Logfile of random's system information tool 1.05 (written by random/random)
Run by Julie at 2008-12-25 15:49:48
Microsoft Windows XP Professional Service Pack 2
System drive E: has 238 GB (78%) free of 305 GB
Total RAM: 2047 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:50:20 PM, on 12/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
E:\Program Files\Bonjour\mDNSResponder.exe
E:\WINDOWS\system32\CTsvcCDA.exe
E:\WINDOWS\eHome\ehRecvr.exe
E:\WINDOWS\eHome\ehSched.exe
E:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
E:\Program Files\Common Files\LightScribe\LSSrvc.exe
E:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Dantz\Retrospect Express HD\retrorun.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Viewpoint\Common\ViewpointService.exe
E:\WINDOWS\system32\dllhost.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\ehome\ehtray.exe
E:\WINDOWS\RTHDCPL.EXE
E:\WINDOWS\eHome\ehmsas.exe
E:\WINDOWS\system32\RUNDLL32.EXE
E:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
E:\Program Files\HP\HP Software Update\HPWuSchd2.exe
E:\Program Files\Common Files\Real\Update_OB\realsched.exe
E:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
E:\Program Files\Search Settings\SearchSettings.exe
E:\Program Files\iTunes\iTunesHelper.exe
E:\Program Files\Messenger\msmsgs.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
E:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
E:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
E:\Program Files\RALINK\Common\RaUI.exe
E:\Program Files\OpenOffice.org 2.4\program\soffice.exe
E:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
E:\Program Files\iPod\bin\iPodService.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
E:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
E:\WINDOWS\system32\wscntfy.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
E:\WINDOWS\system32\rundll32.exe
E:\WINDOWS\system32\rundll32.exe
E:\WINDOWS\system32\rundll32.exe
E:\WINDOWS\system32\rundll32.exe
E:\WINDOWS\system32\winlogon.exe
E:\Program Files\Temp_Files_2_Delete\RSIT.exe
E:\Program Files\Temp_Files_2_Delete\Julie.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - E:\Program Files\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {39f45bb4-bb6c-475d-93c2-91605035ed83} - E:\WINDOWS\system32\reziguge.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - E:\Program Files\Dealio\kb127\Dealio.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - E:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: {8d50592b-73e9-c06a-70a4-e1181ac0ec5c} - {c5ce0ca1-811e-4a07-a60c-9e37b29505d8} - E:\WINDOWS\system32\wtmnqm.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - E:\Program Files\Dealio\kb127\Dealio.dll
O4 - HKLM\..\Run: [ehTray] E:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] E:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] E:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [CTCheck] E:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
O4 - HKLM\..\Run: [au] E:\Program Files\Dealio\DealioAU.exe
O4 - HKLM\..\Run: [SearchSettings] E:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] E:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [farafuhuki] Rundll32.exe "E:\WINDOWS\system32\riyakuge.dll",s
O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] E:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "E:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [farafuhuki] Rundll32.exe "E:\WINDOWS\system32\riyakuge.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [farafuhuki] Rundll32.exe "E:\WINDOWS\system32\riyakuge.dll",s (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-117609710-1425521274-682003330-1004\..\Run: [Aim6] "E:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp (User 'Sophia')
O4 - HKUS\S-1-5-21-117609710-1425521274-682003330-1004\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background (User 'Sophia')
O4 - HKUS\S-1-5-21-117609710-1425521274-682003330-1004\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "E:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" (User 'Sophia')
O4 - S-1-5-21-117609710-1425521274-682003330-1004 Startup: OpenOffice.org 2.3.lnk = E:\Program Files\OpenOffice.org 2.3\program\quickstart.exe (User 'Sophia')
O4 - S-1-5-21-117609710-1425521274-682003330-1004 Startup: OpenOffice.org 2.4.lnk = E:\Program Files\OpenOffice.org 2.4\program\quickstart.exe (User 'Sophia')
O4 - S-1-5-21-117609710-1425521274-682003330-1004 Startup: RollerCoaster Tycoon 3 Registration.lnk = E:\Documents and Settings\Sophia\Local Settings\Temp\{FED3337C-9F96-43EF-9731-6A0ED614308C}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe (User 'Sophia')
O4 - Startup: OpenOffice.org 2.3.lnk = E:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Startup: OpenOffice.org 2.4.lnk = E:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: DualCoreCenter.lnk = E:\Program Files\MSI\DualCoreCenter\StartUpDualCoreCenter.exe
O4 - Global Startup: Forget Me Not.lnk = E:\Program Files\Broderbund\AG CreataCard\AGremind.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = E:\Program Files\RALINK\Common\RaUI.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://E:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Compare Prices with &Dealio - E:\Documents and Settings\Julie\Application Data\Dealio\kb127\res\DealioSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - E:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - E:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1208133478680
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: wtmnqm.dll  e:\windows\system32\duzemibe.dll  e:\windows\system32\memovovo.dll,E:\WINDOWS\system32\zewewegi.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - e:\windows\system32\memovovo.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - E:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - E:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - E:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - E:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - E:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - E:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - E:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - E:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - E:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect Express HD\retrorun.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - E:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 12127 bytes

======Scheduled tasks folder======

E:\WINDOWS\tasks\AppleSoftwareUpdate.job
E:\WINDOWS\tasks\cjbqqusk.job
E:\WINDOWS\tasks\hndgdplq.job
E:\WINDOWS\tasks\rvifljmj.job
E:\WINDOWS\tasks\tvjdqxhd.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - E:\Program Files\rpbrowserrecordplugin.dll [2008-04-13 308856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39f45bb4-bb6c-475d-93c2-91605035ed83}]
E:\WINDOWS\system32\reziguge.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6A87B991-A31F-4130-AE72-6D0C294BF082}]
DealioBHO Class - E:\Program Files\Dealio\kb127\Dealio.dll [2008-05-26 3170144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - E:\Program Files\Java\jre1.6.0_05\bin\ssv.dll [2008-02-22 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - E:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll [2008-10-12 652784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c5ce0ca1-811e-4a07-a60c-9e37b29505d8}]
E:\WINDOWS\system32\wtmnqm.dll [2008-12-21 135680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - Dealio - E:\Program Files\Dealio\kb127\Dealio.dll [2008-05-26 3170144]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=E:\WINDOWS\ehome\ehtray.exe [2004-08-10 59392]
"RTHDCPL"=E:\WINDOWS\RTHDCPL.EXE [2007-07-05 16380416]
"Alcmtr"=E:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"NvCplDaemon"=E:\WINDOWS\system32\NvCpl.dll [2007-06-28 8466432]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=E:\WINDOWS\system32\NvMcTray.dll [2007-06-28 81920]
"SunJavaUpdateSched"=E:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [2008-02-22 144784]
"HP Software Update"=E:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-02-19 49152]
"NeroFilterCheck"=E:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-07-04 161064]
"TkBellExe"=E:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-04-13 185896]
"Adobe Reader Speed Launcher"=E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"QuickTime Task"=E:\Program Files\QuickTime\QTTask.exe [2008-05-27 413696]
"CTCheck"=E:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe [2007-11-06 397312]
"au"=E:\Program Files\Dealio\DealioAU.exe [2008-05-26 595296]
"SearchSettings"=E:\Program Files\Search Settings\SearchSettings.exe [2008-06-12 991584]
"AppleSyncNotifier"=E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-07-22 116040]
"iTunesHelper"=E:\Program Files\iTunes\iTunesHelper.exe [2008-07-30 289064]
"AVG8_TRAY"=E:\PROGRA~1\AVG\AVG8\avgtray.exe []
"farafuhuki"=E:\WINDOWS\system32\riyakuge.dll []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=E:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]
"ctfmon.exe"=E:\WINDOWS\system32\ctfmon.exe [2006-03-15 15360]
"LightScribe Control Panel"=E:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2007-06-20 451872]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=E:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-07-04 148776]
"Aim6"= []
"SpybotSD TeaTimer"=E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]

E:\Documents and Settings\All Users\Start Menu\Programs\Startup
DualCoreCenter.lnk - E:\Program Files\MSI\DualCoreCenter\StartUpDualCoreCenter.exe
Forget Me Not.lnk - E:\Program Files\Broderbund\AG CreataCard\AGremind.exe
HP Digital Imaging Monitor.lnk - E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Ralink Wireless Utility.lnk - E:\Program Files\RALINK\Common\RaUI.exe

E:\Documents and Settings\Julie\Start Menu\Programs\Startup
OpenOffice.org 2.3.lnk - E:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
OpenOffice.org 2.4.lnk - E:\Program Files\OpenOffice.org 2.4\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="wtmnqm.dll  e:\windows\system32\duzemibe.dll  e:\windows\system32\memovovo.dll,E:\WINDOWS\system32\zewewegi.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - e:\windows\system32\memovovo.dll []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
E:\WINDOWS\system32\zewewegi.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=E:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=E:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"E:\Program Files\Messenger\msmsgs.exe"="E:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"E:\Program Files\Common Files\AOL\Loader\aolload.exe"="E:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"E:\Program Files\AIM6\aim6.exe"="E:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"E:\Program Files\Grisoft\AVG7\avginet.exe"="E:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe"
"E:\Program Files\Grisoft\AVG7\avgamsvr.exe"="E:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"E:\Program Files\Grisoft\AVG7\avgcc.exe"="E:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe"
"E:\Program Files\Bonjour\mDNSResponder.exe"="E:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"E:\Program Files\Mozilla Firefox\firefox.exe"="E:\Program Files\Mozilla Firefox\firefox.exe:*:Disabled:Firefox"
"E:\Documents and Settings\Dov\My Documents\emulator-win\Emulator.exe"="E:\Documents and Settings\Dov\My Documents\emulator-win\Emulator.exe:*:Enabled:Palm OSŪ Emulator"
"E:\Program Files\iTunes\iTunes.exe"="E:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"E:\Program Files\realplay.exe"="E:\Program Files\realplay.exe:*:Enabled:RealPlayer"
"E:\WINDOWS\explorer.exe"="E:\WINDOWS\explorer.exe:*:Enabled:Explorer"
"E:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe"="E:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe:*:Enabled:jucheck"
"E:\WINDOWS\system32\HPZipm12.exe"="E:\WINDOWS\system32\HPZipm12.exe:*:Enabled:HPZipm12"
"E:\WINDOWS\system32\logonui.exe"="E:\WINDOWS\system32\logonui.exe:*:Enabled:logonui"
"E:\WINDOWS\system32\spoolsv.exe"="E:\WINDOWS\system32\spoolsv.exe:*:Enabled:spoolsv"
"E:\WINDOWS\system32\winlogon.exe"="E:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"
"E:\WINDOWS\system32\nvsvc32.exe"="E:\WINDOWS\system32\nvsvc32.exe:*:Enabled:nvsvc32"
"E:\WINDOWS\system32\CTSVCCDA.EXE"="E:\WINDOWS\system32\CTSVCCDA.EXE:*:Enabled:CTsvcCDA"
"E:\WINDOWS\system32\rundll32.exe"="E:\WINDOWS\system32\rundll32.exe:*:Enabled:rundll32"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2008-12-25 15:49:48 ----D---- E:\rsit
2008-12-24 20:30:35 ----D---- E:\Program Files\ESET
2008-12-24 20:30:35 ----D---- E:\Documents and Settings\All Users\Application Data\ESET
2008-12-24 20:12:40 ----D---- E:\Program Files\Temp_Files_2_Delete
2008-12-23 22:34:46 ----SH---- E:\WINDOWS\system32\isizuwid.ini
2008-12-23 16:32:24 ----D---- E:\Avenger
2008-12-23 16:32:23 ----A---- E:\avenger.txt
2008-12-21 22:53:23 ----D---- E:\Program Files\Lavasoft
2008-12-21 22:53:23 ----D---- E:\Documents and Settings\All Users\Application Data\Lavasoft
2008-12-21 22:52:40 ----D---- E:\Program Files\Common Files\Wise Installation Wizard
2008-12-21 16:34:42 ----A---- E:\WINDOWS\system32\wtmnqm.dll
2008-12-21 16:34:39 ----A---- E:\WINDOWS\system32\gxxbxbsv.dll
2008-12-21 16:33:35 ----A---- E:\WINDOWS\system32\ssqQkKdC.dll
2008-12-21 14:48:25 ----A---- E:\WINDOWS\system32\cjqadp.dll
2008-12-21 14:48:22 ----A---- E:\WINDOWS\system32\rkiovvpt.dll
2008-12-21 14:21:39 ----D---- E:\Documents and Settings\Julie\Application Data\Malwarebytes
2008-12-21 14:21:21 ----D---- E:\Program Files\Malwarebytes' Anti-Malware
2008-12-21 14:21:21 ----D---- E:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-21 12:23:51 ----A---- E:\WINDOWS\system32\dscoow.dll
2008-12-21 12:23:48 ----A---- E:\WINDOWS\system32\ojikrrwd.dll
2008-12-21 12:09:29 ----A---- E:\WINDOWS\system32\rjqawh.dll
2008-12-21 12:09:25 ----A---- E:\WINDOWS\system32\ckygohqv.dll
2008-12-20 21:58:02 ----A---- E:\WINDOWS\system32\9751577f-.txt
2008-12-12 01:14:49 ----HDC---- E:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-12 01:14:45 ----HDC---- E:\WINDOWS\$NtUninstallKB955839$
2008-12-12 01:14:18 ----HDC---- E:\WINDOWS\$NtUninstallKB954600$
2008-12-12 01:14:12 ----HDC---- E:\WINDOWS\$NtUninstallKB956802$
2008-12-09 22:42:00 ----N---- E:\WINDOWS\system32\vxblock.dll
2008-12-09 22:42:00 ----N---- E:\WINDOWS\system32\pxwave.dll
2008-12-09 22:42:00 ----N---- E:\WINDOWS\system32\pxmas.dll
2008-12-09 22:42:00 ----N---- E:\WINDOWS\system32\pxhpinst.exe
2008-12-09 22:42:00 ----N---- E:\WINDOWS\system32\pxdrv.dll
2008-12-09 22:42:00 ----N---- E:\WINDOWS\system32\px.dll
2008-12-09 22:41:56 ----D---- E:\WINDOWS\system32\IOSUBSYS
2008-12-01 19:56:59 ----A---- E:\WINDOWS\hpqEmlSz.INI

======List of files/folders modified in the last 1 months======

2008-12-25 15:50:10 ----D---- E:\WINDOWS\Temp
2008-12-25 15:49:48 ----D---- E:\WINDOWS\Prefetch
2008-12-25 15:12:47 ----D---- E:\Program Files\Mozilla Firefox
2008-12-25 14:39:54 ----D---- E:\WINDOWS
2008-12-25 13:50:12 ----D---- E:\Documents and Settings\Julie\Application Data\OpenOffice.org2
2008-12-25 13:49:35 ----D---- E:\WINDOWS\Registration
2008-12-25 13:49:09 ----D---- E:\WINDOWS\system32\drivers
2008-12-25 13:49:09 ----D---- E:\WINDOWS\system32
2008-12-25 13:33:07 ----A---- E:\WINDOWS\SchedLgU.Txt
2008-12-24 20:31:06 ----SHD---- E:\WINDOWS\Installer
2008-12-24 20:31:06 ----HD---- E:\Config.Msi
2008-12-24 20:31:01 ----HD---- E:\WINDOWS\inf
2008-12-24 20:30:57 ----D---- E:\WINDOWS\system32\CatRoot2
2008-12-24 20:30:35 ----RD---- E:\Program Files
2008-12-23 23:38:41 ----D---- E:\WINDOWS\Help
2008-12-23 22:34:43 ----ASH---- E:\WINDOWS\system32\zuterolo.dll
2008-12-23 22:22:16 ----D---- E:\Documents and Settings\All Users\Application Data\Google Updater
2008-12-23 21:27:55 ----A---- E:\WINDOWS\NeroDigital.ini
2008-12-21 22:52:40 ----D---- E:\Program Files\Common Files
2008-12-21 21:35:58 ----D---- E:\Program Files\Spybot - Search & Destroy
2008-12-21 21:34:13 ----D---- E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-21 16:28:34 ----SD---- E:\WINDOWS\Tasks
2008-12-17 23:53:29 ----RSHDC---- E:\WINDOWS\system32\dllcache
2008-12-17 23:53:11 ----HD---- E:\WINDOWS\$hf_mig$
2008-12-16 21:44:40 ----A---- E:\WINDOWS\PhotoSnapViewer.INI
2008-12-13 01:40:02 ----A---- E:\WINDOWS\system32\mshtml.dll
2008-12-12 01:14:52 ----A---- E:\WINDOWS\imsins.BAK
2008-12-12 01:14:37 ----D---- E:\Program Files\Internet Explorer
2008-12-09 22:41:50 ----D---- E:\Program Files\Google

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 easdrv;easdrv; E:\WINDOWS\system32\DRIVERS\easdrv.sys [2008-07-01 53256]
R1 epfwtdir;epfwtdir; E:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-07-01 34312]
R1 intelppm;Intel Processor Driver; E:\WINDOWS\system32\DRIVERS\intelppm.sys [2006-03-15 36096]
R1 kbdhid;Keyboard HID Driver; E:\WINDOWS\system32\DRIVERS\kbdhid.sys [2006-03-15 14848]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.10.0; E:\WINDOWS\system32\DRIVERS\AegisP.sys [2007-12-09 21275]
R2 eamon;EAMON; E:\WINDOWS\system32\DRIVERS\eamon.sys [2008-07-01 39944]
R3 Arp1394;1394 ARP Client Protocol; E:\WINDOWS\system32\DRIVERS\arp1394.sys [2006-03-15 60800]
R3 GEARAspiWDM;GEARAspiWDM; E:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; E:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 hidusb;Microsoft HID Class Driver; E:\WINDOWS\system32\DRIVERS\hidusb.sys [2006-03-15 9600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); E:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-07-18 4547584]
R3 NIC1394;1394 Net Driver; E:\WINDOWS\system32\DRIVERS\nic1394.sys [2006-03-15 61824]
R3 nv;nv; E:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-06-28 6807328]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; E:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-11-19 62592]
R3 nvnetbus;NVIDIA Network Bus Enumerator; E:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-11-19 19968]
R3 RT61;Ralink RT61 Wireless Driver; E:\WINDOWS\system32\DRIVERS\RT61.sys [2006-05-04 380928]
R3 usbccgp;Microsoft USB Generic Parent Driver; E:\WINDOWS\system32\DRIVERS\usbccgp.sys [2006-03-15 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; E:\WINDOWS\system32\DRIVERS\usbehci.sys [2006-03-15 26624]
R3 usbhub;USB2 Enabled Hub; E:\WINDOWS\system32\DRIVERS\usbhub.sys [2006-03-15 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; E:\WINDOWS\system32\DRIVERS\usbohci.sys [2006-03-15 17024]
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; E:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-01-31 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; E:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-01-31 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; E:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-01-31 21568]
S3 MHNDRV;MHN driver; E:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 mouhid;Mouse HID Driver; E:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 PalmUSBD;PalmUSBD; E:\WINDOWS\system32\drivers\PalmUSBD.sys [2002-06-27 16509]
S3 USBAAPL;Apple Mobile USB Driver; E:\WINDOWS\System32\Drivers\usbaapl.sys [2008-07-22 32000]
S3 usbprint;Microsoft USB PRINTER Class; E:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; E:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; E:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WpdUsb;WpdUsb; E:\WINDOWS\System32\Drivers\wpdusb.sys [2005-01-28 18944]
S4 IntelIde;IntelIde; E:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; E:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-10 611664]
R2 Apple Mobile Device;Apple Mobile Device; E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-22 116040]
R2 Bonjour Service;Bonjour Service; E:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; E:\WINDOWS\system32\CTsvcCDA.exe [1999-12-12 44032]
R2 ehRecvr;Media Center Receiver Service; E:\WINDOWS\eHome\ehRecvr.exe [2004-08-10 194560]
R2 ehSched;Media Center Scheduler Service; E:\WINDOWS\eHome\ehSched.exe [2004-08-10 102912]
R2 ekrn;Eset Service; E:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-07-01 468224]
R2 gusvc;Google Updater Service; E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-12 168432]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; E:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-06-28 79136]
R2 NVSvc;NVIDIA Display Driver Service; E:\WINDOWS\system32\nvsvc32.exe [2007-06-28 155716]
R2 RetroExpLauncher;Retrospect Express HD Launcher; C:\Program Files\Dantz\Retrospect Express HD\retrorun.exe [2004-07-30 69632]
R2 UMWdf;Windows User Mode Driver Framework; E:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R2 Viewpoint Manager Service;Viewpoint Manager Service; E:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R3 iPod Service;iPod Service; E:\Program Files\iPod\bin\iPodService.exe [2008-07-30 532264]
R3 NMIndexingService;NMIndexingService; E:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-07-04 267560]
S2 Pml Driver HPZ12;Pml Driver HPZ12; E:\WINDOWS\system32\HPZipm12.exe [2005-11-22 69632]
S3 aspnet_state;ASP.NET State Service; E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 EhttpSrv;Eset HTTP Server; E:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2008-07-01 19200]
S3 MHN;MHN; E:\WINDOWS\System32\svchost.exe [2006-03-15 14336]
S3 NBService;NBService; E:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-07-04 779560]

-----------------EOF-----------------