[zeeoa]

WHEN I START MY COMPUTER THE START MENU AND DESKTOP ITEMS DISAPPEAR
ONE OF THE PROGRAMS THAT THE MALWARE IS RUNNING IS SVCHOST.EXE(IDK IF IT HELP)
THANKS 4 THE HELP

[Advertisements]

Hello zeeoa

Welcome to G2Go.
=====================

• Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
• Double click on RSIT.exe to run RSIT.
• Click Continue at the disclaimer screen.
• Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

[kahdah]

Hello zeeoa

Welcome to G2Go.
=====================

• Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
• Double click on RSIT.exe to run RSIT.
• Click Continue at the disclaimer screen.
• Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

[zeeoa]

again thanks 4 dah help =D

log.txt :

Logfile of random's system information tool 1.05 (written by random/random)
Run by HP_Administrator at 2009-01-05 18:12:35
Microsoft Windows XP Professional Service Pack 3
System drive C: has 137 GB (76%) free of 182 GB
Total RAM: 958 MB (49% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:12:43 PM, on 1/5/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Common Files\AOL\1150819098\ee\AOLSoftware.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\program files\common files\aol\1150819098\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Documents and Settings\HP_Administrator\Desktop\RSIT.exe
C:\Program Files\trend micro\HP_Administrator.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.h...a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O2 - BHO: (no name) - {4B71B908-26C1-447A-BF8F-BA09E48376F6} - C:\WINDOWS\system32\ljJDTNGY.dll
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - (no file)
O2 - BHO: Zango - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - C:\Program Files\Zango\bin\10.2.191.0\HostIE.dll (file missing)
O2 - BHO: HpWebHelper - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\webhelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O3 - Toolbar: Zango - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - C:\Program Files\Zango\bin\10.2.191.0\HostIE.dll (file missing)
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1150819098\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O8 - Extra context menu item: &Search - http://edits.mywebse...?p=ZUxdm486PAUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com/?src=customie7
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfar...etup1.0.1.1.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logme...trl.cab?lmi=100
O20 - Winlogon Notify: urqPhfdB - urqPhfdB.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 9832 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\yqryykjn.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D}]
MyWebSearch Search Assistant BHO - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL [2008-11-28 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 63128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA}]
mwsBar BHO - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL [2008-11-28 417887]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{100EB1FD-D03E-47FD-81F3-EE91287F9465}]
ShoppingReport - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll [2008-02-06 1173024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4B71B908-26C1-447A-BF8F-BA09E48376F6}]
C:\WINDOWS\system32\ljJDTNGY.dll [2009-01-04 302592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B}]
Zango - C:\Program Files\Zango\bin\10.2.191.0\HostIE.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AAAE832A-5FFF-4661-9C8F-369692D1DCB9}]
hpWebHelper Class - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll [2008-10-08 652784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - Zango - C:\Program Files\Zango\bin\10.2.191.0\HostIE.dll []
{07B18EA9-A523-4961-B6BB-170DE4475CCA} - My Web Search - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL [2008-11-28 417887]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SpySweeper"=C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe [2006-01-25 3405312]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-01-24 7311360]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPwuSchd2.exe [2005-05-12 49152]
"AOLDialer"=C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [2006-10-23 71216]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot []
"HostManager"=C:\Program Files\Common Files\AOL\1150819098\ee\AOLSoftware.exe [2006-09-25 50736]
"RealTray"=C:\Program Files\Real\RealPlayer\RealPlay.exe [2008-01-20 26112]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"MsnMsgr"=C:\Program Files\MSN Messenger\MsnMsgr.Exe /background []
"Aim6"=C:\Program Files\AIM6\aim6.exe [2008-10-31 50480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlwaysReady Power Message APP]
C:\WINDOWS\ARPWRMSG.EXE [2005-08-02 77312]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DISCover]
C:\Program Files\DISC\DISCover.exe [2005-11-11 1064960]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiscUpdateManager]
C:\Program Files\DISC\DiscUpdateMgr.exe [2005-11-11 61440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMAScheduler]
c:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe [2005-11-01 90112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
C:\WINDOWS\ehome\ehtray.exe [2005-08-05 64512]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp]
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe [2005-11-09 249856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD08]
c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe [2005-06-01 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\WINDOWS\system32\NvCpl.dll [2006-01-24 7311360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCDrProfiler]
C:\Program Files\PC-Doctor 5 for Windows\RunProfiler.exe [2005-10-31 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
C:\WINDOWS\SMINST\RECGUARD.EXE [2005-07-22 237568]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
C:\Windows\Creator\Remind_XP.exe [2004-12-13 663552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
C:\WINDOWS\RTHDCPL.EXE [2006-01-23 15969280]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2005-05-12 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ReSchedHPSU.lnk]
C:\hp\bin\CLOAKER.EXE [1999-11-06 27136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\urqPhfdB]
urqPhfdB.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier]
C:\WINDOWS\system32\WRLogonNTF.dll [2006-01-25 492544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\ljJDTNGY
"notification packages"=
scecli
scecli
scecli

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\svcWRSSSDK]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\svcWRSSSDK]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\DISC\DISCover.exe"="C:\Program Files\DISC\DISCover.exe:*:Enabled:DISCover Drop & Play System"
"C:\Program Files\DISC\DiscStreamHub.exe"="C:\Program Files\DISC\DiscStreamHub.exe:*:Enabled:DISCover Stream Hub"
"C:\Program Files\DISC\myFTP.exe"="C:\Program Files\DISC\myFTP.exe:*:Enabled:DISCover FTP"
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe"="C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon"
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe"="C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed"
"C:\Program Files\Common Files\AOL\1150819098\EE\AOLServiceHost.exe"="C:\Program Files\Common Files\AOL\1150819098\EE\AOLServiceHost.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\System Information\sinf.exe"="C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe"="C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe"="C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe"="C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Common Files\AOL\1150819098\EE\aolsoftware.exe"="C:\Program Files\Common Files\AOL\1150819098\EE\aolsoftware.exe:*:Enabled:AOL Services"
"C:\Program Files\EA GAMES\Battlefield 2\BF2.exe"="C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Internet Explorer\IEXPLORE.EXE"="C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Disabled:Internet Explorer"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\America Online 9.0a\waol.exe"="C:\Program Files\America Online 9.0a\waol.exe:*:Enabled:AOL"
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe"="C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe"="C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2009-01-05 18:12:36 ----D---- C:\Program Files\trend micro
2009-01-05 18:12:35 ----D---- C:\rsit
2009-01-04 13:33:33 ----A---- C:\WINDOWS\system32\597acd01-.txt
2009-01-04 13:31:21 ----ASH---- C:\WINDOWS\system32\YGNTDJjl.ini2
2009-01-04 13:31:20 ----ASH---- C:\WINDOWS\system32\YGNTDJjl.ini
2009-01-04 13:31:17 ----A---- C:\WINDOWS\system32\ljJDTNGY.dll
2009-01-04 13:26:36 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\gadcom
2009-01-04 13:26:15 ----A---- C:\WINDOWS\system32\rqRJCtqn.dll
2009-01-04 13:26:13 ----A---- C:\WINDOWS\system32\digeste.dll
2008-12-21 03:00:54 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-12-21 03:00:44 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-12-20 15:55:12 ----D---- C:\WINDOWS\Prefetch
2008-12-20 15:53:11 ----HDC---- C:\WINDOWS\$NtUninstallKB960714$
2008-12-20 15:53:04 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-12-20 15:52:54 ----HDC---- C:\WINDOWS\$NtUninstallKB958215$
2008-12-20 15:52:45 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-12-20 15:52:37 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-12-20 15:52:29 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-12-20 15:52:19 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-12-20 15:52:13 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-20 15:52:02 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$
2008-12-20 15:51:51 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-12-20 15:51:44 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-20 15:51:37 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-12-20 15:51:24 ----HDC---- C:\WINDOWS\$NtUninstallKB953838$
2008-12-20 15:51:16 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-12-20 15:51:08 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-12-20 15:50:58 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-12-20 15:50:52 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-12-20 15:50:45 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-12-20 15:50:37 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-12-20 15:50:26 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-12-20 15:50:19 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-12-20 15:50:12 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-12-20 15:50:00 ----HDC---- C:\WINDOWS\$NtUninstallKB950759$
2008-12-20 15:49:53 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-12-20 15:49:46 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-12-20 15:42:13 ----D---- C:\WINDOWS\ServicePackFiles
2008-12-20 15:35:10 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-12-18 09:40:28 ----A---- C:\WINDOWS\system32\xpsp2res.dll
2008-12-18 09:40:25 ----A---- C:\WINDOWS\system32\qmgr.dll
2008-12-18 09:39:34 ----A---- C:\WINDOWS\system32\printui.dll
2008-12-18 09:39:34 ----A---- C:\WINDOWS\system32\perfctrs.dll
2008-12-18 09:39:34 ----A---- C:\WINDOWS\system32\olecnv32.dll
2008-12-18 09:39:34 ----A---- C:\WINDOWS\system32\oleaut32.dll
2008-12-18 09:39:34 ----A---- C:\WINDOWS\system32\nwprovau.dll
2008-12-18 09:39:34 ----A---- C:\WINDOWS\system32\ntvdm.exe
2008-12-18 09:39:34 ----A---- C:\WINDOWS\system32\ntprint.dll
2008-12-18 09:39:34 ----A---- C:\WINDOWS\system32\ntlsapi.dll
2008-12-18 09:39:34 ----A---- C:\WINDOWS\system32\ntdll.dll
2008-12-18 09:39:34 ----A---- C:\WINDOWS\system32\nslookup.exe
2008-12-18 09:39:34 ----A---- C:\WINDOWS\system32\msv1_0.dll
2008-12-18 09:39:34 ----A---- C:\WINDOWS\system32\msgsvc.dll
2008-12-18 09:39:34 ----A---- C:\WINDOWS\system32\mgmtapi.dll
2008-12-18 09:39:34 ----A---- C:\WINDOWS\system32\lsasrv.dll
2008-12-18 09:39:34 ----A---- C:\WINDOWS\system32\locator.exe
2008-12-18 09:39:34 ----A---- C:\WINDOWS\system32\localspl.dll
2008-12-18 09:39:34 ----A---- C:\WINDOWS\system32\lmhsvc.dll
2008-12-18 09:39:34 ----A---- C:\WINDOWS\system32\kernel32.dll
2008-12-18 09:39:34 ----A---- C:\WINDOWS\system32\imagehlp.dll
2008-12-18 09:39:34 ----A---- C:\WINDOWS\system32\ftp.exe
2008-12-18 09:39:34 ----A---- C:\WINDOWS\system32\format.com
2008-12-18 09:39:34 ----A---- C:\WINDOWS\system32\dhcpcsvc.dll
2008-12-18 09:39:34 ----A---- C:\WINDOWS\system32\csrsrv.dll
2008-12-18 09:39:34 ----A---- C:\WINDOWS\system32\comdlg32.dll
2008-12-18 09:39:34 ----A---- C:\WINDOWS\system32\comctl32.dll
2008-12-18 09:39:34 ----A---- C:\WINDOWS\system32\cmd.exe
2008-12-18 09:39:34 ----A---- C:\WINDOWS\system32\cacls.exe
2008-12-18 09:39:34 ----A---- C:\WINDOWS\system32\autoconv.exe
2008-12-18 09:39:34 ----A---- C:\WINDOWS\system32\autochk.exe
2008-12-18 09:39:34 ----A---- C:\WINDOWS\system32\advapi32.dll
2008-12-18 09:39:33 ----A---- C:\WINDOWS\system32\samlib.dll
2008-12-18 09:39:33 ----A---- C:\WINDOWS\system32\rshx32.dll
2008-12-18 09:39:33 ----A---- C:\WINDOWS\system32\rastapi.dll
2008-12-18 09:39:33 ----A---- C:\WINDOWS\system32\rasman.dll
2008-12-18 09:39:33 ----A---- C:\WINDOWS\system32\rasdlg.dll
2008-12-18 09:39:33 ----A---- C:\WINDOWS\system32\rasauto.dll
2008-12-18 09:39:33 ----A---- C:\WINDOWS\system32\rasapi32.dll
2008-12-18 09:39:32 ----A---- C:\WINDOWS\system32\wkssvc.dll
2008-12-18 09:39:32 ----A---- C:\WINDOWS\system32\win32spl.dll
2008-12-18 09:39:32 ----A---- C:\WINDOWS\system32\userinit.exe
2008-12-18 09:39:32 ----A---- C:\WINDOWS\system32\untfs.dll
2008-12-18 09:39:32 ----A---- C:\WINDOWS\system32\ulib.dll
2008-12-18 09:39:32 ----A---- C:\WINDOWS\system32\tcpmonui.dll
2008-12-18 09:39:32 ----A---- C:\WINDOWS\system32\syssetup.dll
2008-12-18 09:39:32 ----A---- C:\WINDOWS\system32\srvsvc.dll
2008-12-18 09:39:32 ----A---- C:\WINDOWS\system32\smss.exe
2008-12-18 09:39:32 ----A---- C:\WINDOWS\system32\setupapi.dll
2008-12-18 09:39:32 ----A---- C:\WINDOWS\system32\sessmgr.exe
2008-12-18 09:39:32 ----A---- C:\WINDOWS\system32\services.exe
2008-12-18 09:39:32 ----A---- C:\WINDOWS\system32\schannel.dll
2008-12-18 09:39:32 ----A---- C:\WINDOWS\system32\scardsvr.exe
2008-12-18 09:39:32 ----A---- C:\WINDOWS\system32\savedump.exe
2008-12-18 09:39:32 ----A---- C:\WINDOWS\system32\samsrv.dll
2008-12-18 09:39:29 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2008-12-18 09:39:29 ----A---- C:\WINDOWS\system32\ntkrnlpa.exe
2008-12-18 09:39:29 ----A---- C:\WINDOWS\system32\HAL.DLL
2008-12-17 21:56:38 ----HDC---- C:\WINDOWS\$NtUninstallKB960714_0$
2008-12-17 16:29:51 ----HD---- C:\WINDOWS\msdownld.tmp
2008-12-17 16:29:06 ----D---- C:\WINDOWS\WBEM
2008-12-17 16:27:43 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
2008-12-17 16:27:01 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
2008-12-17 16:26:21 ----HDC---- C:\WINDOWS\$NtUninstallKB915865$
2008-12-17 16:26:16 ----A---- C:\WINDOWS\system32\xmllite.dll
2008-12-17 16:24:32 ----HDC---- C:\WINDOWS\$NtUninstallKB914440$
2008-12-17 16:17:00 ----HDC---- C:\WINDOWS\$NtUninstallKB904942$
2008-12-17 11:29:55 ----D---- C:\WINDOWS\system32\en-us
2008-12-17 11:29:54 ----D---- C:\WINDOWS\system32\scripting
2008-12-17 11:29:54 ----D---- C:\WINDOWS\l2schemas
2008-12-17 11:29:53 ----D---- C:\WINDOWS\system32\en
2008-12-17 11:29:52 ----D---- C:\WINDOWS\system32\bits
2008-12-17 11:24:49 ----D---- C:\WINDOWS\network diagnostic
2008-12-17 11:21:32 ----A---- C:\WINDOWS\system32\_005060_.tmp.dll
2008-12-17 11:20:26 ----A---- C:\WINDOWS\system32\_005058_.tmp.dll
2008-12-17 11:20:26 ----A---- C:\WINDOWS\system32\_005053_.tmp.dll
2008-12-17 11:20:26 ----A---- C:\WINDOWS\system32\_005052_.tmp.dll
2008-12-17 11:20:26 ----A---- C:\WINDOWS\system32\_005051_.tmp.dll
2008-12-17 11:20:26 ----A---- C:\WINDOWS\system32\_005050_.tmp.dll
2008-12-17 11:20:26 ----A---- C:\WINDOWS\system32\_005049_.tmp.dll
2008-12-17 11:20:26 ----A---- C:\WINDOWS\system32\_005046_.tmp.dll
2008-12-17 11:20:26 ----A---- C:\WINDOWS\system32\_005045_.tmp.dll
2008-12-17 11:20:26 ----A---- C:\WINDOWS\system32\_005044_.tmp.dll
2008-12-17 11:20:26 ----A---- C:\WINDOWS\system32\_005043_.tmp.dll
2008-12-17 11:20:25 ----A---- C:\WINDOWS\system32\_005041_.tmp.dll
2008-12-17 11:20:25 ----A---- C:\WINDOWS\system32\_005040_.tmp.dll
2008-12-17 11:20:25 ----A---- C:\WINDOWS\system32\_005038_.tmp.dll
2008-12-17 11:20:24 ----A---- C:\WINDOWS\system32\_005036_.tmp.dll
2008-12-17 11:20:24 ----A---- C:\WINDOWS\system32\_005035_.tmp.dll
2008-12-17 11:20:23 ----A---- C:\WINDOWS\system32\_005031_.tmp.dll
2008-12-17 11:20:23 ----A---- C:\WINDOWS\system32\_005030_.tmp.dll
2008-12-17 11:20:23 ----A---- C:\WINDOWS\system32\_005027_.tmp.dll
2008-12-17 11:20:23 ----A---- C:\WINDOWS\system32\_005026_.tmp.dll
2008-12-17 11:20:22 ----A---- C:\WINDOWS\system32\_005025_.tmp.dll
2008-12-17 11:20:22 ----A---- C:\WINDOWS\system32\_005024_.tmp.dll
2008-12-17 11:20:22 ----A---- C:\WINDOWS\system32\_005023_.tmp.dll
2008-12-17 11:20:22 ----A---- C:\WINDOWS\system32\_005021_.tmp.dll
2008-12-17 11:20:21 ----A---- C:\WINDOWS\system32\_005020_.tmp.dll
2008-12-17 11:20:21 ----A---- C:\WINDOWS\system32\_005016_.tmp.dll
2008-12-17 11:20:21 ----A---- C:\WINDOWS\system32\_005014_.tmp.dll
2008-12-17 11:20:21 ----A---- C:\WINDOWS\system32\_005012_.tmp.dll
2008-12-17 11:20:21 ----A---- C:\WINDOWS\system32\_005011_.tmp.dll
2008-12-17 11:20:20 ----A---- C:\WINDOWS\system32\_005005_.tmp.dll
2008-12-17 11:20:18 ----A---- C:\WINDOWS\system32\_004988_.tmp.dll
2008-12-17 11:20:18 ----A---- C:\WINDOWS\system32\_004985_.tmp.dll
2008-12-17 11:20:18 ----A---- C:\WINDOWS\system32\_004984_.tmp.dll
2008-12-17 11:20:18 ----A---- C:\WINDOWS\system32\_004978_.tmp.dll
2008-12-17 11:02:45 ----D---- C:\Program Files\Common Files\Software Update Utility
2008-12-17 11:02:27 ----D---- C:\Documents and Settings\All Users\Application Data\acccore
2008-12-10 06:28:05 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-10 06:28:00 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-10 06:27:44 ----HDC---- C:\WINDOWS\$NtUninstallKB958215_0$
2008-12-10 06:27:33 ----HDC---- C:\WINDOWS\$NtUninstallKB954600_0$
2008-12-10 06:27:22 ----HDC---- C:\WINDOWS\$NtUninstallKB956802_0$

======List of files/folders modified in the last 1 months======

2009-01-05 18:12:36 ----D---- C:\Program Files
2009-01-05 17:08:54 ----D---- C:\Program Files\Mozilla Firefox
2009-01-05 16:10:36 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2009-01-05 15:58:53 ----D---- C:\WINDOWS\Temp
2009-01-05 15:58:36 ----D---- C:\WINDOWS\Registration
2009-01-05 15:58:19 ----AD---- C:\WINDOWS
2009-01-04 21:49:06 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-04 15:21:10 ----D---- C:\WINDOWS\system32
2009-01-04 14:29:45 ----A---- C:\WINDOWS\IE4 Error Log.txt
2009-01-04 14:20:24 ----D---- C:\Program Files\Graffiti Studio 2.0
2009-01-04 14:17:36 ----A---- C:\WINDOWS\win.ini
2009-01-04 13:26:18 ----SD---- C:\WINDOWS\Tasks
2009-01-04 09:47:50 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\ShoppingReport
2008-12-22 14:55:02 ----D---- C:\Documents and Settings\All Users\Application Data\AOL
2008-12-22 14:55:01 ----D---- C:\Program Files\AOL
2008-12-22 14:38:16 ----HD---- C:\WINDOWS\inf
2008-12-22 14:38:16 ----D---- C:\WINDOWS\system32\dllcache
2008-12-22 14:38:16 ----D---- C:\WINDOWS\Help
2008-12-22 14:38:16 ----D---- C:\Program Files\Internet Explorer
2008-12-22 14:33:37 ----D---- C:\WINDOWS\Media
2008-12-22 14:32:44 ----D---- C:\WINDOWS\system32\CatRoot
2008-12-22 14:31:45 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-21 12:50:34 ----SHD---- C:\WINDOWS\Installer
2008-12-21 12:50:34 ----HD---- C:\Config.Msi
2008-12-21 03:00:50 ----A---- C:\WINDOWS\imsins.BAK
2008-12-20 23:16:08 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-20 16:00:08 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-20 15:56:18 ----A---- C:\WINDOWS\OEWABLog.txt
2008-12-20 15:55:17 ----A---- C:\WINDOWS\setuplog.txt
2008-12-20 15:54:40 ----D---- C:\WINDOWS\system32\Setup
2008-12-20 15:54:40 ----D---- C:\WINDOWS\ime
2008-12-20 15:54:40 ----D---- C:\WINDOWS\AppPatch
2008-12-20 15:54:39 ----D---- C:\WINDOWS\system32\wbem
2008-12-20 15:54:38 ----SD---- C:\WINDOWS\Fonts
2008-12-20 15:54:34 ----D---- C:\WINDOWS\system32\drivers
2008-12-20 15:49:54 ----D---- C:\Program Files\Messenger
2008-12-20 15:49:29 ----D---- C:\WINDOWS\security
2008-12-20 15:48:20 ----RSD---- C:\WINDOWS\assembly
2008-12-20 15:44:53 ----D---- C:\WINDOWS\WinSxS
2008-12-20 15:44:36 ----D---- C:\WINDOWS\system32\inetsrv
2008-12-20 15:44:23 ----D---- C:\WINDOWS\system32\usmt
2008-12-20 15:44:21 ----D---- C:\WINDOWS\PeerNet
2008-12-20 15:44:21 ----D---- C:\Program Files\Movie Maker
2008-12-20 15:42:04 ----D---- C:\WINDOWS\system32\Restore
2008-12-20 15:42:04 ----D---- C:\WINDOWS\system32\npp
2008-12-20 15:42:04 ----D---- C:\WINDOWS\mui
2008-12-20 15:42:03 ----D---- C:\WINDOWS\msagent
2008-12-20 15:42:01 ----D---- C:\WINDOWS\srchasst
2008-12-20 15:42:00 ----D---- C:\Program Files\NetMeeting
2008-12-20 15:41:59 ----D---- C:\WINDOWS\system32\Com
2008-12-20 15:41:57 ----D---- C:\Program Files\Windows NT
2008-12-20 15:41:57 ----D---- C:\Program Files\Outlook Express
2008-12-20 15:41:54 ----D---- C:\Program Files\Common Files\System
2008-12-20 15:41:41 ----D---- C:\WINDOWS\system32\oobe
2008-12-20 15:41:40 ----D---- C:\WINDOWS\system
2008-12-20 15:38:20 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-12-20 15:35:08 ----AD---- C:\WINDOWS\ehome
2008-12-17 16:46:28 ----D---- C:\Program Files\Google
2008-12-17 16:46:28 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2008-12-17 11:02:58 ----D---- C:\Program Files\AIM6
2008-12-17 11:02:45 ----D---- C:\Program Files\Common Files
2008-12-17 10:54:34 ----D---- C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-12-17 09:11:39 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-12 12:01:00 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-10 09:00:14 ----D---- C:\Program Files\FunWebProducts
2008-12-09 15:24:38 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2008-01-20 8552]
R2 MCSTRM;MCSTRM; C:\WINDOWS\system32\drivers\MCSTRM.sys [2006-12-11 8413]
R2 symlcbrd;symlcbrd; \??\C:\WINDOWS\system32\drivers\symlcbrd.sys []
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2005-10-20 1095009]
R3 aracpi;aracpi; C:\WINDOWS\system32\DRIVERS\aracpi.sys [2005-08-02 22784]
R3 arhidfltr;MS Ar HID Filter Driver; C:\WINDOWS\system32\DRIVERS\arhidfltr.sys [2005-08-02 19200]
R3 arkbcfltr;Microsoft PS2 Keyboard Filter; C:\WINDOWS\system32\DRIVERS\arkbcfltr.sys [2005-08-02 5376]
R3 armoucfltr;Microsoft PS2 Mouse Filter; C:\WINDOWS\system32\DRIVERS\armoucfltr.sys [2005-08-02 4992]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ARPolicy;ARPolicy; C:\WINDOWS\system32\DRIVERS\arpolicy.sys [2005-08-02 10112]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-01-23 4145152]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-01-24 3535520]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-07-29 34048]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-07-29 12928]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-09 11008]
S3 Ps2;PS2; C:\WINDOWS\system32\DRIVERS\PS2.sys [2005-12-12 19072]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\IDS-DI~1\20071011.001\symidsco.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-10-01 32000]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 XTrapD12;XTrapD12; \??\C:\WINDOWS\system32\XTrapD12.sys []
S4 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AOL ACS;AOL Connectivity Service; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [2006-10-23 46640]
R2 AOL TopSpeedMonitor;AOL TopSpeed Monitor; C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe [2004-10-15 100016]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
R2 ARSVC;ARSVC; C:\WINDOWS\arservice.exe [2005-08-02 58880]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-08 168432]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2005-12-18 73728]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-01-24 131139]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2007-10-19 66872]
R2 svcWRSSSDK;Webroot Spy Sweeper Engine; C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe [2006-01-25 2161152]
R2 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [2006-02-22 1119888]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]
S2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe []
S2 MyWebSearchService;My Web Search Service; C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe [2008-11-28 28762]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

-----------------EOF-----------------


info.txt :

info.txt logfile of random's system information tool 1.05 2009-01-05 18:12:46

======Uninstall list======

-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {F80239D8-7811-4D5E-B033-0D0BBFE32920}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe -q
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Agere Systems PCI-SV92PP Soft Modem-->agrsmdel
AIM 6-->C:\Program Files\AIM6\uninst.exe
America Online (Choose which version to remove)-->C:\Program Files\Common Files\aolshare\aolunins_us.exe
AOL Coach Version 2.0(Build:20041026.5 en)-->C:\Program Files\Common Files\AolCoach\en_en\AolCInUn.exe -lang=en_en -ext=UDP
AOL Uninstaller-->C:\Program Files\Common Files\AOL\uninstaller.exe
AOL You've Got Pictures Screensaver-->C:\Program Files\Common Files\AOL\Screensaver\uninst_ygpss.exe
Apple Mobile Device Support-->MsiExec.exe /I{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Battlefield 2: Deluxe Edition-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}\setup.exe" -l0x9 -removeonly
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Customer Experience Enhancement-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{23012310-3E05-46A5-88A9-C6CBCABCAC79} /l1033
DISCover-->"C:\Program Files\DISC\uninstall.exe"
Download Updater (AOL LLC)-->C:\Program Files\Common Files\Software Update Utility\uninstall.exe
Easy Internet Sign-up-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{8105684D-8CA6-440D-8F58-7E5FD67A499D} /l1033
Enhanced Multimedia Keyboard Solution-->C:\HP\KBD\Install.exe /u
GdiplusUpgrade-->MsiExec.exe /I{5421155F-B033-49DB-9B33-8F80F233D4D5}
GemMaster Mystic-->"C:\Program Files\GemMaster\uninstallgemmaster.exe"
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
Graffiti Studio 2.0-->"C:\Program Files\Graffiti Studio 2.0\unins000.exe"
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 10 (KB910393)-->"C:\WIN

[kahdah]

You are welcome :

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3


* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  
  
• Double click on ComboFix.exe & follow the prompts.
  
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.