Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Firefox: Not sure what virus, maybe Virtumonde


  • This topic is locked This topic is locked
9 replies to this topic

#1 df0nkv

df0nkv

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:03 AM

Posted 07 December 2008 - 03:17 PM

Hello,

I'm very to new to all of this stuff, so all help I get is appreciated :thumbsup:

Anyway, lately, my computer's been moving a lot slower, and I've been getting a lot of pop-ups. When I tried to run Ad-Aware SE, my computer simply shut down and restarted itself. I don't know what's wrong, but when I last ran Ad-Aware, I saw a Virtumonde virus that wouldn't go away.

Anyway, I ran RSIT, and here's the log:

Logfile of random's system information tool 1.04 (written by random/random)
Run by Amanda at 2008-12-07 12:13:40
Microsoft Windows XP Professional Service Pack 1
System drive C: has 63 GB (63%) free of 100 GB
Total RAM: 2047 MB (70% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:13:51 PM, on 12/7/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\IObit\Advanced WindowsCare 3 Beta\awcservice.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\WINDOWS\System32\hphmon04.exe
C:\WINDOWS\System32\prunnet.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\DOCUME~1\Amanda\LOCALS~1\Temp\winlogin.exe
C:\WINDOWS\System32\rs32net.exe
C:\WINDOWS\system32\sysmgr.exe
C:\windows\system32\rrwnw64r.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\System32\IoctlSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Connection Wizard\ConnectionWizard.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\System32\mcntksdl.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\Amanda\LOCALS~1\Temp\csrssc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Amanda\My Documents\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Amanda.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {39B7BAC6-BF39-4AFE-9454-A71263323226} - C:\WINDOWS\System32\fccaXnOG.dll
O2 - BHO: (no name) - {65b3e67d-05a1-49c8-b414-8ce755a0cbc1} - C:\WINDOWS\System32\tilepilo.dll
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\System32\wvUlkHWO.dll
O2 - BHO: C:\WINDOWS\System32\hsd63geff.dll - {C5AF42A3-94F3-42BD-F434-3604832C897D} - C:\WINDOWS\System32\hsd63geff.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [prunnet] "C:\WINDOWS\System32\prunnet.exe"
O4 - HKLM\..\Run: [Kbocusije] rundll32.exe "C:\WINDOWS\Jwihegexin.dll",e
O4 - HKLM\..\Run: [xsjfn83jkemfofght] C:\DOCUME~1\Amanda\LOCALS~1\Temp\winlogin.exe
O4 - HKLM\..\Run: [Bar] C:\DOCUME~1\Amanda\LOCALS~1\Temp\nsxwrecaom.tmp
O4 - HKLM\..\Run: [rs32net] C:\WINDOWS\System32\rs32net.exe
O4 - HKLM\..\Run: [Microsoft® System Manager] C:\WINDOWS\system32\sysmgr.exe
O4 - HKLM\..\Run: [{28-8A-A2-2C-DW}] C:\windows\system32\rrwnw64r.exe DWmmm01FF
O4 - HKLM\..\Run: [jghloxvdtai] C:\WINDOWS\System32\regsvr32.exe /s "C:\WINDOWS\System32\xigjzdbgtvhg.dll"
O4 - HKLM\..\Run: [{bbdca613-b4e9-e606-12ce-c0c31c45ba31}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\System32\sostrodufwjblzh.dll" DllStart
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\System32\mcntksdl.exe DWmmm01FF
O4 - HKLM\..\Run: [IUpd721] C:\Documents and Settings\Amanda\Application Data\NI.GSCNS\IUpd721.exe
O4 - HKLM\..\Run: [bamadoyazu] Rundll32.exe "C:\WINDOWS\System32\juzutase.dll",s
O4 - HKLM\..\Run: [Klujidedugugeka] rundll32.exe "C:\WINDOWS\ukoqaluxocacir.dll",e
O4 - HKLM\..\Run: [jsg8jfgfdfhfhf] C:\DOCUME~1\Amanda\LOCALS~1\Temp\winlogun.exe
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [prunnet] "C:\WINDOWS\System32\prunnet.exe"
O4 - HKCU\..\Run: [xsjfn83jkemfofght] C:\DOCUME~1\Amanda\LOCALS~1\Temp\winlogin.exe
O4 - HKCU\..\Run: [user16] C:\WINDOWS\System32\winhlp.exe
O4 - HKCU\..\Run: [Jnskdfmf9eldfd] C:\DOCUME~1\Amanda\LOCALS~1\Temp\csrssc.exe
O4 - HKCU\..\Run: [rs32net] C:\WINDOWS\System32\rs32net.exe
O4 - HKCU\..\Run: [12ZFG94-F641-2SF-K31P-5N1ER6H6L2] C:\RECYCLER\S-1-5-21-7715790372-1206344403-741175555-9549\service.exe
O4 - HKCU\..\Run: [jsg8jfgfdfhfhf] C:\DOCUME~1\Amanda\LOCALS~1\Temp\winlogun.exe
O4 - HKCU\..\Run: [ttool] C:\WINDOWS\9129837.exe
O4 - HKUS\S-1-5-19\..\Run: [bamadoyazu] Rundll32.exe "C:\WINDOWS\System32\juzutase.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [bamadoyazu] Rundll32.exe "C:\WINDOWS\System32\juzutase.dll",s (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Jnskdfmf9eldfd] C:\WINDOWS\TEMP\csrssc.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Jnskdfmf9eldfd] C:\WINDOWS\TEMP\csrssc.exe (User 'Default user')
O4 - Startup: BitTorrent SpeedUp Pro.lnk = C:\Program Files\BitTorrent SpeedUp Pro\BitTorrent SpeedUp Pro.exe
O4 - Startup: CorelCENTRAL Alarms.LNK = C:\Program Files\Corel\WordPerfect Office 2000\programs\alarm.exe
O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\mcntksdl.exe
O4 - Startup: Desktop Application Director 9.LNK = C:\Program Files\Corel\WordPerfect Office 2000\programs\dad9.exe
O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\rrwnw64r.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O15 - Trusted Zone: *.amaena.com
O15 - Trusted Zone: *.antimalwareguard.com
O15 - Trusted Zone: *.antispyexpert.com
O15 - Trusted Zone: *.avsystemcare.com
O15 - Trusted Zone: *.gomyhit.com
O15 - Trusted Zone: *.imageservr.com
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.onerateld.com
O15 - Trusted Zone: *.safetydownload.com
O15 - Trusted Zone: *.spyguardpro.com
O15 - Trusted Zone: *.storageguardsoft.com
O15 - Trusted Zone: *.trustedantivirus.com
O15 - Trusted Zone: *.virusremover2008.com
O15 - Trusted Zone: *.virusschlacht.com
O15 - Trusted Zone: *.amaena.com (HKLM)
O15 - Trusted Zone: *.antimalwareguard.com (HKLM)
O15 - Trusted Zone: *.antispyexpert.com (HKLM)
O15 - Trusted Zone: *.avsystemcare.com (HKLM)
O15 - Trusted Zone: *.gomyhit.com (HKLM)
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.onerateld.com (HKLM)
O15 - Trusted Zone: *.safetydownload.com (HKLM)
O15 - Trusted Zone: *.spyguardpro.com (HKLM)
O15 - Trusted Zone: *.storageguardsoft.com (HKLM)
O15 - Trusted Zone: *.trustedantivirus.com (HKLM)
O15 - Trusted Zone: *.virusremover2008.com (HKLM)
O15 - Trusted Zone: *.virusschlacht.com (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/instal...llMgr_v01_6.cab
O20 - AppInit_DLLs: C:\WINDOWS\System32\karozeza.dll
O20 - Winlogon Notify: fvbgkfe - C:\WINDOWS\SYSTEM32\fvbgkfe.dll
O20 - Winlogon Notify: wvUlkHWO - C:\WINDOWS\SYSTEM32\wvUlkHWO.dll
O22 - SharedTaskScheduler: mcb7uehuj3n8weuhejsw - {C5BF49A2-94F3-42BD-F434-3604812C897D} - C:\WINDOWS\System32\jsdf8j3dgf.dll
O22 - SharedTaskScheduler: lke3iemrl490kgfgdsfd - {C5AF42A3-94F3-42BD-F434-3604832C897D} - C:\WINDOWS\System32\hsd63geff.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Advanced WindowsCare Boost Service (AwcService) - IObit - C:\Program Files\IObit\Advanced WindowsCare 3 Beta\awcservice.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: FCI - Unknown owner - C:\WINDOWS\System32\svchost.exe:ext.exe
O23 - Service: ICF - Unknown owner - C:\WINDOWS\System32\svchost.exe:ext.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\System32\IoctlSvc.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 14330 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\AWC AutoCare.job
C:\WINDOWS\tasks\AWC AutoSweep.job
C:\WINDOWS\tasks\AWC Update.job
C:\WINDOWS\tasks\vyshrnvl.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-03-20 803864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39B7BAC6-BF39-4AFE-9454-A71263323226}]
C:\WINDOWS\System32\fccaXnOG.dll [2008-12-05 302592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{65b3e67d-05a1-49c8-b414-8ce755a0cbc1}]
C:\WINDOWS\System32\tilepilo.dll [2008-09-05 61952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]
C:\WINDOWS\System32\wvUlkHWO.dll [2008-12-02 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C5AF42A3-94F3-42BD-F434-3604832C897D}]
C:\WINDOWS\System32\hsd63geff.dll - C:\WINDOWS\System32\hsd63geff.dll [2008-12-07 15000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E718888-423F-11D2-876E-00A0C9082467} - &Radio - C:\WINDOWS\System32\msdxm.ocx [2002-08-29 842268]
{DE9C389F-3316-41A7-809B-AA305ED9D922} - AOL Toolbar - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll [2005-08-02 524288]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-03-20 803864]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"CTSysVol"=C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe [2003-09-17 57344]
"CTDVDDET"=C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE [2003-06-18 45056]
"CTHelper"=C:\WINDOWS\system32\CTHELPER.EXE [2003-10-05 24576]
"SBDrvDet"=C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe [2002-12-03 45056]
"UpdReg"=C:\WINDOWS\UpdReg.EXE [2000-05-11 90112]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2002-08-28 208953]
"MSPY2002"=C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe [2002-08-28 59392]
"PHIME2002ASync"=C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE [2002-08-28 455168]
"PHIME2002A"=C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE [2002-08-28 455168]
"HP Software Update"=C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe [2003-06-25 49152]
"HP Component Manager"=C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2004-05-12 241664]
"HPDJ Taskbar Utility"=C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe [2006-01-06 188416]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe [2007-07-12 132496]
"D-Link AirPlus G"=C:\Program Files\D-Link\AirPlus G\AirGCFG.exe [2005-03-18 1228800]
"ANIWZCS2Service"=C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe [2004-12-16 49152]
"StormCodec_Helper"=C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe [2006-11-26 97357]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2007-08-17 185632]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-05-11 40048]
"Sony Ericsson PC Suite"=C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [2005-10-26 159744]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2007-12-11 286720]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2007-12-11 267048]
"HPHmon04"=C:\WINDOWS\System32\hphmon04.exe [2006-01-06 348160]
"NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2008-04-28 570664]
"prunnet"=C:\WINDOWS\System32\prunnet.exe [2008-12-02 35084]
"Kbocusije"=C:\WINDOWS\Jwihegexin.dll [2008-12-02 40448]
"xsjfn83jkemfofght"=C:\DOCUME~1\Amanda\LOCALS~1\Temp\winlogin.exe [2008-12-02 15000]
"Bar"=C:\DOCUME~1\Amanda\LOCALS~1\Temp\nsxwrecaom.tmp [2008-12-02 110592]
"rs32net"=C:\WINDOWS\System32\rs32net.exe [2008-12-02 22528]
"Microsoft® System Manager"=C:\WINDOWS\system32\sysmgr.exe [2008-12-02 46080]
"{28-8A-A2-2C-DW}"=C:\windows\system32\rrwnw64r.exe [2008-12-02 282647]
"jghloxvdtai"=C:\WINDOWS\System32\regsvr32.exe [2001-08-23 9728]
"{bbdca613-b4e9-e606-12ce-c0c31c45ba31}"=C:\WINDOWS\System32\sostrodufwjblzh.dll [2008-07-31 160768]
"ExploreUpdSched"=C:\WINDOWS\System32\mcntksdl.exe [2008-12-02 548928]
"IUpd721"=C:\Documents and Settings\Amanda\Application Data\NI.GSCNS\IUpd721.exe [2008-12-02 403968]
"bamadoyazu"=C:\WINDOWS\System32\juzutase.dll [2008-09-05 61952]
"Klujidedugugeka"=C:\WINDOWS\ukoqaluxocacir.dll [2008-12-05 133632]
"jsg8jfgfdfhfhf"=C:\DOCUME~1\Amanda\LOCALS~1\Temp\winlogun.exe [2008-12-07 15000]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"RemoteCenter"=C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE [2003-10-08 139264]
"ctfmon.exe"=C:\WINDOWS\System32\ctfmon.exe [2002-08-29 13312]
"MSMSGS"=C:\Program Files\Messenger\MSMSGS.EXE [2004-11-15 1670144]
"BitTorrent DNA"=C:\Program Files\DNA\btdna.exe [2008-11-12 342336]
"prunnet"=C:\WINDOWS\System32\prunnet.exe [2008-12-02 35084]
"xsjfn83jkemfofght"=C:\DOCUME~1\Amanda\LOCALS~1\Temp\winlogin.exe [2008-12-02 15000]
"user16"=C:\WINDOWS\System32\winhlp.exe [2008-12-02 104448]
"Jnskdfmf9eldfd"=C:\DOCUME~1\Amanda\LOCALS~1\Temp\csrssc.exe [2008-12-07 22017]
"rs32net"=C:\WINDOWS\System32\rs32net.exe [2008-12-02 22528]
"12ZFG94-F641-2SF-K31P-5N1ER6H6L2"=C:\RECYCLER\S-1-5-21-7715790372-1206344403-741175555-9549\service.exe [2008-12-02 72704]
"jsg8jfgfdfhfhf"=C:\DOCUME~1\Amanda\LOCALS~1\Temp\winlogun.exe [2008-12-07 15000]
"ttool"=C:\WINDOWS\9129837.exe [2008-12-07 59904]

C:\Documents and Settings\Amanda\Start Menu\Programs\Startup
BitTorrent SpeedUp Pro.lnk - C:\Program Files\BitTorrent SpeedUp Pro\BitTorrent SpeedUp Pro.exe
CorelCENTRAL Alarms.LNK - C:\Program Files\Corel\WordPerfect Office 2000\programs\alarm.exe
Deewoo.lnk - C:\WINDOWS\system32\mcntksdl.exe
Desktop Application Director 9.LNK - C:\Program Files\Corel\WordPerfect Office 2000\programs\dad9.exe
DW_Start.lnk - C:\WINDOWS\system32\rrwnw64r.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\WINDOWS\System32\karozeza.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-06-26 118784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\fvbgkfe]
C:\WINDOWS\system32\fvbgkfe.dll [2008-12-07 21504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wvUlkHWO]
C:\WINDOWS\system32\wvUlkHWO.dll [2008-12-02 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
mcb7uehuj3n8weuhejsw - {C5BF49A2-94F3-42BD-F434-3604812C897D} - C:\WINDOWS\System32\jsdf8j3dgf.dll [2008-12-05 15000]
lke3iemrl490kgfgdsfd - {C5AF42A3-94F3-42BD-F434-3604832C897D} - C:\WINDOWS\System32\hsd63geff.dll [2008-12-07 15000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"=C:\WINDOWS\System32\wvUlkHWO.dll [2008-12-02 34816]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\System32\fccaXnOG
"notification packages"=scecli
C:\WINDOWS\System32\karozeza.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati3ggxx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ati3ggxx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableRegistryTools"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoFolderOptions"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoResolveSearch"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2008-12-07 12:13:40 ----D---- C:\rsit
2008-12-07 11:45:09 ----HD---- C:\WINDOWS\PIF
2008-12-07 11:14:10 ----D---- C:\Program Files\Trend Micro
2008-12-07 10:17:57 ----A---- C:\WINDOWS\9129837.exe
2008-12-07 10:17:19 ----A---- C:\WINDOWS\System32\hsd63geff.dll
2008-12-07 10:17:07 ----A---- C:\ruldmeb.exe
2008-12-07 09:04:20 ----A---- C:\WINDOWS\System32\hidserv.dll
2008-12-05 17:14:14 ----A---- C:\WINDOWS\ukoqaluxocacir.dll
2008-12-05 17:07:14 ----D---- C:\Documents and Settings\Amanda\Application Data\IUpd721
2008-12-05 17:07:11 ----ASH---- C:\WINDOWS\System32\GOnXaccf.ini2
2008-12-05 17:07:11 ----ASH---- C:\WINDOWS\System32\GOnXaccf.ini
2008-12-05 17:07:06 ----A---- C:\WINDOWS\System32\fccaXnOG.dll
2008-12-05 17:02:40 ----A---- C:\WINDOWS\System32\qwurkglnnpkvf.dll-uninst.exe
2008-12-05 17:02:35 ----A---- C:\WINDOWS\System32\gside.exe
2008-12-05 16:59:19 ----A---- C:\xmimb.exe
2008-12-05 16:59:09 ----A---- C:\WINDOWS\System32\jsdf8j3dgf.dll
2008-12-02 16:08:59 ----A---- C:\WINDOWS\System32\fvbgkfe32.dll
2008-12-02 16:05:16 ----A---- C:\WINDOWS\System32\rrwnw64r.exe
2008-12-02 16:04:43 ----A---- C:\WINDOWS\System32\fvbgkfe.dll
2008-12-02 16:03:12 ----D---- C:\WINDOWS\System32\VC
2008-12-02 16:03:12 ----D---- C:\WINDOWS\System32\uv9
2008-12-02 16:03:12 ----D---- C:\WINDOWS\System32\ki3
2008-12-02 16:03:12 ----D---- C:\WINDOWS\System32\bin
2008-12-02 16:03:10 ----A---- C:\WINDOWS\System32\ddcDuUop.dll
2008-12-02 16:03:09 ----D---- C:\Documents and Settings\Amanda\Application Data\NI.GSCNS
2008-12-02 16:00:50 ----A---- C:\WINDOWS\System32\37014efd-.txt
2008-12-02 16:00:02 ----ASH---- C:\WINDOWS\System32\OUCJknnn.ini
2008-12-02 15:57:07 ----A---- C:\WINDOWS\System32\ahgqhbutvsifekath.exe
2008-12-02 15:57:05 ----A---- C:\WINDOWS\System32\mcntksdl.exe
2008-12-02 15:57:02 ----A---- C:\WINDOWS\System32\g11.exe
2008-12-02 15:56:55 ----A---- C:\WINDOWS\System32\fqjmpmctomfocmobq.exe
2008-12-02 15:56:52 ----D---- C:\Program Files\webHancer
2008-12-02 15:56:50 ----A---- C:\WINDOWS\System32\dwwnw64r.exe
2008-12-02 15:55:47 ----A---- C:\ipkc.exe
2008-12-02 15:55:42 ----A---- C:\sphwnmcj.exe
2008-12-02 15:55:42 ----A---- C:\ftnc.exe
2008-12-02 15:55:40 ----A---- C:\smjuhwc.exe
2008-12-02 15:55:34 ----A---- C:\yjvmtaa.exe
2008-12-02 15:55:29 ----A---- C:\WINDOWS\System32\sysmgr.exe
2008-12-02 15:55:29 ----A---- C:\WINDOWS\System32\msvcrt2.dll
2008-12-02 15:55:13 ----A---- C:\WINDOWS\System32\rs32net.exe
2008-12-02 15:55:12 ----A---- C:\WINDOWS\System32\winhlp.exe
2008-12-02 15:55:09 ----A---- C:\qthqdso.exe
2008-12-02 15:55:06 ----A---- C:\kxhvehm.exe
2008-12-02 15:55:06 ----A---- C:\gaku.exe
2008-12-02 15:55:05 ----A---- C:\mguvbfr.exe
2008-12-02 15:55:04 ----A---- C:\WINDOWS\System32\gs73gfidgf.dll
2008-12-02 15:55:02 ----A---- C:\WINDOWS\Jwihegexin.dll
2008-12-02 15:55:01 ----A---- C:\fjytg.exe
2008-12-02 15:54:53 ----A---- C:\WINDOWS\System32\wvUljHYr.dll
2008-12-02 15:54:51 ----A---- C:\WINDOWS\System32\wvUlkHWO.dll
2008-12-02 15:54:46 ----A---- C:\WINDOWS\System32\prunnet.exe
2008-11-24 08:27:14 ----A---- C:\WINDOWS\System32\xigjzdbgtvhg.dll

======List of files/folders modified in the last 1 months======

2008-12-07 12:02:20 ----D---- C:\Program Files\Mozilla Firefox
2008-12-07 11:55:32 ----D---- C:\WINDOWS\System32\drivers
2008-12-07 11:55:31 ----D---- C:\WINDOWS\Temp
2008-12-07 11:50:43 ----RSHDC---- C:\WINDOWS\System32\dllcache
2008-12-07 11:50:39 ----D---- C:\WINDOWS\System32\CatRoot2
2008-12-07 11:50:37 ----A---- C:\WINDOWS\System32\svchost.exe
2008-12-07 11:48:31 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-07 11:45:09 ----D---- C:\WINDOWS
2008-12-07 11:14:10 ----RD---- C:\Program Files
2008-12-07 10:36:43 ----SHD---- C:\WINDOWS\Installer
2008-12-07 10:36:43 ----D---- C:\Program Files\Common Files
2008-12-07 10:36:33 ----D---- C:\Program Files\Lavasoft
2008-12-07 10:36:30 ----D---- C:\WINDOWS\system32
2008-12-07 10:23:44 ----D---- C:\Documents and Settings\Amanda\Application Data\DNA
2008-12-07 10:21:09 ----RSHD---- C:\RECYCLER
2008-12-07 10:20:55 ----D---- C:\Program Files\DNA
2008-12-05 17:03:25 ----D---- C:\WINDOWS\Prefetch
2008-12-02 16:06:12 ----A---- C:\AUTOEXEC.BAT
2008-12-02 16:03:14 ----D---- C:\temp
2008-12-02 15:54:55 ----SD---- C:\WINDOWS\Tasks
2008-11-30 18:25:43 ----A---- C:\WINDOWS\NeroDigital.ini
2008-11-24 20:57:27 ----D---- C:\Documents and Settings\Amanda\Application Data\ZoomBrowser EX
2008-11-24 20:57:27 ----D---- C:\Documents and Settings\All Users\Application Data\ZoomBrowser
2008-11-23 19:00:48 ----D---- C:\Documents and Settings\Amanda\Application Data\LimeWire
2008-11-16 17:45:53 ----HD---- C:\WINDOWS\inf
2008-11-16 17:45:53 ----D---- C:\WINDOWS\Help
2008-11-11 02:06:49 ----D---- C:\Documents and Settings\Amanda\Application Data\BitTorrent

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 dxgg;dxgg; C:\WINDOWS\System32\drivers\dxgg.sys [2008-12-02 86272]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2001-08-17 13952]
R2 ANIO;ANIO Service; \??\C:\WINDOWS\System32\ANIO.SYS []
R2 PfDetNT;PfDetNT; \??\C:\WINDOWS\System32\drivers\PfModNT.sys []
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB); C:\WINDOWS\System32\DRIVERS\A3AB.sys [2005-03-22 450400]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2002-08-29 57344]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2007-06-26 2303488]
R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\system32\drivers\ctac32k.sys [2003-11-04 645392]
R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2003-11-18 366160]
R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\system32\drivers\ctprxy2k.sys [2003-10-07 6096]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\drivers\ctsfm2k.sys [2003-10-07 130288]
R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\system32\drivers\emupia2k.sys [2003-10-13 145488]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINDOWS\system32\drivers\ha10kx2k.sys [2003-10-21 904496]
R3 hap16v2k;Creative P16V HAL Driver; C:\WINDOWS\system32\drivers\hap16v2k.sys [2003-10-21 148432]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2002-08-29 57984]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2003-10-07 178672]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\System32\DRIVERS\Rtnicxp.sys [2006-06-16 83968]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2002-08-29 28160]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2002-08-29 19328]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2002-08-29 51968]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2002-08-29 19328]
S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\WINDOWS\system32\drivers\ctdvda2k.sys [2003-10-13 332800]
S3 Dot4 HPH11;Dot4 HPH11; C:\WINDOWS\System32\DRIVERS\hphid411.sys [2006-01-06 50896]
S3 Dot4Print HPH11;Print Class Driver for IEEE-1284.4 HPH11; C:\WINDOWS\System32\DRIVERS\hphipr11.sys [2006-01-06 16112]
S3 Dot4Storage HPH11;Storage Class Driver for IEEE-1284.4 (HPH11); C:\WINDOWS\System32\Drivers\hphs2k11.sys [2006-01-06 50276]
S3 Dot4Usb HPH11;Dot4Usb HPH11; C:\WINDOWS\System32\drivers\hphius11.sys [2006-01-06 18928]
S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS []
S3 new_drv;!!!!; \??\C:\WINDOWS\new_drv.sys []
S3 restore;restore; \??\C:\WINDOWS\system32\drivers\restore.sys []
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2001-08-17 23070]
S3 TnIDriver;TnIDriver; \??\C:\DOCUME~1\Amanda\LOCALS~1\Temp\tni8A.tmp []
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2002-08-28 24960]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2002-08-29 14208]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2002-08-29 21760]
S3 w810bus;Sony Ericsson W810 Driver driver (WDM); C:\WINDOWS\System32\DRIVERS\w810bus.sys [2006-02-20 58288]
S3 w810mdfl;Sony Ericsson W810 USB WMC Modem Filter; C:\WINDOWS\System32\DRIVERS\w810mdfl.sys [2006-02-20 8336]
S3 w810mdm;Sony Ericsson W810 USB WMC Modem Driver; C:\WINDOWS\System32\DRIVERS\w810mdm.sys [2006-02-20 94064]
S3 w810mgmt;Sony Ericsson W810 USB WMC Device Management Drivers (WDM); C:\WINDOWS\System32\DRIVERS\w810mgmt.sys [2006-02-20 85408]
S3 w810obex;Sony Ericsson W810 USB WMC OBEX Interface; C:\WINDOWS\System32\DRIVERS\w810obex.sys [2006-02-20 83344]
S3 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-23 12032]
S4 IntelIde;IntelIde; C:\WINDOWS\System32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\System32\Ati2evxx.exe [2007-06-26 483328]
R2 AwcService;Advanced WindowsCare Boost Service; C:\Program Files\IObit\Advanced WindowsCare 3 Beta\awcservice.exe [2008-02-18 112640]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\System32\CTsvcCDA.exe [1999-12-13 44032]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2002-01-05 315392]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-02-18 877864]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\WINDOWS\System32\IoctlSvc.exe [2006-12-19 81920]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\System32\wdfmgr.exe [2004-08-11 38912]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\System32\MsPMSPSv.exe [2000-06-26 53520]
S2 ANIWZCSdService;ANIWZCSd Service; C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe [2004-10-22 49152]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2007-06-29 520192]
S2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2006-03-30 96341]
S2 FCI;FCI; C:\WINDOWS\System32\svchost.exe [2008-12-07 12800]
S2 ICF;ICF; C:\WINDOWS\System32\svchost.exe [2008-12-07 12800]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2007-12-11 504104]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-02-28 529704]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-04-16 91184]
S3 Pml Driver HPH11;Pml Driver HPH11; C:\WINDOWS\System32\HPHipm11.exe [2006-01-06 77824]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-12-07 12800]

-----------------EOF-----------------




And here is the "info.txt" logfile:

info.txt logfile of random's system information tool 1.04 2008-12-07 12:13:53

======Uninstall list======

-->"C:\Program Files\Creative\SBAudigy2ZS\Program\Ctzapxx.EXE" /W /U /S
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{169F8893-C1C5-4847-972C-EA1E008112AC}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{169F8893-C1C5-4847-972C-EA1E008112AC}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1888DAFD-C634-4BC4-865C-3455E24F6177}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1888DAFD-C634-4BC4-865C-3455E24F6177}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{236FADD8-58FD-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{236FADD8-58FD-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5933921D-4253-40B6-B4D9-B7D680F1B6EC}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5933921D-4253-40B6-B4D9-B7D680F1B6EC}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDC05F7-83E4-4611-AD3C-A6EB2100332A}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDC05F7-83E4-4611-AD3C-A6EB2100332A}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67AEFC4C-69E4-11D7-85F4-00E018013273}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67AEFC4C-69E4-11D7-85F4-00E018013273}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7201B853-5833-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7201B853-5833-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{72A810B1-EE62-455A-A086-E1C9FEDE7F29}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{72A810B1-EE62-455A-A086-E1C9FEDE7F29}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{77ACE67A-0D21-4CEF-8A97-ED20A61B978B}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{77ACE67A-0D21-4CEF-8A97-ED20A61B978B}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{869D88A5-BD6C-4E39-8536-D95259EAD7E8}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{869D88A5-BD6C-4E39-8536-D95259EAD7E8}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{87499F38-FD69-4A2B-B41A-BAB8DE9B94FE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{881A74B3-3D17-4842-B9AF-0761C6E6C4B5}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{881A74B3-3D17-4842-B9AF-0761C6E6C4B5}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9154ED7C-926E-49CC-B677-0CF3C5267457}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9154ED7C-926E-49CC-B677-0CF3C5267457}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1185190-514F-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1185190-514F-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B3549608-69D3-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B3549608-69D3-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B5BAAFAE-3561-463D-8E3F-91761A57ADB8}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B5BAAFAE-3561-463D-8E3F-91761A57ADB8}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE6699B3-E5AD-4E59-8F2B-207DF630670C}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE6699B3-E5AD-4E59-8F2B-207DF630670C}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB2292C6-1F0A-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB2292C6-1F0A-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD549B7B-3532-4160-80D4-3E3DD39A9AE5}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD549B7B-3532-4160-80D4-3E3DD39A9AE5}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x9 /remove
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Able2Doc v4.0-->C:\Program Files\Investintech.com Inc\Able2Doc 4.0\Uninstal.exe
Adobe Flash Player 9 ActiveX-->C:\WINDOWS\System32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player Plugin-->C:\WINDOWS\System32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Advanced WindowsCare 3 Beta-->"C:\Program Files\IObit\Advanced WindowsCare 3 Beta\unins000.exe"
Advertisement Service-->C:\WINDOWS\System32\prunnet.exe Uninstall
AIM 6-->C:\Program Files\AIM6\uninst.exe
AirPlus G-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{2B7E4354-0492-460A-BDB1-1F59EE141025} /l1033
ANIO Service-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}\Setup.exe"
ANIWZCS2 Service-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4C590030-7469-453E-8589-D15DA9D03F52}\Setup.exe"
AnswerWorks Runtime-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\WexTech\AnswerWorks\Uninst.isu"
Any Video Converter 2.5.9-->"C:\Program Files\Any Video Converter\unins000.exe"
AOL Instant Messenger-->C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
AOL Toolbar 2.0-->"C:\Program Files\AOL\AOL Toolbar 2.0\uninstall.exe"
Apowersoft Youtube Downloader (Free)-->C:\Program Files\Apowersoft\Apowersoft Youtube Downloader (Free)\Uninstall.exe
Apple Software Update-->MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ATI Display Driver-->rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Audio Converter-->C:\Program Files\Audio Converter\uninstall.exe
BitComet 0.91-->C:\Program Files\BitComet\uninst.exe
BitTorrent SpeedUp Pro-->C:\Program Files\BitTorrent SpeedUp Pro\uninstall.exe
Canon Camera Access Library-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CAL\Uninst.ini"
Canon Camera Support Core Library-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CSCLIB\Uninst.ini"
Canon Camera Window DC_DV 5 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC\Uninst.ini"
Canon Camera Window DC_DV 6 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini"
Canon Camera Window MC 6 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowMC\Uninst.ini"
Canon G.726 WMP-Decoder-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\G726Decoder\G726DecUnInstall.ini"
Canon MovieEdit Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\MVWUninst.ini"
Canon RAW Image Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\RAW Image Task\Uninst.ini"
Canon RemoteCapture Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini"
Canon Utilities EOS Utility-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\EOS Utility\Uninst.ini"
Canon Utilities PhotoStitch-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\PhotoStitch\Uninst.ini"
Canon Utilities ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\Uninst.ini"
Combined Community Codec Pack 2007-07-22-->"C:\Program Files\Combined Community Codec Pack\unins000.exe"
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Corel Applications-->C:\WINDOWS\Corel\Uninst32.exe
Creative MediaSource-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\SETUP.EXE" -l0x9 /remove
Creative System Information-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{87499F38-FD69-4A2B-B41A-BAB8DE9B94FE}\setup.exe" -l0x9 /remove
Deewoo Network Manager removal-->C:\WINDOWS\System32\mcntksdl.exe -UPop
Disc2Phone-->MsiExec.exe /I{FFAB5ABB-8AAB-42E2-847F-1743E51E01E9}
DivX Content Uploader-->C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Enhancement Browser Tools Agadoo-->C:\WINDOWS\System32\ahgqhbutvsifekath.exe
FileZilla Client 3.0.11-->C:\Program Files\FileZilla FTP Client\uninstall.exe
Google Earth-->MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Higher Score on the SAT/PSAT-->"C:\Program Files\Kap.SATc\unins000.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
hp deskjet 5600-->msiexec /x{DB5518BE-F40F-407A-B451-012625D4497B}
HP Driver Diagnostics-->MsiExec.exe /I{16BE87BC-69F5-4D36-8CF0-E1CB3ACD5ED3}
iTunes-->MsiExec.exe /I{18388EF8-E0A3-442B-8BFE-E2F1B3D05C91}
Java™ 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Lernout & Hauspie TruVoice American English TTS Engine-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\tv_enua.inf, Uninstall
LimeWire 4.18.8-->"C:\Program Files\LimeWire\uninstall.exe"
MapleStory-->MsiExec.exe /I{7A512A34-F4E8-43C4-BD80-43A022B31BF6}
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{20110409-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.0.4)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MySidesearch Search Assistant Bfinding-->C:\WINDOWS\System32\qwurkglnnpkvf.dll-uninst.exe
Nero 8 Trial-->MsiExec.exe /X{3C5F1B30-B10B-4579-86DD-D00F662E1033}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
overland-->MsiExec.exe /I{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}
PCFriendly-->C:\Program Files\PCFriendly\inuninst.exe
Photosmart 130,230,7150,7345,7350,7550 (Remove only)-->C:\Program Files\HP Photosmart 11\Printer\hphuni04.exe
QuickTime-->MsiExec.exe /I{E0D51394-1D45-460A-B62D-383BC4F8B335}
Real Alternative 1.52-->"C:\Program Files\Real Alternative\unins000.exe"
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x9 -removeonly
REALTEK GbE & FE Ethernet PCI NIC Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}\setup.exe" -l0x9 -removeonly
Rhapsody Player Engine-->MsiExec.exe /I{8A62A068-3FD6-495A-9F66-26FE94F32EC9}
RON Tool Banners4u-->C:\WINDOWS\System32\fqjmpmctomfocmobq.exe
Safari-->MsiExec.exe /I{5BE157EE-C4F4-4E79-9B15-B4FC8B1D2211}
Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player 8 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP8$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899589)-->"C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901190)-->"C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905495)-->"C:\WINDOWS\$NtUninstallKB905495$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917422)-->"C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921398)-->"C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921883)-->"C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922616)-->"C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Sony Ericsson PC Suite 1.20.207-->MsiExec.exe /I{009E1B9F-DB7E-48D4-8881-AD86F38614B4}
Sound Blaster Audigy 2 ZS-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9E2514D9-DC24-4634-B348-61F3EF0F1628}\SETUP.EXE" -l0x9
Spybot - Search & Destroy 1.5.2.20-->"C:\WINDOWS\unins000.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins001.exe"
Storm Codec-->C:\Program Files\Ringz Studio\Storm Codec\uninst7.02.01.exe
TUGZip 3.4-->"C:\Program Files\TUGZip\unins000.exe"
Update for Windows XP (KB835409)-->"C:\WINDOWS\$NtUninstallKB835409$\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
VIA Platform Device Manager-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
VideoLAN VLC media player 0.8.6d-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Viewpoint Manager (Remove Only)-->C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
VobSub v2.23 (Remove Only)-->"C:\Program Files\Gabest\VobSub\uninstall.exe"
webHancer Customer Companion-->C:\Program Files\webHancer\Programs\whInstaller.exe -uninstall
Windows Installer 3.0 (KB884016)-->C:\WINDOWS\$MSI30UninstallMSI30-KB884016$\spuninst\spuninst.exe
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Live Messenger-->MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows XP Hotfix - KB833407-->C:\WINDOWS\$NtUninstallKB833407$\spuninst\spuninst.exe
Windows XP Hotfix - KB835732-->C:\WINDOWS\$NtUninstallKB835732$\spuninst\spuninst.exe
Windows XP Hotfix - KB842773-->C:\WINDOWS\$NtUninstallKB842773$\spuninst\spuninst.exe
Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
Windows XP Hotfix - KB892944-->"C:\WINDOWS\$NtUninstallKB892944$\spuninst\spuninst.exe"
Windows XP Hotfix - KB911567-->"C:\WINDOWS\$NtUninstallKB911567-OE6SP1-20060316.165634$\spuninst\spuninst.exe"
Windows XP Hotfix - KB918439-->"C:\WINDOWS\$NtUninstallKB918439-IE6SP1-20060530.145346$\spuninst\spuninst.exe"
Windows XP Hotfix - KB918899-->"C:\WINDOWS\$NtUninstallKB918899-IE6SP1-20060725.123917$\spuninst\spuninst.exe"
Windows XP Hotfix - KB925486-->"C:\WINDOWS\$NtUninstallKB925486-IE6SP1-20060918.120000$\spuninst\spuninst.exe"
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\unyt.exe

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Teleca Shared;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 7, GenuineIntel
"PROCESSOR_REVISION"=0407
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"DEFAULT_CA_NR"=CA6
"VERSION"=2.1.5
"SESSIONID"=1197479616150g1u0355c.austin.hp.com-4439d774:116d76c32c7:7f73
"COLLECTIONID"=COL7299
"ITEMID"=oj-21918-1
"UPDATEDIR"=C:\DOCUME~1\Amanda\LOCALS~1\Temp\radFB03F.tmp
"TOOLPATH"=/C:\Program%20Files\Hewlett-Packard\HP%20Software%20Update\install.htm
"HMSERVER"=https://vausnzisprob.austin.hp.com/wuss/servlet/WUSSServlet
"SWUTVER"=1.0.18.30716
"OSVER"=winXPP
"LANG"=1033
"TIMEOUT"=0
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip

-----------------EOF-----------------


That's all.
Thank you very much for helping!

BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:07:03 AM

Posted 07 December 2008 - 04:10 PM

Hello! :thumbsup:
My name is Sam and I will be helping you.

In order to see what's going on with your computer I may ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.



First let me just say "WOW". You have the most infected computer I have seen in a long time.
There is no guarantee that we can get this completely cleaned up for you. And you should not under any circumstances trust this computer to be secure enough to use for any financial transactions.

It's not surprising to see why you are so heavily infected. Windows updates haven't been applied for years and you have no antivirus running. I can help you, but only if you are willing and able to install the Windows updates that are needed. Is there any reason you know of that would prevent that from being possible?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 df0nkv

df0nkv
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:03 AM

Posted 07 December 2008 - 08:05 PM

Yes! Thank you for your help--my computer's pretty bad at the moment.

Errm, .. I'm not sure which updates you're talking about.

But I've tried to install, say, Windows Media Player Version (whatever the newest version is), but it won't let me because something about my Windows isn't ... correct? I'm not really sure. :|

Thanks again for the help; what should I do/what do you need me to do?

EDIT

Also, I'm just wondering, should I be scared of using other programs/sites that I use passwords for? (i.e., email addresses, other accounts, etc.)

Edited by df0nkv, 07 December 2008 - 08:12 PM.


#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:07:03 AM

Posted 07 December 2008 - 08:13 PM

Do you have a legal copy of Windows installed? If you don't and you can't install updates then this will largely be a waste of time because you'll never have a secure system. It looks like you've had updates before, so let's see what we can do.

First you need to have an antivirus installed and running.
Please download AVG 8.0
It is a free antivirus.

http://free.avg.com/download?prd=afe

Once you download it, install the program and then follow the prompts to update it and run a full scan.
When the scan completes, please copy and paste the log from the scan back here in your next reply.

Also include a new log from RSIT.



I would not use this computer for anything that requires a password.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 df0nkv

df0nkv
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:03 AM

Posted 07 December 2008 - 08:34 PM

Oh, I see what the problem is.

I have Windows XP, SP1. I don't have SP2 on my computer, so AVG won't install.

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:07:03 AM

Posted 08 December 2008 - 11:32 AM

Let's kill off some of this stuff for you first and then see if we can at least get you updated to SP2.

Please download the OTMoveIt3 by OldTimer.
  • Save it to your desktop.
  • Please click OTMoveIt3 and then click >> run.
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :files
    C:\WINDOWS\tasks\vyshrnvl.job
    C:\WINDOWS\System32\fccaXnOG.dll
    C:\WINDOWS\System32\tilepilo.dll
    C:\WINDOWS\System32\wvUlkHWO.dll
    C:\WINDOWS\System32\hsd63geff.dll 
    C:\WINDOWS\System32\prunnet.exe
    C:\WINDOWS\Jwihegexin.dll 
    C:\WINDOWS\system32\sysmgr.exe
    C:\windows\system32\rrwnw64r.exe
    C:\WINDOWS\System32\regsvr32.exe
    C:\WINDOWS\System32\sostrodufwjblzh.dll
    C:\WINDOWS\System32\mcntksdl.exe
    C:\Documents and Settings\Amanda\Application Data\NI.GSCNS
    C:\WINDOWS\System32\juzutase.dll
    C:\WINDOWS\ukoqaluxocacir.dll
    
    
    :reg
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "StormCodec_Helper"=-
    "TkBellExe"=-
    "Adobe Reader Speed Launcher"=-
    "QuickTime Task"=-
    "NeroFilterCheck"=-
    "prunnet"=-
    "Kbocusije"=-
    "xsjfn83jkemfofght"=-
    "Bar"=-
    "Microsoft® System Manager"=-
    "{28-8A-A2-2C-DW}"=-
    "jghloxvdtai"=-
    "{bbdca613-b4e9-e606-12ce-c0c31c45ba31}"=-
    "ExploreUpdSched"=-
    "IUpd721"=-
    "bamadoyazu"=-
    "Klujidedugugeka"=-
    "jsg8jfgfdfhfhf"=-
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "BitTorrent DNA"=-
    "prunnet"=-
    "xsjfn83jkemfofght"=-
    "user16"=-
    "Jnskdfmf9eldfd"=-
    "rs32net"=-
    "12ZFG94-F641-2SF-K31P-5N1ER6H6L2"=-
    "jsg8jfgfdfhfhf"=-
    "ttool"=-
    
    :Commands
    [EmptyTemp]
    [Reboot]
  • Return to OTMoveIt3, right click in the "Paste Instructions for items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3
Note: If an item cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.



=====================


Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.



=====================



Now visit Windows Update and get SP2 installed.
http://windowsupdate.microsoft.com/


Let me know of any problems you have with Windows updates.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 df0nkv

df0nkv
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:03 AM

Posted 08 December 2008 - 09:42 PM

Hi again,

I attempted to update my Windows with the Service Pack 2, but apparently, I've been a "victim of software counterfeiting."
I'm going to try to get the genuine version (online), so ... I don't know how this'll affect this process. :(

Anyway, here are the things you asked for--

OTMoveIt3 log:

========== FILES ==========
C:\WINDOWS\tasks\vyshrnvl.job moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\fccaXnOG.dll
C:\WINDOWS\System32\fccaXnOG.dll NOT unregistered.
C:\WINDOWS\System32\fccaXnOG.dll moved successfully.
File/Folder C:\WINDOWS\System32\tilepilo.dll not found.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\wvUlkHWO.dll
C:\WINDOWS\System32\wvUlkHWO.dll NOT unregistered.
File move failed. C:\WINDOWS\System32\wvUlkHWO.dll scheduled to be moved on reboot.
LoadLibrary failed for C:\WINDOWS\System32\hsd63geff.dll
C:\WINDOWS\System32\hsd63geff.dll NOT unregistered.
C:\WINDOWS\System32\hsd63geff.dll moved successfully.
C:\WINDOWS\System32\prunnet.exe moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\Jwihegexin.dll
C:\WINDOWS\Jwihegexin.dll NOT unregistered.
C:\WINDOWS\Jwihegexin.dll moved successfully.
C:\WINDOWS\system32\sysmgr.exe moved successfully.
C:\windows\system32\rrwnw64r.exe moved successfully.
C:\WINDOWS\System32\regsvr32.exe moved successfully.
C:\WINDOWS\System32\sostrodufwjblzh.dll unregistered successfully.
C:\WINDOWS\System32\sostrodufwjblzh.dll moved successfully.
C:\WINDOWS\System32\mcntksdl.exe moved successfully.
C:\Documents and Settings\Amanda\Application Data\NI.GSCNS moved successfully.
File/Folder C:\WINDOWS\System32\juzutase.dll not found.
C:\WINDOWS\ukoqaluxocacir.dll NOT unregistered.
C:\WINDOWS\ukoqaluxocacir.dll moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\StormCodec_Helper deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\TkBellExe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe Reader Speed Launcher deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NeroFilterCheck deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\prunnet deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Kbocusije deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\xsjfn83jkemfofght deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Bar deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Microsoft® System Manager not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\{28-8A-A2-2C-DW} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{28-8A-A2-2C-DW}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\jghloxvdtai deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\{bbdca613-b4e9-e606-12ce-c0c31c45ba31} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bbdca613-b4e9-e606-12ce-c0c31c45ba31}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ExploreUpdSched deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\IUpd721 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\bamadoyazu deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Klujidedugugeka deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\jsg8jfgfdfhfhf deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\BitTorrent DNA deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\prunnet deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\xsjfn83jkemfofght deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\user16 deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Jnskdfmf9eldfd deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\rs32net deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\12ZFG94-F641-2SF-K31P-5N1ER6H6L2 deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\jsg8jfgfdfhfhf deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ttool deleted successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Amanda\LOCALS~1\Temp\etilqs_5nUQ5tfp8ClFFLpvDHxE scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\csrssc.exe scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\~DF24AE.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\~DFE775.tmp scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Amanda\Local Settings\Application Data\Mozilla\Firefox\Profiles\qnk231v8.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Amanda\Local Settings\Application Data\Mozilla\Firefox\Profiles\qnk231v8.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Amanda\Local Settings\Application Data\Mozilla\Firefox\Profiles\qnk231v8.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Amanda\Local Settings\Application Data\Mozilla\Firefox\Profiles\qnk231v8.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Amanda\Local Settings\Application Data\Mozilla\Firefox\Profiles\qnk231v8.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Amanda\Local Settings\Application Data\Mozilla\Firefox\Profiles\qnk231v8.default\urlclassifier3.sqlite-journal scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Amanda\Local Settings\Application Data\Mozilla\Firefox\Profiles\qnk231v8.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12082008_160454

Files moved on Reboot...
DllUnregisterServer procedure not found in C:\WINDOWS\System32\wvUlkHWO.dll
C:\WINDOWS\System32\wvUlkHWO.dll NOT unregistered.
File move failed. C:\WINDOWS\System32\wvUlkHWO.dll scheduled to be moved on reboot.
File C:\DOCUME~1\Amanda\LOCALS~1\Temp\etilqs_5nUQ5tfp8ClFFLpvDHxE not found!
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat moved successfully.
C:\WINDOWS\temp\csrssc.exe moved successfully.
C:\WINDOWS\temp\~DF24AE.tmp moved successfully.
C:\WINDOWS\temp\~DFE775.tmp moved successfully.
C:\Documents and Settings\Amanda\Local Settings\Application Data\Mozilla\Firefox\Profiles\qnk231v8.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Amanda\Local Settings\Application Data\Mozilla\Firefox\Profiles\qnk231v8.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Amanda\Local Settings\Application Data\Mozilla\Firefox\Profiles\qnk231v8.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Amanda\Local Settings\Application Data\Mozilla\Firefox\Profiles\qnk231v8.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Amanda\Local Settings\Application Data\Mozilla\Firefox\Profiles\qnk231v8.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Amanda\Local Settings\Application Data\Mozilla\Firefox\Profiles\qnk231v8.default\urlclassifier3.sqlite-journal moved successfully.
C:\Documents and Settings\Amanda\Local Settings\Application Data\Mozilla\Firefox\Profiles\qnk231v8.default\XUL.mfl moved successfully.




And here's the MBAM log:

Malwarebytes' Anti-Malware 1.31
Database version: 1475
Windows 5.1.2600 Service Pack 1

12/8/2008 4:41:11 PM
mbam-log-2008-12-08 (16-41-11).txt

Scan type: Full Scan (A:\|C:\|D:\|E:\|F:\|G:\|)
Objects scanned: 102554
Time elapsed: 20 minute(s), 41 second(s)

Memory Processes Infected: 2
Memory Modules Infected: 7
Registry Keys Infected: 33
Registry Values Infected: 9
Registry Data Items Infected: 4
Folders Infected: 2
Files Infected: 100

Memory Processes Infected:
C:\WINDOWS\system32\rs32net.exe (Trojan.Dropper) -> Unloaded process successfully.
C:\WINDOWS\Temp\csrssc.exe (Trojan.Downloader) -> Unloaded process successfully.

Memory Modules Infected:
C:\WINDOWS\system32\hidisuza.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\jopisado.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\ligamosa.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\wvUlkHWO.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\fvbgkfe32.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\Program Files\webHancer\Programs\webhdll.dll (Adware.WebHancer) -> Delete on reboot.
C:\WINDOWS\system32\jsdf8j3dgf.dll (Trojan.Clicker) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wvulkhwo (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{65b3e67d-05a1-49c8-b414-8ce755a0cbc1} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{65b3e67d-05a1-49c8-b414-8ce755a0cbc1} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{c5bf49a2-94f3-42bd-f434-3604812c897d} (Trojan.Zlob.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\fvbgkfe (Trojan.FakeAlert) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c5bf49a2-94f3-42bd-f434-3604812c897d} (Trojan.Clicker) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{c5af42a3-94f3-42bd-f434-3604832c897d} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\new_drv (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\new_drv (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\new_drv (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{e812364b-f998-4eff-9187-ff3d8da446c8} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\agadoo (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ati3ggxx (Rootkit.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ati3ggxx (Rootkit.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ati3ggxx (Rootkit.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\dxgg (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\dxgg (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dxgg (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\restore (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fci (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Deewoo Network Manager (Adware.Radio) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\RelatedPageInstall (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\fci (Rootkit.ADS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\fci (Rootkit.ADS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\icf (Rootkit.ADS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\icf (Rootkit.ADS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\icf (Rootkit.ADS) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bamadoyazu (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{c5bf49a2-94f3-42bd-f434-3604812c897d} (Trojan.Zlob.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rs32net (Trojan.Dropper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rs32net (Trojan.Dropper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{c5af42a3-94f3-42bd-f434-3604832c897d} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft® System Manager (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Jnskdfmf9eldfd (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jnskdfmf9eldfd (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\ligamosa.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\ligamosa.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\ligamosa.dll -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\webHancer (Adware.Webhancer) -> Delete on reboot.
C:\Program Files\webHancer\Programs (Adware.Webhancer) -> Delete on reboot.

Files Infected:
C:\WINDOWS\system32\wvUlkHWO.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\jopisado.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\hidisuza.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\drivers\dxgg.sys (Rootkit.Agent.H) -> Delete on reboot.
C:\WINDOWS\system32\jsdf8j3dgf.dll (Trojan.Zlob.H) -> Delete on reboot.
C:\WINDOWS\system32\ligamosa.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\fvbgkfe32.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\Program Files\webHancer\Programs\webhdll.dll (Adware.WebHancer) -> Delete on reboot.
C:\WINDOWS\system32\rs32net.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\aixuthfa.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\fjytg.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\kxhvehm.exe (Trojan.TinyDownloader705) -> Quarantined and deleted successfully.
C:\mguvbfr.exe (Trojan.TinyDownloader705) -> Quarantined and deleted successfully.
C:\qthqdso.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\smjuhwc.exe (Trojan.TinyDownloader705) -> Quarantined and deleted successfully.
C:\xmimb.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\yjvmtaa.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Amanda\Local Settings\Temporary Internet Files\Content.IE5\0PERGTUJ\CATK655Z (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Amanda\Local Settings\Temporary Internet Files\Content.IE5\G9M78HYB\mss32[1].exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QRATCVEX\mss32[1].exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-7715790372-1206344403-741175555-9549\service.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{335E1244-E798-46B1-ABFC-4FECB90E446F}\RP332\A0081340.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{335E1244-E798-46B1-ABFC-4FECB90E446F}\RP332\A0081342.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{335E1244-E798-46B1-ABFC-4FECB90E446F}\RP332\A0082342.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{335E1244-E798-46B1-ABFC-4FECB90E446F}\RP332\A0083349.exe (Trojan.TinyDownloader705) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{335E1244-E798-46B1-ABFC-4FECB90E446F}\RP332\A0083350.exe (Trojan.TinyDownloader705) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{335E1244-E798-46B1-ABFC-4FECB90E446F}\RP332\A0083353.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{335E1244-E798-46B1-ABFC-4FECB90E446F}\RP332\A0084336.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{335E1244-E798-46B1-ABFC-4FECB90E446F}\RP332\A0084349.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{335E1244-E798-46B1-ABFC-4FECB90E446F}\RP332\A0084352.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{335E1244-E798-46B1-ABFC-4FECB90E446F}\RP332\A0084353.exe (Trojan.TinyDownloader705) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{335E1244-E798-46B1-ABFC-4FECB90E446F}\RP332\A0084363.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{335E1244-E798-46B1-ABFC-4FECB90E446F}\RP332\A0085362.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{335E1244-E798-46B1-ABFC-4FECB90E446F}\RP332\A0083345.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{335E1244-E798-46B1-ABFC-4FECB90E446F}\RP332\A0086361.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{335E1244-E798-46B1-ABFC-4FECB90E446F}\RP332\A0086364.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{335E1244-E798-46B1-ABFC-4FECB90E446F}\RP332\A0086368.exe (Trojan.TinyDownloader705) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{335E1244-E798-46B1-ABFC-4FECB90E446F}\RP332\A0087356.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{335E1244-E798-46B1-ABFC-4FECB90E446F}\RP332\A0087357.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{335E1244-E798-46B1-ABFC-4FECB90E446F}\RP332\A0087367.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{335E1244-E798-46B1-ABFC-4FECB90E446F}\RP332\A0087368.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{335E1244-E798-46B1-ABFC-4FECB90E446F}\RP332\A0087369.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{335E1244-E798-46B1-ABFC-4FECB90E446F}\RP332\A0087371.exe (Trojan.TinyDownloader705) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{335E1244-E798-46B1-ABFC-4FECB90E446F}\RP332\A0087385.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{335E1244-E798-46B1-ABFC-4FECB90E446F}\RP332\A0087386.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{335E1244-E798-46B1-ABFC-4FECB90E446F}\RP333\A0087444.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{335E1244-E798-46B1-ABFC-4FECB90E446F}\RP333\A0088437.exe (Adware.WebHancer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{335E1244-E798-46B1-ABFC-4FECB90E446F}\RP333\A0088438.dll (Adware.WebHancer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{335E1244-E798-46B1-ABFC-4FECB90E446F}\RP333\A0088440.exe (Adware.WebHancer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{335E1244-E798-46B1-ABFC-4FECB90E446F}\RP333\A0088468.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{335E1244-E798-46B1-ABFC-4FECB90E446F}\RP333\A0088477.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{335E1244-E798-46B1-ABFC-4FECB90E446F}\RP333\A0088478.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{335E1244-E798-46B1-ABFC-4FECB90E446F}\RP333\A0088490.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{335E1244-E798-46B1-ABFC-4FECB90E446F}\RP333\A0088491.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{335E1244-E798-46B1-ABFC-4FECB90E446F}\RP333\A0089499.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{335E1244-E798-46B1-ABFC-4FECB90E446F}\RP333\A0090490.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{335E1244-E798-46B1-ABFC-4FECB90E446F}\RP333\A0090491.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{335E1244-E798-46B1-ABFC-4FECB90E446F}\RP333\A0090518.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{335E1244-E798-46B1-ABFC-4FECB90E446F}\RP333\A0090522.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{335E1244-E798-46B1-ABFC-4FECB90E446F}\RP333\A0090523.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{335E1244-E798-46B1-ABFC-4FECB90E446F}\RP333\A0090524.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{335E1244-E798-46B1-ABFC-4FECB90E446F}\RP333\A0090535.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{335E1244-E798-46B1-ABFC-4FECB90E446F}\RP333\A0091536.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\new_drv.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\9129837.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fvbgkfe.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hgGyvvwU.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qwurkglnnpkvf.dll-uninst.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ddcDuUop.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\libupune.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ahgqhbutvsifekath.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wvUljHYr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winhlp.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\ati3ggxx.sys (Rootkit.Agent) -> Delete on reboot.
C:\WINDOWS\system32\ki3\RI2ES6i.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uv9\peco85IV.exe (Adware.ZenoSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\VC\MTK63G.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN7.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\_OTMoveIt\MovedFiles\12082008_160454\Documents and Settings\Amanda\Application Data\NI.GSCNS\IUpd721.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\_OTMoveIt\MovedFiles\12082008_160454\WINDOWS\Jwihegexin.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\_OTMoveIt\MovedFiles\12082008_160454\WINDOWS\System32\fccaXnOG.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\webHancer\Programs\sporder.dll (Adware.Webhancer) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gside.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\gaku.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\ftnc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\sphwnmcj.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\ipkc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\ruldmeb.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dwwnw64r.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winpfz33.sys (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msvcrt2.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zxdnt3d.cfg. (Adware.ZenoSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msnav32.ax (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zxdnt3d.cfg (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Amanda\Local Settings\Temp\csrssc.exe (Trojan.Downloader) -> Delete on reboot.
C:\WINDOWS\system32\svchost.exe:ext.exe (Rootkit.ADS) -> Quarantined and deleted successfully.
C:\Documents and Settings\Amanda\Start Menu\Programs\Startup\DW_Start.lnk (Malware.Links) -> Quarantined and deleted successfully.
C:\Documents and Settings\Amanda\Start Menu\Programs\Startup\Deewoo.lnk (Malware.Links) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\csrssc.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\core.cache.dsk (Rootkit.Agent) -> Delete on reboot.





I also ran RSIT again, just in case you needed it:

Logfile of random's system information tool 1.04 (written by random/random)
Run by Amanda at 2008-12-08 18:39:37
Microsoft Windows XP Professional Service Pack 2
System drive C: has 56 GB (56%) free of 100 GB
Total RAM: 2047 MB (72% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:39:42 PM, on 12/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IObit\Advanced WindowsCare 3 Beta\awcservice.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\System32\IoctlSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\hphmon04.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\BitTorrent SpeedUp Pro\BitTorrent SpeedUp Pro.exe
C:\WINDOWS\System32\HPHipm11.exe
C:\Program Files\Corel\WordPerfect Office 2000\programs\alarm.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Corel\WordPerfect Office 2000\programs\dad9.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Amanda\My Documents\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Amanda.exe

R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKUS\S-1-5-19\..\Run: [bamadoyazu] Rundll32.exe "C:\WINDOWS\System32\jopisado.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [bamadoyazu] Rundll32.exe "C:\WINDOWS\System32\jopisado.dll",s (User 'NETWORK SERVICE')
O4 - Startup: BitTorrent SpeedUp Pro.lnk = C:\Program Files\BitTorrent SpeedUp Pro\BitTorrent SpeedUp Pro.exe
O4 - Startup: CorelCENTRAL Alarms.LNK = C:\Program Files\Corel\WordPerfect Office 2000\programs\alarm.exe
O4 - Startup: Desktop Application Director 9.LNK = C:\Program Files\Corel\WordPerfect Office 2000\programs\dad9.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.amaena.com
O15 - Trusted Zone: *.antimalwareguard.com
O15 - Trusted Zone: *.antispyexpert.com
O15 - Trusted Zone: *.avsystemcare.com
O15 - Trusted Zone: *.gomyhit.com
O15 - Trusted Zone: *.imageservr.com
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.onerateld.com
O15 - Trusted Zone: *.safetydownload.com
O15 - Trusted Zone: *.spyguardpro.com
O15 - Trusted Zone: *.storageguardsoft.com
O15 - Trusted Zone: *.trustedantivirus.com
O15 - Trusted Zone: *.virusremover2008.com
O15 - Trusted Zone: *.virusschlacht.com
O15 - Trusted Zone: *.amaena.com (HKLM)
O15 - Trusted Zone: *.antimalwareguard.com (HKLM)
O15 - Trusted Zone: *.antispyexpert.com (HKLM)
O15 - Trusted Zone: *.avsystemcare.com (HKLM)
O15 - Trusted Zone: *.gomyhit.com (HKLM)
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.onerateld.com (HKLM)
O15 - Trusted Zone: *.safetydownload.com (HKLM)
O15 - Trusted Zone: *.spyguardpro.com (HKLM)
O15 - Trusted Zone: *.storageguardsoft.com (HKLM)
O15 - Trusted Zone: *.trustedantivirus.com (HKLM)
O15 - Trusted Zone: *.virusremover2008.com (HKLM)
O15 - Trusted Zone: *.virusschlacht.com (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/instal...llMgr_v01_6.cab
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Advanced WindowsCare Boost Service (AwcService) - IObit - C:\Program Files\IObit\Advanced WindowsCare 3 Beta\awcservice.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\System32\IoctlSvc.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 9954 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\AWC AutoCare.job
C:\WINDOWS\tasks\AWC AutoSweep.job
C:\WINDOWS\tasks\AWC Update.job
C:\WINDOWS\tasks\HP Usg Daily.job
C:\WINDOWS\tasks\HP Usg Login.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-03-20 803864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{DE9C389F-3316-41A7-809B-AA305ED9D922} - AOL Toolbar - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll [2005-08-02 524288]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-03-20 803864]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"CTSysVol"=C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe [2003-09-17 57344]
"CTDVDDET"=C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE [2003-06-18 45056]
"CTHelper"=C:\WINDOWS\system32\CTHELPER.EXE [2003-10-05 24576]
"SBDrvDet"=C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe [2002-12-03 45056]
"UpdReg"=C:\WINDOWS\UpdReg.EXE [2000-05-11 90112]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-03 208952]
"MSPY2002"=C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe [2002-08-28 59392]
"PHIME2002ASync"=C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE [2002-08-28 455168]
"PHIME2002A"=C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE [2002-08-28 455168]
"HP Software Update"=C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe [2003-06-25 49152]
"HP Component Manager"=C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2004-05-12 241664]
"HPDJ Taskbar Utility"=C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe [2006-01-06 188416]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe [2007-07-12 132496]
"D-Link AirPlus G"=C:\Program Files\D-Link\AirPlus G\AirGCFG.exe [2005-03-18 1228800]
"ANIWZCS2Service"=C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe [2004-12-16 49152]
"Sony Ericsson PC Suite"=C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [2005-10-26 159744]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2007-12-11 267048]
"HPHmon04"=C:\WINDOWS\System32\hphmon04.exe [2006-01-06 348160]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"RemoteCenter"=C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE [2003-10-08 139264]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-03 15360]
"MSMSGS"=C:\Program Files\Messenger\MSMSGS.EXE [2004-08-03 1667584]

C:\Documents and Settings\Amanda\Start Menu\Programs\Startup
BitTorrent SpeedUp Pro.lnk - C:\Program Files\BitTorrent SpeedUp Pro\BitTorrent SpeedUp Pro.exe
CorelCENTRAL Alarms.LNK - C:\Program Files\Corel\WordPerfect Office 2000\programs\alarm.exe
Desktop Application Director 9.LNK - C:\Program Files\Corel\WordPerfect Office 2000\programs\dad9.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-06-26 118784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\System32\fccaXnOG

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati3ggxx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ati3ggxx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoFolderOptions"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoResolveSearch"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2008-12-08 17:47:53 ----D---- C:\WINDOWS\LastGood
2008-12-08 17:44:04 ----HDC---- C:\WINDOWS\$NtUninstallKB924496$
2008-12-08 17:43:25 ----HDC---- C:\WINDOWS\$NtUninstallKB924191$
2008-12-08 17:42:46 ----HDC---- C:\WINDOWS\$NtUninstallKB923414$
2008-12-08 17:42:06 ----HDC---- C:\WINDOWS\$NtUninstallKB923191$
2008-12-08 17:41:27 ----HDC---- C:\WINDOWS\$NtUninstallKB922819$
2008-12-08 17:40:49 ----HDC---- C:\WINDOWS\$NtUninstallKB922616$
2008-12-08 17:40:10 ----HDC---- C:\WINDOWS\$NtUninstallKB921883$
2008-12-08 17:39:27 ----HDC---- C:\WINDOWS\$NtUninstallKB921398$
2008-12-08 17:38:47 ----HDC---- C:\WINDOWS\$NtUninstallKB920685$
2008-12-08 17:38:09 ----HDC---- C:\WINDOWS\$NtUninstallKB920683$
2008-12-08 17:37:30 ----HDC---- C:\WINDOWS\$NtUninstallKB920670$
2008-12-08 17:36:49 ----HDC---- C:\WINDOWS\$NtUninstallKB919007$
2008-12-08 17:36:09 ----HDC---- C:\WINDOWS\$NtUninstallKB917953$
2008-12-08 17:35:29 ----HDC---- C:\WINDOWS\$NtUninstallKB917422$
2008-12-08 17:34:50 ----HDC---- C:\WINDOWS\$NtUninstallKB917344$
2008-12-08 17:34:10 ----HDC---- C:\WINDOWS\$NtUninstallKB914389$
2008-12-08 17:33:30 ----HDC---- C:\WINDOWS\$NtUninstallKB914388$
2008-12-08 17:32:50 ----HDC---- C:\WINDOWS\$NtUninstallKB913580$
2008-12-08 17:32:12 ----HDC---- C:\WINDOWS\$NtUninstallKB912919$
2008-12-08 17:31:32 ----HDC---- C:\WINDOWS\$NtUninstallKB911927$
2008-12-08 17:30:54 ----HDC---- C:\WINDOWS\$NtUninstallKB911562$
2008-12-08 17:30:14 ----HDC---- C:\WINDOWS\$NtUninstallKB911280$
2008-12-08 17:29:33 ----HDC---- C:\WINDOWS\$NtUninstallKB910437$
2008-12-08 17:28:47 ----HDC---- C:\WINDOWS\$NtUninstallKB908531$
2008-12-08 17:28:05 ----HDC---- C:\WINDOWS\$NtUninstallKB908519$
2008-12-08 17:27:20 ----HDC---- C:\WINDOWS\$NtUninstallKB905749$
2008-12-08 17:26:36 ----HDC---- C:\WINDOWS\$NtUninstallKB905414$
2008-12-08 17:25:44 ----HDC---- C:\WINDOWS\$NtUninstallKB902400$
2008-12-08 17:25:05 ----HDC---- C:\WINDOWS\$NtUninstallKB901214$
2008-12-08 17:24:26 ----HDC---- C:\WINDOWS\$NtUninstallKB901190$
2008-12-08 17:23:45 ----HDC---- C:\WINDOWS\$NtUninstallKB901017$
2008-12-08 17:23:00 ----HDC---- C:\WINDOWS\$NtUninstallKB900725$
2008-12-08 17:22:21 ----HDC---- C:\WINDOWS\$NtUninstallKB899591$
2008-12-08 17:21:41 ----HDC---- C:\WINDOWS\$NtUninstallKB899589$
2008-12-08 17:21:02 ----HDC---- C:\WINDOWS\$NtUninstallKB899587$
2008-12-08 17:20:21 ----HDC---- C:\WINDOWS\$NtUninstallKB896428$
2008-12-08 17:19:39 ----HDC---- C:\WINDOWS\$NtUninstallKB896424$
2008-12-08 17:18:59 ----HDC---- C:\WINDOWS\$NtUninstallKB896423$
2008-12-08 17:18:19 ----HDC---- C:\WINDOWS\$NtUninstallKB896358$
2008-12-08 17:17:38 ----HDC---- C:\WINDOWS\$NtUninstallKB893756$
2008-12-08 17:16:57 ----HDC---- C:\WINDOWS\$NtUninstallKB891781$
2008-12-08 17:16:12 ----HDC---- C:\WINDOWS\$NtUninstallKB890859$
2008-12-08 17:15:29 ----HDC---- C:\WINDOWS\$NtUninstallKB890046$
2008-12-08 17:14:48 ----HDC---- C:\WINDOWS\$NtUninstallKB888302$
2008-12-08 17:14:07 ----HDC---- C:\WINDOWS\$NtUninstallKB885836$
2008-12-08 17:13:25 ----HDC---- C:\WINDOWS\$NtUninstallKB885835$
2008-12-08 17:12:39 ----HDC---- C:\WINDOWS\$NtUninstallKB873339$
2008-12-08 17:12:38 ----D---- C:\WINDOWS\LastGood.Tmp
2008-12-08 17:07:55 ----D---- C:\WINDOWS\peernet
2008-12-08 17:07:51 ----D---- C:\WINDOWS\provisioning
2008-12-08 17:03:31 ----D---- C:\WINDOWS\ServicePackFiles
2008-12-08 16:56:17 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-12-08 16:56:12 ----D---- C:\WINDOWS\EHome
2008-12-08 16:52:12 ----HDC---- C:\WINDOWS\$NtUninstallKB917734_WMP9$
2008-12-08 16:50:38 ----A---- C:\WINDOWS\system32\MRT.INI
2008-12-08 16:49:20 ----A---- C:\WINDOWS\system32\MRT.exe
2008-12-08 16:15:38 ----D---- C:\Documents and Settings\Amanda\Application Data\Malwarebytes
2008-12-08 16:15:27 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-08 16:15:27 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-08 16:04:54 ----D---- C:\_OTMoveIt
2008-12-08 15:57:58 ----A---- C:\gqfgqodv.exe
2008-12-07 12:13:40 ----D---- C:\rsit
2008-12-07 11:45:09 ----HD---- C:\WINDOWS\PIF
2008-12-07 11:14:10 ----D---- C:\Program Files\Trend Micro
2008-12-07 09:04:20 ----A---- C:\WINDOWS\system32\hidserv.dll
2008-12-05 17:07:14 ----D---- C:\Documents and Settings\Amanda\Application Data\IUpd721
2008-12-05 17:07:11 ----ASH---- C:\WINDOWS\system32\GOnXaccf.ini2
2008-12-05 17:07:11 ----ASH---- C:\WINDOWS\system32\GOnXaccf.ini
2008-12-02 16:03:12 ----D---- C:\WINDOWS\system32\VC
2008-12-02 16:03:12 ----D---- C:\WINDOWS\system32\uv9
2008-12-02 16:03:12 ----D---- C:\WINDOWS\system32\ki3
2008-12-02 16:03:12 ----D---- C:\WINDOWS\system32\bin
2008-12-02 16:00:50 ----A---- C:\WINDOWS\system32\37014efd-.txt
2008-12-02 16:00:02 ----ASH---- C:\WINDOWS\system32\OUCJknnn.ini
2008-12-02 15:57:02 ----A---- C:\WINDOWS\system32\g11.exe
2008-12-02 15:56:55 ----A---- C:\WINDOWS\system32\fqjmpmctomfocmobq.exe
2008-12-02 15:55:04 ----A---- C:\WINDOWS\system32\gs73gfidgf.dll
2008-11-24 08:27:14 ----A---- C:\WINDOWS\system32\xigjzdbgtvhg.dll

======List of files/folders modified in the last 1 months======

2008-12-08 18:38:15 ----D---- C:\WINDOWS\Prefetch
2008-12-08 18:32:14 ----HD---- C:\WINDOWS\inf
2008-12-08 18:30:16 ----D---- C:\WINDOWS\Temp
2008-12-08 17:58:33 ----D---- C:\Program Files\Mozilla Firefox
2008-12-08 17:57:55 ----A---- C:\WINDOWS\NeroDigital.ini
2008-12-08 17:52:57 ----D---- C:\WINDOWS\system32
2008-12-08 17:52:57 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-08 17:49:26 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-08 17:49:17 ----D---- C:\WINDOWS
2008-12-08 17:48:58 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-08 17:48:52 ----SHD---- C:\WINDOWS\Installer
2008-12-08 17:48:36 ----A---- C:\WINDOWS\OEWABLog.txt
2008-12-08 17:48:22 ----D---- C:\WINDOWS\Debug
2008-12-08 17:48:19 ----SD---- C:\WINDOWS\Tasks
2008-12-08 17:48:18 ----SD---- C:\Documents and Settings\Amanda\Application Data\Microsoft
2008-12-08 17:47:53 ----D---- C:\WINDOWS\system32\inetsrv
2008-12-08 17:47:50 ----A---- C:\WINDOWS\setuplog.txt
2008-12-08 17:47:21 ----D---- C:\WINDOWS\system32\wbem
2008-12-08 17:46:51 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-12-08 17:46:25 ----SHD---- C:\System Volume Information
2008-12-08 17:46:12 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-08 17:46:12 ----D---- C:\WINDOWS\msagent
2008-12-08 17:46:12 ----D---- C:\Program Files\Messenger
2008-12-08 17:46:12 ----D---- C:\Program Files\Internet Explorer
2008-12-08 17:46:11 ----D---- C:\WINDOWS\AppPatch
2008-12-08 17:46:06 ----RSD---- C:\WINDOWS\Fonts
2008-12-08 17:45:51 ----D---- C:\WINDOWS\system32\drivers
2008-12-08 17:45:07 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-08 17:44:41 ----A---- C:\WINDOWS\imsins.BAK
2008-12-08 17:44:38 ----D---- C:\WINDOWS\system32\CatRoot
2008-12-08 17:26:29 ----D---- C:\WINDOWS\system32\Com
2008-12-08 17:09:44 ----RASH---- C:\boot.ini
2008-12-08 17:09:00 ----D---- C:\WINDOWS\security
2008-12-08 17:08:45 ----D---- C:\WINDOWS\WinSxS
2008-12-08 17:08:26 ----D---- C:\WINDOWS\system32\Setup
2008-12-08 17:08:25 ----D---- C:\WINDOWS\Help
2008-12-08 17:08:21 ----D---- C:\WINDOWS\ime
2008-12-08 17:07:58 ----D---- C:\WINDOWS\system32\oobe
2008-12-08 17:07:58 ----D---- C:\Program Files\Windows Media Player
2008-12-08 17:07:55 ----D---- C:\Program Files\Movie Maker
2008-12-08 17:07:51 ----D---- C:\WINDOWS\Media
2008-12-08 17:03:09 ----D---- C:\WINDOWS\system32\Restore
2008-12-08 17:03:09 ----D---- C:\WINDOWS\system32\npp
2008-12-08 17:03:09 ----D---- C:\WINDOWS\mui
2008-12-08 17:03:06 ----D---- C:\WINDOWS\srchasst
2008-12-08 17:03:02 ----D---- C:\Program Files\NetMeeting
2008-12-08 17:02:56 ----D---- C:\Program Files\Windows NT
2008-12-08 17:02:56 ----D---- C:\Program Files\Outlook Express
2008-12-08 17:02:48 ----D---- C:\Program Files\Common Files\System
2008-12-08 17:02:31 ----D---- C:\WINDOWS\system32\usmt
2008-12-08 17:02:29 ----D---- C:\WINDOWS\system
2008-12-08 17:00:35 ----RD---- C:\WINDOWS\Web
2008-12-08 17:00:22 ----RASH---- C:\NTDETECT.COM
2008-12-08 16:45:34 ----D---- C:\WINDOWS\SoftwareDistribution
2008-12-08 16:42:19 ----RD---- C:\Program Files
2008-12-08 15:59:15 ----D---- C:\Documents and Settings\Amanda\Application Data\DNA
2008-12-08 15:56:27 ----A---- C:\WINDOWS\IE4 Error Log.txt
2008-12-08 15:53:27 ----SHD---- C:\RECYCLER
2008-12-08 15:53:17 ----D---- C:\Program Files\DNA
2008-12-07 10:36:43 ----D---- C:\Program Files\Common Files
2008-12-07 10:36:33 ----D---- C:\Program Files\Lavasoft
2008-12-02 16:06:12 ----A---- C:\AUTOEXEC.BAT
2008-12-02 16:03:14 ----D---- C:\temp
2008-11-24 20:57:27 ----D---- C:\Documents and Settings\Amanda\Application Data\ZoomBrowser EX
2008-11-24 20:57:27 ----D---- C:\Documents and Settings\All Users\Application Data\ZoomBrowser
2008-11-23 19:00:48 ----D---- C:\Documents and Settings\Amanda\Application Data\LimeWire
2008-11-11 02:06:49 ----D---- C:\Documents and Settings\Amanda\Application Data\BitTorrent

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-03 36096]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-23 12032]
R2 ANIO;ANIO Service; \??\C:\WINDOWS\System32\ANIO.SYS []
R2 PfDetNT;PfDetNT; \??\C:\WINDOWS\System32\drivers\PfModNT.sys []
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB); C:\WINDOWS\System32\DRIVERS\A3AB.sys [2005-03-22 450400]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-03 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2007-06-26 2303488]
R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\system32\drivers\ctac32k.sys [2003-11-04 645392]
R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2003-11-18 366160]
R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\system32\drivers\ctprxy2k.sys [2003-10-07 6096]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\drivers\ctsfm2k.sys [2003-10-07 130288]
R3 Dot4 HPH11;Dot4 HPH11; C:\WINDOWS\System32\DRIVERS\hphid411.sys [2006-01-06 50896]
R3 Dot4Print HPH11;Print Class Driver for IEEE-1284.4 HPH11; C:\WINDOWS\System32\DRIVERS\hphipr11.sys [2006-01-06 16112]
R3 Dot4Storage HPH11;Storage Class Driver for IEEE-1284.4 (HPH11); C:\WINDOWS\System32\Drivers\hphs2k11.sys [2006-01-06 50276]
R3 Dot4Usb HPH11;Dot4Usb HPH11; C:\WINDOWS\System32\drivers\hphius11.sys [2006-01-06 18928]
R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\system32\drivers\emupia2k.sys [2003-10-13 145488]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINDOWS\system32\drivers\ha10kx2k.sys [2003-10-21 904496]
R3 hap16v2k;Creative P16V HAL Driver; C:\WINDOWS\system32\drivers\hap16v2k.sys [2003-10-21 148432]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-03 61824]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2003-10-07 178672]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\System32\DRIVERS\Rtnicxp.sys [2006-06-16 83968]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2004-08-03 14848]
S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\WINDOWS\system32\drivers\ctdvda2k.sys [2003-10-13 332800]
S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS []
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 restore;restore; \??\C:\WINDOWS\system32\drivers\restore.sys []
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 TnIDriver;TnIDriver; \??\C:\DOCUME~1\Amanda\LOCALS~1\Temp\tni8A.tmp []
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 w810bus;Sony Ericsson W810 Driver driver (WDM); C:\WINDOWS\System32\DRIVERS\w810bus.sys [2006-02-20 58288]
S3 w810mdfl;Sony Ericsson W810 USB WMC Modem Filter; C:\WINDOWS\System32\DRIVERS\w810mdfl.sys [2006-02-20 8336]
S3 w810mdm;Sony Ericsson W810 USB WMC Modem Driver; C:\WINDOWS\System32\DRIVERS\w810mdm.sys [2006-02-20 94064]
S3 w810mgmt;Sony Ericsson W810 USB WMC Device Management Drivers (WDM); C:\WINDOWS\System32\DRIVERS\w810mgmt.sys [2006-02-20 85408]
S3 w810obex;Sony Ericsson W810 USB WMC OBEX Interface; C:\WINDOWS\System32\DRIVERS\w810obex.sys [2006-02-20 83344]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\System32\Ati2evxx.exe [2007-06-26 483328]
R2 AwcService;Advanced WindowsCare Boost Service; C:\Program Files\IObit\Advanced WindowsCare 3 Beta\awcservice.exe [2008-02-18 112640]
R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2006-03-30 96341]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\System32\CTsvcCDA.exe [1999-12-13 44032]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2002-01-05 315392]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-02-18 877864]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\WINDOWS\System32\IoctlSvc.exe [2006-12-19 81920]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\System32\wdfmgr.exe [2004-08-11 38912]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\System32\MsPMSPSv.exe [2000-06-26 53520]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2007-12-11 504104]
R3 Pml Driver HPH11;Pml Driver HPH11; C:\WINDOWS\System32\HPHipm11.exe [2006-01-06 77824]
S2 ANIWZCSdService;ANIWZCSd Service; C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe [2004-10-22 49152]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2007-06-29 520192]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-02-28 529704]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-04-16 91184]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2004-08-03 14336]

-----------------EOF-----------------


That's all--if you have other things to do, since my program isn't secure or anything, it's no problem.

Thank you for the loads of help you've already given me :)

#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:07:03 AM

Posted 09 December 2008 - 11:56 AM

Actually it looks like you were able to install several needed updates as well as SP2. Let's keep going.

We need to run Combofix now.

Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

Important!
You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.
Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.



Make sure that you save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 df0nkv

df0nkv
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:03 AM

Posted 10 December 2008 - 01:37 PM

Ah .. I'm sorry, but my friend actually took the liberty of re-installing Windows for me.

I apologize--thank you for all the help! :thumbsup:

Is there a particular antivirus program or software that you recommend to protect my computer? (I still have Windows XP Prof, SP2.)

#10 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:07:03 AM

Posted 10 December 2008 - 04:38 PM

If you're looking for the free version I'd get AVG.
If you want to spend a few bucks look at Nod32 or Kaspersky.

Now when you say that you reinstalled Windows, did you format the entire drive to wipe everything clean?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users