The problem is these random popups keep coming up at random times. they come up like crazy when using internet explorer or while watching a video like on youtube.
when i open internet explorer and search for something it opens a new window and it becomes an ad or says i need to download some spyware protection

here is the location of the pop up thing that comes up i copied and pasted it, i dont know if it will help but why not...
removed link

here is the stuff

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:52:22, on 11/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\OEM02Mon.exe
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\KADxMain.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\chandwani1\Application Data\gadcom\gadcom.exe
C:\Documents and Settings\chandwani1\Application Data\Twain\Twain.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\Mercury Interactive\TDAPIServer\ExpService.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Mercury Interactive\TDAPIServer\LogonService1.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Mercury Interactive\TDAPIServer\OTAPool.exe
C:\Program Files\Common Files\Mercury Interactive\TDAPIServer\SendAllQualifiedApp.exe
C:\PROGRA~1\COMMON~1\MERCUR~1\TDAPIS~1\TDDomSrv.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\InetPub\TDBIN\MTours\jakarta-tomcat-3.3\bin\TomcatService.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\InetPub\TDBIN\MTours\JavaSoft\JRE\1.2\bin\java.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=0080206
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.my.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=0080206
F2 - REG:system.ini: Shell=explorer.exe C:\DOCUME~1\CHANDW~1\LOCALS~1\Temp\driveemulate.exe
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: BHOManager Class - {474264BC-9571-47C1-85B9-780F756DC9CE} - C:\WINDOWS\system32\BHOManager.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\WINDOWS\OEM02Mon.exe
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [DellAutomatedPCTuneUp] "C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe" /startup
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [gadcom] "C:\Documents and Settings\chandwani1\Application Data\gadcom\gadcom.exe" 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139
O4 - HKCU\..\Run: [Twain] C:\Documents and Settings\chandwani1\Application Data\Twain\Twain.exe
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: HTLFP - {03B7A5D4-96B0-4316-95F8-072D326A58F1} - ielpview.dll (file missing)
O18 - Protocol: vfsp - {E4CB5121-E242-11D4-8ED6-00010219EB22} - VFSProtocol.dll (file missing)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL,MicIPCReceiver.dll cdxcio.dll
O23 - Service: Check TestDirector User account (CheckTestDirectorUserAccount) - Mercury Interactive - C:\Program Files\Common Files\Mercury Interactive\CheckU.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: DellAMBrokerService - Unknown owner - C:\Program Files\DellAutomatedPCTuneUp\brkrsvc.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: ExpressionService - Unknown owner - C:\Program Files\Common Files\Mercury Interactive\TDAPIServer\ExpService.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LogonService1 - Unknown owner - C:\Program Files\Common Files\Mercury Interactive\TDAPIServer\LogonService1.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OtaPool - Mercury Interactive - C:\Program Files\Common Files\Mercury Interactive\TDAPIServer\OTAPool.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Send All Qualified App (Service1) - Unknown owner - C:\Program Files\Common Files\Mercury Interactive\TDAPIServer\SendAllQualifiedApp.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Advanced TestDirector StartStop Service (TDStartStopService) - Mercury Interactive - C:\Program Files\Common Files\Mercury Interactive\TDStartStop.exe
O23 - Service: TomcatService - Unknown owner - C:\InetPub\TDBIN\MTours\jakarta-tomcat-3.3\bin\TomcatService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 9704 bytes

Uninstall list:
7-Zip 4.57
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 8.1.2
Advanced Audio FX Engine
Advanced Video FX Engine
Broadcom Management Programs
CoffeeCup HTML Editor 2006
Compatibility Pack for the 2007 Office system
Conexant HDA D330 MDC V.92 Modem
Dell Automated PC TuneUp
Dell Network Assistant
Dell Support Center
Dell Touchpad
Dell Webcam Center
Dell Webcam Manager
Dell Wireless WLAN Card
Digital Line Detect
DivX Web Player
ESET Smart Security
HijackThis 2.0.2
Hotfix for Windows XP (KB952287)
IntelliSonic Speech Enhancement
J2SE Runtime Environment 5.0 Update 6
Java™ 6 Update 2
Laptop Integrated Webcam Driver (1.03.02.0719)
Live! Cam Avatar Creator
Malwarebytes' Anti-Malware
MediaDirect
MercuryTours
Microsoft Office Professional Edition 2003
Microsoft SQL Server 2000
Microsoft Works
Modem Diagnostic Tool
Mozilla Firefox (3.0.4)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
NetWaiting
Norton 360
NVIDIA Drivers
OpenMG Limited Patch 4.7-07-14-05-01
OpenMG Secure Module 4.7.00
QuickTest Professional 6.5
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB939373)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB942830)
Security Update for Windows XP (KB942831)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
SonicStage 4.3
TestDirector 7.6
TestDirector Microsoft Excel Addin
Typing Quick & Easy
Update for Windows XP (KB951072-v2)
Windows Media Format Runtime
Yahoo! Install Manager

Malware bytes

Malwarebytes' Anti-Malware 1.30
Database version: 1324
Windows 5.1.2600 Service Pack 2

11/24/2008 2:28:58 PM
mbam-log-2008-11-24 (14-28-58).txt

Scan type: Quick Scan
Objects scanned: 51479
Time elapsed: 4 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 3
Registry Keys Infected: 37
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 17
Files Infected: 21

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\xvpjoskh.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\xxyyxyvu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\cdxcio.dll (Trojan.Vundo.H) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27b4b2da-b0a7-456d-bf32-b3ca7ee87ddd} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{27b4b2da-b0a7-456d-bf32-b3ca7ee87ddd} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{73259091-9574-4ed8-a40f-7f65afc28634} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\mljdwwno (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{73259091-9574-4ed8-a40f-7f65afc28634} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f849e825-6b0a-45f4-95a9-793041a9919c} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{f849e825-6b0a-45f4-95a9-793041a9919c} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{27b4b2da-b0a7-456d-bf32-b3ca7ee87ddd} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f849e825-6b0a-45f4-95a9-793041a9919c} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bho_myjavacore.mjcore (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bho_myjavacore.mjcore.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\testcpv6.bho (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\testcpv6.bho.1 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17e44256-51e0-4d46-a0c8-44e80ab4ba5b} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e4a04a1-a24d-45ae-aca4-949778400813} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e0f01490-dcf3-4357-95aa-169a8c2b2190} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{63334394-3da3-4b29-a041-03535909d361} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{80ef304a-b1c4-425c-8535-95ab6f1eefb8} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{ff46f4ab-a85f-487e-b399-3f191ac0fe23} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d88e1558-7c2d-407a-953a-c044f5607cea} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3ba4271e-5c1e-48e2-b432-d8bf420dd31d} (Rogue.DeusCleaner) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{a394e835-c8d6-4b4b-884b-d2709059f3be} (Trojan.Network.Monitor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877c2cd-f137-4144-bdb2-0a811492f920} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\BHO_MyJavaCore.DLL (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\testCPV6.DLL (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService (Adware.CommAd) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Network Monitor (Trojan.Service) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\78d8b0d7 (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Security Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\xxyyxyvu -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\xxyyxyvu -> Delete on reboot.

Folders Infected:
C:\Program Files\Network Monitor (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Program Files\Webtools (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\x4 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Mjcore (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\NetMon (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\AXPFixer (Rogue.AdvancedXPFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\AXPFixer\AXPFixer (Rogue.AdvancedXPFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\AXPFixer\AXPFixer\Quarantine (Rogue.AdvancedXPFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\AXPFixer\AXPFixer\Quarantine\Autorun (Rogue.AdvancedXPFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\AXPFixer\AXPFixer\Quarantine\Autorun\HKCU (Rogue.AdvancedXPFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\AXPFixer\AXPFixer\Quarantine\Autorun\HKCU\RunOnce (Rogue.AdvancedXPFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\AXPFixer\AXPFixer\Quarantine\Autorun\HKLM (Rogue.AdvancedXPFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\AXPFixer\AXPFixer\Quarantine\Autorun\HKLM\RunOnce (Rogue.AdvancedXPFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\AXPFixer\AXPFixer\Quarantine\Autorun\StartMenuAllUsers (Rogue.AdvancedXPFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\AXPFixer\AXPFixer\Quarantine\Autorun\StartMenuCurrentUser (Rogue.AdvancedXPFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\AXPFixer\AXPFixer\Quarantine\BrowserObjects (Rogue.AdvancedXPFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\AXPFixer\AXPFixer\Quarantine\Packages (Rogue.AdvancedXPFixer) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\cdxcio.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\mlJDwWno.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xxyyxyvu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\uvyxyyxx.ini (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\uvyxyyxx.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xvpjoskh.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\hksojpvx.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Program Files\Mjcore\Mjcore.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\poifdurj.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\chandwani1\Local Settings\Temporary Internet Files\Content.IE5\014BCV0R\155[1].net (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\chandwani1\Local Settings\Temporary Internet Files\Content.IE5\63EB6D63\157[1].net (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\chandwani1\Local Settings\Temporary Internet Files\Content.IE5\63EB6D63\zc113432[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\chandwani1\Local Settings\Temporary Internet Files\Content.IE5\GTGD2R8L\index[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winpfz33.sys (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zxdnt3d.cfg. (Adware.ZenoSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msnav32.ax (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zxdnt3d.cfg (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\atmtd.dll._ (Trojan.Agent) -> Quarantined and deleted successfully.

Second scan malware bytes:

alwarebytes' Anti-Malware 1.30
Database version: 1324
Windows 5.1.2600 Service Pack 2

11/24/2008 2:40:41 PM
mbam-log-2008-11-24 (14-40-41).txt

Scan type: Quick Scan
Objects scanned: 51244
Time elapsed: 4 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

So there is the Hijack this log, mw bytes first and second scan.... anything i am missing?


Thank you for your hlep

This post has been edited by Shawn817: Nov 30 2008, 12:01 PM

Hello Shawn817, and welcome to Geeks to go.
Sorry about the delay.

Lets get a fresh look at your computer.

• Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
• Double click on RSIT.exe to run RSIT.
• Click Continue at the disclaimer screen.
• Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

You will need to use more then one reply for the logs to fit.

info.txt logfile of random's system information tool 1.04 2008-11-30 11:54:21

======Uninstall list======

-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->Dummy
-->MsiExec /X{45235788-142C-44BE-8A4D-DDE9A84492E5}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{016C1650-8594-11D5-92C5-000102E19FD0}\setup.exe" -l0x9 -uninst
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88564CEF-20A5-4EF2-A05F-309F2EBA9B06}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1A5BA3E-9ABF-4037-820B-6151022B8ACB}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5BA7C09-E523-478C-9C37-A1D86C76383E}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F6366726-BA44-4D6A-8ECE-476E2E616AD1}\setup.exe" -l0x9
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.57-->"C:\Program Files\7-Zip\Uninstall.exe"
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Advanced Audio FX Engine-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88564CEF-20A5-4EF2-A05F-309F2EBA9B06}\setup.exe" -l0x9 /remove
Advanced Video FX Engine-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5BA7C09-E523-478C-9C37-A1D86C76383E}\setup.exe" -l0x9 /remove
AGEIA PhysX v7.09.13-->MsiExec.exe /X{45235788-142C-44BE-8A4D-DDE9A84492E5}
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Broadcom Management Programs-->MsiExec.exe /I{C99C0593-3B48-41D9-B42F-6E035B320449}
CoffeeCup HTML Editor 2006-->C:\PROGRA~1\COFFEE~1\UNWISE.EXE C:\PROGRA~1\COFFEE~1\INSTALL.LOG
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Conexant HDA D330 MDC V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F\UIU32m.exe -U -Idel000f5.INF
Dell Automated PC TuneUp-->MsiExec.exe /X{FE34691C-4298-4667-9758-D7F534DD0B94}
Dell Network Assistant-->MsiExec.exe /I{0240BDFB-2995-4A3F-8C96-18D41282B716}
Dell Support Center-->MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1}
Dell Touchpad-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Dell Webcam Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1A5BA3E-9ABF-4037-820B-6151022B8ACB}\setup.exe" -l0x9 /remove
Dell Webcam Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F6366726-BA44-4D6A-8ECE-476E2E616AD1}\setup.exe" -l0x9 /remove
Dell Wireless WLAN Card-->"C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card"
Digital Line Detect-->C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
DivX Web Player-->C:\Documents and Settings\chandwani1\Desktop\Shawn\DivX\DivXWebPlayerUninstall.exe /PLUGIN
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
IntelliSonic Speech Enhancement-->MsiExec.exe /X{D1B5E9C8-4CCF-44E3-87D6-7C00D7DA5370}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java™ 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
JCreator Pro 4.50-->"C:\Program Files\Xinox Software\JCreatorV4\unins000.exe"
Laptop Integrated Webcam Driver (1.03.02.0719) -->C:\WINDOWS\CtDrvIns.exe -uninstall -script OEM002.uns -plugin OEM02Pin.dll -pluginres OEM02Pin.crl -nodisconprompt -langid 0x0409
Live! Cam Avatar Creator-->C:\Program Files\InstallShield Installation Information\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}\setup.exe -runfromtemp -l0x0009 -removeonly /remove
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MediaDirect-->C:\Program Files\InstallShield Installation Information\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}\setup.exe -runfromtemp -l0x0009 -cluninstall
MercuryTours-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B47695F0-1082-11D5-AF69-00A0CC5FEE7C}\Setup.exe"
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{91110409-6000-11D3-8CFE-0150048383C9}
Microsoft SQL Server 2000-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Microsoft SQL Server\MSSQL\Uninst.isu" -c"C:\Program Files\Microsoft SQL Server\MSSQL\sqlsun.dll" -msql.mif i=MSSQLSERVER
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Modem Diagnostic Tool-->MsiExec.exe /I{F63A3748-B93D-4360-9AD4-B064481A5C7B}
Mozilla Firefox (3.0.4)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Need For Speed Underground Demo-->C:\Program Files\EA GAMES\Need For Speed Underground Demo\EAUninstall.exe
Need for Speed™ Undercover-->MsiExec.exe /X{E6D22FE1-AB5F-42CA-9480-6F70B96DDD88}
NetWaiting-->C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
Norton 360-->MsiExec.exe /I{63A6E9A9-A190-46D4-9430-2DB28654AFD8}
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
OpenMG Limited Patch 4.7-07-14-05-01-->C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix4.7-07-14-05-01\HotFixSetup\setup.exe /u
OpenMG Secure Module 4.7.00-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{CCD663AE-610D-4BDF-AAB0-E914B044527D} UNINSTALL
Pack Vista Inspirat 2 1.0-->C:\WINDOWS\BricoPacks\Vista Inspirat 2\Remove.exe
QuickTest Professional 6.5-->"C:\WINDOWS\miuninst6.exe" /boot "C:\Program Files\Mercury Interactive\QuickTest Professional\dat\miuninst.ini"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB939373)-->"C:\WINDOWS\$NtUninstallKB939373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB942830)-->"C:\WINDOWS\$NtUninstallKB942830$\spuninst\spuninst.exe"
Security Update for Windows XP (KB942831)-->"C:\WINDOWS\$NtUninstallKB942831$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944338-v2)-->"C:\WINDOWS\$NtUninstallKB944338-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953155)-->"C:\WINDOWS\$NtUninstallKB953155$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
SonicStage 4.3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A0EB195B-5876-48E6-879D-33D4B2102610}\setup.exe" -l0x9 UNINSTALL -removeonly
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
TestDirector 7.6-->C:\PROGRA~1\COMMON~1\MERCUR~1\UNINST~1.6\Uninstall.exe
TestDirector Microsoft Excel Addin-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC3D865A-0D8C-43C0-8BA7-7EC2D34BFBFE}\Setup.exe"
Typing Quick & Easy-->C:\PROGRA~1\TYPING~1\UNWISE.EXE C:\PROGRA~1\TYPING~1\INSTALL.LOG
Unreal Tournament 3 Demo-->MsiExec.exe /X{3266FEA9-98E9-448B-B235-DAC63D4CE781}
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail-->C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI.dll
Yahoo! Widgets-->C:\PROGRA~1\Yahoo!\Widgets\uninstall.exe

======Security center information======

AV: avast! antivirus 4.8.1290 [VPS 081129-0]

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM;C:\Program Files\Microsoft SQL Server\80\Tools\BINN
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"LSERVRC"=C:\PROGRA~1\COMMON~1\MERCUR~1\LICENS~1\lservrc

-----------------EOF-----------------




Logfile of random's system information tool 1.04 (written by random/random)
Run by chandwani1 at 2008-11-30 11:54:08
Microsoft Windows XP Professional Service Pack 2
System drive C: has 98 GB (65%) free of 150 GB
Total RAM: 2046 MB (72% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:54:17, on 11/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Mercury Interactive\TDAPIServer\ExpService.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Mercury Interactive\TDAPIServer\LogonService1.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Mercury Interactive\TDAPIServer\OTAPool.exe
C:\Program Files\EA Games\Need for Speed Undercover\PB\PnkBstrA.exe
C:\Program Files\Common Files\Mercury Interactive\TDAPIServer\SendAllQualifiedApp.exe
C:\PROGRA~1\COMMON~1\MERCUR~1\TDAPIS~1\TDDomSrv.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\InetPub\TDBIN\MTours\jakarta-tomcat-3.3\bin\TomcatService.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\InetPub\TDBIN\MTours\JavaSoft\JRE\1.2\bin\java.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\OEM02Mon.exe
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\KADxMain.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\stsystra.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\chandwani1\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\chandwani1.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=0080206
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.my.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=0080206
F2 - REG:system.ini: Shell=explorer.exe C:\DOCUME~1\CHANDW~1\LOCALS~1\Temp\driveemulate.exe
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: BHOManager Class - {474264BC-9571-47C1-85B9-780F756DC9CE} - C:\WINDOWS\system32\BHOManager.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\WINDOWS\OEM02Mon.exe
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [DellAutomatedPCTuneUp] "C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe" /startup
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Twain] C:\Documents and Settings\chandwani1\Application Data\Twain\Twain.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: HTLFP - {03B7A5D4-96B0-4316-95F8-072D326A58F1} - ielpview.dll (file missing)
O18 - Protocol: vfsp - {E4CB5121-E242-11D4-8ED6-00010219EB22} - VFSProtocol.dll (file missing)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL,MicIPCReceiver.dll cdxcio.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Check TestDirector User account (CheckTestDirectorUserAccount) - Mercury Interactive - C:\Program Files\Common Files\Mercury Interactive\CheckU.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: DellAMBrokerService - Unknown owner - C:\Program Files\DellAutomatedPCTuneUp\brkrsvc.exe
O23 - Service: ExpressionService - Unknown owner - C:\Program Files\Common Files\Mercury Interactive\TDAPIServer\ExpService.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LogonService1 - Unknown owner - C:\Program Files\Common Files\Mercury Interactive\TDAPIServer\LogonService1.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OtaPool - Mercury Interactive - C:\Program Files\Common Files\Mercury Interactive\TDAPIServer\OTAPool.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PunkBuster (PnkBstrA) - Unknown owner - C:\Program Files\EA Games\Need for Speed Undercover\PB\PnkBstrA.exe
O23 - Service: Send All Qualified App (Service1) - Unknown owner - C:\Program Files\Common Files\Mercury Interactive\TDAPIServer\SendAllQualifiedApp.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Advanced TestDirector StartStop Service (TDStartStopService) - Mercury Interactive - C:\Program Files\Common Files\Mercury Interactive\TDStartStop.exe
O23 - Service: TomcatService - Unknown owner - C:\InetPub\TDBIN\MTours\jakarta-tomcat-3.3\bin\TomcatService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 10949 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{474264BC-9571-47C1-85B9-780F756DC9CE}]
BHOManager Class - C:\WINDOWS\system32\BHOManager.dll [2007-11-25 69690]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll [2007-07-12 501136]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-06-03 851968]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-06-06 8429568]
"nwiz"=nwiz.exe /installquiet []
"NVHotkey"=C:\WINDOWS\system32\nvHotkey.dll [2007-06-06 67584]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2007-06-06 81920]
"OEM02Mon.exe"=C:\WINDOWS\OEM02Mon.exe [2007-08-28 36864]
"DELL Webcam Manager"=C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe [2007-07-27 118784]
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2007-05-09 1392640]
"KADxMain"=C:\WINDOWS\system32\KADxMain.exe [2006-11-02 282624]
"ECenter"=C:\Dell\E-Center\EULALauncher.exe [2007-05-24 17920]
"dscactivate"=C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [2007-10-09 16384]
"PCMService"=C:\Program Files\Dell\MediaDirect\PCMService.exe [2007-11-01 189736]
"IntelliPoint"=C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2007-02-05 849280]
"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2007-06-06 405504]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2007-10-09 202544]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-11-18 81000]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DellAutomatedPCTuneUp"=C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe [2007-10-11 465136]
"DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2007-10-09 202544]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"Twain"=C:\Documents and Settings\chandwani1\Application Data\Twain\Twain.exe []
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2008-11-17 1805552]
"BitTorrent DNA"=C:\Program Files\DNA\btdna.exe [2008-11-26 342336]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

C:\Documents and Settings\chandwani1\Start Menu\Programs\Startup
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
TransBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
UberIcon.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
Y'z Shadow.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
Yahoo! Widgets.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL,MicIPCReceiver.dll cdxcio.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-07-23 352256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{A5949E07-8536-4625-A3D0-2DD83F559990}"=C:\WINDOWS\system32\ShellHook.dll [2007-11-25 49209]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Dell\MediaDirect\PCMService.exe"="C:\Program Files\Dell\MediaDirect\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\WINDOWS\system32\ddk.exe"="C:\WINDOWS\system32\ddk.exe:*:Disabled:ddk"
"C:\Documents and Settings\chandwani1\My Documents\My Google Gadgets\DivX\LimeWire\LimeWire.exe"="C:\Documents and Settings\chandwani1\My Documents\My Google Gadgets\DivX\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Dell Network Assistant\ezi_hnm2.exe"="C:\Program Files\Dell Network Assistant\ezi_hnm2.exe:*:Enabled:Dell Network Assistant"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\Unreal Tournament 3 Demo\Binaries\UT3Demo.exe"="C:\Program Files\Unreal Tournament 3 Demo\Binaries\UT3Demo.exe:*:Enabled:Unreal Tournament 3 Demo"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2008-11-30 11:54:08 ----D---- C:\rsit
2008-11-30 11:21:14 ----D---- C:\Program Files\Electronic Arts
2008-11-30 11:21:12 ----D---- C:\ProgramData
2008-11-30 11:19:19 ----D---- C:\Documents and Settings\chandwani1\Application Data\Leadertech
2008-11-30 11:09:38 ----A---- C:\WINDOWS\system32\XAudio2_0.dll
2008-11-30 11:09:37 ----A---- C:\WINDOWS\system32\xactengine3_0.dll
2008-11-30 11:09:37 ----A---- C:\WINDOWS\system32\X3DAudio1_3.dll
2008-11-30 11:09:36 ----A---- C:\WINDOWS\system32\d3dx10_37.dll
2008-11-30 11:09:36 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll
2008-11-30 11:09:35 ----A---- C:\WINDOWS\system32\xactengine2_10.dll
2008-11-30 11:09:35 ----A---- C:\WINDOWS\system32\D3DX9_37.dll
2008-11-30 11:09:34 ----A---- C:\WINDOWS\system32\d3dx10_36.dll
2008-11-30 11:09:34 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll
2008-11-30 11:09:33 ----A---- C:\WINDOWS\system32\d3dx9_36.dll
2008-11-30 11:09:32 ----A---- C:\WINDOWS\system32\xactengine2_9.dll
2008-11-30 11:09:30 ----A---- C:\WINDOWS\system32\xactengine2_8.dll
2008-11-30 11:09:29 ----A---- C:\WINDOWS\system32\X3DAudio1_2.dll
2008-11-30 11:09:26 ----A---- C:\WINDOWS\system32\xactengine2_7.dll
2008-11-30 11:09:15 ----A---- C:\WINDOWS\system32\xactengine2_6.dll
2008-11-30 11:09:15 ----A---- C:\WINDOWS\system32\xactengine2_5.dll
2008-11-30 11:09:14 ----A---- C:\WINDOWS\system32\xactengine2_4.dll
2008-11-30 11:09:14 ----A---- C:\WINDOWS\system32\x3daudio1_1.dll
2008-11-30 11:09:13 ----A---- C:\WINDOWS\system32\xactengine2_3.dll
2008-11-26 07:06:02 ----A---- C:\WINDOWS\system32\xactengine2_2.dll
2008-11-26 07:06:02 ----A---- C:\WINDOWS\system32\xactengine2_1.dll
2008-11-26 07:05:51 ----A---- C:\WINDOWS\system32\xactengine2_0.dll
2008-11-26 07:05:51 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll
2008-11-26 07:05:49 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll
2008-11-26 07:05:49 ----A---- C:\WINDOWS\system32\d3dx9_27.dll
2008-11-26 07:05:48 ----A---- C:\WINDOWS\system32\d3dx9_26.dll
2008-11-26 07:05:48 ----A---- C:\WINDOWS\system32\d3dx9_25.dll
2008-11-26 07:05:46 ----A---- C:\WINDOWS\system32\d3dx9_24.dll
2008-11-26 04:42:26 ----D---- C:\Documents and Settings\chandwani1\Application Data\InstallShield Installation Information
2008-11-26 04:40:48 ----D---- C:\Program Files\Unreal Tournament 3 Demo
2008-11-26 04:39:35 ----A---- C:\WINDOWS\system32\d3dx10_35.dll
2008-11-26 04:39:35 ----A---- C:\WINDOWS\system32\D3DCompiler_35.dll
2008-11-26 04:39:34 ----A---- C:\WINDOWS\system32\d3dx9_35.dll
2008-11-26 04:39:33 ----A---- C:\WINDOWS\system32\d3dx10_34.dll
2008-11-26 04:39:33 ----A---- C:\WINDOWS\system32\D3DCompiler_34.dll
2008-11-26 04:39:32 ----A---- C:\WINDOWS\system32\d3dx9_34.dll
2008-11-26 04:39:27 ----A---- C:\WINDOWS\system32\xinput1_3.dll
2008-11-26 04:39:25 ----A---- C:\WINDOWS\system32\d3dx10_33.dll
2008-11-26 04:39:25 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll
2008-11-26 04:39:22 ----A---- C:\WINDOWS\system32\d3dx9_33.dll
2008-11-26 04:39:22 ----A---- C:\WINDOWS\system32\d3dx9_32.dll
2008-11-26 04:39:21 ----A---- C:\WINDOWS\system32\xinput1_2.dll
2008-11-26 04:39:21 ----A---- C:\WINDOWS\system32\d3dx9_31.dll
2008-11-26 04:39:20 ----A---- C:\WINDOWS\system32\xinput1_1.dll
2008-11-26 04:39:20 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2008-11-26 04:39:19 ----A---- C:\WINDOWS\system32\d3dx9_29.dll
2008-11-26 04:39:18 ----A---- C:\WINDOWS\system32\d3dx9_28.dll
2008-11-26 04:39:05 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-11-26 04:38:54 ----D---- C:\WINDOWS\system32\AGEIA
2008-11-26 04:38:52 ----D---- C:\Program Files\AGEIA Technologies
2008-11-26 04:29:45 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2008-11-26 04:16:38 ----D---- C:\Documents and Settings\All Users\Application Data\NFS Underground Demo
2008-11-26 04:15:54 ----D---- C:\Program Files\Common Files\DirectX
2008-11-26 04:15:18 ----D---- C:\Program Files\EA GAMES
2008-11-26 02:14:08 ----D---- C:\Documents and Settings\chandwani1\Application Data\BitTorrent
2008-11-26 02:13:21 ----D---- C:\Program Files\DNA
2008-11-26 02:13:21 ----D---- C:\Program Files\BitTorrent
2008-11-26 02:13:21 ----D---- C:\Documents and Settings\chandwani1\Application Data\DNA
2008-11-25 19:25:36 ----A---- C:\WINDOWS\system32\aswBoot.exe
2008-11-25 19:25:33 ----D---- C:\Program Files\Alwil Software
2008-11-25 19:19:22 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-11-25 19:19:17 ----D---- C:\Program Files\SUPERAntiSpyware
2008-11-25 19:19:17 ----D---- C:\Documents and Settings\chandwani1\Application Data\SUPERAntiSpyware.com
2008-11-25 19:18:45 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-11-25 15:02:22 ----D---- C:\Documents and Settings\chandwani1\Application Data\JCreator
2008-11-25 15:02:22 ----D---- C:\Documents and Settings\All Users\Application Data\JCreator
2008-11-25 15:01:17 ----D---- C:\Program Files\Xinox Software
2008-11-24 18:01:12 ----A---- C:\WINDOWS\BricoPackUninst.cmd
2008-11-24 17:59:26 ----A---- C:\WINDOWS\BricoPackUninst.txt
2008-11-24 17:59:26 ----A---- C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-11-24 17:58:46 ----D---- C:\WINDOWS\BricoPacks
2008-11-24 14:52:07 ----D---- C:\Program Files\Trend Micro
2008-11-24 14:18:17 ----D---- C:\Documents and Settings\chandwani1\Application Data\Malwarebytes
2008-11-24 14:18:08 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-11-24 14:18:08 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-11-24 13:53:34 ----A---- C:\rapport.txt
2008-11-24 13:53:11 ----A---- C:\WINDOWS\system32\o4Patch.exe
2008-11-24 13:53:11 ----A---- C:\WINDOWS\system32\IEDFix.C.exe
2008-11-24 13:53:10 ----A---- C:\WINDOWS\system32\WS2Fix.exe
2008-11-24 13:53:10 ----A---- C:\WINDOWS\system32\VCCLSID.exe
2008-11-24 13:53:10 ----A---- C:\WINDOWS\system32\VACFix.exe
2008-11-24 13:53:10 ----A---- C:\WINDOWS\system32\swxcacls.exe
2008-11-24 13:53:10 ----A---- C:\WINDOWS\system32\IEDFix.exe
2008-11-24 13:53:10 ----A---- C:\WINDOWS\system32\404Fix.exe
2008-11-24 13:53:09 ----A---- C:\WINDOWS\system32\swsc.exe
2008-11-24 13:53:09 ----A---- C:\WINDOWS\system32\swreg.exe
2008-11-24 13:53:09 ----A---- C:\WINDOWS\system32\SrchSTS.exe
2008-11-24 13:53:09 ----A---- C:\WINDOWS\system32\Process.exe
2008-11-24 13:53:09 ----A---- C:\WINDOWS\system32\dumphive.exe
2008-11-24 13:42:21 ----D---- C:\ERDNT
2008-11-24 13:42:17 ----D---- C:\WINDOWS\ERUNT
2008-11-24 13:42:17 ----D---- C:&