Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Antivirus 2009 pop ups and trojans


  • This topic is locked This topic is locked
10 replies to this topic

#1 ranzaar

ranzaar

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:07 PM

Posted 27 December 2008 - 11:20 PM

Hello everyone. After leaving this computer to my kids I must say I neglected to keep up with it for a year. Realized there was no anti virus installed. Installed avg, run scan, detected and got rid of many trojans and other stuff. The problem came to my attention when they got hit with the antivirus 2009 that keeps poping up constantly with other pop ups. This computer I fear is a mess and would really like some help clearing it up. This is my jackthis file for starters.
Happy Holidays.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:55:05 PM, on 12/27/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Onfolio\onfserv.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/ca/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gatewaybiz.com
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Program Files\Need2Find\bar\1.bin\ND2FNBAR.DLL (file missing)
O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\PROGRA~1\RXTOOL~1\sfcont.dll (file missing)
O2 - BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: (no name) - {adeb37f9-c69b-4b39-8e7e-93fb2434b070} - C:\WINDOWS\system32\yuhituka.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: (no name) - {CA356D79-679B-4b4c-8E49-5AF97014F4C1} - (no file)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" BOOT
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OnfolioStorage] "C:\Program Files\Onfolio\onfserv.exe" nosignal
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [CPM3b19f351] Rundll32.exe "c:\windows\system32\lipoyiya.dll",a
O4 - HKLM\..\Run: [yokitohovi] Rundll32.exe "C:\WINDOWS\system32\yatevipi.dll",s
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - HKUS\S-1-5-19\..\Run: [yokitohovi] Rundll32.exe "C:\WINDOWS\system32\yatevipi.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [yokitohovi] Rundll32.exe "C:\WINDOWS\system32\yatevipi.dll",s (User 'NETWORK SERVICE')
O4 - Startup: Epson all-in-one Registration.lnk = F:\Titles\Ereg\EPSONREG.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Install Pending Files.LNK = C:\Program Files\SIFXINST\SIFXINST.EXE
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/229?89b031b6d7194efa8c66c64d98a455
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/230?89b031b6d7194efa8c66c64d98a455
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=26688
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} (GoBit Games Player) - http://aolsvc.aol.com/onlinegames/free-tri...esPlayer_v4.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game03.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://gamenextus.oberon-media.com/Gameshe...ronGameHost.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://download.games.yahoo.com/games/web_...inematycoon.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://aolsvc.aol.com/onlinegames/dinerdas...sh.1.0.0.72.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\PROGRA~1\RXTOOL~1\sfcont.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\sedomizu.dll C:\WINDOWS\system32\serafoba.dll avgrsstx.dll C:\WINDOWS\system32\bolanefi.dll c:\windows\system32\lipoyiya.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\lipoyiya.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\lipoyiya.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O24 - Desktop Component 0: (no name) - http://www.ama.ab.ca/road_report/images/rr_north.jpg
O24 - Desktop Component 1: (no name) - http://www.shakirakennels.us/images/Shakir...rbon%20Copy.jpg

--
End of file - 13588 bytes

BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:09:07 AM

Posted 05 January 2009 - 09:21 AM

Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.




NEXT


Please download RSIT by random/random and save it to your Desktop.
  • Double click on RSIT.exe to run RSIT
  • Before you click "Continue", make sure you change the List files/folders created or modified in the last 3 months
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt and info.txt in your next reply.



NEXT


Please download GMER and unzip it to your Desktop.
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results into a Notepad >> save it and attach in this thread.


Post me these logs in your next reply.. Post each log in separate post..

1. Malwarebytes'
2. RSIT log.txt
3. RSIT info.txt
4. Attach GMER result..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 ranzaar

ranzaar
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:07 PM

Posted 05 January 2009 - 07:35 PM

Hello fenzodahl512

Here is my mbam log. Much more in there than I thought there would be. Ouch.


Malwarebytes' Anti-Malware 1.32
Database version: 1620
Windows 5.1.2600 Service Pack 3

1/5/2009 5:08:16 PM
mbam-log-2009-01-05 (17-08-16).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 200644
Time elapsed: 1 hour(s), 4 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 10
Registry Keys Infected: 42
Registry Values Infected: 10
Registry Data Items Infected: 7
Folders Infected: 6
Files Infected: 210

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\kolopiro.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\resemiki.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\vagimapo.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\fimirubu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\mafozoko.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\dokuzule.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\kawamuvo.dll (Trojan.Vundo) -> Delete on reboot.
c:\WINDOWS\system32\kowogepu.dll (Trojan.Vundo) -> Delete on reboot.
C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL (Adware.MyWebSearch) -> Delete on reboot.
c:\WINDOWS\system32\winopeke.dll (Trojan.Vundo) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{adeb37f9-c69b-4b39-8e7e-93fb2434b070} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{adeb37f9-c69b-4b39-8e7e-93fb2434b070} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{adeb37f9-c69b-4b39-8e7e-93fb2434b070} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\myglobalsearchbar.settingsplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{37b85a20-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{37b85a2a-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{37b85a2c-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{37b85a21-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{37b85a21-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{37b85a21-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{37b85a29-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{37b85a29-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{37b85a2b-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{37b85a2b-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ef281620-a3a3-4f08-874f-d68cfc9b7945} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\myglobalsearchbar.settingsplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\myglobalsearchbar.toolbarplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\myglobalsearchbar.toolbarplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/windows/downloaded program files/popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\rxresult.rxresultfilter (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\rxresult.rxresultfilter.1 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2ab289ae-4b90-4281-b2ae-1f4bb034b647} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4d1c4e81-a32a-416b-bcdb-33b3ef3617d3} (Adware.Need2Find) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4d1c4e81-a32a-416b-bcdb-33b3ef3617d3} (Adware.Need2Find) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{ca356d79-679b-4b4c-8e49-5af97014f4c1} (Adware.Starware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4d1c4e81-a32a-416b-bcdb-33b3ef3617d3} (Adware.Need2Find) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ca356d79-679b-4b4c-8e49-5af97014f4c1} (Adware.Starware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\RX ToolBar (Adware.RXToolbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch (Adware.BookedSpace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59879fa4-4790-461c-a1cc-4ec4de4ca483} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{59879fa4-4790-461c-a1cc-4ec4de4ca483} (Adware.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\382ac0cd (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yokitohovi (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm3b19f351 (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{37b85a29-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{37b85a29-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{37b85a29-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{d49e9d35-254c-4c6a-9d17-95018d228ff5} (Adware.Starware) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\fimirubu.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\fimirubu.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\fimirubu.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\dokuzule.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\dokuzule.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo) -> Data: c:\windows\system32\winopeke.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo) -> Data: system32\winopeke.dll -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\MyGlobalSearch (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\MyGlobalSearch\bar (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\MyGlobalSearch\bar\1.bin (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\MyGlobalSearch\bar\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyGlobalSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyGlobalSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\bejanapo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\opanajeb.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bifiyuji.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ijuyifib.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bolapuno.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\onupalob.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bozovevo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ovevozob.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bulilija.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ajililub.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\habajugi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\igujabah.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\heyigula.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\alugiyeh.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hugeloko.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\okoleguh.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jelawaba.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\abawalej.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\johuyota.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\atoyuhoj.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jorijefe.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\efejiroj.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kehapese.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\esepahek.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kolopiro.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\oripolok.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lebipaju.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ujapibel.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\meridewa.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\awedirem.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\moheligo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ogilehom.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\narudoku.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ukoduran.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nifarake.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ekarafin.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nudegeno.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\onegedun.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nukutowe.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ewotukun.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pobezamu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\umazebop.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\resemiki.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\ikimeser.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rilihezo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ozehilir.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rirogewo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\owegorir.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\roboyove.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\evoyobor.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sawufuka.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\akufuwas.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sigalupi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ipulagis.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tedazisi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\isizadet.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vagimapo.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\opamigav.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vovekufa.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\afukevov.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vubulaku.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ukalubuv.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vubumega.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\agemubuv.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wagonire.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\erinogaw.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wetihewi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iwehitew.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wojohilu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ulihojow.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wokohebu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ubehokow.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yepofara.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\arafopey.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yiyasafo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ofasayiy.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yofuhebu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ubehufoy.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zanilepi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ipelinaz.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zavinolo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\olonivaz.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zesedovi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ivodesez.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zuzifore.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\erofizuz.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\deditami.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dokuzule.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\mafozoko.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\fimirubu.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\kawamuvo.dll (Trojan.Vundo) -> Delete on reboot.
c:\WINDOWS\system32\kowogepu.dll (Trojan.Vundo) -> Delete on reboot.
C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL (Adware.MyWebSearch) -> Delete on reboot.
C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP837\A0250290.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP837\A0250291.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP837\A0250292.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP844\A0251067.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP844\A0251068.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP844\A0251069.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP846\A0251101.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP848\A0251116.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP848\A0251117.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP848\A0251118.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP848\A0251119.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP848\A0251120.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP848\A0251121.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP848\A0251122.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP848\A0251123.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP848\A0251124.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP848\A0251125.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP848\A0251126.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP848\A0251127.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP848\A0251128.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP848\A0251129.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP848\A0251130.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP848\A0251131.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP848\A0251133.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP848\A0251134.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP848\A0251135.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP848\A0251136.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP848\A0251137.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP848\A0251138.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP848\A0251139.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP848\A0251140.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP848\A0251141.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP848\A0251142.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP848\A0251143.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP848\A0251144.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP848\A0251145.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP848\A0251146.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP848\A0251147.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP848\A0251148.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP848\A0251149.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP848\A0251151.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP848\A0251132.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP848\A0251150.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP849\A0251440.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP853\A0251554.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bajukeko.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bobipadi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bovusuyo.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\buvodizo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dumihopa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\folawayu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gevumabo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gihunuwa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\giyonuja.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gofivoki.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hakobiwa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\higewomu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\holiwaga.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jumimayo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kefuyite.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kegewowu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kipipasu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kufulemu.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kumuwada.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kupemuza.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\magomaso.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\malanade.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\matolira.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mipotera.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pijulofu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\podoposi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nisawolo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nuduzude.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\powirimu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\serafoba.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sumisenu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tageruzi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tofevomu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tusohaza.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vafuhuye.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vesijobu.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vopegoze.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winopeke.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\wodezoga.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wuyojeva.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lipoyiya.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yigijutu.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yisilobi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zeyuvome.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zitekamo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ludivade.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\luhizadu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\mifirige.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mohohimu.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ruvubeye.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sahewowe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sahoruhe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\setizafu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\4XMRK5M3\InstallAVg_770522170802[2].exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\FU8TF3PH\style[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\MyGlobalSearch\bar\1.bin\M9FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyGlobalSearch\bar\1.bin\M9FFXTBR.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyGlobalSearch\bar\1.bin\M9NTSTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyGlobalSearch\bar\1.bin\M9NTSTBR.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyGlobalSearch\bar\1.bin\M9PLUGIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyGlobalSearch\bar\1.bin\NPMYGLSH.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyGlobalSearch\bar\Cache\0004AD34 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyGlobalSearch\bar\Cache\05FD824E.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyGlobalSearch\bar\Cache\05FD8ED2.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyGlobalSearch\bar\Cache\05FD8F10.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyGlobalSearch\bar\Cache\0DF06E01 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyGlobalSearch\bar\Cache\files.ini (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyGlobalSearch\bar\History\search (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyGlobalSearch\bar\Settings\prevcfg.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tikiyabu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\smdat32m.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

#4 ranzaar

ranzaar
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:07 PM

Posted 05 January 2009 - 07:38 PM

This would be my rsit log txt

Logfile of random's system information tool 1.05 (written by random/random)
Run by Owner at 2009-01-05 17:18:34
Microsoft Windows XP Professional Service Pack 3
System drive C: has 180 GB (77%) free of 234 GB
Total RAM: 1014 MB (50% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:18:50 PM, on 1/5/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Onfolio\onfserv.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\BigFix\BigFix.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Owner\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Owner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/ca/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gatewaybiz.com
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" BOOT
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OnfolioStorage] "C:\Program Files\Onfolio\onfserv.exe" nosignal
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - HKUS\S-1-5-19\..\Run: [yokitohovi] Rundll32.exe "C:\WINDOWS\system32\deditami.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [yokitohovi] Rundll32.exe "C:\WINDOWS\system32\deditami.dll",s (User 'NETWORK SERVICE')
O4 - Startup: Epson all-in-one Registration.lnk = F:\Titles\Ereg\EPSONREG.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Install Pending Files.LNK = C:\Program Files\SIFXINST\SIFXINST.EXE
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/229?89b031b6d7194efa8c66c64d98a455
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/230?89b031b6d7194efa8c66c64d98a455
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=26688
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} (GoBit Games Player) - http://aolsvc.aol.com/onlinegames/free-tri...esPlayer_v4.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game03.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://gamenextus.oberon-media.com/Gameshe...ronGameHost.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://download.games.yahoo.com/games/web_...inematycoon.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://aolsvc.aol.com/onlinegames/dinerdas...sh.1.0.0.72.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
O20 - AppInit_DLLs: C:\WINDOWS\system32\sedomizu.dll C:\WINDOWS\system32\serafoba.dll avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O24 - Desktop Component 0: (no name) - http://www.ama.ab.ca/road_report/images/rr_north.jpg
O24 - Desktop Component 1: (no name) - http://www.shakirakennels.us/images/Shakir...rbon%20Copy.jpg

--
End of file - 12464 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-01-05 399352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A}]
SWEETIE Class - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll [2006-04-12 552960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F85D76C-0569-466F-A488-493E6BD0E955}]
dsWebAllowBHO Class - C:\Program Files\Windows Desktop Search\dsWebAllow.dll [2006-03-26 265432]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-12-26 455960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
UrlHelper Class - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll [2007-11-05 402872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-20 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-12-26 2055960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2008-10-31 251504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2008-10-31 657904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll [2008-10-31 522224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-20 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-20 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-01-05 399352]
{BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - SweetIM For Internet Explorer - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll [2006-04-12 552960]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]
{D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - BearShare MediaBar - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll [2007-11-05 480696]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2008-10-31 251504]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-12-26 2055960]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-08-05 64512]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"SunKistEM"=C:\Program Files\Digital Media Reader\shwiconem.exe [2004-11-15 135168]
""= []
"CHotkey"=C:\WINDOWS\zHotkey.exe [2005-05-03 543232]
"SigmatelSysTrayApp"=sttray.exe []
"IntelAudioStudio"=C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe [2005-07-20 7090176]
"Reminder"=C:\WINDOWS\Creator\Remind_XP.exe [2005-03-09 966656]
"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2002-09-13 212992]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2004-11-02 32768]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2005-04-25 94208]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2005-04-25 77824]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2005-04-25 114688]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2005-08-12 98304]
"OnfolioStorage"=C:\Program Files\Onfolio\onfserv.exe [2006-03-07 51928]
"SweetIM"=C:\Program Files\Macrogaming\SweetIM\SweetIM.exe [2006-06-06 40960]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2008-08-03 36352]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-20 136600]
"SMSTray"=C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe [2007-12-14 132624]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-12-26 1261336]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"NBJ"=C:\Program Files\Ahead\Nero BackItUp\NBJ.exe [2005-06-02 1957888]
"SweetIM"=C:\Program Files\Macrogaming\SweetIM\SweetIM.exe [2006-06-06 40960]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-11-25 68856]
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
BigFix.lnk - C:\Program Files\BigFix\BigFix.exe
Install Pending Files.LNK - C:\Program Files\SIFXINST\SIFXINST.EXE
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Documents and Settings\Owner\Start Menu\Programs\Startup
Epson all-in-one Registration.lnk - F:\Titles\Ereg\EPSONREG.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\WINDOWS\system32\sedomizu.dll C:\WINDOWS\system32\serafoba.dll avgrsstx.dll "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-04-25 131072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-06-19 702768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2006-03-13 233472]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
C:\WINDOWS\system32\sedomizu.dll
C:\WINDOWS\system32\serafoba.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe"="C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon"
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe"="C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed"
"C:\Program Files\Common Files\AOL\1123866854\EE\AOLServiceHost.exe"="C:\Program Files\Common Files\AOL\1123866854\EE\AOLServiceHost.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\System Information\sinf.exe"="C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe"="C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe"="C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe"="C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL"
"C:\Program Files\Call of Duty Game of the Year Edition\CoDUOMP.exe"="C:\Program Files\Call of Duty Game of the Year Edition\CoDUOMP.exe:*:Disabled:CoDUOMP"
"C:\Program Files\Call of Duty Game of the Year Edition\CoDMP.exe"="C:\Program Files\Call of Duty Game of the Year Edition\CoDMP.exe:*:Disabled:CoDMP"
"C:\Program Files\GameSpy Arcade\Aphex.exe"="C:\Program Files\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Kazaa\kazaa.exe"="C:\Program Files\Kazaa\kazaa.exe:*:Enabled:Kazaa"
"C:\Program Files\Sony\Station\LaunchPad\LaunchPad.exe"="C:\Program Files\Sony\Station\LaunchPad\LaunchPad.exe:*:Enabled:LaunchPad"
"C:\CAVEDOG\TOTALA\TotalA.exe"="C:\CAVEDOG\TOTALA\TotalA.exe:*:Enabled:Total Annihilation"
"C:\Program Files\BearShare\BearShare.exe"="C:\Program Files\BearShare\BearShare.exe:*:Enabled:BearShare"
"C:\Program Files\Sony\Station\LaunchPad\_aunchPad.exe"="C:\Program Files\Sony\Station\LaunchPad\_aunchPad.exe:*:Enabled:_aunchPad"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\Program Files\Bullfrog\Dungeon Keeper 2\DKII.icd"="C:\Program Files\Bullfrog\Dungeon Keeper 2\DKII.icd:*:Enabled:DKII"
"C:\Sierra\Empire Earth\Empire Earth.exe"="C:\Sierra\Empire Earth\Empire Earth.exe:*:Enabled:Empire Earth"
"C:\Program Files\StarWarsGalaxies\testcenter\SwgClient_r.exe"="C:\Program Files\StarWarsGalaxies\testcenter\SwgClient_r.exe:*:Disabled:SwgClient_r"
"C:\Program Files\StarWarsGalaxies\SwgClient_r.exe"="C:\Program Files\StarWarsGalaxies\SwgClient_r.exe:*:Disabled:SwgClient_r"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Explorer"
"C:\WINDOWS\system32\wscntfy.exe"="C:\WINDOWS\system32\wscntfy.exe:*:Enabled:wscntfy"
"C:\WINDOWS\system32\logonui.exe"="C:\WINDOWS\system32\logonui.exe:*:Enabled:logonui"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:IEXPLORE"
"C:\WINDOWS\system32\drwtsn32.exe"="C:\WINDOWS\system32\drwtsn32.exe:*:Enabled:drwtsn32"
"C:\WINDOWS\system32\muzapp.exe"="C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\WINDOWS\ehome\ehrecvr.exe"="C:\WINDOWS\ehome\ehrecvr.exe:*:Enabled:ehRecvr"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5bbf6df1-0b51-11da-bd5a-806d6172696f}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480


======List of files/folders created in the last 3 months======

2009-01-05 17:18:34 ----D---- C:\rsit
2009-01-05 15:52:34 ----D---- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2009-01-05 15:52:26 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-01-05 15:52:26 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-30 12:05:03 ----SH---- C:\WINDOWS\system32\uwuwilel.ini
2008-12-27 16:03:37 ----D---- C:\Program Files\Trend Micro
2008-12-26 15:20:37 ----HD---- C:\$AVG8.VAULT$
2008-12-26 15:11:42 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2008-12-26 15:11:33 ----D---- C:\Documents and Settings\Owner\Application Data\AVGTOOLBAR
2008-12-26 15:11:22 ----D---- C:\Program Files\AVG
2008-12-26 15:11:22 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2008-12-26 10:05:34 ----SH---- C:\WINDOWS\system32\inoragut.ini
2008-12-25 20:21:13 ----A---- C:\WINDOWS\FISHUI.INI
2008-12-25 08:42:35 ----N---- C:\WINDOWS\system32\msxml4a.dll
2008-12-25 08:42:34 ----N---- C:\WINDOWS\system32\vorbisenc.dll
2008-12-25 08:42:34 ----N---- C:\WINDOWS\system32\vorbis.dll
2008-12-25 08:42:34 ----N---- C:\WINDOWS\system32\tg_dump.dll
2008-12-25 08:42:34 ----N---- C:\WINDOWS\system32\muzwmts.dll
2008-12-25 08:42:34 ----N---- C:\WINDOWS\system32\MSLUR71.dll
2008-12-25 08:42:34 ----N---- C:\WINDOWS\system32\MSLUP71.dll
2008-12-25 08:42:34 ----N---- C:\WINDOWS\system32\MFC71LU.DLL
2008-12-25 08:42:34 ----N---- C:\WINDOWS\system32\mfc70.dll
2008-12-25 08:42:34 ----A---- C:\WINDOWS\system32\muzapp.exe
2008-12-25 08:42:33 ----N---- C:\WINDOWS\system32\TG_DUMP0708.DLL
2008-12-25 08:42:33 ----N---- C:\WINDOWS\system32\OggDS.dll
2008-12-25 08:42:33 ----N---- C:\WINDOWS\system32\Ogg.dll
2008-12-25 08:42:33 ----N---- C:\WINDOWS\system32\muzapp.dll
2008-12-25 08:42:33 ----N---- C:\WINDOWS\system32\muzaf1.dll
2008-12-25 08:42:33 ----N---- C:\WINDOWS\system32\MaDRM.dll
2008-12-25 08:42:29 ----N---- C:\WINDOWS\system32\MAMACExtract.dll
2008-12-25 08:42:13 ----D---- C:\Program Files\Samsung
2008-12-25 08:42:13 ----D---- C:\Documents and Settings\Owner\Application Data\DataCast
2008-12-25 08:42:12 ----D---- C:\Program Files\MarkAny
2008-12-23 21:41:00 ----SH---- C:\WINDOWS\system32\izuhopaz.ini
2008-12-23 09:50:57 ----SH---- C:\WINDOWS\system32\verejuwe.dll
2008-12-23 09:50:55 ----SH---- C:\WINDOWS\system32\fesenere.dll
2008-12-23 09:50:53 ----SH---- C:\WINDOWS\system32\vaziteha.dll
2008-12-22 20:57:00 ----SH---- C:\WINDOWS\system32\umayobuz.ini
2008-12-22 08:52:00 ----SH---- C:\WINDOWS\system32\uwifinot.ini
2008-12-22 08:29:00 ----SH---- C:\WINDOWS\system32\aliyifej.ini
2008-12-21 19:58:00 ----SH---- C:\WINDOWS\system32\ojukofos.ini
2008-12-21 07:53:00 ----SH---- C:\WINDOWS\system32\udezelim.ini
2008-12-20 19:33:10 ----D---- C:\Documents and Settings\Owner\Application Data\MSNGames
2008-12-20 15:43:05 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-20 15:43:05 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-12-20 15:43:04 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-20 15:43:04 ----A---- C:\WINDOWS\system32\java.exe
2008-12-20 15:42:53 ----D---- C:\Program Files\Java
2008-12-20 07:38:39 ----SH---- C:\WINDOWS\system32\akapapav.ini
2008-12-19 19:38:24 ----SH---- C:\WINDOWS\system32\usulinos.ini
2008-12-19 19:34:22 ----SH---- C:\WINDOWS\system32\hapuduki.dll
2008-12-19 07:38:08 ----SH---- C:\WINDOWS\system32\oyaluyap.ini
2008-12-18 19:37:52 ----SH---- C:\WINDOWS\system32\owovekez.ini
2008-12-18 19:33:50 ----SH---- C:\WINDOWS\system32\supomuhi.dll
2008-12-18 07:37:36 ----SH---- C:\WINDOWS\system32\enubawes.ini
2008-12-18 07:33:32 ----SH---- C:\WINDOWS\system32\pezibovi.dll
2008-12-18 07:33:32 ----SH---- C:\WINDOWS\system32\nezajito.dll
2008-12-17 18:31:08 ----SH---- C:\WINDOWS\system32\edugojoj.ini
2008-12-17 06:30:54 ----SH---- C:\WINDOWS\system32\itelataf.ini
2008-12-16 18:30:39 ----SH---- C:\WINDOWS\system32\oganerew.ini
2008-12-16 06:30:21 ----SH---- C:\WINDOWS\system32\elefarur.ini
2008-12-15 18:30:12 ----SH---- C:\WINDOWS\system32\esimumev.ini
2008-12-12 03:04:33 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-12 03:03:40 ----HDC---- C:\WINDOWS\$NtUninstallKB958215$
2008-12-12 03:01:44 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-12 03:01:12 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-12 03:01:04 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-11 19:16:45 ----D---- C:\Program Files\Common Files\NSV
2008-12-11 18:58:45 ----N---- C:\WINDOWS\system32\pxsfs.dll
2008-12-11 18:58:45 ----N---- C:\WINDOWS\system32\pxinsa64.exe
2008-12-11 18:58:45 ----N---- C:\WINDOWS\system32\pxhpinst.exe
2008-12-11 18:58:45 ----N---- C:\WINDOWS\system32\pxdrv.dll
2008-12-11 18:58:45 ----N---- C:\WINDOWS\system32\pxcpya64.exe
2008-12-11 18:58:45 ----N---- C:\WINDOWS\system32\pxafs.dll
2008-12-11 18:58:44 ----N---- C:\WINDOWS\system32\vxblock.dll
2008-12-11 18:58:44 ----N---- C:\WINDOWS\system32\pxwave.dll
2008-12-11 18:58:44 ----N---- C:\WINDOWS\system32\pxmas.dll
2008-12-11 18:58:44 ----N---- C:\WINDOWS\system32\px.dll
2008-12-11 18:58:42 ----D---- C:\Program Files\Winamp
2008-12-11 18:58:42 ----D---- C:\Documents and Settings\Owner\Application Data\Winamp
2008-11-16 10:26:10 ----A---- C:\dbg_log.txt
2008-11-16 10:17:10 ----D---- C:\Program Files\Infogrames
2008-11-12 21:45:42 ----D---- C:\WINDOWS\.jagex_cache_32
2008-11-12 03:02:11 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-12 03:01:43 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-12 03:01:10 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-10-24 02:00:47 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-15 02:04:17 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-15 02:04:11 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-15 02:04:05 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-15 02:03:15 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-15 02:03:08 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-15 02:01:10 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$
2008-10-11 12:48:08 ----D---- C:\WINDOWS\speech
2008-10-11 12:46:59 ----D---- C:\Program Files\Acclaim Entertainment
2008-10-11 12:20:07 ----A---- C:\WINDOWS\DIIUnin.exe
2008-10-11 11:34:51 ----AT---- C:\WINDOWS\system32\SIntfNT.dll
2008-10-11 11:34:51 ----AT---- C:\WINDOWS\system32\SIntf32.dll
2008-10-11 11:34:51 ----AT---- C:\WINDOWS\system32\SIntf16.dll
2008-10-11 10:21:37 ----D---- C:\Program Files\Diablo II

======List of files/folders modified in the last 3 months======

2009-01-05 17:18:50 ----D---- C:\WINDOWS\Temp
2009-01-05 17:18:34 ----D---- C:\WINDOWS\Prefetch
2009-01-05 17:12:07 ----A---- C:\WINDOWS\win.ini
2009-01-05 17:12:05 ----A---- C:\WINDOWS\ModemLog_SoftV92 Data Fax Modem with SmartCP.txt
2009-01-05 17:12:04 ----D---- C:\WINDOWS
2009-01-05 17:11:37 ----D---- C:\WINDOWS\Registration
2009-01-05 17:11:02 ----RD---- C:\Program Files
2009-01-05 17:11:02 ----D---- C:\WINDOWS\system32
2009-01-05 17:11:00 ----D---- C:\WINDOWS\system32\drivers
2009-01-05 17:10:32 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-05 17:01:31 ----D---- C:\Documents and Settings\Owner\Application Data\Onfolio
2009-01-05 08:36:50 ----D---- C:\Program Files\StarWarsGalaxies
2009-01-02 19:02:43 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-30 23:20:23 ----D---- C:\Program Files\Call of Duty Game of the Year Edition
2008-12-30 11:04:06 ----ASH---- C:\WINDOWS\system32\vorupofi.dll
2008-12-29 19:38:12 ----ASH---- C:\WINDOWS\system32\tihumoma.dll
2008-12-29 19:38:07 ----ASH---- C:\WINDOWS\system32\bopidake.dll
2008-12-29 19:04:17 ----ASH---- C:\WINDOWS\system32\tokorizu.dll
2008-12-29 19:04:17 ----ASH---- C:\WINDOWS\system32\begepudi.dll
2008-12-27 20:17:39 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-27 10:05:57 ----ASH---- C:\WINDOWS\system32\mulivusi.dll
2008-12-26 15:38:58 ----D---- C:\Program Files\GameSpy Arcade
2008-12-26 15:11:17 ----SHD---- C:\WINDOWS\Installer
2008-12-26 15:11:17 ----D---- C:\Config.Msi
2008-12-26 15:11:16 ----D---- C:\WINDOWS\WinSxS
2008-12-26 15:11:16 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-12-26 15:06:28 ----D---- C:\WINDOWS\security
2008-12-25 09:04:53 ----ASH---- C:\WINDOWS\system32\rolunona.dll
2008-12-25 08:42:11 ----HD---- C:\Program Files\InstallShield Installation Information
2008-12-25 07:18:03 ----HD---- C:\WINDOWS\inf
2008-12-23 21:40:50 ----ASH---- C:\WINDOWS\system32\mefegipo.dll
2008-12-23 09:01:36 ----ASH---- C:\WINDOWS\system32\diyisoye.dll
2008-12-20 19:33:19 ----SD---- C:\Documents and Settings\Owner\Application Data\Microsoft
2008-12-20 15:43:16 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-20 15:37:30 ----D---- C:\Program Files\Common Files
2008-12-20 15:32:52 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-20 15:32:08 ----RSD---- C:\WINDOWS\assembly
2008-12-20 15:31:07 ----A---- C:\WINDOWS\WININIT.INI
2008-12-12 03:03:46 ----A---- C:\WINDOWS\imsins.BAK
2008-12-12 03:03:39 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-05 15:50:39 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2008-11-30 19:06:51 ----A---- C:\WINDOWS\NeroDigital.ini
2008-11-14 07:01:35 ----D---- C:\WINDOWS\Help
2008-11-02 08:23:00 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-23 05:36:14 ----A---- C:\WINDOWS\system32\gdi32.dll
2008-10-23 03:06:59 ----N---- C:\WINDOWS\system32\tzchange.exe
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-10-16 14:12:22 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-10-16 14:12:20 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wups2.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\cdm.dll
2008-10-16 14:09:40 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2008-10-16 14:08:58 ----A---- C:\WINDOWS\system32\wups.dll
2008-10-16 14:07:44 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-10-16 14:07:14 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2008-10-16 14:06:48 ----A---- C:\WINDOWS\system32\muweb.dll
2008-10-16 14:06:48 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2008-10-16 14:06:48 ----A---- C:\WINDOWS\system32\mucltui.dll
2008-10-15 18:00:11 ----A---- C:\WINDOWS\system32\wininet.dll
2008-10-15 18:00:11 ----A---- C:\WINDOWS\system32\urlmon.dll
2008-10-15 18:00:11 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-10-15 18:00:10 ----A---- C:\WINDOWS\system32\shdocvw.dll
2008-10-15 09:34:24 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-11 11:48:26 ----D---- C:\Program Files\Shockwave.com

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-12-26 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-12-26 26824]
R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2007-03-07 9336]
R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2007-03-07 9464]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2005-08-12 8552]
R2 ASPI32;ASPI32; C:\WINDOWS\System32\drivers\aspi32.sys [2005-08-02 16512]
R2 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2008-12-26 76040]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 E100B;Intel® PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2005-03-05 157696]
R3 GEARAspiWDM;GEAR CDRom Filter; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2005-08-02 14408]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2004-06-17 1041536]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2004-06-17 220032]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-04-25 889628]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 21248]
R3 sfng32;Sonic Focus Plugin for Sigmatel HDA; C:\WINDOWS\system32\drivers\sfng32.sys [2005-07-20 35712]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2005-07-18 1019064]
R3 StillCam;Still Serial Digital Camera Driver; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-08-17 6784]
R3 SunkFilt;Alcor Micro Corp Reader; \??\C:\WINDOWS\System32\Drivers\sunkfilt.sys []
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2004-06-17 685056]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\system32\DRIVERS\p3.sys [2008-04-13 42752]
S3 gAGP440p;gAGP440p; \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\gAGP440p.sys []
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 mxnic;Macronix MX987xx Family Fast Ethernet NT Driver; C:\WINDOWS\system32\DRIVERS\mxnic.sys [2001-08-17 19968]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-03-03 18944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-12-26 875288]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-12-26 231704]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2005-10-11 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-20 152984]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-02-09 66872]
R2 PrismXL;PrismXL; C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS [2005-08-12 172032]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-08-03 38912]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-31 137200]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMConnectCDS;Windows Media Connect Service; C:\Program Files\Windows Media Connect 2\wmccds.exe [2005-10-06 855552]

-----------------EOF-----------------

#5 ranzaar

ranzaar
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:07 PM

Posted 05 January 2009 - 07:43 PM

And here is the rsit info txt

info.txt logfile of random's system information tool 1.05 2009-01-05 17:18:53

======Uninstall list======

-->"C:\Program Files\eAcceleration\Station\station.exe" /UnRegister
-->C:\PROGRA~1\CALLOF~1\Uninstall\Unwise.exe /u C:\PROGRA~1\CALLOF~1\Uninstall\Install.log
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
123 Copy DVD Uninstall-->C:\Program Files\123 Copy DVD\uninstall.exe
Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.1.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A71000000002}
ArcSoft PhotoImpression 5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D433ABC3-0CD8-4BB0-B6A9-84501B4B47B7}\Setup.exe" -l0x9
AVG Free 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Battleground Europe: WWIIOL -->C:\PROGRA~1\CRS\BATTLE~1\UNWISE.EXE C:\PROGRA~1\CRS\BATTLE~1\INSTALL.LOG
BearShare MediaBar-->C:\Program Files\BearShare Applications\BearShare MediaBar\Uninstall.exe
BearShare-->C:\Program Files\BearShare\\UninstallSurvey.exe C:\PROGRA~1\BEARSH~1\\UNWISE.EXE C:\PROGRA~1\BEARSH~1\\INSTALL.LOG
BigFix-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\BigFix\Uninst.isu" -c"C:\Program Files\BigFix\Lib\UninstallHelper.dll"
Black & White® 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D9E52CD1-9DF1-4A8A-9BDC-1E5E53982F2B}\setup.exe" -l0x9 -removeonly
Call of Duty - United Offensive-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{A662E280-64A8-4CF5-8407-13D0808602B3}
Call of Duty Game of the Year Edition-->C:\PROGRA~1\CALLOF~1\Uninstall\Unwise.exe /u C:\PROGRA~1\CALLOF~1\Uninstall\Install.log
City Life-->C:\Program Files\Monte Cristo\City Life\uninst.exe
Diablo II-->C:\WINDOWS\DIIUnin.exe C:\WINDOWS\DIIUnin.dat
Digital Media Reader-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}
Dungeon Keeper 2-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Bullfrog\Dungeon Keeper 2\Uninst.isu" -c"C:\Program Files\Bullfrog\Dungeon Keeper 2\uninst.dll"
eMedia Starter Guitar Lessons-->"C:\Program Files\eMedia Starter Guitar Lessons\Uninstall.exe" "C:\Program Files\eMedia Starter Guitar Lessons\install.log"
Empire Earth-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2447500B-22D7-47BD-9B13-1A927F43A267}\Setup.exe"
EPSON CX 4200 4800 Guide-->C:\Program Files\epson\guide\cx4200_4800_e\uninstall.exe
EPSON PhotoCenter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D21553E9-2EC5-4E8C-AB71-07AC07D50BBC}\setup.exe" -l0x9 anything
EPSON Printer Software-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r
Form Fill (Windows Live Toolbar)-->MsiExec.exe /X{548B3DC6-2300-47E1-BA7B-74AD25F8DEBF}
Games Add-in for Windows Live® Toolbar-->MsiExec.exe /I{C1E26BDC-5299-4F0E-969A-BDD60B3B93B1}
GameSpy Arcade-->C:\PROGRA~1\GAMESP~1\UNWISE.EXE C:\PROGRA~1\GAMESP~1\INSTALL.LOG
GDivX Zenith Player-->"C:\Program Files\GDivX Zenith Player\GDivX-Uninstall.exe"
GearDrivers-->rundll32.exe C:\WINDOWS\system32\UNINSTALL\UninstWDM.dll,UninstInitialize
Ghost Recon-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D89EF3B3-6F17-4665-B7A9-A4235A6DC787}\Setup.exe"
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_0C68A50B7874478D.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Player 10 (KB903157)-->"C:\WINDOWS\$NtUninstallKB903157$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Intel Audio Studio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3D1B20A6-E31D-4BB5-BC5C-DDD3B0D91728}\setup.exe" -l0x9
Intel® Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2776 PCI\VEN_8086&DEV_2772
Intel® PRO Network Connections Drivers-->Prounstl.exe
InterActual Player-->C:\Program Files\InterActual\InterActual Player\inuninst.exe
Java™ 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Macrogaming SweetIM 1.2a-->MsiExec.exe /X{5827C8C9-A3C6-4E7C-AA70-F6AFAB52F981}
Macromedia Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Base Smart Card Cryptographic Service Provider Package-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Money 2005-->C:\Program Files\Microsoft Money 2005\MNYCoreFiles\Setup\uninst.exe /s:120
Microsoft Office Standard Edition 2003-->MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft Picture It! Premium 10-->"C:\Program Files\Common Files\Microsoft Shared\Picture It!\RmvSuite.exe" ADDREMOVE=1 SKU=PREM
Microsoft Text-to-Speech Engine 4.0 (English)-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msTTS.inf, Uninstall
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works-->MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSXML 4.0 SP2 (KB925672)-->MsiExec.exe /I{A9CF9052-F4A0-475D-A00F-A8388C62DD63}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Multimedia Keyboard Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6E66ECBD-FCA7-4AE1-A8C5-1CA78BEEB057}\Setup.exe" -l0x9
My Global Search Bar-->rundll32 C:\PROGRA~1\MYGLOB~1\bar\1.bin\mgsBar.dll,O
Napster Burn Engine-->MsiExec.exe /I{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}
Napster-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BBBCAE4B-B416-4182-A6F2-438180894A81}\setup.exe" -l0x9
Need2Find Bar-->rundll32 C:\PROGRA~1\NEED2F~1\bar\1.bin\Nd2fnBar.dll,O
Nero BurnRights-->C:\WINDOWS\UNNeroBurnRights.exe /UNINSTALL
Nero OEM-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
OneCare Advisor (Windows Live Toolbar)-->MsiExec.exe /X{6D7D3A9A-4972-4DDE-B4EF-08B2D44D939D}
Onfolio Add-in for Windows Live Toolbar-->MsiExec.exe /I{D17C8AB1-0A2B-44C5-AA47-67D48A16E9BD}
Outcast-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Infogrames\Outcast\Uninst.isu" -c"C:\Program Files\Infogrames\Outcast\Uninst.dll"
PlayGATE Setup-->C:\PROGRA~1\Playnet\Playgate\UNWISE.EXE C:\PROGRA~1\Playnet\Playgate\INSTALL.LOG
Popup Blocker (Windows Live Toolbar)-->MsiExec.exe /X{66A7A386-6F35-41A7-A731-101F0C0153C8}
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QuickTime-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
Railroad Tycoon 3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DE29025A-091F-4998-AD2D-24C84421190F}\setup.exe" -l0x9
RealPlayer Basic-->C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
ROBLOX-->MsiExec.exe /X{272C2E66-6D29-4FB3-835B-05A4ED8E63FD}
Samsung Media Studio 5-->"C:\Program Files\InstallShield Installation Information\{C20CE592-B0F8-4D20-BF31-0151CA6331A6}\Setup.exe" -runfromtemp -l0x0009 -removeonly
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
SigmaTel Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
Smart Menus (Windows Live Toolbar)-->MsiExec.exe /X{F084395C-40FB-4DB3-981C-B51E74E1E83D}
SoftV92 Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1\HXFSETUP.EXE -U -IURSLST5K.inf
Sonic Encoders-->MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
Spybot - Search & Destroy 1.4-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Star Wars Galaxies: The Total Experience-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5B257C09-6A05-4308-9A6D-E8A2CAE21EA9}\setup.exe" -l0x9
SweetIM For Internet Explorer 1.0a-->MsiExec.exe /X{BBB1528C-2F8C-4526-9C8E-699F17AF21CA}
Tabbed Browsing (Windows Live Toolbar)-->MsiExec.exe /X{47FBF7F9-FBD3-43EF-823B-7684D56C1962}
The Sims 2 Glamour Life Stuff-->C:\Program Files\EA GAMES\The Sims 2 Glamour Life Stuff\EAUninstall.exe
The Sims 2-->C:\Program Files\EA GAMES\The Sims 2\EAUninstall.exe
UControl Scan and Remove-->C:\PROGRA~1\COMMON~1\UControl\UCONTR~1\UNWISE.EXE C:\PROGRA~1\COMMON~1\UControl\UCONTR~1\INSTALL.LOG
Unity Web Player-->C:\Program Files\Unity\WebPlayer\Uninstall.exe
Update for Windows Media Player 10 (KB913800)-->"C:\WINDOWS\$NtUninstallKB913800$\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB926251)-->"C:\WINDOWS\$NtUninstallKB926251$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update Rollup 2 for Windows XP Media Center Edition 2005-->C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Desktop Search -->"C:\WINDOWS\$NtUninstallKB911993-V2$\spuninst\spuninst.exe"
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Outlook Toolbar (Windows Live Toolbar)-->MsiExec.exe /X{35E1A8C8-6646-4101-B0AA-42D1EB2AB3AE}
Windows Live Sign-in Assistant-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Live Toolbar Extension (Windows Live Toolbar)-->MsiExec.exe /X{341201D4-4F61-4ADB-987E-9CCE4D83A58D}
Windows Live Toolbar Feed Detector (Windows Live Toolbar)-->MsiExec.exe /X{68108E66-D13A-4EE8-A6F4-40E4B90C2A26}
Windows Live Toolbar-->"C:\Program Files\Windows Live Toolbar\UnInstall.exe" {D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Toolbar-->MsiExec.exe /X{D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Media Connect-->"C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format SDK Hotfix - KB891122-->"C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB908250-->"C:\WINDOWS\$NtUninstallKB908250$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\unyt.exe

=====HijackThis Backups=====

O4 - HKLM\..\Run: [StopSignSsTsMon] Rundll32.exe "C:\Program Files\Acceleration Software\Anti-Virus\sstsmon.dll",VerifyStatus
O4 - HKLM\..\Run: [yokitohovi] Rundll32.exe "C:\WINDOWS\system32\yatevipi.dll",s
O4 - HKLM\..\Run: [382ac0cd] rundll32.exe "C:\WINDOWS\system32\wojohilu.dll",b
O4 - HKLM\..\Run: [yokitohovi] Rundll32.exe "C:\WINDOWS\system32\yatevipi.dll",s
O2 - BHO: (no name) - {adeb37f9-c69b-4b39-8e7e-93fb2434b070} - C:\WINDOWS\system32\yuhituka.dll
O4 - HKLM\..\Run: [CPM3b19f351] Rundll32.exe "C:\WINDOWS\system32\lipoyiya.dll",a
O4 - HKLM\..\Run: [webscan] "C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe" -k
O4 - HKLM\..\Run: [SoftwareStation] "C:\Program Files\eAcceleration\Station\station.exe" /b Startup
O4 - HKLM\..\Run: [yokitohovi] Rundll32.exe "C:\WINDOWS\system32\yatevipi.dll",s
O2 - BHO: (no name) - {adeb37f9-c69b-4b39-8e7e-93fb2434b070} - C:\WINDOWS\system32\yuhituka.dll

======Security center information======

AV: AVG Anti-Virus Free

System event log

Computer Name: KIDS
Event Code: 7035
Message: The Windows Installer service was successfully sent a start control.

Record Number: 11305
Source Name: Service Control Manager
Time Written: 20081112030026.000000-420
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: KIDS
Event Code: 18
Message: Installation Ready: The following updates are downloaded and ready for installation. This computer is currently scheduled to install these updates on Wednesday, November 12, 2008 at 3:00 AM:
- Security Update for Microsoft XML Core Services 4.0 Service Pack 2 (KB954430)
- Security Update for Windows XP (KB955069)
- Update for Microsoft Office Outlook 2003 Junk Email Filter (KB957832)
- Security Update for Windows XP (KB954459)
- Security Update for Microsoft Office 2003 (KB951535)
- Security Update for Windows XP (KB957097)
- Windows Malicious Software Removal Tool - November 2008 (KB890830)

Record Number: 11304
Source Name: Windows Update Agent
Time Written: 20081111210031.000000-420
Event Type: information
User:

Computer Name: KIDS
Event Code: 18
Message: Installation Ready: The following updates are downloaded and ready for installation. This computer is currently scheduled to install these updates on Wednesday, November 12, 2008 at 3:00 AM:
- Security Update for Microsoft XML Core Services 4.0 Service Pack 2 (KB954430)
- Security Update for Windows XP (KB955069)
- Update for Microsoft Office Outlook 2003 Junk Email Filter (KB957832)
- Security Update for Microsoft Office 2003 (KB951535)
- Security Update for Windows XP (KB957097)
- Windows Malicious Software Removal Tool - November 2008 (KB890830)

Record Number: 11303
Source Name: Windows Update Agent
Time Written: 20081111210001.000000-420
Event Type: information
User:

Computer Name: KIDS
Event Code: 18
Message: Installation Ready: The following updates are downloaded and ready for installation. This computer is currently scheduled to install these updates on Wednesday, November 12, 2008 at 3:00 AM:
- Security Update for Windows XP (KB955069)
- Update for Microsoft Office Outlook 2003 Junk Email Filter (KB957832)
- Security Update for Microsoft Office 2003 (KB951535)
- Security Update for Windows XP (KB957097)
- Windows Malicious Software Removal Tool - November 2008 (KB890830)

Record Number: 11302
Source Name: Windows Update Agent
Time Written: 20081111205805.000000-420
Event Type: information
User:

Computer Name: KIDS
Event Code: 18
Message: Installation Ready: The following updates are downloaded and ready for installation. This computer is currently scheduled to install these updates on Wednesday, November 12, 2008 at 3:00 AM:
- Security Update for Windows XP (KB955069)
- Update for Microsoft Office Outlook 2003 Junk Email Filter (KB957832)
- Security Update for Microsoft Office 2003 (KB951535)
- Security Update for Windows XP (KB957097)

Record Number: 11301
Source Name: Windows Update Agent
Time Written: 20081111205709.000000-420
Event Type: information
User:

Application event log

Computer Name: KIDS
Event Code: 12001
Message: The Messenger Sharing USN Journal Reader service started successfully.

Record Number: 5
Source Name: usnjsvc
Time Written: 20080715183807.000000-360
Event Type:
User:

Computer Name: KIDS
Event Code: 1800
Message: The Windows Security Center Service has started.

Record Number: 4
Source Name: SecurityCenter
Time Written: 20080715183640.000000-360
Event Type: information
User:

Computer Name: KIDS
Event Code: 105
Message:
Record Number: 3
Source Name: ATI Smart
Time Written: 20080715183635.000000-360
Event Type: information
User:

Computer Name: KIDS
Event Code: 1800
Message: The Windows Security Center Service has started.

Record Number: 2
Source Name: SecurityCenter
Time Written: 20080715165657.000000-360
Event Type: information
User:

Computer Name: KIDS
Event Code: 105
Message:
Record Number: 1
Source Name: ATI Smart
Time Written: 20080715165652.000000-360
Event Type: information
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 4, GenuineIntel
"PROCESSOR_REVISION"=0404
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------

#6 ranzaar

ranzaar
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:07 PM

Posted 05 January 2009 - 09:04 PM

Here is the gmer attachment.

Attached Files



#7 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:09:07 AM

Posted 06 January 2009 - 12:58 AM

IMPORTANT!! Uninstall these programs before proceed with our fixes..

1. Spybot S&D
2. Viewpoint
3. SweetIM



NEXT


Please download the OTMoveIt3 by OldTimer
  • Save it to your Desktop.
  • Please double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
  • Let the Unregister Dll's and Ocx's remain ticked and Zip Files After Moves remain unticked..
  • Copy the codebox contents and paste it to the "Paste List of Files/Folders to Move" window (under the light Yellow bar)

    :processes
    explorer.exe
    
    :files
    C:\WINDOWS\system32\sedomizu.dll
    C:\WINDOWS\system32\serafoba.dll
    C:\Program Files\Kazaa
    C:\WINDOWS\system32\uwuwilel.ini
    C:\WINDOWS\system32\inoragut.ini
    C:\WINDOWS\system32\izuhopaz.ini
    C:\WINDOWS\system32\verejuwe.dll
    C:\WINDOWS\system32\fesenere.dll
    C:\WINDOWS\system32\vaziteha.dll
    C:\WINDOWS\system32\umayobuz.ini
    C:\WINDOWS\system32\uwifinot.ini
    C:\WINDOWS\system32\aliyifej.ini
    C:\WINDOWS\system32\ojukofos.ini
    C:\WINDOWS\system32\udezelim.ini
    C:\WINDOWS\system32\akapapav.ini
    C:\WINDOWS\system32\usulinos.ini
    C:\WINDOWS\system32\hapuduki.dll
    C:\WINDOWS\system32\oyaluyap.ini
    C:\WINDOWS\system32\owovekez.ini
    C:\WINDOWS\system32\supomuhi.dll
    C:\WINDOWS\system32\enubawes.ini
    C:\WINDOWS\system32\pezibovi.dll
    C:\WINDOWS\system32\nezajito.dll
    C:\WINDOWS\system32\edugojoj.ini
    C:\WINDOWS\system32\itelataf.ini
    C:\WINDOWS\system32\oganerew.ini
    C:\WINDOWS\system32\elefarur.ini
    C:\WINDOWS\system32\esimumev.ini
    C:\WINDOWS\system32\vorupofi.dll
    C:\WINDOWS\system32\tihumoma.dll
    C:\WINDOWS\system32\bopidake.dll
    C:\WINDOWS\system32\tokorizu.dll
    C:\WINDOWS\system32\begepudi.dll
    C:\WINDOWS\system32\mulivusi.dll
    C:\WINDOWS\system32\rolunona.dll
    C:\WINDOWS\system32\mefegipo.dll
    C:\WINDOWS\system32\diyisoye.dll
    
    :reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLS"="avgrsstx.dll"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
    "Notification Packages"=hex(7):73,63,65,63,6c,69,00,00
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "C:\Program Files\Kazaa\kazaa.exe"=-
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5bbf6df1-0b51-11da-bd5a-806d6172696f}]
    
    :commands
    [purity]
    [emptytemp]
    [start explorer]
    [reboot]
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



Run RSIT again.. Post these logs in your next reply..

1. OTMoveIt3
2. RSIT log.txt

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#8 ranzaar

ranzaar
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:07 PM

Posted 06 January 2009 - 05:15 PM

Hello fenzodahl512

I uninstalled those 3 programs but I notice in the new logs that its still kicking around in spots. Here is the otmovit3 log. I didn't know if you wanted the rsit for 3 months again but opted for the 1 month. I hope thats ok. Oh and microsoft automatically downloaded critical updates during the night.

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
File/Folder C:\WINDOWS\system32\sedomizu.dll not found.
File/Folder C:\WINDOWS\system32\serafoba.dll not found.
File/Folder C:\Program Files\Kazaa not found.
C:\WINDOWS\system32\uwuwilel.ini moved successfully.
C:\WINDOWS\system32\inoragut.ini moved successfully.
C:\WINDOWS\system32\izuhopaz.ini moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\verejuwe.dll
C:\WINDOWS\system32\verejuwe.dll NOT unregistered.
C:\WINDOWS\system32\verejuwe.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\fesenere.dll
C:\WINDOWS\system32\fesenere.dll NOT unregistered.
C:\WINDOWS\system32\fesenere.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\vaziteha.dll
C:\WINDOWS\system32\vaziteha.dll NOT unregistered.
C:\WINDOWS\system32\vaziteha.dll moved successfully.
C:\WINDOWS\system32\umayobuz.ini moved successfully.
C:\WINDOWS\system32\uwifinot.ini moved successfully.
C:\WINDOWS\system32\aliyifej.ini moved successfully.
C:\WINDOWS\system32\ojukofos.ini moved successfully.
C:\WINDOWS\system32\udezelim.ini moved successfully.
C:\WINDOWS\system32\akapapav.ini moved successfully.
C:\WINDOWS\system32\usulinos.ini moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\hapuduki.dll
C:\WINDOWS\system32\hapuduki.dll NOT unregistered.
C:\WINDOWS\system32\hapuduki.dll moved successfully.
C:\WINDOWS\system32\oyaluyap.ini moved successfully.
C:\WINDOWS\system32\owovekez.ini moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\supomuhi.dll
C:\WINDOWS\system32\supomuhi.dll NOT unregistered.
C:\WINDOWS\system32\supomuhi.dll moved successfully.
C:\WINDOWS\system32\enubawes.ini moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\pezibovi.dll
C:\WINDOWS\system32\pezibovi.dll NOT unregistered.
C:\WINDOWS\system32\pezibovi.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\nezajito.dll
C:\WINDOWS\system32\nezajito.dll NOT unregistered.
C:\WINDOWS\system32\nezajito.dll moved successfully.
C:\WINDOWS\system32\edugojoj.ini moved successfully.
C:\WINDOWS\system32\itelataf.ini moved successfully.
C:\WINDOWS\system32\oganerew.ini moved successfully.
C:\WINDOWS\system32\elefarur.ini moved successfully.
C:\WINDOWS\system32\esimumev.ini moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\vorupofi.dll
C:\WINDOWS\system32\vorupofi.dll NOT unregistered.
C:\WINDOWS\system32\vorupofi.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\tihumoma.dll
C:\WINDOWS\system32\tihumoma.dll NOT unregistered.
C:\WINDOWS\system32\tihumoma.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\bopidake.dll
C:\WINDOWS\system32\bopidake.dll NOT unregistered.
C:\WINDOWS\system32\bopidake.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\tokorizu.dll
C:\WINDOWS\system32\tokorizu.dll NOT unregistered.
C:\WINDOWS\system32\tokorizu.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\begepudi.dll
C:\WINDOWS\system32\begepudi.dll NOT unregistered.
C:\WINDOWS\system32\begepudi.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\mulivusi.dll
C:\WINDOWS\system32\mulivusi.dll NOT unregistered.
C:\WINDOWS\system32\mulivusi.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\rolunona.dll
C:\WINDOWS\system32\rolunona.dll NOT unregistered.
C:\WINDOWS\system32\rolunona.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\mefegipo.dll
C:\WINDOWS\system32\mefegipo.dll NOT unregistered.
C:\WINDOWS\system32\mefegipo.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\diyisoye.dll
C:\WINDOWS\system32\diyisoye.dll NOT unregistered.
C:\WINDOWS\system32\diyisoye.dll moved successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\"AppInit_DLLS"|"avgrsstx.dll" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\"Notification Packages"|hex(7):73,63,65,63,6c,69,00,00 /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Program Files\Kazaa\kazaa.exe deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5bbf6df1-0b51-11da-bd5a-806d6172696f}\\ deleted successfully.
========== COMMANDS ==========
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_234.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01062009_143626

Files moved on Reboot...
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_234.dat not found!


And here is the rsit log txt

Logfile of random's system information tool 1.05 (written by random/random)
Run by Owner at 2009-01-06 14:51:56
Microsoft Windows XP Professional Service Pack 3
System drive C: has 184 GB (79%) free of 234 GB
Total RAM: 1014 MB (61% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:51:58 PM, on 1/6/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Onfolio\onfserv.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Owner\Desktop\RSIT.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\Owner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/ca/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gatewaybiz.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" BOOT
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OnfolioStorage] "C:\Program Files\Onfolio\onfserv.exe" nosignal
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - HKUS\S-1-5-19\..\Run: [yokitohovi] Rundll32.exe "C:\WINDOWS\system32\deditami.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [yokitohovi] Rundll32.exe "C:\WINDOWS\system32\deditami.dll",s (User 'NETWORK SERVICE')
O4 - Startup: Epson all-in-one Registration.lnk = F:\Titles\Ereg\EPSONREG.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Install Pending Files.LNK = C:\Program Files\SIFXINST\SIFXINST.EXE
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/229?89b031b6d7194efa8c66c64d98a455
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/230?89b031b6d7194efa8c66c64d98a455
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=26688
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} (GoBit Games Player) - http://aolsvc.aol.com/onlinegames/free-tri...esPlayer_v4.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game03.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://gamenextus.oberon-media.com/Gameshe...ronGameHost.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://download.games.yahoo.com/games/web_...inematycoon.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://aolsvc.aol.com/onlinegames/dinerdas...sh.1.0.0.72.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O24 - Desktop Component 0: (no name) - http://www.ama.ab.ca/road_report/images/rr_north.jpg
O24 - Desktop Component 1: (no name) - http://www.shakirakennels.us/images/Shakir...rbon%20Copy.jpg

--
End of file - 12092 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-01-05 399352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F85D76C-0569-466F-A488-493E6BD0E955}]
dsWebAllowBHO Class - C:\Program Files\Windows Desktop Search\dsWebAllow.dll [2006-03-26 265432]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-12-26 455960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
UrlHelper Class - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll [2007-11-05 402872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-20 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-12-26 2055960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2008-10-31 251504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2008-10-31 657904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll [2008-10-31 522224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-20 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-20 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-01-05 399352]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]
{D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - BearShare MediaBar - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll [2007-11-05 480696]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2008-10-31 251504]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-12-26 2055960]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-08-05 64512]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"SunKistEM"=C:\Program Files\Digital Media Reader\shwiconem.exe [2004-11-15 135168]
""= []
"CHotkey"=C:\WINDOWS\zHotkey.exe [2005-05-03 543232]
"SigmatelSysTrayApp"=sttray.exe []
"IntelAudioStudio"=C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe [2005-07-20 7090176]
"Reminder"=C:\WINDOWS\Creator\Remind_XP.exe [2005-03-09 966656]
"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2002-09-13 212992]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2004-11-02 32768]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2005-04-25 94208]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2005-04-25 77824]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2005-04-25 114688]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2005-08-12 98304]
"OnfolioStorage"=C:\Program Files\Onfolio\onfserv.exe [2006-03-07 51928]
"SweetIM"=C:\Program Files\Macrogaming\SweetIM\SweetIM.exe [2006-06-06 40960]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2008-08-03 36352]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-20 136600]
"SMSTray"=C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe [2007-12-14 132624]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-12-26 1261336]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"NBJ"=C:\Program Files\Ahead\Nero BackItUp\NBJ.exe [2005-06-02 1957888]
"SweetIM"=C:\Program Files\Macrogaming\SweetIM\SweetIM.exe [2006-06-06 40960]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-11-25 68856]
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
BigFix.lnk - C:\Program Files\BigFix\BigFix.exe
Install Pending Files.LNK - C:\Program Files\SIFXINST\SIFXINST.EXE
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Documents and Settings\Owner\Start Menu\Programs\Startup
Epson all-in-one Registration.lnk - F:\Titles\Ereg\EPSONREG.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-04-25 131072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-06-19 702768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2006-03-13 233472]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe"="C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon"
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe"="C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed"
"C:\Program Files\Common Files\AOL\1123866854\EE\AOLServiceHost.exe"="C:\Program Files\Common Files\AOL\1123866854\EE\AOLServiceHost.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\System Information\sinf.exe"="C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe"="C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe"="C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe"="C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL"
"C:\Program Files\Call of Duty Game of the Year Edition\CoDUOMP.exe"="C:\Program Files\Call of Duty Game of the Year Edition\CoDUOMP.exe:*:Disabled:CoDUOMP"
"C:\Program Files\Call of Duty Game of the Year Edition\CoDMP.exe"="C:\Program Files\Call of Duty Game of the Year Edition\CoDMP.exe:*:Disabled:CoDMP"
"C:\Program Files\GameSpy Arcade\Aphex.exe"="C:\Program Files\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Sony\Station\LaunchPad\LaunchPad.exe"="C:\Program Files\Sony\Station\LaunchPad\LaunchPad.exe:*:Enabled:LaunchPad"
"C:\CAVEDOG\TOTALA\TotalA.exe"="C:\CAVEDOG\TOTALA\TotalA.exe:*:Enabled:Total Annihilation"
"C:\Program Files\BearShare\BearShare.exe"="C:\Program Files\BearShare\BearShare.exe:*:Enabled:BearShare"
"C:\Program Files\Sony\Station\LaunchPad\_aunchPad.exe"="C:\Program Files\Sony\Station\LaunchPad\_aunchPad.exe:*:Enabled:_aunchPad"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\Program Files\Bullfrog\Dungeon Keeper 2\DKII.icd"="C:\Program Files\Bullfrog\Dungeon Keeper 2\DKII.icd:*:Enabled:DKII"
"C:\Sierra\Empire Earth\Empire Earth.exe"="C:\Sierra\Empire Earth\Empire Earth.exe:*:Enabled:Empire Earth"
"C:\Program Files\StarWarsGalaxies\testcenter\SwgClient_r.exe"="C:\Program Files\StarWarsGalaxies\testcenter\SwgClient_r.exe:*:Disabled:SwgClient_r"
"C:\Program Files\StarWarsGalaxies\SwgClient_r.exe"="C:\Program Files\StarWarsGalaxies\SwgClient_r.exe:*:Disabled:SwgClient_r"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Explorer"
"C:\WINDOWS\system32\wscntfy.exe"="C:\WINDOWS\system32\wscntfy.exe:*:Enabled:wscntfy"
"C:\WINDOWS\system32\logonui.exe"="C:\WINDOWS\system32\logonui.exe:*:Enabled:logonui"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:IEXPLORE"
"C:\WINDOWS\system32\drwtsn32.exe"="C:\WINDOWS\system32\drwtsn32.exe:*:Enabled:drwtsn32"
"C:\WINDOWS\system32\muzapp.exe"="C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\WINDOWS\ehome\ehrecvr.exe"="C:\WINDOWS\ehome\ehrecvr.exe:*:Enabled:ehRecvr"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

======List of files/folders created in the last 1 months======

2009-01-06 14:36:26 ----D---- C:\_OTMoveIt
2009-01-06 03:01:09 ----HDC---- C:\WINDOWS\$NtUninstallKB960714$
2009-01-05 17:49:20 ----A---- C:\WINDOWS\gmer.ini
2009-01-05 17:49:19 ----A---- C:\WINDOWS\gmer_uninstall.cmd
2009-01-05 17:49:19 ----A---- C:\WINDOWS\gmer.dll
2009-01-05 17:49:18 ----A---- C:\WINDOWS\gmer.exe
2009-01-05 17:18:34 ----D---- C:\rsit
2009-01-05 15:52:34 ----D---- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2009-01-05 15:52:26 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-01-05 15:52:26 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-27 16:03:37 ----D---- C:\Program Files\Trend Micro
2008-12-26 15:20:37 ----HD---- C:\$AVG8.VAULT$
2008-12-26 15:11:42 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2008-12-26 15:11:33 ----D---- C:\Documents and Settings\Owner\Application Data\AVGTOOLBAR
2008-12-26 15:11:22 ----D---- C:\Program Files\AVG
2008-12-26 15:11:22 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2008-12-25 20:21:13 ----A---- C:\WINDOWS\FISHUI.INI
2008-12-25 08:42:35 ----N---- C:\WINDOWS\system32\msxml4a.dll
2008-12-25 08:42:34 ----N---- C:\WINDOWS\system32\vorbisenc.dll
2008-12-25 08:42:34 ----N---- C:\WINDOWS\system32\vorbis.dll
2008-12-25 08:42:34 ----N---- C:\WINDOWS\system32\tg_dump.dll
2008-12-25 08:42:34 ----N---- C:\WINDOWS\system32\muzwmts.dll
2008-12-25 08:42:34 ----N---- C:\WINDOWS\system32\MSLUR71.dll
2008-12-25 08:42:34 ----N---- C:\WINDOWS\system32\MSLUP71.dll
2008-12-25 08:42:34 ----N---- C:\WINDOWS\system32\MFC71LU.DLL
2008-12-25 08:42:34 ----N---- C:\WINDOWS\system32\mfc70.dll
2008-12-25 08:42:34 ----A---- C:\WINDOWS\system32\muzapp.exe
2008-12-25 08:42:33 ----N---- C:\WINDOWS\system32\TG_DUMP0708.DLL
2008-12-25 08:42:33 ----N---- C:\WINDOWS\system32\OggDS.dll
2008-12-25 08:42:33 ----N---- C:\WINDOWS\system32\Ogg.dll
2008-12-25 08:42:33 ----N---- C:\WINDOWS\system32\muzapp.dll
2008-12-25 08:42:33 ----N---- C:\WINDOWS\system32\muzaf1.dll
2008-12-25 08:42:33 ----N---- C:\WINDOWS\system32\MaDRM.dll
2008-12-25 08:42:29 ----N---- C:\WINDOWS\system32\MAMACExtract.dll
2008-12-25 08:42:13 ----D---- C:\Program Files\Samsung
2008-12-25 08:42:13 ----D---- C:\Documents and Settings\Owner\Application Data\DataCast
2008-12-25 08:42:12 ----D---- C:\Program Files\MarkAny
2008-12-20 19:33:10 ----D---- C:\Documents and Settings\Owner\Application Data\MSNGames
2008-12-20 15:43:05 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-20 15:43:05 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-12-20 15:43:04 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-20 15:43:04 ----A---- C:\WINDOWS\system32\java.exe
2008-12-20 15:42:53 ----D---- C:\Program Files\Java
2008-12-12 03:04:33 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-12 03:03:40 ----HDC---- C:\WINDOWS\$NtUninstallKB958215$
2008-12-12 03:01:44 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-12 03:01:12 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-12 03:01:04 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-11 19:16:45 ----D---- C:\Program Files\Common Files\NSV
2008-12-11 18:58:45 ----N---- C:\WINDOWS\system32\pxsfs.dll
2008-12-11 18:58:45 ----N---- C:\WINDOWS\system32\pxinsa64.exe
2008-12-11 18:58:45 ----N---- C:\WINDOWS\system32\pxhpinst.exe
2008-12-11 18:58:45 ----N---- C:\WINDOWS\system32\pxdrv.dll
2008-12-11 18:58:45 ----N---- C:\WINDOWS\system32\pxcpya64.exe
2008-12-11 18:58:45 ----N---- C:\WINDOWS\system32\pxafs.dll
2008-12-11 18:58:44 ----N---- C:\WINDOWS\system32\vxblock.dll
2008-12-11 18:58:44 ----N---- C:\WINDOWS\system32\pxwave.dll
2008-12-11 18:58:44 ----N---- C:\WINDOWS\system32\pxmas.dll
2008-12-11 18:58:44 ----N---- C:\WINDOWS\system32\px.dll
2008-12-11 18:58:42 ----D---- C:\Program Files\Winamp
2008-12-11 18:58:42 ----D---- C:\Documents and Settings\Owner\Application Data\Winamp

======List of files/folders modified in the last 1 months======

2009-01-06 14:51:23 ----D---- C:\WINDOWS\Temp
2009-01-06 14:42:17 ----A---- C:\WINDOWS\ModemLog_SoftV92 Data Fax Modem with SmartCP.txt
2009-01-06 14:42:16 ----A---- C:\WINDOWS\win.ini
2009-01-06 14:42:14 ----D---- C:\WINDOWS\Prefetch
2009-01-06 14:42:09 ----D---- C:\WINDOWS
2009-01-06 14:41:14 ----D---- C:\WINDOWS\Registration
2009-01-06 14:40:11 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-06 14:36:54 ----D---- C:\WINDOWS\system32
2009-01-06 14:26:48 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2009-01-06 14:26:47 ----RD---- C:\Program Files
2009-01-06 14:25:49 ----D---- C:\Program Files\Macrogaming
2009-01-06 14:25:49 ----D---- C:\Config.Msi
2009-01-06 14:25:46 ----SHD---- C:\WINDOWS\Installer
2009-01-06 14:24:49 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-01-06 14:24:49 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-06 03:01:21 ----HD---- C:\WINDOWS\inf
2009-01-06 03:01:13 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-01-06 03:00:41 ----HD---- C:\WINDOWS\$hf_mig$
2009-01-06 03:00:39 ----D---- C:\WINDOWS\system32\CatRoot
2009-01-06 03:00:36 ----D---- C:\WINDOWS\system32\CatRoot2
2009-01-06 02:42:07 ----D---- C:\Documents and Settings\Owner\Application Data\Onfolio
2009-01-06 00:15:25 ----D---- C:\Program Files\StarWarsGalaxies
2009-01-05 18:36:12 ----D---- C:\My Downloads
2009-01-05 17:49:19 ----D---- C:\WINDOWS\system32\drivers
2008-12-30 23:20:23 ----D---- C:\Program Files\Call of Duty Game of the Year Edition
2008-12-28 12:32:53 ----D---- C:\Program Files\Diablo II
2008-12-26 15:38:58 ----D---- C:\Program Files\GameSpy Arcade
2008-12-26 15:11:16 ----D---- C:\WINDOWS\WinSxS
2008-12-26 15:11:16 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-12-26 15:06:28 ----D---- C:\WINDOWS\security
2008-12-25 08:42:11 ----HD---- C:\Program Files\InstallShield Installation Information
2008-12-20 19:33:19 ----SD---- C:\Documents and Settings\Owner\Application Data\Microsoft
2008-12-20 15:43:16 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-20 15:37:30 ----D---- C:\Program Files\Common Files
2008-12-20 15:32:08 ----RSD---- C:\WINDOWS\assembly
2008-12-20 15:31:07 ----A---- C:\WINDOWS\WININIT.INI
2008-12-20 11:36:58 ----A---- C:\dbg_log.txt
2008-12-12 10:01:00 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-12 03:04:37 ----A---- C:\WINDOWS\imsins.BAK

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-12-26 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-12-26 26824]
R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2007-03-07 9336]
R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2007-03-07 9464]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2005-08-12 8552]
R2 ASPI32;ASPI32; C:\WINDOWS\System32\drivers\aspi32.sys [2005-08-02 16512]
R2 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2008-12-26 76040]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 E100B;Intel® PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2005-03-05 157696]
R3 GEARAspiWDM;GEAR CDRom Filter; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2005-08-02 14408]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2004-06-17 1041536]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2004-06-17 220032]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-04-25 889628]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 21248]
R3 sfng32;Sonic Focus Plugin for Sigmatel HDA; C:\WINDOWS\system32\drivers\sfng32.sys [2005-07-20 35712]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2005-07-18 1019064]
R3 StillCam;Still Serial Digital Camera Driver; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-08-17 6784]
R3 SunkFilt;Alcor Micro Corp Reader; \??\C:\WINDOWS\System32\Drivers\sunkfilt.sys []
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2004-06-17 685056]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\system32\DRIVERS\p3.sys [2008-04-13 42752]
S3 gAGP440p;gAGP440p; \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\gAGP440p.sys []
S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2009-01-05 85969]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 mxnic;Macronix MX987xx Family Fast Ethernet NT Driver; C:\WINDOWS\system32\DRIVERS\mxnic.sys [2001-08-17 19968]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-03-03 18944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-12-26 875288]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-12-26 231704]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2005-10-11 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-20 152984]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-02-09 66872]
R2 PrismXL;PrismXL; C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS [2005-08-12 172032]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-08-03 38912]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-31 137200]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMConnectCDS;Windows Media Connect Service; C:\Program Files\Windows Media Connect 2\wmccds.exe [2005-10-06 855552]

-----------------EOF-----------------

#9 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:09:07 AM

Posted 07 January 2009 - 02:22 AM

Log looks very good to me.. How's the computer now?.. Lets do an online scan to see what might left...


Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#10 ranzaar

ranzaar
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:07 PM

Posted 07 January 2009 - 07:13 PM

Computer is doing much better on the internet now. Not getting that nasty anti virus 2009 pop up. Thanks for the help so far. Here is the log from the scan. Picked out a few more things.

# version=4
# OnlineScanner.ocx=1.0.0.56
# OnlineScannerDLLA.dll=1, 0, 0, 51
# OnlineScannerDLLW.dll=1, 0, 0, 51
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3749 (20090107)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.064 (20070717)
# EOSSerial=f93f4dba42f5474e8c4500959b0ac311
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2009-01-07 11:46:05
# local_time=2009-01-07 04:46:05 (-0700, Mountain Standard Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 3
# scanned=498869
# found=14
# scan_time=3424
C:\Documents and Settings\mine\Local Settings\Temporary Internet Files\Content.IE5\8D2BGD63\popup[1].htm HTML/TrojanClicker.Agent.A trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\S1QVKH6B\InstallAVg_770522170802[1].exe Win32/Adware.Antivirus2008 application (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\BearShare\Installer\BSInstall5.2.5.1.exe multiple infiltrations (deleted) 00000000000000000000000000000000
C:\Program Files\BearShare\Installer\BSInstall5.2.5.1.exe »WISE »BearShareZangoInstaller.exe Win32/Adware.180Solutions application (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Program Files\BearShare\Installer\BSInstall5.2.5.1.exe »WISE »MyGlobalSearch.exe a variant of Win32/Toolbar.MyWebSearch application (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\WINDOWS\system32\gagateru.dll Win32/Adware.Virtumonde application (unable to clean - deleted) 00000000000000000000000000000000
C:\WINDOWS\system32\huhijuze.dll.tmp Win32/TrojanDownloader.Agent.OQB trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\WINDOWS\system32\kosojebi.dll Win32/Adware.Virtumonde application (unable to clean - deleted) 00000000000000000000000000000000
C:\WINDOWS\system32\liwimufi.dll.tmp Win32/TrojanDownloader.Agent.OQB trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\WINDOWS\system32\sorosuze.dll.tmp Win32/TrojanDownloader.Agent.OQB trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\WINDOWS\system32\yoyawuzo.dll Win32/Adware.Virtumonde application (unable to clean - deleted) 00000000000000000000000000000000
C:\_OTMoveIt\MovedFiles\01062009_143626\WINDOWS\system32\mulivusi.dll Win32/Adware.Virtumonde application (unable to clean - deleted) 00000000000000000000000000000000
C:\_OTMoveIt\MovedFiles\01062009_143626\WINDOWS\system32\tihumoma.dll Win32/Adware.Virtumonde application (unable to clean - deleted) 00000000000000000000000000000000
C:\_OTMoveIt\MovedFiles\01062009_143626\WINDOWS\system32\vorupofi.dll Win32/TrojanDownloader.Agent.OQB trojan (unable to clean - deleted) 00000000000000000000000000000000

#11 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:09:07 AM

Posted 08 January 2009 - 01:41 AM

Great!!.. Lets do some cleanup..


Please download OTCleanIt and save it to Desktop.
  • Make sure you have internet connection..
  • Double-click OTCleanIt.exe
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes



Please read these excellent articles by miekiemoes :
Help! My computer is slow!
How to prevent Malware

Please reply to this thread once more and tell us about the computer behaviour before we can close this thread :thumbsup:



Have a safe and happy computing day!


Regards
fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users