[DurkeeFX]

I noticed today that I had been getting a lot of pop ups when normally I rarely get any at all. One of the pop-ups had the title of Virtumonde so I went on Google, which spawned a pop up and ran quite slowly, and searched to find out exactly what it was.

I've run Ad-Aware twice and Spybot Search and Destroy twice as well to no avail. Not sure what to do now. Any help would be greatly appreciated.

[Advertisements]

Hello DurkeeFX

Welcome to G2Go.
=====================

• Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
• Double click on RSIT.exe to run RSIT.
• Click Continue at the disclaimer screen.
• Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

[kahdah]

Hello DurkeeFX

Welcome to G2Go.
=====================

• Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
• Double click on RSIT.exe to run RSIT.
• Click Continue at the disclaimer screen.
• Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

[DurkeeFX]

Okay, I ran it. Here is log.txt

Logfile of random's system information tool 1.05 (written by random/random)
Run by Compaq_Owner at 2008-12-21 14:27:04
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 127 GB (69%) free of 183 GB
Total RAM: 1470 MB (52% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:27:24 PM, on 12/21/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Windows Media Player\wmplayer.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Compaq_Owner\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Compaq_Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: {265ca70a-244c-0888-f744-9dace2ac52ea} - {ae25ca2e-cad9-447f-8880-c442a07ac562} - C:\WINDOWS\system32\gokmut.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [leterosimi] Rundll32.exe "C:\WINDOWS\system32\punijeri.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [leterosimi] Rundll32.exe "C:\WINDOWS\system32\punijeri.dll",s (User 'NETWORK SERVICE')
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (file missing)
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase6662.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll, gokmut.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 8991 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\ufyvhbzl.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4A368E80-174F-4872-96B5-0B27DDD11DB2}]
SpywareGuardDLBLOCK.CBrowserHelper - C:\Program Files\SpywareGuard\dlprotect.dll [2003-08-02 192512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-14 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ae25ca2e-cad9-447f-8880-c442a07ac562}]
C:\WINDOWS\system32\gokmut.dll [2008-12-20 135680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-14 34816]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-05-09 7311360]
"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2005-07-22 237568]
"PCDrProfiler"= []
"HPBootOp"=C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe [2006-02-15 249856]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-05-09 86016]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-10-25 16855552]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-14 136600]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2005-05-10 180269]
"Zune Launcher"=c:\Program Files\Zune\ZuneLauncher.exe [2008-11-10 157312]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2008-12-04 1809648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]
C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-11-27 1261336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSystemAnalyzer]
C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemGuardAlerter]
C:\Program Files\iolo\System Mechanic 6\SystemGuardAlerter.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoneAlarm Client]
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMP54Gv4SVC"=2

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\StartUp
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll, gokmut.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-03 352256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]
"{81559C35-8464-49F7-BB0E-07A383BEF910}"=C:\Program Files\SpywareGuard\spywareguard.dll [2003-08-02 126976]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\WINDOWS\system32\drivers\svchost.exe"="C:\WINDOWS\system32\drivers\svchost.exe:*:Disabled:svchost"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"
"C:\Program Files\Java\jre6\bin\jusched.exe"="C:\Program Files\Java\jre6\bin\jusched.exe:*:Enabled:jusched"
"C:\WINDOWS\system32\logonui.exe"="C:\WINDOWS\system32\logonui.exe:*:Enabled:logonui"
"C:\Program Files\AVG\AVG8\avgrsx.exe"="C:\Program Files\AVG\AVG8\avgrsx.exe:*:Enabled:avgrsx"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{92e62063-8c64-11dd-b9a9-0017319d911e}]
shell\AutoRun\command - J:\LaunchU3.exe -a


======File associations======

.js - open - NOTEPAD.EXE %1
.vbs - open - NOTEPAD.EXE %1

======List of files/folders created in the last 1 months======

2008-12-21 14:27:04 ----D---- C:\rsit
2008-12-21 01:21:41 ----D---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-12-21 01:00:36 ----D---- C:\Program Files\SpywareBlaster
2008-12-21 01:00:02 ----D---- C:\Program Files\SpywareGuard
2008-12-21 01:00:02 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-12-21 00:59:37 ----D---- C:\Program Files\SUPERAntiSpyware
2008-12-21 00:59:37 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com
2008-12-21 00:46:45 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\Malwarebytes
2008-12-21 00:46:34 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-21 00:46:33 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-21 00:25:11 ----A---- C:\WINDOWS\system32\tmp.txt
2008-12-21 00:24:44 ----A---- C:\rapport.txt
2008-12-21 00:22:27 ----A---- C:\WINDOWS\system32\o4Patch.exe
2008-12-21 00:22:27 ----A---- C:\WINDOWS\system32\Agent.OMZ.Fix.exe
2008-12-21 00:22:26 ----A---- C:\WINDOWS\system32\IEDFix.C.exe
2008-12-21 00:22:26 ----A---- C:\WINDOWS\system32\404Fix.exe
2008-12-21 00:22:25 ----A---- C:\WINDOWS\system32\VACFix.exe
2008-12-21 00:22:24 ----A---- C:\WINDOWS\system32\WS2Fix.exe
2008-12-21 00:22:24 ----A---- C:\WINDOWS\system32\VCCLSID.exe
2008-12-21 00:22:24 ----A---- C:\WINDOWS\system32\IEDFix.exe
2008-12-21 00:22:23 ----A---- C:\WINDOWS\system32\swxcacls.exe
2008-12-21 00:22:23 ----A---- C:\WINDOWS\system32\SrchSTS.exe
2008-12-21 00:22:23 ----A---- C:\WINDOWS\system32\dumphive.exe
2008-12-21 00:22:22 ----A---- C:\WINDOWS\system32\swsc.exe
2008-12-21 00:22:21 ----A---- C:\WINDOWS\system32\swreg.exe
2008-12-21 00:22:21 ----A---- C:\WINDOWS\system32\Process.exe
2008-12-21 00:21:41 ----D---- C:\Program Files\Trend Micro
2008-12-20 23:29:46 ----D---- C:\VundoFix Backups
2008-12-20 23:29:46 ----A---- C:\VundoFix.txt
2008-12-20 23:17:37 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-20 22:47:39 ----A---- C:\WINDOWS\system32\gokmut.dll
2008-12-20 22:47:34 ----A---- C:\WINDOWS\system32\wnblimwh.dll
2008-12-20 22:07:04 ----A---- C:\WINDOWS\system32\xmskclxy.exe
2008-12-20 22:02:33 ----A---- C:\WINDOWS\system32\nywdyixq.exe
2008-12-20 19:10:13 ----D---- C:\Program Files\Windows Live Safety Center
2008-12-20 17:05:22 ----ASH---- C:\WINDOWS\system32\dcrcmacd.ini
2008-12-20 17:04:27 ----A---- C:\WINDOWS\system32\ykhmxx.dll
2008-12-20 17:03:46 ----A---- C:\WINDOWS\system32\4b6c4a43-.txt
2008-12-20 14:34:22 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\Sonic
2008-12-20 14:33:42 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\Leadertech
2008-12-14 01:16:58 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-12-10 03:03:34 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-10 03:01:30 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-10 03:00:50 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-10 03:00:42 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-11-30 03:00:40 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2008-11-28 20:35:29 ----N---- C:\WINDOWS\system32\spmsgXP_2k3.dll
2008-11-28 20:35:28 ----HDC---- C:\WINDOWS\$NtUninstallWdf01007$
2008-11-28 20:34:55 ----D---- C:\Program Files\Zune
2008-11-28 20:34:35 ----N---- C:\WINDOWS\system32\spmsg.dll
2008-11-28 20:34:34 ----HDC---- C:\WINDOWS\$NtUninstallKB932716-v2$
2008-11-28 20:34:07 ----A---- C:\WINDOWS\system32\imapi2fs.dll
2008-11-28 20:34:06 ----A---- C:\WINDOWS\system32\imapi2.dll
2008-11-28 20:33:29 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2008-11-28 19:46:46 ----HDC---- C:\WINDOWS\$NtUninstallKB895961-v4$

======List of files/folders modified in the last 1 months======

2008-12-21 14:27:24 ----D---- C:\WINDOWS\Temp
2008-12-21 14:27:12 ----D---- C:\WINDOWS\Prefetch
2008-12-21 14:26:17 ----D---- C:\Program Files\Mozilla Firefox
2008-12-21 02:15:36 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-21 01:17:08 ----D---- C:\WINDOWS\system32
2008-12-21 01:00:36 ----D---- C:\Program Files
2008-12-21 00:59:57 ----SHD---- C:\WINDOWS\Installer
2008-12-21 00:59:47 ----SHD---- C:\Config.Msi
2008-12-21 00:59:03 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-12-21 00:57:37 ----D---- C:\WINDOWS\system32\drivers
2008-12-20 23:18:21 ----AD---- C:\WINDOWS
2008-12-20 23:13:04 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-20 19:13:08 ----HD---- C:\WINDOWS\inf
2008-12-20 19:10:16 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-20 17:08:55 ----HD---- C:\$AVG8.VAULT$
2008-12-20 17:06:45 ----D---- C:\WINDOWS\Debug
2008-12-20 16:54:00 ----SD---- C:\WINDOWS\Tasks
2008-12-20 16:43:24 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire
2008-12-20 12:26:08 ----SD---- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft
2008-12-20 12:06:06 ----A---- C:\WINDOWS\ODBC.INI
2008-12-20 12:05:52 ----A---- C:\WINDOWS\win.ini
2008-12-20 12:05:35 ----D---- C:\Program Files\Microsoft ActiveSync
2008-12-20 12:05:33 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-12-20 12:05:09 ----D---- C:\WINDOWS\SHELLNEW
2008-12-20 12:05:09 ----D---- C:\WINDOWS\Help
2008-12-20 12:04:51 ----D---- C:\Program Files\Common Files\System
2008-12-20 12:04:47 ----RSD---- C:\WINDOWS\Fonts
2008-12-20 12:04:11 ----D---- C:\Program Files\Microsoft Office
2008-12-20 11:53:33 ----D---- C:\WINDOWS\system
2008-12-18 21:54:54 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-12-18 21:54:33 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-16 07:38:08 ----D---- C:\WINDOWS\.jagex_cache_32
2008-12-14 22:04:22 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\Skype
2008-12-14 16:06:33 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\skypePM
2008-12-14 01:16:46 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-14 01:16:46 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-14 01:16:46 ----A---- C:\WINDOWS\system32\java.exe
2008-12-14 01:16:44 ----D---- C:\Program Files\Java
2008-12-12 22:40:02 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-10 03:02:12 ----D---- C:\Program Files\Internet Explorer
2008-12-05 14:03:50 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-11-29 03:03:01 ----D---- C:\WINDOWS\system32\CatRoot
2008-11-28 23:46:59 ----D---- C:\Program Files\WinRAR
2008-11-28 21:39:54 ----D---- C:\WINDOWS\Minidump
2008-11-28 20:37:47 ----D---- C:\WINDOWS\Microsoft.NET
2008-11-28 20:36:36 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-28 20:36:24 ----RSD---- C:\WINDOWS\assembly
2008-11-28 20:33:41 ----D---- C:\Program Files\Windows Media Player
2008-11-23 21:13:54 ----D---- C:\Program Files\Messenger Plus! Live
2008-11-22 14:36:18 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\Adobe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-09-27 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-09-27 26824]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.3.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-09-26 20747]
R2 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2008-09-27 76040]
R2 zumbus;Zune Bus Enumerator Driver; C:\WINDOWS\system32\DRIVERS\zumbus.sys [2008-11-10 40832]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2008-03-21 1203776]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-10-25 4623872]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-05-09 3535680]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-03-03 34176]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-03-03 13056]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 GTNDIS5;GTNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\GTNDIS5.SYS []
S3 RT61;Linksys Wireless-G PCI Adapter Driver(RT61); C:\WINDOWS\system32\DRIVERS\RT61.sys [2005-10-27 356096]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-27 611664]
R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\WINDOWS\system32\agrsmsvc.exe [2008-03-18 13312]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-09-10 116040]
R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-09-27 875288]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-09-27 231704]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-14 152984]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-03-24 73728]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-05-09 131139]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 ZuneBusEnum;Zune Bus Enumerator; c:\WINDOWS\system32\ZuneBusEnum.exe [2008-11-10 60032]
R2 ZuneNetworkSvc;Zune Network Sharing Service; c:\Program Files\Zune\ZuneNss.exe [2008-11-10 5117568]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-09-10 536872]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-10-06 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 getPlus® Helper;getPlus® Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-10-06 33752]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service; c:\WINDOWS\system32\ZuneWlanCfgSvc.exe [2008-11-10 243840]
S4 WMP54Gv4SVC;WMP54Gv4SVC; C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe [2004-02-06 41025]

-----------------EOF-----------------

and here is info.txt

info.txt logfile of random's system information tool 1.05 2008-12-21 14:27:26

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000103}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 7.0.5-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70500000002}
Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Agere Systems PCI-SV92PP Soft Modem-->agrsmdel
AIM 6-->C:\Program Files\AIM6\uninst.exe
Apple Mobile Device Support-->MsiExec.exe /I{AA9768AA-FF0B-4C66-A085-31E934F77841}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
AVG Free 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Compaq Organize-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D0122362-6333-4DE4-93F6-A5A2F3CC101A}\Setup.exe" UNINSTALL
Customer Experience Enhancement-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{23012310-3E05-46A5-88A9-C6CBCABCAC79} /l1033
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
Google Video Player-->"C:\Program Files\Google\Google Video Player\Uninstall.exe"
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB895961-v4)-->"C:\WINDOWS\$NtUninstallKB895961-v4$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915800-v4)-->"C:\WINDOWS\$NtUninstallKB915800-v4$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB932716-v2)-->"C:\WINDOWS\$NtUninstallKB932716-v2$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Boot Optimizer-->MsiExec.exe /X{1341D838-719C-4A05-B50F-49420CA1B4BB}
HP DVD Play 2.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\Setup.exe" -uninstall
HP Imaging Device Functions 7.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Premier Software 6.5-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Software Update-->MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}
HP Support Overview-->"C:\WINDOWS\unins000.exe"
HP Web Helper-->regsvr32 /u /s "C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll"
HyperCam 2-->"C:\Program Files\HyCam2\UnHyCam2.exe"
iTunes-->MsiExec.exe /I{41B9E2CF-0B3F-442A-B5B3-592A4A355634}
Java™ 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
LimeWire 4.18.8-->"C:\Program Files\LimeWire\uninstall.exe"
Linksys Wireless-G PCI Adapter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4DDC3BED-CC68-44AA-B435-D727B620CA5B}\setup.exe" -l0x9
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWdf01007$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2003 Edition 60 Days Trial Welcome Tour-->MsiExec.exe /I{A01FC76F-CC09-4658-9E37-5C2F635EE708}
Microsoft Office Standard Edition 2003-->MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft Office XP Professional-->MsiExec.exe /I{91110409-6000-11D3-8CFE-0050048383C9}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works-->MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
mIRC-->C:\Program Files\mIRC\uninstall.exe _?=C:\Program Files\mIRC
Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
PC-Doctor 5 for Windows-->C:\Program Files\PC-Doctor 5 for Windows\uninst.exe
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Sonic Express Labeler-->MsiExec.exe /X{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD Plus-->MsiExec.exe /X{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow Audio-->MsiExec.exe /X{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy-->MsiExec.exe /X{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data-->MsiExec.exe /X{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Update Manager-->MsiExec.exe /X{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster 4.1-->"C:\Program Files\SpywareBlaster\unins000.exe"
SpywareGuard v2.2-->"C:\Program Files\SpywareGuard\unins000.exe"
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB953356)-->"C:\WINDOWS\$NtUninstallKB953356$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Live Sign-in Assistant-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Zune Language Pack (ES)-->MsiExec.exe /X{EE4ACABF-531E-419A-9225-B8E0FA4955AF}
Zune Language Pack (FR)-->MsiExec.exe /X{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}
Zune-->c:\Program Files\Zune\ZuneSetup.exe /x
Zune-->MsiExec.exe /X{FF70513F-E3A7-402F-84FB-B7810A064BE2}

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: AVG Anti-Virus Free
FW: COMODO Firewall Pro

System event log

Computer Name: JUSTIN
Event Code: 4201
Message: The system detected that network adapter Linksys...PCI Adapter - Packet Scheduler Miniport was connected to the network,
and has initiated normal operation over the network adapter.

Record Number: 4109
Source Name: Tcpip
Time Written: 20081017092306.000000-420
Event Type: information
User:

Computer Name: JUSTIN
Event Code: 4202
Message: The system detected that network adapter Linksys...PCI Adapter - Packet Scheduler Miniport was disconnected from the network,
and the adapter's network configuration has been released. If the network
adapter was not disconnected, this may indicate that it has malfunctioned.
Please contact your vendor for updated drivers.

Record Number: 4108
Source Name: Tcpip
Time Written: 20081017092251.000000-420
Event Type: information
User:

Computer Name: JUSTIN
Event Code: 36
Message: The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Record Number: 4107
Source Name: W32Time
Time Written: 20081017084124.000000-420
Event Type: warning
User:

Computer Name: JUSTIN
Event Code: 4201
Message: The system detected that network adapter Linksys...PCI Adapter - Packet Scheduler Miniport was connected to the network,
and has initiated normal operation over the network adapter.

Record Number: 4106
Source Name: Tcpip
Time Written: 20081016190209.000000-420
Event Type: information
User:

Computer Name: JUSTIN
Event Code: 4201
Message: The system detected that network adapter Linksys...PCI Adapter - Packet Scheduler Miniport was connected to the network,
and has initiated normal operation over the network adapter.

Record Number: 4105
Source Name: Tcpip
Time Written: 20081016164201.000000-420
Event Type: information
User:

Application event log

Computer Name: JUSTIN
Event Code: 1100
Message: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Began compiling: System.Configuration, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a


Record Number: 890
Source Name: .NET Runtime Optimization Service
Time Written: 20081009020011.000000-420
Event Type: information
User:

Computer Name: JUSTIN
Event Code: 1102
Message: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Succesfully compiled: Microsoft.VisualBasic, Version=8.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a


Record Number: 889
Source Name: .NET Runtime Optimization Service
Time Written: 20081009020011.000000-420
Event Type:
User:

Computer Name: JUSTIN
Event Code: 1100
Message: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Began compiling: Microsoft.VisualBasic, Version=8.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a


Record Number: 888
Source Name: .NET Runtime Optimization Service
Time Written: 20081009020009.000000-420
Event Type: information
User:

Computer Name: JUSTIN
Event Code: 1102
Message: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Succesfully compiled: Microsoft.Build.Utilities, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a


Record Number: 887
Source Name: .NET Runtime Optimization Service
Time Written: 20081009020009.000000-420
Event Type:
User:

Computer Name: JUSTIN
Event Code: 1100
Message: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Began compiling: Microsoft.Build.Utilities, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a


Record Number: 886
Source Name: .NET Runtime Optimization Service
Time Written: 20081009020008.000000-420
Event Type: information
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;c:\Python22;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Adobe\AGL
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 47 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=2f02
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=c:\Program Files\Common Files\Sonic Shared\Sonic Central\
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_05\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_05\lib\ext\QTJava.zip

-----------------EOF-----------------

[kahdah]

Download this program:

submit files packer

Highlight the files listed below in bold and right-click and selecting copy.

C:\WINDOWS\system32\xmskclxy.exe
C:\WINDOWS\system32\nywdyixq.exe


Then start the file packer program and right click in the white box and select paste to paste the copied file names in the field.

Then press the Continue button.

I will create an archive with these files and a small log on your Desktop that starts with a name like requested-file[date].cab.

Rename this file to samples.

Click Here to upload the files please.
=============================
Please download the OTMoveIt3 by OldTimer.

• Save it to your desktop.
• Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
• Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  

  :processes
  explorer.exe
  
  :files
  C:\WINDOWS\system32\gokmut.dll
  C:\WINDOWS\system32\wnblimwh.dll
  C:\WINDOWS\system32\xmskclxy.exe
  C:\WINDOWS\system32\nywdyixq.exe
  C:\WINDOWS\system32\dcrcmacd.ini
  C:\WINDOWS\system32\ykhmxx.dll
  C:\WINDOWS\system32\4b6c4a43-.txt
  
  
  :reg
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
  "AppInit_DLLS"="avgrsstx.dll"
  [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ae25ca2e-cad9-447f-8880-c442a07ac562}]
  
  
  :commands
  [emptytemp]
  [start explorer]

• Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  
• Click the red Moveit! button.
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
• Close OTMoveIt3

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
===================================
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.
=========================
Please post these logs in your next reply:

• Ot Move it log
• Malware Bytes log
• New Rsit log

[DurkeeFX]

Ot Move It Log:

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
DllUnregisterServer procedure not found in C:\WINDOWS\system32\gokmut.dll
C:\WINDOWS\system32\gokmut.dll NOT unregistered.
C:\WINDOWS\system32\gokmut.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\wnblimwh.dll
C:\WINDOWS\system32\wnblimwh.dll NOT unregistered.
C:\WINDOWS\system32\wnblimwh.dll moved successfully.
C:\WINDOWS\system32\xmskclxy.exe moved successfully.
C:\WINDOWS\system32\nywdyixq.exe moved successfully.
C:\WINDOWS\system32\dcrcmacd.ini moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\ykhmxx.dll
C:\WINDOWS\system32\ykhmxx.dll NOT unregistered.
C:\WINDOWS\system32\ykhmxx.dll moved successfully.
C:\WINDOWS\system32\4b6c4a43-.txt moved successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\"AppInit_DLLS"|"avgrsstx.dll" /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ae25ca2e-cad9-447f-8880-c442a07ac562}\\ deleted successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\etilqs_DDdmM1V7pFWlm2tln1u1 scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\~DFBCE7.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\~DFC951.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\~DFE7DA.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\~DFE7E7.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\~DFE860.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\~DFE86F.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_2f4.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\x9whx5gj.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\x9whx5gj.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\x9whx5gj.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\x9whx5gj.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\x9whx5gj.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\x9whx5gj.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12212008_201531

Files moved on Reboot...
File C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\etilqs_DDdmM1V7pFWlm2tln1u1 not found!
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\~DFBCE7.tmp moved successfully.
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\~DFC951.tmp moved successfully.
File C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\~DFE7DA.tmp not found!
File C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\~DFE7E7.tmp not found!
File C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\~DFE860.tmp not found!
File C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\~DFE86F.tmp not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_2f4.dat not found!
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\x9whx5gj.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\x9whx5gj.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\x9whx5gj.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\x9whx5gj.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\x9whx5gj.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\x9whx5gj.default\XUL.mfl moved successfully.

MBAM log:
Malwarebytes' Anti-Malware 1.31
Database version: 1528
Windows 5.1.2600 Service Pack 3

12/21/2008 8:26:30 PM
mbam-log-2008-12-21 (20-26-30).txt

Scan type: Quick Scan
Objects scanned: 51992
Time elapsed: 3 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Delete on reboot.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Rsit Log:
Logfile of random's system information tool 1.05 (written by random/random)
Run by Compaq_Owner at 2008-12-21 20:31:53
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 127 GB (69%) free of 183 GB
Total RAM: 1470 MB (61% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:32:11 PM, on 12/21/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\ctfmon.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Compaq_Owner\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Compaq_Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [leterosimi] Rundll32.exe "C:\WINDOWS\system32\punijeri.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [leterosimi] Rundll32.exe "C:\WINDOWS\system32\punijeri.dll",s (User 'NETWORK SERVICE')
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (file missing)
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase6662.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 8783 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\ufyvhbzl.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4A368E80-174F-4872-96B5-0B27DDD11DB2}]
SpywareGuardDLBLOCK.CBrowserHelper - C:\Program Files\SpywareGuard\dlprotect.dll [2003-08-02 192512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-14 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-14 34816]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-05-09 7311360]
"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2005-07-22 237568]
"PCDrProfiler"= []
"HPBootOp"=C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe [2006-02-15 249856]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-05-09 86016]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-10-25 16855552]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-14 136600]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2005-05-10 180269]
"Zune Launcher"=c:\Program Files\Zune\ZuneLauncher.exe [2008-11-10 157312]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2008-12-04 1809648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]
C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-11-27 1261336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSystemAnalyzer]
C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemGuardAlerter]
C:\Program Files\iolo\System Mechanic 6\SystemGuardAlerter.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoneAlarm Client]
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMP54Gv4SVC"=2

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\StartUp
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-03 352256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]
"{81559C35-8464-49F7-BB0E-07A383BEF910}"=C:\Program Files\SpywareGuard\spywareguard.dll [2003-08-02 126976]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\WINDOWS\system32\drivers\svchost.exe"="C:\WINDOWS\system32\drivers\svchost.exe:*:Disabled:svchost"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"
"C:\Program Files\Java\jre6\bin\jusched.exe"="C:\Program Files\Java\jre6\bin\jusched.exe:*:Enabled:jusched"
"C:\WINDOWS\system32\logonui.exe"="C:\WINDOWS\system32\logonui.exe:*:Enabled:logonui"
"C:\Program Files\AVG\AVG8\avgrsx.exe"="C:\Program Files\AVG\AVG8\avgrsx.exe:*:Enabled:avgrsx"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{92e62063-8c64-11dd-b9a9-0017319d911e}]
shell\AutoRun\command - J:\LaunchU3.exe -a


======File associations======

.js - open - NOTEPAD.EXE %1
.vbs - open - NOTEPAD.EXE %1

======List of files/folders created in the last 1 months======

2008-12-21 20:15:31 ----D---- C:\_OTMoveIt
2008-12-21 14:27:04 ----D---- C:\rsit
2008-12-21 01:21:41 ----D---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-12-21 01:00:36 ----D---- C:\Program Files\SpywareBlaster
2008-12-21 01:00:02 ----D---- C:\Program Files\SpywareGuard
2008-12-21 01:00:02 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-12-21 00:59:37 ----D---- C:\Program Files\SUPERAntiSpyware
2008-12-21 00:59:37 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com
2008-12-21 00:46:45 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\Malwarebytes
2008-12-21 00:46:34 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-21 00:46:33 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-21 00:25:11 ----A---- C:\WINDOWS\system32\tmp.txt
2008-12-21 00:24:44 ----A---- C:\rapport.txt
2008-12-21 00:22:27 ----A---- C:\WINDOWS\system32\o4Patch.exe
2008-12-21 00:22:27 ----A---- C:\WINDOWS\system32\Agent.OMZ.Fix.exe
2008-12-21 00:22:26 ----A---- C:\WINDOWS\system32\IEDFix.C.exe
2008-12-21 00:22:26 ----A---- C:\WINDOWS\system32\404Fix.exe
2008-12-21 00:22:25 ----A---- C:\WINDOWS\system32\VACFix.exe
2008-12-21 00:22:24 ----A---- C:\WINDOWS\system32\WS2Fix.exe
2008-12-21 00:22:24 ----A---- C:\WINDOWS\system32\VCCLSID.exe
2008-12-21 00:22:24 ----A---- C:\WINDOWS\system32\IEDFix.exe
2008-12-21 00:22:23 ----A---- C:\WINDOWS\system32\swxcacls.exe
2008-12-21 00:22:23 ----A---- C:\WINDOWS\system32\SrchSTS.exe
2008-12-21 00:22:23 ----A---- C:\WINDOWS\system32\dumphive.exe
2008-12-21 00:22:22 ----A---- C:\WINDOWS\system32\swsc.exe
2008-12-21 00:22:21 ----A---- C:\WINDOWS\system32\swreg.exe
2008-12-21 00:22:21 ----A---- C:\WINDOWS\system32\Process.exe
2008-12-21 00:21:41 ----D---- C:\Program Files\Trend Micro
2008-12-20 23:29:46 ----D---- C:\VundoFix Backups
2008-12-20 23:29:46 ----A---- C:\VundoFix.txt
2008-12-20 23:17:37 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-20 19:10:13 ----D---- C:\Program Files\Windows Live Safety Center
2008-12-20 14:34:22 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\Sonic
2008-12-20 14:33:42 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\Leadertech
2008-12-14 01:16:58 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-12-10 03:03:34 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-10 03:01:30 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-10 03:00:50 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-10 03:00:42 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-11-30 03:00:40 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2008-11-28 20:35:29 ----N---- C:\WINDOWS\system32\spmsgXP_2k3.dll
2008-11-28 20:35:28 ----HDC---- C:\WINDOWS\$NtUninstallWdf01007$
2008-11-28 20:34:55 ----D---- C:\Program Files\Zune
2008-11-28 20:34:35 ----N---- C:\WINDOWS\system32\spmsg.dll
2008-11-28 20:34:34 ----HDC---- C:\WINDOWS\$NtUninstallKB932716-v2$
2008-11-28 20:34:07 ----A---- C:\WINDOWS\system32\imapi2fs.dll
2008-11-28 20:34:06 ----A---- C:\WINDOWS\system32\imapi2.dll
2008-11-28 20:33:29 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2008-11-28 19:46:46 ----HDC---- C:\WINDOWS\$NtUninstallKB895961-v4$

======List of files/folders modified in the last 1 months======

2008-12-21 20:32:11 ----D---- C:\WINDOWS\Temp
2008-12-21 20:30:35 ----D---- C:\Program Files\Mozilla Firefox
2008-12-21 20:30:10 ----D---- C:\WINDOWS\Prefetch
2008-12-21 20:29:31 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-21 20:15:33 ----D---- C:\WINDOWS\system32
2008-12-21 01:00:36 ----D---- C:\Program Files
2008-12-21 00:59:57 ----SHD---- C:\WINDOWS\Installer
2008-12-21 00:59:47 ----SHD---- C:\Config.Msi
2008-12-21 00:59:03 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-12-21 00:57:37 ----D---- C:\WINDOWS\system32\drivers
2008-12-20 23:18:21 ----AD---- C:\WINDOWS
2008-12-20 23:13:04 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-20 19:13:08 ----HD---- C:\WINDOWS\inf
2008-12-20 19:10:16 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-20 17:08:55 ----HD---- C:\$AVG8.VAULT$
2008-12-20 17:06:45 ----D---- C:\WINDOWS\Debug
2008-12-20 16:54:00 ----SD---- C:\WINDOWS\Tasks
2008-12-20 16:43:24 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire
2008-12-20 12:26:08 ----SD---- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft
2008-12-20 12:06:06 ----A---- C:\WINDOWS\ODBC.INI
2008-12-20 12:05:52 ----A---- C:\WINDOWS\win.ini
2008-12-20 12:05:35 ----D---- C:\Program Files\Microsoft ActiveSync
2008-12-20 12:05:33 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-12-20 12:05:09 ----D---- C:\WINDOWS\SHELLNEW
2008-12-20 12:05:09 ----D---- C:\WINDOWS\Help
2008-12-20 12:04:51 ----D---- C:\Program Files\Common Files\System
2008-12-20 12:04:47 ----RSD---- C:\WINDOWS\Fonts
2008-12-20 12:04:11 ----D---- C:\Program Files\Microsoft Office
2008-12-20 11:53:33 ----D---- C:\WINDOWS\system
2008-12-18 21:54:54 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-12-18 21:54:33 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-16 07:38:08 ----D---- C:\WINDOWS\.jagex_cache_32
2008-12-14 22:04:22 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\Skype
2008-12-14 16:06:33 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\skypePM
2008-12-14 01:16:46 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-14 01:16:46 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-14 01:16:46 ----A---- C:\WINDOWS\system32\java.exe
2008-12-14 01:16:44 ----D---- C:\Program Files\Java
2008-12-12 22:40:02 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-10 03:02:12 ----D---- C:\Program Files\Internet Explorer
2008-12-05 14:03:50 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-11-29 03:03:01 ----D---- C:\WINDOWS\system32\CatRoot
2008-11-28 23:46:59 ----D---- C:\Program Files\WinRAR
2008-11-28 21:39:54 ----D---- C:\WINDOWS\Minidump
2008-11-28 20:37:47 ----D---- C:\WINDOWS\Microsoft.NET
2008-11-28 20:36:36 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-28 20:36:24 ----RSD---- C:\WINDOWS\assembly
2008-11-28 20:33:41 ----D---- C:\Program Files\Windows Media Player
2008-11-23 21:13:54 ----D---- C:\Program Files\Messenger Plus! Live
2008-11-22 14:36:18 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\Adobe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-09-27 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-09-27 26824]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.3.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-09-26 20747]
R2 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2008-09-27 76040]
R2 zumbus;Zune Bus Enumerator Driver; C:\WINDOWS\system32\DRIVERS\zumbus.sys [2008-11-10 40832]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2008-03-21 1203776]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-10-25 4623872]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-05-09 3535680]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-03-03 34176]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-03-03 13056]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 GTNDIS5;GTNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\GTNDIS5.SYS []
S3 RT61;Linksys Wireless-G PCI Adapter Driver(RT61); C:\WINDOWS\system32\DRIVERS\RT61.sys [2005-10-27 356096]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-27 611664]
R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\WINDOWS\system32\agrsmsvc.exe [2008-03-18 13312]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-09-10 116040]
R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-09-27 875288]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-09-27 231704]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-14 152984]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-03-24 73728]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-05-09 131139]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 ZuneBusEnum;Zune Bus Enumerator; c:\WINDOWS\system32\ZuneBusEnum.exe [2008-11-10 60032]
R2 ZuneNetworkSvc;Zune Network Sharing Service; c:\Program Files\Zune\ZuneNss.exe [2008-11-10 5117568]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-10-06 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 getPlus® Helper;getPlus® Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-10-06 33752]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-09-10 536872]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service; c:\WINDOWS\system32\ZuneWlanCfgSvc.exe [2008-11-10 243840]
S4 WMP54Gv4SVC;WMP54Gv4SVC; C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe [2004-02-06 41025]

-----------------EOF-----------------

[kahdah]

PLease go to Start > Control Panel > Add\Remove programs.
THen uninstall this program:
Viewpoint

Then exit the Add\remove programs lisst.
=============
Then go to Start > Run then type in Tasks and hit ok.
Then delete this file that you see ufyvhbzl.job

Then reboot and delete this folder:
C:\Program Files\Viewpoint
=================
AFter that let me know how it is running?

[DurkeeFX]

Everything appears to be running perfect.

Thank you for your time and help.

[kahdah]

Cleanup:

Please download OT CLeanit from Here save it to your desktop.
Double click on OT Clean it to run it.
Then click on Clean up.
Restart your computer when prompted.
This will remove what tools we used.
=========================
Delete\uninstall anything else that we have used.

Including this folder C:\Rsit

System Restore
Then I will need you to reset your System Restore points.
The link below shows how to create a clean restore point.
How to Turn On and Turn Off System Restore in Windows XP
http://support.micro...kb/310405/en-us

If you are using Vista then see this link > http://www.bleepingc...143.html#manual
=====================================
After that your log is clean.

The following is a list of tools and utilities that I like to suggest to people.
You do not have to have all or any of them they are only suggestions.
This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.

Spybot Search & Destroy-Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.

Spyware Blaster - Great prevention tool to keep nasties from installing on your system.

Spywareguard-Works as a Spyware "Shield" to protect your computer from getting malware in the first place.

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Prevention article To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections please read the Prevention artice by Miekiemoes.

If your computer is slow Is a tutorial on what you can do if your computer is slow.