1\Temp\hpodvd09.log moved successfully.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_5b8.dat not found!
C:\WINDOWS\temp\~DF282E.tmp moved successfully.




Malwarebytes' Anti-Malware 1.31
Database version: 1479
Windows 5.1.2600 Service Pack 2

12/9/2008 11:27:24 PM
mbam-log-2008-12-09 (23-27-24).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 276978
Time elapsed: 2 hour(s), 45 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 51

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\bfgtoolbar (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\bfgtoolbar (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\bfgtoolbar\NewCfg (Adware.OneToolBar) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\HP_Owner.YOUR-F78BF48CE2\S87ekhV.exe (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner.YOUR-F78BF48CE2\Local Settings\Temp\TDSSff74.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTMoveIt\MovedFiles\12092008_200257\eiumhpw.exe._eac_qt_ (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\_OTMoveIt\MovedFiles\12092008_200257\kuvj.exe (Trojan.TinyDownloader705) -> Quarantined and deleted successfully.
C:\_OTMoveIt\MovedFiles\12092008_200257\ptbbw.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\_OTMoveIt\MovedFiles\12092008_200257\WINDOWS\nohh06760.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\Program Files\bfgtoolbar\bfgtoolbar.dll (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Program Files\bfgtoolbar\install.ico (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Program Files\bfgtoolbar\toolbar.ini (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Program Files\bfgtoolbar\uninstall.exe (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\bfgtoolbar\1.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\bfgtoolbar\10.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\bfgtoolbar\2.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\bfgtoolbar\20off.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\bfgtoolbar\3.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\bfgtoolbar\4.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\bfgtoolbar\5.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\bfgtoolbar\6.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\bfgtoolbar\7.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\bfgtoolbar\8.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\bfgtoolbar\9.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\bfgtoolbar\action.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\bfgtoolbar\atlantis.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\bfgtoolbar\bfgtoolbarDLL.zip (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\bfgtoolbar\bfgtoolbartb0500.cfg (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\bfgtoolbar\bfg_greetings.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\bfgtoolbar\card.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\bfgtoolbar\COMBOSEARCH.acs (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\bfgtoolbar\ErrorLog.txt (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\bfgtoolbar\home.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\bfgtoolbar\logo.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\bfgtoolbar\mahjong.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\bfgtoolbar\mygames.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\bfgtoolbar\mygamestoolbar.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\bfgtoolbar\new.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\bfgtoolbar\newgames.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\bfgtoolbar\puzzle.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\bfgtoolbar\query.txt (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\bfgtoolbar\search.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\bfgtoolbar\Thumbs.db (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\bfgtoolbar\topten.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\bfgtoolbar\webgames.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\bfgtoolbar\word.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\components\nsglobaladsolution.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner.YOUR-F78BF48CE2\Application Data\Google\runhh6110411.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner.YOUR-F78BF48CE2\Application Data\Google\mscscc.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner.YOUR-F78BF48CE2\nah_mbvp.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner.YOUR-F78BF48CE2\Local Settings\Temp\TDSSff45.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner.YOUR-F78BF48CE2\Local Settings\Temp\ntdll64.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner.YOUR-F78BF48CE2\Local Settings\Temp\mousehook.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:32:56 PM, on 12/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_productsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_svc.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe
C:\Program Files\eAcceleration\OnAccess\onaccess.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\eAcceleration\Station\station_bk.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\AGRSMMSG.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [webscan] "C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe" -k
O4 - HKLM\..\Run: [SoftwareStation] "C:\Program Files\eAcceleration\Station\station.exe" /b Startup
O4 - HKLM\..\Run: [OnAccess] "C:\Program Files\eAcceleration\OnAccess\onaccess.exe" -erk
O4 - HKLM\..\Run: [eanth_critical_update_alert] C:\PROGRA~1\ACCELE~1\ANTI-V~1\EANTH_~1.EXE /Startup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_11.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_11.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: eAcceleration Notification Service (eac_notifysvc) - eAcceleration Corp - C:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_svc.exe
O23 - Service: eAcceleration Product Manager Service (eac_productsvc) - eAcceleration Corp - C:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_productsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: StopSign Antivirus Security Center Provider (sstsmonsvc) - eAcceleration Corp - C:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_svc.exe

--
End of file - 8817 bytes

[guestolo]

Can you supply me with another log please

 download [color=\"blue\"]DirLook[/color] by jpshortstuff from one of the following mirrors:
[color=\"red\"]Link 1[/color]
[color=\"red\"]Link 2[/color]
[color=\"red\"]Link 3[/color]

• Double-click DirLook.exe to run it (Vista Users should right-click and select Run As Administrator...).
  
• Ensure that Show Hidden Files/Folders and BBCode Ouput are both checked.
  
• Copy the content of the following codebox into the main textfield:

Code: [Select]

C:\Program Files\Mozilla Firefox\components
C:\Program Files\Mozilla Firefox

• Click the DirLook button to start the scan.
  
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply. (Note: The log can also be found at C:\DirLook.txt)
  

In addition, can you ensure that Windows is set to show hidden files/folders
In MyComputer select TOOLS>>FOLDER OPTIONS>>VIEW
Select the Radio button to Show hidden files/folders
Apply and OK it

Navigate to the following folder
C:\Documents and Settings\HP_Owner.JONI\Application Data\Mozilla\Firefox\Profiles\*********.default
In that folder right click on prefs.js and select EDIT
Copy/paste back here the contents of that file please

[notforyou]

DirLook.exe v2.0 by jpshortstuff
Log created at 12:39 on 10/12/2008
==================================
Contents of "C:\Program Files\Mozilla Firefox\components"

[color=\"blue\"]---FOLDERS---[/color]

(none found)

[color=\"blue\"]---FILES---[/color]

aboutRobots.js (2927 bytes - created on 18/06/2008 at 19:04, modified on 30/10/2008 at 06:00) --a---
browser.xpt (348274 bytes - created on 23/07/2007 at 21:31, modified on 30/10/2008 at 06:00) --a---
browserdirprovider.dll (23040 bytes - created on 18/06/2008 at 19:04, modified on 31/10/2008 at 20:56) --a---
brwsrcmp.dll (134656 bytes - created on 18/06/2008 at 19:04, modified on 31/10/2008 at 20:56) --a---
compreg.dat (143186 bytes - created on 06/12/2008 at 23:22, modified on 06/12/2008 at 23:22) --a---
FeedConverter.js (25339 bytes - created on 23/07/2007 at 21:31, modified on 30/10/2008 at 06:00) --a---
FeedProcessor.js (66215 bytes - created on 23/07/2007 at 21:31, modified on 30/10/2008 at 06:00) --a---
FeedWriter.js (49694 bytes - created on 23/07/2007 at 21:31, modified on 30/10/2008 at 06:00) --a---
fuelApplication.js (38238 bytes - created on 18/06/2008 at 19:04, modified on 30/10/2008 at 06:00) --a---
jsconsole-clhandler.js (1494 bytes - created on 23/07/2007 at 21:31, modified on 30/10/2008 at 06:00) --a---
nsAddonRepository.js (11659 bytes - created on 18/06/2008 at 19:04, modified on 30/10/2008 at 06:00) --a---
nsBadCertHandler.js (3104 bytes - created on 24/09/2008 at 15:53, modified on 30/10/2008 at 06:00) --a---
nsBlocklistService.js (27331 bytes - created on 18/06/2008 at 19:04, modified on 30/10/2008 at 06:00) --a---
nsBrowserContentHandler.js (32696 bytes - created on 23/07/2007 at 21:31, modified on 30/10/2008 at 06:00) --a---
nsBrowserGlue.js (28799 bytes - created on 23/07/2007 at 21:31, modified on 30/10/2008 at 06:00) --a---
nsContentDispatchChooser.js (5005 bytes - created on 18/06/2008 at 19:04, modified on 30/10/2008 at 06:00) --a---
nsContentPrefService.js (29973 bytes - created on 18/06/2008 at 19:04, modified on 30/10/2008 at 06:00) --a---
nsDefaultCLH.js (6247 bytes - created on 25/07/2007 at 23:30, modified on 30/10/2008 at 06:00) --a---
nsDownloadManagerUI.js (5737 bytes - created on 18/06/2008 at 19:04, modified on 30/10/2008 at 06:00) --a---
nsExtensionManager.js (333468 bytes - created on 23/07/2007 at 21:31, modified on 30/10/2008 at 06:00) --a---
nsHandlerService.js (51214 bytes - created on 18/06/2008 at 19:04, modified on 30/10/2008 at 06:00) --a---
nsHelperAppDlg.js (41716 bytes - created on 23/07/2007 at 21:31, modified on 30/10/2008 at 06:00) --a---
nsILegitCheckPlugin.xpt (302 bytes - created on 24/12/2007 at 10:56, modified on 09/10/2007 at 01:10) --a---
nsIQTScriptablePlugin.xpt (2394 bytes - created on 31/05/2008 at 17:06, modified on 07/12/2008 at 23:37) --a---
nsLivemarkService.js (36039 bytes - created on 18/06/2008 at 19:04, modified on 30/10/2008 at 06:00) --a---
nsLoginInfo.js (4302 bytes - created on 18/06/2008 at 19:04, modified on 30/10/2008 at 06:00) --a---
nsLoginManager.js (44047 bytes - created on 18/06/2008 at 19:04, modified on 30/10/2008 at 06:00) --a---
nsLoginManagerPrompter.js (40367 bytes - created on 18/06/2008 at 19:04, modified on 30/10/2008 at 06:00) --a---
nsMicrosummaryService.js (77051 bytes - created on 23/07/2007 at 21:31, modified on 30/10/2008 at 06:00) --a---
nsPlacesTransactionsService.js (33805 bytes - created on 18/06/2008 at 19:04, modified on 30/10/2008 at 06:00) --a---
nsPostUpdateWin.js (21420 bytes - created on 23/07/2007 at 21:31, modified on 30/10/2008 at 06:00) --a---
nsProxyAutoConfig.js (13682 bytes - created on 23/07/2007 at 21:31, modified on 30/10/2008 at 06:00) --a---
nsSafebrowsingApplication.js (25176 bytes - created on 23/07/2007 at 21:31, modified on 30/10/2008 at 06:00) --a---
nsSearchService.js (110646 bytes - created on 23/07/2007 at 21:31, modified on 30/10/2008 at 06:00) --a---
nsSearchSuggestions.js (24273 bytes - created on 23/07/2007 at 21:31, modified on 30/10/2008 at 06:00) --a---
nsSessionStartup.js (11428 bytes - created on 23/07/2007 at 21:31, modified on 30/10/2008 at 06:00) --a---
nsSessionStore.js (75892 bytes - created on 23/07/2007 at 21:31, modified on 30/10/2008 at 06:00) --a---
nsSetDefaultBrowser.js (2854 bytes - created on 23/07/2007 at 21:31, modified on 30/10/2008 at 06:00) --a---
nsSidebar.js (12513 bytes - created on 23/07/2007 at 21:31, modified on 30/10/2008 at 06:00) --a---
nsTaggingService.js (9790 bytes - created on 18/06/2008 at 19:04, modified on 30/10/2008 at 06:00) --a---
nsTryToClose.js (3268 bytes - created on 18/06/2008 at 19:04, modified on 30/10/2008 at 06:00) --a---
nsUpdateService.js (112848 bytes - created on 23/07/2007 at 21:31, modified on 30/10/2008 at 06:00) --a---
nsUrlClassifierLib.js (50600 bytes - created on 23/07/2007 at 21:31, modified on 30/10/2008 at 06:00) --a---
nsUrlClassifierListManager.js (19984 bytes - created on 23/07/2007 at 21:31, modified on 30/10/2008 at 06:00) --a---
nsURLFormatter.js (3097 bytes - created on 23/07/2007 at 21:31, modified on 30/10/2008 at 06:00) --a---
nsWebHandlerApp.js (6920 bytes - created on 18/06/2008 at 19:04, modified on 30/10/2008 at 06:00) --a---
pluginGlue.js (3142 bytes - created on 18/06/2008 at 19:04, modified on 30/10/2008 at 06:00) --a---
popcaploader.xpt (149 bytes - created on 12/04/2008 at 15:10, modified on 12/04/2008 at 15:10) --a---
storage-Legacy.js (49926 bytes - created on 18/06/2008 at 19:04, modified on 30/10/2008 at 06:00) --a---
txEXSLTRegExFunctions.js (6667 bytes - created on 18/06/2008 at 19:04, modified on 30/10/2008 at 06:00) --a---
WebContentConverter.js (34011 bytes - created on 23/07/2007 at 21:31, modified on 30/10/2008 at 06:00) --a---

==================================
Contents of "C:\Program Files\Mozilla Firefox"

[color=\"blue\"]---FOLDERS---[/color]

chrome (Created on 23/07/2007 at 21:31) d-----
components (Created on 23/07/2007 at 21:31) d-----
defaults (Created on 23/07/2007 at 21:31) d-----
dictionaries (Created on 23/07/2007 at 21:31) d-----
extensions (Created on 23/07/2007 at 21:31) d-----
greprefs (Created on 23/07/2007 at 21:31) d-----
modules (Created on 18/06/2008 at 19:04) d-----
plugins (Created on 23/07/2007 at 21:31) d-----
QMCache00 (Created on 06/11/2007 at 06:30) d--h--
res (Created on 23/07/2007 at 21:31) d-----
searchplugins (Created on 06/12/2008 at 23:22) d-----
uninstall (Created on 23/07/2007 at 21:31) d-----

[color=\"blue\"]---FILES---[/color]

.autoreg (0 bytes - created on 25/07/2007 at 23:30, modified on 03/12/2008 at 16:14) --a--c
AccessibleMarshal.dll (17408 bytes - created on 23/07/2007 at 21:31, modified on 31/10/2008 at 20:55) --a---
application.ini (2035 bytes - created on 18/06/2008 at 19:04, modified on 30/10/2008 at 06:00) --a---
blocklist.xml (1561 bytes - created on 18/06/2008 at 19:04, modified on 30/10/2008 at 06:00) --a---
browserconfig.properties (232 bytes - created on 23/07/2007 at 21:31, modified on 30/10/2008 at 06:00) --a---
crashreporter-override.ini (583 bytes - created on 18/06/2008 at 19:04, modified on 30/10/2008 at 06:00) --a---
crashreporter.exe (185856 bytes - created on 18/06/2008 at 19:04, modified on 31/10/2008 at 20:55) --a---
crashreporter.ini (3558 bytes - created on 18/06/2008 at 19:04, modified on 30/10/2008 at 06:00) --a---
firefox.exe (307712 bytes - created on 23/07/2007 at 21:31, modified on 31/10/2008 at 20:55) --a---
freebl3.chk (476 bytes - created on 23/07/2007 at 21:31, modified on 30/10/2008 at 06:00) --a---
freebl3.dll (233472 bytes - created on 23/07/2007 at 21:31, modified on 30/10/2008 at 06:00) --a---
hs_err_pid2172.log (12920 bytes - created on 24/10/2008 at 14:18, modified on 24/10/2008 at 14:18) --a---
hs_err_pid2568.log (15091 bytes - created on 17/11/2008 at 14:53, modified on 17/11/2008 at 14:53) --a---
hs_err_pid3568.log (17744 bytes - created on 06/12/2008 at 12:06, modified on 06/12/2008 at 12:06) --a---
hs_err_pid3796.log (12922 bytes - created on 24/10/2008 at 14:19, modified on 24/10/2008 at 14:19) --a---
hs_err_pid4868.log (13708 bytes - created on 24/10/2008 at 14:16, modified on 24/10/2008 at 14:16) --a---
hs_err_pid5336.log (13030 bytes - created on 24/10/2008 at 14:16, modified on 24/10/2008 at 14:16) --a---
hs_err_pid5936.log (14082 bytes - created on 09/11/2008 at 13:58, modified on 09/11/2008 at 13:58) --a---
hs_err_pid6276.log (13698 bytes - created on 18/11/2008 at 13:59, modified on 18/11/2008 at 13:59) --a---
hs_err_pid7004.log (14177 bytes - created on 09/11/2008 at 13:56, modified on 09/11/2008 at 13:56) --a---
install.log (26221 bytes - created on 23/07/2007 at 21:31, modified on 06/12/2008 at 23:22) --a--c
js3250.dll (697344 bytes - created on 23/07/2007 at 21:31, modified on 31/10/2008 at 20:56) --a---
LICENSE (31393 bytes - created on 23/07/2007 at 21:31, modified on 30/10/2008 at 06:00) --a---
mozcrt19.dll (710144 bytes - created on 18/06/2008 at 19:04, modified on 31/10/2008 at 20:56) --a---
nspr4.dll (198144 bytes - created on 23/07/2007 at 21:31, modified on 31/10/2008 at 20:56) --a---
nss3.dll (697856 bytes - created on 23/07/2007 at 21:31, modified on 31/10/2008 at 20:56) --a---
nssckbi.dll (304640 bytes - created on 23/07/2007 at 21:31, modified on 31/10/2008 at 20:56) --a---
nssdbm3.dll (103936 bytes - created on 18/06/2008 at 19:04, modified on 31/10/2008 at 20:56) --a---
nssutil3.dll (87552 bytes - created on 18/06/2008 at 19:04, modified on 31/10/2008 at 20:56) --a---
old-homepage-default.properties (112 bytes - created on 25/07/2007 at 23:31, modified on 30/10/2008 at 06:00) --a---
platform.ini (48 bytes - created on 18/06/2008 at 19:04, modified on 30/10/2008 at 06:00) --a---
plc4.dll (20480 bytes - created on 23/07/2007 at 21:31, modified on 31/10/2008 at 20:56) --a---
plds4.dll (17408 bytes - created on 23/07/2007 at 21:31, modified on 31/10/2008 at 20:56) --a---
PokerStars.log.0 (192326 bytes - created on 11/10/2007 at 04:00, modified on 11/10/2007 at 05:10) --a--c
QMStatusFile.txt (0 bytes - created on 06/11/2007 at 06:30, modified on 06/11/2007 at 06:30) --a--c
README.txt (181 bytes - created on 23/07/2007 at 21:31, modified on 30/10/2008 at 06:00) --a---
removed-files (13058 bytes - created on 25/07/2007 at 23:31, modified on 25/07/2007 at 23:31) --a--c
smime3.dll (103936 bytes - created on 23/07/2007 at 21:31, modified on 31/10/2008 at 20:56) --a---
softokn3.chk (476 bytes - created on 23/07/2007 at 21:31, modified on 30/10/2008 at 06:00) --a---
softokn3.dll (151552 bytes - created on 23/07/2007 at 21:31, modified on 30/10/2008 at 06:00) --a---
sqlite3.dll (395776 bytes - created on 18/06/2008 at 19:04, modified on 31/10/2008 at 20:56) --a---
ssl3.dll (136704 bytes - created on 23/07/2007 at 21:31, modified on 31/10/2008 at 20:56) --a---
updater.exe (242176 bytes - created on 23/07/2007 at 21:31, modified on 31/10/2008 at 20:56) --a---
updater.ini (862 bytes - created on 23/07/2007 at 21:31, modified on 30/10/2008 at 06:00) --a---
xpcom.dll (17920 bytes - created on 23/07/2007 at 21:31, modified on 31/10/2008 at 20:56) --a---
xul.dll (9729536 bytes - created on 18/06/2008 at 19:04, modified on 31/10/2008 at 20:56) --a---

==================================
[color=\"blue\"]=EOF=[/color]


# Mozilla User Preferences

/* Do not edit this file.
 *
 * If you make changes to this file while the application is running,
 * the changes will be overwritten when the application exits.
 *
 * To make a manual change to preferences, you can visit the URL about:config
 * For more information, see http://www.mozilla.org/unix/customizing.html#prefs
 */

user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1228790208);
user_pref("app.update.lastUpdateTime.background-update-timer", 1228790208);
user_pref("app.update.lastUpdateTime.blocklist-background-update-timer", 1228866467);
user_pref("app.update.lastUpdateTime.microsummary-generator-update-timer", 1228605780);
user_pref("app.update.lastUpdateTime.search-engine-update-timer", 1228853048);
user_pref("browser.anchor_color", "#0000FF");
user_pref("browser.display.background_color", "#C0C0C0");
user_pref("browser.display.use_system_colors", true);
user_pref("browser.download.manager.alertOnEXEOpen", true);
user_pref("browser.history_expire_days.mirror", 180);
user_pref("browser.history_expire_days_min", 0);
user_pref("browser.migration.version", 1);
user_pref("browser.places.importBookmarksHTML", false);
user_pref("browser.places.importDefaults", false);
user_pref("browser.places.leftPaneFolderId", -1);
user_pref("browser.places.migratePostDataAnnotations", false);
user_pref("browser.places.smartBookmarksVersion", 1);
user_pref("browser.places.updateRecentTagsUri", false);
user_pref("browser.search.selectedEngine", "Yoog Search");
user_pref("browser.search.useDBForOrder", true);
user_pref("browser.startup.homepage", "http://my.yahoo.com/");
user_pref("browser.startup.homepage_override.mstone", "rv:1.9.0.4");
user_pref("browser.visited_color", "#800080");
user_pref("extensions.enabledItems", "{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}:6.0.02,{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11,[email protected]:1.0,{635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.5.2.20080717,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.4");
user_pref("extensions.lastAppVersion", "3.0.4");
user_pref("extensions.update.notifyUser", false);
user_pref("intl.charsetmenu.browser.cache", "windows-1252, ISO-8859-1, UTF-8");
user_pref("keyword.URL", "http://www10.yoog.com/search.php?q=");
user_pref("network.cookie.prefsMigrated", true);
user_pref("pref.privacy.disable_button.view_passwords_exceptions", false);
user_pref("security.warn_viewing_mixed", false);
user_pref("spellchecker.dictionary", "en-US");
user_pref("urlclassifier.keyupdatetime.https://sb-ssl.google.com/safebrowsing/newkey", 1231197790);
user_pref("yahoo.addtomy", true);
user_pref("yahoo.homepage.dontask", true);
user_pref("yahoo.installer.country", "us");
user_pref("yahoo.installer.dc", "v1_yff2");
user_pref("yahoo.installer.language", "us");
user_pref("yahoo.installer.nd", 2);
user_pref("yahoo.installer.sc", "sunm");
user_pref("yahoo.installer.version", "1.5.2.20080717");
user_pref("yahoo.installer.version.simple", "1.5.2");
user_pref("yahoo.options.antispy", true);
user_pref("yahoo.options.iconsonly", false);
user_pref("yahoo.options.menubar", false);
user_pref("yahoo.options.showhistory", true);
user_pref("yahoo.options.showlivesearch", true);
user_pref("yahoo.supports.livesearch", true);
user_pref("yahoo.toolbar.searchbox.width", 55);

[guestolo]

Can you try the following for me please
Print this out, or save to a text file on desktop for reference

In Firefox, beside the address bar is the Search engine bar
Can you use the drop down arrow beside the search box, >>Select "Manage Search Engines"
If YOOG is listed, can you highlight it and remove it
Then Highlight Google and Hit OK

Close Firefox, don't reopen it until we are done

Navigate to the following folder
C:\Program Files\Mozilla Firefox
Inside that folder delete the file
.autoreg

Navigate to the following folder again
C:\Documents and Settings\HP_Owner.JONI\Application Data\Mozilla\Firefox\Profiles\*********.default
If you see a file called user.js
Delete it please, let me know later if you found that file

Right click on prefs.js again and choose edit
Can you delete these 2 lines
user_pref("browser.search.selectedEngine", "Yoog Search");
user_pref("keyword.URL", "http://www10.yoog.com/search.php?q=");

Delete them and leave no spaces from the next line

as eg...
user_pref("intl.charsetmenu.browser.cache", "windows-1252, ISO-8859-1, UTF-8");
user_pref("network.cookie.prefsMigrated", true);
When closing the file, ensure to save the changes, you will be prompted

Now reopen Firefox and let me know if Yoog Search is gone please
In addition, can you run RSIT.exe again and post only the new log from >>Log.txt

[notforyou]

Yoog is gone from the address line, Google opened.

Logfile of random's system information tool 1.04 (written by random/random)
Run by HP_Owner at 2008-12-10 14:28:07
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 82 GB (56%) free of 147 GB
Total RAM: 895 MB (57% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:28:10 PM, on 12/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_productsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_svc.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe
C:\Program Files\eAcceleration\OnAccess\onaccess.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\eAcceleration\Station\station_bk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\wuauclt.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Documents and Settings\HP_Owner.JONI\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\HP_Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [webscan] "C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe" -k
O4 - HKLM\..\Run: [SoftwareStation] "C:\Program Files\eAcceleration\Station\station.exe" /b Startup
O4 - HKLM\..\Run: [OnAccess] "C:\Program Files\eAcceleration\OnAccess\onaccess.exe" -erk
O4 - HKLM\..\Run: [eanth_critical_update_alert] C:\PROGRA~1\ACCELE~1\ANTI-V~1\EANTH_~1.EXE /Startup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_11.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_11.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: eAcceleration Notification Service (eac_notifysvc) - eAcceleration Corp - C:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_svc.exe
O23 - Service: eAcceleration Product Manager Service (eac_productsvc) - eAcceleration Corp - C:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_productsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: StopSign Antivirus Security Center Provider (sstsmonsvc) - eAcceleration Corp - C:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_svc.exe

--
End of file - 8611 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 54248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-06 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-06 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-06 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - HP view - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll [2003-11-21 98304]


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SiSPower"=C:\WINDOWS\system32\SiSPower.dll [2005-01-04 49152]
"HPBootOp"=C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe [2005-02-25 245760]
"LSBWatcher"=c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe [2004-10-14 253952]
"webscan"=C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe [2008-10-28 849248]
"SoftwareStation"=C:\Program Files\eAcceleration\Station\station.exe [2008-04-15 173392]
"OnAccess"=C:\Program Files\eAcceleration\OnAccess\onaccess.exe [2008-06-09 238944]
"eanth_critical_update_alert"=C:\PROGRA~1\ACCELE~1\ANTI-V~1\EANTH_~1.EXE [2008-12-06 105048]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-06 136600]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2005-07-13 180269]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"Aim6"=C:\Program Files\AIM6\aim6.exe [2008-03-25 50528]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\KEM.exe
Updates from HP.lnk - C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{42DD0873-5FA9-465D-90DE-0826020416A5}"=C:\Program Files\eAcceleration\OnAccess\onaccess_hk32.dll [2008-06-09 165216]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe"="C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe:*:Enabled:BackWeb for Pavilion"
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%ProgramFiles%\iTunes\iTunes.exe"="%ProgramFiles%\iTunes\iTunes.exe:*:enabled:iTunes"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fc31bb2a-c3f8-11dd-a522-806d6172696f}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480


======List of files/folders created in the last 1 months======

2008-12-10 12:39:39 ----A---- C:\DirLook.txt
2008-12-09 20:08:57 ----D---- C:\Documents and Settings\HP_Owner.JONI\Application Data\Malwarebytes
2008-12-09 20:08:52 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-09 20:08:52 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-09 20:02:57 ----D---- C:\_OTMoveIt
2008-12-09 17:49:10 ----D---- C:\rsit
2008-12-08 21:31:35 ----D---- C:\Documents and Settings\HP_Owner.JONI\Application Data\AdobeUM
2008-12-08 13:09:52 ----D---- C:\Documents and Settings\HP_Owner.JONI\Application Data\acccore
2008-12-08 04:50:51 ----N---- C:\WINDOWS\system32\tzchange.exe
2008-12-08 04:50:27 ----N---- C:\WINDOWS\system32\xpsp3res.dll
2008-12-08 03:02:03 ----D---- C:\WINDOWS\system32\PreInstall
2008-12-08 03:02:02 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2008-12-07 15:36:04 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-12-07 00:22:24 ----D---- C:\Documents and Settings\HP_Owner.JONI\Application Data\Adobe
2008-12-06 21:46:40 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-06 21:46:40 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-06 21:46:40 ----A---- C:\WINDOWS\system32\java.exe
2008-12-06 21:46:40 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-12-06 21:43:54 ----D---- C:\Documents and Settings\HP_Owner.JONI\Application Data\Sun
2008-12-06 21:37:47 ----D---- C:\Program Files\Trend Micro
2008-12-06 21:20:34 ----D---- C:\WINDOWS\Prefetch
2008-12-06 21:04:01 ----D---- C:\WINDOWS\system32\CatRoot_bak
2008-12-06 20:54:55 ----DC---- C:\WINDOWS\$NtUninstallKB956390$(2)
2008-12-06 20:50:40 ----D---- C:\WINDOWS\system32\en-us
2008-12-06 20:50:39 ----D---- C:\WINDOWS\system32\scripting
2008-12-06 20:17:45 ----D---- C:\Documents and Settings\HP_Owner.JONI\Application Data\eAcceleration
2008-12-06 20:16:13 ----D---- C:\Documents and Settings\All Users\Application Data\eAcceleration
2008-12-06 20:16:09 ----D---- C:\Program Files\eAcceleration
2008-12-06 19:30:08 ----A---- C:\WINDOWS\system32\LuResult.txt
2008-12-06 17:13:39 ----ASH---- C:\Documents and Settings\HP_Owner.JONI\Application Data\desktop.ini
2008-12-06 17:13:34 ----SD---- C:\Documents and Settings\HP_Owner.JONI\Application Data\Microsoft
2008-12-06 17:13:34 ----D---- C:\Documents and Settings\HP_Owner.JONI\Application Data\Symantec
2008-12-06 17:13:34 ----D---- C:\Documents and Settings\HP_Owner.JONI\Application Data\SampleView
2008-12-06 17:13:34 ----D---- C:\Documents and Settings\HP_Owner.JONI\Application Data\Real
2008-12-06 17:13:34 ----D---- C:\Documents and Settings\HP_Owner.JONI\Application Data\InterMute
2008-12-06 17:13:34 ----D---- C:\Documents and Settings\HP_Owner.JONI\Application Data\Identities
2008-12-06 17:13:34 ----D---- C:\Documents and Settings\HP_Owner.JONI\Application Data\Apple Computer
2008-12-06 17:09:01 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2008-12-06 16:24:51 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-12-06 15:56:32 ----A---- C:\WINDOWS\005313_.tmp
2008-12-06 15:41:47 ----RSHD---- C:\cmdcons
2008-12-06 15:41:10 ----D---- C:\WINDOWS\setupupd
2008-12-06 15:22:40 ----D---- C:\Documents and Settings\HP_Owner.JONI\Application Data\Mozilla
2008-12-06 15:19:24 ----D---- C:\Documents and Settings\HP_Owner.JONI\Application Data\Macromedia
2008-12-06 15:16:36 ----D---- C:\Documents and Settings\HP_Owner.JONI\Application Data\Logitech
2008-12-06 15:14:37 ----A---- C:\WINDOWS\system32\wmpns.dll
2008-12-06 14:08:14 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-12-06 14:08:06 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-12-06 14:08:00 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-12-06 14:07:53 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-12-06 14:07:44 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-12-06 14:07:28 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-12-06 14:07:19 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-12-06 13:29:02 ----AT---- C:\WINDOWS\004472_.tmp
2008-12-05 17:26:50 ----D---- C:\Program Files\Musaic Box
2008-12-03 06:19:17 ----HDC---- C:\WINDOWS\$NtUninstallKB956803_0$
2008-12-03 06:19:00 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-12-03 06:18:55 ----HDC---- C:\WINDOWS\$NtUninstallKB957095_0$
2008-12-03 06:18:36 ----HDC---- C:\WINDOWS\$NtUninstallKB954211_0$
2008-12-03 06:18:21 ----HDC---- C:\WINDOWS\$NtUninstallKB956841_0$
2008-12-03 06:16:34 ----HDC---- C:\WINDOWS\$NtUninstallKB957097_0$
2008-12-03 06:15:03 ----HDC---- C:\WINDOWS\$NtUninstallKB958644_0$
2008-12-03 06:14:57 ----HDC---- C:\WINDOWS\$NtUninstallKB955069_0$
2008-12-03 06:14:36 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$
2008-12-03 06:14:16 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
2008-11-30 08:11:55 ----D---- C:\Program Files\Mystery Case Files - Return to Ravenhearst
2008-11-19 07:26:38 ----D---- C:\Documents and Settings\All Users\Application Data\Gogii Games
2008-11-19 02:39:38 ----D---- C:\Program Files\Book of Legends
2008-11-18 09:12:15 ----D---- C:\Program Files\Bodog Poker
2008-11-17 15:21:20 ----D---- C:\Program Files\10 Days Under The Sea
2008-11-16 16:53:47 ----D---- C:\Program Files\Sportsbook Poker
2008-11-16 16:34:53 ----D---- C:\Program Files\BetUSPoker
2008-11-16 12:22:44 ----D---- C:\Program Files\Treasure Seekers - Visions of Gold

======List of files/folders modified in the last 1 months======

2008-12-10 14:26:01 ----D---- C:\Program Files\Mozilla Firefox
2008-12-10 14:21:21 ----HD---- C:\WINDOWS\inf
2008-12-10 14:21:19 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-10 08:14:29 ----D---- C:\WINDOWS\Temp
2008-12-10 08:14:25 ----D---- C:\WINDOWS
2008-12-10 08:14:17 ----D---- C:\WINDOWS\system32
2008-12-10 08:13:38 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-10 08:07:08 ----A---- C:\WINDOWS\imsins.BAK
2008-12-10 08:06:48 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP10$
2008-12-09 23:27:24 ----D---- C:\Program Files
2008-12-09 20:08:55 ----D---- C:\WINDOWS\system32\drivers
2008-12-09 20:01:21 ----SHD---- C:\WINDOWS\Installer
2008-12-09 20:01:21 ----HD---- C:\Config.Msi
2008-12-09 20:01:17 ----D---- C:\Program Files\Java
2008-12-09 16:24:55 ----D---- C:\Program Files\PokerStars
2008-12-09 03:07:28 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-12-09 03:07:18 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-12-09 03:07:07 ----D---- C:\Program Files\Messenger
2008-12-09 03:07:06 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-12-09 03:06:42 ----HDC---- C:\WINDOWS\$NtUninstallKB923723$
2008-12-09 03:06:13 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-12-09 03:06:02 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-12-09 03:03:58 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2008-12-09 03:03:39 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-12-09 03:03:15 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-12-09 03:03:04 ----HDC---- C:\WINDOWS\$NtUninstallKB923689$
2008-12-09 03:02:45 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-12-09 03:01:58 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-12-09 03:01:47 ----D---- C:\WINDOWS\WinSxS
2008-12-09 03:01:44 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-12-09 03:01:04 ----D---- C:\Program Files\Internet Explorer
2008-12-08 04:56:32 ----D---- C:\WINDOWS\system32\CatRoot
2008-12-08 03:02:02 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2008-12-07 15:38:53 ----D---- C:\Program Files\iTunes
2008-12-07 15:37:56 ----D---- C:\Program Files\QuickTime
2008-12-07 11:13:21 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-12-07 08:19:50 ----D---- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
2008-12-06 21:33:12 ----SD---- C:\WINDOWS\Tasks
2008-12-06 21:33:12 ----D---- C:\Program Files\Easy Internet signup
2008-12-06 21:24:18 ----D---- C:\Program Files\Acceleration Software
2008-12-06 21:24:00 ----D---- C:\Program Files\Common Files\eAcceleration
2008-12-06 21:20:01 ----D---- C:\Program Files\Symantec
2008-12-06 21:20:01 ----D---- C:\Program Files\Common Files
2008-12-06 21:20:01 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2008-12-06 21:19:56 ----RSD---- C:\WINDOWS\Fonts
2008-12-06 21:19:56 ----D---- C:\WINDOWS\system32\wbem
2008-12-06 21:19:56 ----D---- C:\WINDOWS\AppPatch
2008-12-06 21:19:33 ----D---- C:\WINDOWS\system32\config
2008-12-06 21:18:44 ----D---- C:\WINDOWS\Registration
2008-12-06 21:15:05 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-12-06 21:12:33 ----D---- C:\WINDOWS\EHome
2008-12-06 21:05:36 ----D---- C:\WINDOWS\system32\usmt
2008-12-06 21:05:36 ----D---- C:\WINDOWS\system
2008-12-06 21:05:33 ----D---- C:\WINDOWS\system32\oobe
2008-12-06 21:05:30 ----D---- C:\WINDOWS\system32\Setup
2008-12-06 21:05:17 ----D---- C:\WINDOWS\Help
2008-12-06 21:05:17 ----D---- C:\Program Files\Common Files\System
2008-12-06 21:05:16 ----D---- C:\Program Files\Outlook Express
2008-12-06 21:05:12 ----D---- C:\Program Files\Windows NT
2008-12-06 21:05:12 ----D---- C:\Program Files\Windows Media Player
2008-12-06 21:05:10 ----D---- C:\WINDOWS\system32\Com
2008-12-06 21:05:10 ----D---- C:\Program Files\NetMeeting
2008-12-06 21:05:07 ----D---- C:\WINDOWS\ime
2008-12-06 21:05:06 ----D---- C:\WINDOWS\srchasst
2008-12-06 21:05:02 ----D---- C:\WINDOWS\msagent
2008-12-06 21:05:00 ----D---- C:\WINDOWS\system32\npp
2008-12-06 21:04:59 ----D---- C:\WINDOWS\system32\Restore
2008-12-06 21:04:56 ----D---- C:\Program Files\Movie Maker
2008-12-06 21:04:46 ----D---- C:\WINDOWS\PeerNet
2008-12-06 21:02:29 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-06 21:00:37 ----A---- C:\WINDOWS\ntbtlog.txt
2008-12-06 20:58:17 ----A---- C:\WINDOWS\setuplog.txt
2008-12-06 20:55:42 ----D---- C:\WINDOWS\security
2008-12-06 20:50:38 ----AD---- C:\WINDOWS\system32\en
2008-12-06 20:46:59 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-12-06 19:39:06 ----D---- C:\Documents and Settings\All Users\Application Data\Intuit
2008-12-06 19:34:39 ----SHD---- C:\RECYCLER
2008-12-06 17:13:33 ----D---- C:\Documents and Settings
2008-12-06 17:12:13 ----D---- C:\sysprep
2008-12-06 17:10:36 ----RASH---- C:\BOOT.BAK
2008-12-06 17:09:11 ----D---- C:\WINDOWS\SoftwareDistribution
2008-12-06 17:06:26 ----A---- C:\WINDOWS\system.ini
2008-12-06 16:45:26 ----HD---- C:\hp
2008-12-06 16:44:59 ----D---- C:\WINDOWS\I386
2008-12-06 16:42:14 ----D---- C:\Program Files\Common Files\Services
2008-12-06 16:41:52 ----D---- C:\WINDOWS\system32\ras
2008-12-06 16:41:23 ----D---- C:\WINDOWS\system32\icsxml
2008-12-06 16:41:22 ----D---- C:\WINDOWS\system32\ias
2008-12-06 16:39:24 ----RD---- C:\WINDOWS\Web
2008-12-06 16:39:24 ----D---- C:\WINDOWS\addins
2008-12-06 16:39:17 ----D---- C:\WINDOWS\Media
2008-12-06 16:39:04 ----D---- C:\WINDOWS\Cursors
2008-12-06 16:39:02 ----AHDC---- C:\WINDOWS\$NtUninstallKB891781$
2008-12-06 16:39:02 ----AHDC---- C:\WINDOWS\$NtUninstallKB890175$
2008-12-06 16:39:02 ----AHDC---- C:\WINDOWS\$NtUninstallKB888239$
2008-12-06 16:39:02 ----AHDC---- C:\WINDOWS\$NtUninstallKB888113$
2008-12-06 16:39:02 ----AHDC---- C:\WINDOWS\$NtUninstallKB887742$
2008-12-06 16:39:02 ----AHDC---- C:\WINDOWS\$NtUninstallKB885836$
2008-12-06 16:39:01 ----AHDC---- C:\WINDOWS\$NtUninstallKB885835$
2008-12-06 16:39:01 ----AHDC---- C:\WINDOWS\$NtUninstallKB885250$
2008-12-06 16:39:01 ----AHDC---- C:\WINDOWS\$NtUninstallKB883667$
2008-12-06 16:39:01 ----AHDC---- C:\WINDOWS\$NtUninstallKB873339$
2008-12-06 16:39:01 ----AHDC---- C:\WINDOWS\$NtUninstallKB867282$
2008-12-06 16:38:57 ----RHD---- C:\MSOCache
2008-12-06 16:38:34 ----RD---- C:\WINDOWS\Offline Web Pages
2008-12-06 16:38:33 ----RSD---- C:\WINDOWS\assembly
2008-12-06 15:42:58 ----RASH---- C:\boot. ini
2008-12-06 15:41:47 ----A---- C:\WINDOWS\UPGRADE.TXT
2008-12-06 15:17:46 ----A---- C:\WINDOWS\system32\ssmute.ini
2008-12-06 15:14:39 ----A---- C:\WINDOWS\OEWABLog.txt
2008-12-06 13:11:53 ----HDC---- C:\WINDOWS\ie7
2008-12-06 13:09:49 ----HDC---- C:\WINDOWS\$NtUninstallKB915865$
2008-12-06 13:08:25 ----HDC---- C:\WINDOWS\$NtUninstallKB904942$
2008-12-06 09:11:42 ----A---- C:\WINDOWS\IE4 Error Log.txt
2008-12-02 06:33:34 ----D---- C:\WINDOWS\Minidump
2008-11-30 21:48:12 ----D---- C:\Program Files\LimeWire
2008-11-24 02:21:22 ----D---- C:\Documents and Settings\All Users\Application Data\MysteryChronicles
2008-11-22 05:15:19 ----D---- C:\Program Files\Oberon Media
2008-11-15 04:19:38 ----D---- C:\Program Files\GameHouse
2008-11-13 11:58:07 ----D---- C:\Program Files\Full Tilt Poker.Net

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 SiSkp;SiSkp; C:\WINDOWS\system32\DRIVERS\srvkp.sys [2005-04-12 11904]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2004-06-29 1268204]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-04-20 2317696]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 HidBatt;HID UPS Battery Driver; C:\WINDOWS\system32\DRIVERS\HidBatt.sys [2001-08-17 19200]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-04 9600]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
R3 Ps2;PS2; C:\WINDOWS\system32\DRIVERS\PS2.sys [2001-06-04 14112]
R3 SiS315;SiS315; C:\WINDOWS\system32\DRIVERS\sisgrp.sys [2005-04-12 247296]
R3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\sisnic.sys [2003-07-11 32768]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys []
S3 PcdrNdisuio;PCDRNDISUIO Usermode I/O Protocol; C:\WINDOWS\system32\DRIVERS\pcdrndisuio.sys [2005-01-19 12416]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-10-01 32000]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2004-08-04 5504]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 eac_notifysvc;eAcceleration Notification Service; C:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_svc.exe [2008-10-22 111952]
R2 eac_productsvc;eAcceleration Product Manager Service; C:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_productsvc.exe [2008-10-22 263504]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-06 152984]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [2005-05-08 53248]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 sstsmonsvc;StopSign Antivirus Security Center Provider; C:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_svc.exe [2008-10-22 111952]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-09-29 69632]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-04 267776]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

-----------------EOF-----------------

[guestolo]

I have to step out for a bit

If you see a file called user.js
Delete it please, let me know later if you found that file

Did you find and delete that file?

go to this link
http://www.virustotal.com/flash/index_en.html
Copy and paste the following bold line to the space next to  'Upload a File'
If using Firefox, you may have to paste to the Filename field of the File Upload box that opens
Or Browse to the file

C:\WINDOWS\005313_.tmp
Then use the SEND FILE button
Let it finish scanning
Could you post back the results this scan back here please
Or better yet, just link to the results page

Do the same for this one too please
C:\WINDOWS\004472_.tmp

[notforyou]

[quote name=\'guestolo\' post=\'449668\' date=\'Dec 10 2008, 03:08 PM\']I have to step out for a bit


Did you find and delete that file?

go to this link
http://www.virustotal.com/flash/index_en.html
Copy and paste the following bold line to the space next to  'Upload a File'
If using Firefox, you may have to paste to the Filename field of the File Upload box that opens
Or Browse to the file

C:\WINDOWS\005313_.tmp
Then use the SEND FILE button
Let it finish scanning
Could you post back the results this scan back here please
Or better yet, just link to the results page

Do the same for this one too please
C:\WINDOWS\004472_.tmp[/quote]

Yes, I deleted the file. Sorry, knew I forgot something in the last reply.

http://www.virustotal.com/analisis/94d4e2b...a89081056a8ed72

When I try to upload 004472_ it goes to a page saying 0 bytes size received.

I'm emailing it to them and will post results when I get them.

[notforyou]

I still haven't gotten results back for the second file and I still get the same messages when I try to upload it. Any suggestions?

[guestolo]

Can you do the following

Go ahead and delete RSIT.exe and it's folder>>C:\rsit
Delete DirLook.exe and it's log>>C:\DirLook.txt

download [color=\"#FF0000\"]ATF Cleaner[/color][/url] by Atribune.

      Double-click ATF-Cleaner.exe to run the program.
      Under Main choose: Select All
      Click the Empty Selected button.

Click Firefox at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

Afterwards:
Find both of those files and send them to the recycle bin
C:\WINDOWS\005313_.tmp
C:\WINDOWS\004472_.tmp
Leave them there for a bit, you can delete them later

Access your Add and Remove Programs and uninstall your older version of Java
J2SE Runtime Environment 5.0

Don't reboot yet
Instead, Double click on OTMoveit3.exe to run it

• Click the Cleanup! button
  A list will be downloaded>>Allow it Internet access if prompted by your Firewall
  Don't change anything in this list
  
• Select Yes at the prompt
  Wait for the confirmation box to open to reboot the computer
  Don't mouseclick during the wait as you may cause the tool to stall
  
• Select Yes to reboot Now
  

NOTE: This procedure will also delete OTMoveit.exe from desktop

Back in Windows
I suggest that you add SpywareBlaster to your protection software
SpywareBlaster  by JavaCool  

*Will block bad ActiveX Controls
*Block Malevolent cookies in Internet Explorer and Firefox
*Restrict actions of potentially dangerous sites in Internet Explorer

Select Manual updating when installing
After installation, Check for updates
After updating, select "Protection Status" on the Left
Then select "Enable all Protection"
"Check for updates every couple of weeks"
after every update just simply click the "enable protection on all unprotected items"
or again, click on Protection Startus>>enable all protection

Take a look at miekiemoes site with other ideas on How to prevent Malware:

NOTE: Leave those 2 files in the recycle bin for a few days, if you find no affects from them being gone, just delete them
In addition, if you find startup a bit slower, ATF-Cleaner also clears your Prefetch folder
Startup will get faster as this folder is repopulated

You can hold onto ATF-Cleaner or simply delete it if you don't want it
I suggest that you hold onto MalwareByte's Anti-Malware
Update and run a Quick Scan occassionally
If you decide to hold onto it, open MBAM, click on the Quarantine tab and choose "Delete All" from the bottom button

[notforyou]

So far, so good on everything. Yoog is still gone and I haven't gotten any of the contextual pop-ups since we started with this. Thanks a ton for your help on this. If I run across anyone else with the contextual problem, I'll try to send them your way with the file.

[guestolo]

Glad to help, I'll lock this topic as your problems appear resolved
Take care notforyou  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'\' />