Here's the log files you requested:
ComboFix 08-06-12.2 - Dan 2008-06-14 15:54:52.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.208 [GMT -4:00]
Running from: C:\Documents and Settings\Dan\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Dan\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\Dan\Application Data\Microsoft\dtsc
C:\Documents and Settings\Dan\Application Data\Microsoft\dtsc\id
C:\Program Files\msupdate
C:\Program Files\msupdate\a.zip
C:\Program Files\screensavers.com
C:\Program Files\screensavers.com\Installer\bin\siuninst.exe
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\vtmp2
C:\Temp\vtmp2\ktnv33.log
C:\WINDOWS\BM3f7e50b1.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\ctfmon32.exe
C:\WINDOWS\ctrlpan.dll
C:\WINDOWS\directx32.exe
C:\WINDOWS\dnsrelay.dll
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\editpad.exe
C:\WINDOWS\explore.exe
C:\WINDOWS\explorer32.exe
C:\WINDOWS\funniest.exe
C:\WINDOWS\funny.exe
C:\WINDOWS\gfmnaaa.dll
C:\WINDOWS\helpcvs.exe
C:\WINDOWS\inetinf.exe
C:\WINDOWS\internet.exe
C:\WINDOWS\mainms.vpi
C:\WINDOWS\megavid.cdt
C:\WINDOWS\msconfd.dll
C:\WINDOWS\msspi.dll
C:\WINDOWS\mswsc10.dll
C:\WINDOWS\mswsc20.dll
C:\WINDOWS\muotr.so
C:\WINDOWS\pskt.ini
C:\WINDOWS\qttasks.exe
C:\WINDOWS\quicken.exe
C:\WINDOWS\rundll16.exe
C:\WINDOWS\rundll32.vbe
C:\WINDOWS\searchword.dll
C:\WINDOWS\sistem.exe
C:\WINDOWS\svchost32.exe
C:\WINDOWS\svcinit.exe
C:\WINDOWS\system32\AaJSBJlm.ini
C:\WINDOWS\system32\AaJSBJlm.ini2
C:\WINDOWS\system32\ajvpgkbu.ini
C:\WINDOWS\system32\alngpwgm.ini
C:\WINDOWS\system32\BHjlonpo.ini
C:\WINDOWS\system32\BHjlonpo.ini2
C:\WINDOWS\system32\bqskhjfe.dll
C:\WINDOWS\system32\cmd.com
C:\WINDOWS\system32\dddhdttk.dll
C:\WINDOWS\system32\eguwpmqe.dll
C:\WINDOWS\system32\EhiSstwa.ini
C:\WINDOWS\system32\EhiSstwa.ini2
C:\WINDOWS\system32\emwwajnh.ini
C:\WINDOWS\system32\EOYIjkkj.ini
C:\WINDOWS\system32\EOYIjkkj.ini2
C:\WINDOWS\system32\eqmpwuge.ini
C:\WINDOWS\system32\esueqhga.dll
C:\WINDOWS\system32\evokqtye.dll
C:\WINDOWS\system32\exmwjyfa.dll
C:\WINDOWS\system32\flgemuwr.dll
C:\WINDOWS\system32\fxmrsqvr.dll
C:\WINDOWS\system32\gfxgujoq.dll
C:\WINDOWS\system32\hiaynovx.dll
C:\WINDOWS\system32\hljwugsf.bin
C:\WINDOWS\system32\hnjawwme.dll
C:\WINDOWS\system32\hwwtvevr.dll
C:\WINDOWS\system32\iyulkltl.dll
C:\WINDOWS\system32\kjlshabc.dll
C:\WINDOWS\system32\kttdhddd.ini
C:\WINDOWS\system32\lvepmclb.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mdm.exe
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\neswryuh.dll
C:\WINDOWS\system32\oekwnrgi.dll
C:\WINDOWS\system32\olipkwlv.dll
C:\WINDOWS\system32\oxojkqxd.dll
C:\WINDOWS\system32\OYGOUvut.ini
C:\WINDOWS\system32\OYGOUvut.ini2
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\ping.com
C:\WINDOWS\system32\pjdgacbw.dll
C:\WINDOWS\system32\pyrbvnva.dll
C:\WINDOWS\system32\qojugxfg.ini
C:\WINDOWS\system32\rpwubgou.dll
C:\WINDOWS\system32\rvhcpeye.dll
C:\WINDOWS\system32\rxrubvwm.dll
C:\WINDOWS\system32\sumqjijc.ini
C:\WINDOWS\system32\tasklist.com
C:\WINDOWS\system32\tkndkshv.ini
C:\WINDOWS\system32\tracert.com
C:\WINDOWS\system32\ubkgpvja.dll
C:\WINDOWS\system32\vgrvfsdf.dll
C:\WINDOWS\system32\WEeLoUvw.ini
C:\WINDOWS\system32\WEeLoUvw.ini2
C:\WINDOWS\system32\WwxFOqss.ini
C:\WINDOWS\system32\WwxFOqss.ini2
C:\WINDOWS\system32\ybmlhmxg.dll
C:\WINDOWS\system32\yIlkQqru.ini
C:\WINDOWS\system32\yIlkQqru.ini2
C:\WINDOWS\system32\yIlRAJjl.ini
C:\WINDOWS\system32\yIlRAJjl.ini2
C:\WINDOWS\system32\yvmmkuau.ini
C:\WINDOWS\time.exe
C:\xcrashdump.dat
----- BITS: Possible infected sites -----
hxxp://80.93.48.89.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_MSSECURITY1.209.4
-------\Service_MsSecurity1.209.4
((((((((((((((((((((((((( Files Created from 2008-05-14 to 2008-06-14 )))))))))))))))))))))))))))))))
.
2008-06-08 01:13 . 2008-06-08 01:13 <DIR> d-------- C:\VundoFix Backups
2008-06-08 00:50 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-03 02:23 . 2008-06-03 02:23 37,888 --a------ C:\WINDOWS\system32\hbhwtnnm.exe
2008-06-03 02:23 . 1980-08-16 20:00 24,576 --a------ C:\WINDOWS\system32\__c004FA54.dat
2008-06-02 16:53 . 2008-06-02 16:53 37,888 --a------ C:\WINDOWS\system32\sjkyoldp.exe
2008-06-02 16:53 . 2008-06-14 14:12 24,576 --a------ C:\WINDOWS\system32\__c007B2B8.dat
2008-06-02 13:14 . 2008-06-02 13:14 317,328 --a------ C:\WINDOWS\system32\jkkjIYOE.dll_old
2008-06-02 12:36 . 2008-06-02 12:36 6,039,048 --a------ C:\Firefox Setup 2.0.0.14.exe
2008-06-01 17:59 . 2008-06-01 17:59 12,856 --a------ C:\WINDOWS\system32\xxyaxWQH.dll
2008-05-31 20:43 . 2008-05-31 20:43 <DIR> d-------- C:\Program Files\Apple Software Update
2008-05-31 19:46 . 2008-06-02 14:12 323 --a------ C:\WINDOWS\wininit.ini
2008-05-31 12:18 . 2008-06-12 00:40 <DIR> d--h----- C:\$AVG8.VAULT$
2008-05-31 12:06 . 2008-06-13 18:13 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-05-31 12:06 . 2008-05-31 12:06 <DIR> d-------- C:\Program Files\AVG
2008-05-31 12:06 . 2008-05-31 12:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-05-31 12:06 . 2008-05-31 12:06 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-05-31 12:06 . 2008-05-31 12:06 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-05-31 11:47 . 2008-05-31 11:48 <DIR> d-------- C:\Program Files\Trojan Killer
2008-05-31 11:44 . 2008-05-31 11:44 3,757,785 --a------ C:\trojankiller-setup.exe
2008-05-31 11:37 . 2008-05-31 11:38 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-31 11:37 . 2008-05-31 11:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-31 11:28 . 2008-05-31 11:28 9,722,720 --a------ C:\spybotsd152.exe
2008-05-31 11:22 . 2008-05-31 11:22 48,347,376 --a------ C:\avg_free_stf_all_8_100a1295.exe
2008-05-31 10:58 . 2008-05-31 11:10 354 --ahs---- C:\WINDOWS\system32\bcbhisab.ini
2008-05-29 02:11 . 2008-05-30 16:35 654 --ahs---- C:\WINDOWS\system32\qpgejrca.ini
2008-05-26 16:46 . 2008-05-26 16:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ActSmart
2008-05-25 11:43 . 2008-05-25 11:43 294 --ahs---- C:\WINDOWS\system32\gynaarjp.ini
2008-05-25 11:25 . 2008-05-31 13:45 <DIR> d-------- C:\WINDOWS\system32\vntiho06
2008-05-25 11:25 . 2008-05-25 11:25 <DIR> d-------- C:\WINDOWS\system32\igv
2008-05-25 11:25 . 2008-05-25 11:25 <DIR> d-------- C:\WINDOWS\system32\hI2
2008-05-25 11:25 . 2008-05-25 11:25 <DIR> d-------- C:\WINDOWS\system32\at1
2008-05-25 11:25 . 2008-05-25 11:25 <DIR> d-------- C:\WINDOWS\system32\1064a
2008-05-25 11:25 . 2008-05-25 11:44 <DIR> d-------- C:\Program Files\uTorrent
2008-05-25 11:25 . 2008-05-25 11:25 <DIR> d-------- C:\Program Files\egkjeke
2008-05-25 11:25 . 2008-05-31 12:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\hwzorejo
2008-05-24 03:36 . 2008-05-24 03:36 16,071,168 --a------ C:\pub2D.tmp
2008-05-24 03:35 . 2008-05-24 03:35 8,044,032 --a------ C:\pub2A.tmp
2008-05-20 21:36 . 2008-05-20 21:36 <DIR> d-------- C:\WINDOWS\system32\Adobe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-14 18:36 --------- d-----w C:\Documents and Settings\Dan\Application Data\Azureus
2008-06-11 03:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-06-09 17:14 --------- d-----w C:\Program Files\Java
2008-06-06 16:09 --------- d-----w C:\Documents and Settings\Dan\Application Data\AdobeUM
2008-05-31 15:59 --------- d-----w C:\Program Files\mIRC
2008-05-31 15:59 --------- d-----w C:\Program Files\LimeWire
2008-05-31 15:58 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-31 15:58 --------- d-----w C:\Program Files\Hero Editor
2008-05-31 15:57 --------- d-----w C:\Program Files\GameSpy Arcade
2008-05-31 15:57 --------- d-----w C:\Program Files\Diablo II
2008-05-23 20:54 --------- d-----w C:\Documents and Settings\Dan\Application Data\RipIt4Me
2008-05-01 03:11 --------- d-----w C:\Documents and Settings\Dan\Application Data\Skype
2008-04-03 00:11 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-04-03 00:11 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-03-14 22:24 93,128 -c--a-w C:\WINDOWS\system32\ElbyCDIO.dll
2008-03-10 05:40 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-06-20 06:21 16,124,000 ----a-w C:\Program Files\ukusonly_patch111v9safedisk.exe
2007-05-06 00:21 107,520 ----a-w C:\Program Files\UpActiveX.exe
2005-07-20 16:52 378,016 -c--a-w C:\Program Files\ydropper1_6us.exe
2004-04-26 01:24 343,859 ----a-w C:\Program Files\setup.exe
2002-03-24 17:34 3,322 -c--a-w C:\Program Files\readme.txt
1998-12-09 02:53 99,840 -c--a-w C:\Program Files\Common Files\IRAABOUT.DLL
1998-12-09 02:53 70,144 -c--a-w C:\Program Files\Common Files\IRAMDMTR.DLL
1998-12-09 02:53 48,640 -c--a-w C:\Program Files\Common Files\IRALPTTR.DLL
1998-12-09 02:53 31,744 -c--a-w C:\Program Files\Common Files\IRAWEBTR.DLL
1998-12-09 02:53 186,368 -c--a-w C:\Program Files\Common Files\IRAREG.DLL
1998-12-09 02:53 17,920 -c--a-w C:\Program Files\Common Files\IRASRIAL.DLL
.
------- Sigcheck -------
2001-08-23 08:00 12800 0f7d9c87b0ce1fa520473119752c6f79 C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
2004-08-04 00:56 14336 8f078ae4ed187aaabc0a305146de6716 C:\WINDOWS\ServicePackFiles\i386\svchost.exe
2004-08-04 00:56 14336 8f078ae4ed187aaabc0a305146de6716 C:\WINDOWS\system32\svchost.exe
2005-03-02 14:19 577024 1800f293bccc8ede8a70e12b88d80036 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
2007-03-08 11:48 578048 7aa4f6c00405dfc4b70ed4214e7d687b C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
2002-08-29 03:41 560128 dd9269230c21ee8fb7fd3fccc3b1cfcb C:\WINDOWS\$NtServicePackUninstall$\user32.dll
2004-08-04 00:56 577024 c72661f8552ace7c5c85e16a3cf505c4 C:\WINDOWS\$NtUninstallKB890859$\user32.dll
2005-03-02 14:09 577024 de2db164bbb35db061af0997e4499054 C:\WINDOWS\$NtUninstallKB925902$\user32.dll
2004-08-04 00:56 577024 c72661f8552ace7c5c85e16a3cf505c4 C:\WINDOWS\ServicePackFiles\i386\user32.dll
2007-03-08 11:36 577536 b409909f6e2e8a7067076ed748abf1e7 C:\WINDOWS\system32\user32.dll
2007-03-08 11:36 577536 b409909f6e2e8a7067076ed748abf1e7 C:\WINDOWS\system32\dllcache\user32.dll
2001-08-23 08:00 75264 8529c295df59b564d37a73b5629162b1 C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll
2004-08-04 00:56 82944 2ed0b7f12a60f90092081c50fa0ec2b2 C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
2004-08-04 00:56 82944 2ed0b7f12a60f90092081c50fa0ec2b2 C:\WINDOWS\system32\ws2_32.dll
2005-05-02 16:57 658944 e1e18136f9dd3df1ad9c82193a5898a6 C:\WINDOWS\$hf_mig$\KB883939\SP2QFE\wininet.dll
2005-09-02 19:53 660480 97a6fd7cafd688cf2c78939ebaf0cd0c C:\WINDOWS\$hf_mig$\KB896688\SP2QFE\wininet.dll
2005-07-02 22:09 659456 6e533d155b259eb2363d3e04b5be309f C:\WINDOWS\$hf_mig$\KB896727\SP2QFE\wininet.dll
2005-10-20 23:38 661504 af785c4947676a7fc1673fdc5c8d0b5b C:\WINDOWS\$hf_mig$\KB905915\SP2QFE\wininet.dll
2006-03-03 23:58 663552 c0845ecbf4f9164e618ee381b79c9032 C:\WINDOWS\$hf_mig$\KB912812\SP2QFE\wininet.dll
2006-05-10 01:25 663552 d94cffdb53e7ac867438e2dfd50e7cbc C:\WINDOWS\$hf_mig$\KB916281\SP2QFE\wininet.dll
2006-06-23 07:25 664576 64ce26db72810b30f7855ea51e1df836 C:\WINDOWS\$hf_mig$\KB918899\SP2QFE\wininet.dll
2006-09-14 04:31 664576 d207370287cf769aebebf03837784963 C:\WINDOWS\$hf_mig$\KB922760\SP2QFE\wininet.dll
2006-10-23 11:34 664576 231ef4179acabe486376b5ca893f1076 C:\WINDOWS\$hf_mig$\KB925454\SP2QFE\wininet.dll
2007-01-04 10:05 665088 3ffa1573fc274e5aa7467d03941c45ee C:\WINDOWS\$hf_mig$\KB928090\SP2QFE\wininet.dll
2007-02-20 05:52 665600 b258c922d22deec880b60720531d7627 C:\WINDOWS\$hf_mig$\KB931768\SP2QFE\wininet.dll
2007-04-18 08:46 665600 4261ba03afd659de04f0a17dfbdd454d C:\WINDOWS\$hf_mig$\KB933566\SP2QFE\wininet.dll
2007-06-26 10:35 665600 e1a3dd68b5380b360a7310a64d9bb188 C:\WINDOWS\$hf_mig$\KB937143\SP2QFE\wininet.dll
2007-08-22 08:55 665600 a1bc17eb3758d73c3938b2318820f5b4 C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\wininet.dll
2007-10-11 01:57 666112 80d660a49e0d118144423099b2a9f5da C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\wininet.dll
2002-08-29 03:41 599040 f3587750a7481dccbea13d473a0700be C:\WINDOWS\$NtServicePackUninstall$\wininet.dll
2004-08-04 00:56 656384 c0823fc5469663ba63e7db88f9919d70 C:\WINDOWS\$NtUninstallKB883939$\wininet.dll
2005-07-02 22:11 658432 5b5ff992c0fa762ccf8655fc290e6e52 C:\WINDOWS\$NtUninstallKB896688$\wininet.dll
2005-05-02 16:52 657920 1a078af3f85d10ba56444c23b3a18e74 C:\WINDOWS\$NtUninstallKB896727$\wininet.dll
2005-09-02 19:52 658432 af61ebb1f550175eff406d545d6ab086 C:\WINDOWS\$NtUninstallKB905915$\wininet.dll
2005-10-20 23:39 658432 e7b27b6b6e06ce34ea019fd8b858c613 C:\WINDOWS\$NtUninstallKB912812$\wininet.dll
2006-03-03 23:33 658432 1c0979c7a489bee573cd0bf4ad94bb06 C:\WINDOWS\$NtUninstallKB916281$\wininet.dll
2006-05-10 01:23 658432 38ab7a56f566d9aaad31812494944824 C:\WINDOWS\$NtUninstallKB918899$\wininet.dll
2006-06-23 07:02 658944 2b4db890936430c71419037039502752 C:\WINDOWS\$NtUninstallKB922760$\wininet.dll
2006-09-14 04:39 658944 621af3f6174a3f60677f5230e28bcc07 C:\WINDOWS\$NtUninstallKB925454$\wininet.dll
2006-10-23 11:17 658944 6b2735adff5a5d3b9130ca4a794722f0 C:\WINDOWS\$NtUninstallKB928090$\wininet.dll
2007-01-04 09:37 658944 8c393df5234cbcbff1ee31902d6b40ae C:\WINDOWS\$NtUninstallKB931768$\wininet.dll
2007-02-20 05:48 658944 30d1c47e40efbb792ff8d3c3b51ce507 C:\WINDOWS\$NtUninstallKB933566$\wininet.dll
2007-04-18 08:31 658944 b7156cd97e739f3014bc4d61758f868a C:\WINDOWS\$NtUninstallKB937143$\wininet.dll
2007-06-26 10:09 658944 184e47c8f7b331025e6dc92740db188f C:\WINDOWS\$NtUninstallKB939653$\wininet.dll
2007-08-22 09:12 658944 1901ad51da8be9f8b38d5d526e5d1788 C:\WINDOWS\$NtUninstallKB942615$\wininet.dll
2004-08-04 00:56 656384 c0823fc5469663ba63e7db88f9919d70 C:\WINDOWS\ServicePackFiles\i386\wininet.dll
2007-10-11 02:13 659456 2005ad86a22aee68e21ee59f9ccb77f2 C:\WINDOWS\system32\wininet.dll
2007-10-11 02:13 659456 2005ad86a22aee68e21ee59f9ccb77f2 C:\WINDOWS\system32\dllcache\wininet.dll
2005-05-25 15:07 359936 63fdfea54eb53de2d863ee454937ce1e C:\WINDOWS\$hf_mig$\KB893066\SP2QFE\tcpip.sys
2006-01-13 13:07 360448 5562cc0a47b2aef06d3417b733f3c195 C:\WINDOWS\$hf_mig$\KB913446\SP2QFE\tcpip.sys
2006-04-20 08:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2002-08-29 01:58 332928 244a2f9816bc9b593957281ef577d976 C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
2004-08-03 23:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB893066$\tcpip.sys
2005-05-25 15:04 359808 88763a98a4c26c409741b4aa162720c9 C:\WINDOWS\$NtUninstallKB913446$\tcpip.sys
2006-01-12 22:28 359808 583e063fdc888ca30d05c2724b0d7ef4 C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
2004-08-03 23:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
2006-04-20 07:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\system32\dllcache\tcpip.sys
2006-04-20 07:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\system32\drivers\tcpip.sys
2002-08-29 03:41 516608 2246d8d8f4714a2cedb21ab9b1849abb C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
2004-08-04 00:56 502272 01c3346c241652f43aed8e2149881bfe C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
2004-08-04 00:56 502272 01c3346c241652f43aed8e2149881bfe C:\WINDOWS\system32\winlogon.exe
2002-08-29 02:09 167552 3b350e5a2a5e951453f3993275a4523a C:\WINDOWS\$NtServicePackUninstall$\ndis.sys
2004-08-03 23:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\ServicePackFiles\i386\ndis.sys
2004-08-03 23:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\drivers\ndis.sys
2004-08-03 23:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\ServicePackFiles\i386\ip6fw.sys
2004-08-03 23:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\drivers\ip6fw.sys
2005-03-01 20:36 2056832 d8aba3eab509627e707a3b14f00fbb6b C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
2006-12-19 12:12 2059392 ba4b97c00a437c1cc3da365d93ee1e9d C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe
2007-02-28 05:15 2059392 4d3dbdccbf97f5ba1e74f322b155c3ba C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
2002-08-29 01:04 1947904 0e8efb15746878a9b256e75267337233 C:\WINDOWS\$NtServicePackUninstall$\ntkrnlpa.exe
2004-08-03 22:59 2056832 947fb1d86d14afcffdb54bf837ec25d0 C:\WINDOWS\$NtUninstallKB890859$\ntkrnlpa.exe
2005-03-01 20:34 2056832 81013f36b21c7f72cf784cc6731e0002 C:\WINDOWS\$NtUninstallKB929338$\ntkrnlpa.exe
2006-12-19 08:55 2057600 1d659bfb788ed2ba45075624b748d249 C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe
2007-02-28 04:38 2057600 515d30e2c90a3665a2739309334c9283 C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
2004-08-03 22:59 2056832 947fb1d86d14afcffdb54bf837ec25d0 C:\WINDOWS\ServicePackFiles\i386\ntkrnlpa.exe
2007-02-28 04:38 2057600 515d30e2c90a3665a2739309334c9283 C:\WINDOWS\system32\ntkrnlpa.exe
2007-02-28 04:38 2057600 515d30e2c90a3665a2739309334c9283 C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2005-03-01 21:04 2179456 28187802b7c368c0d3aef7d4c382aabb C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
2006-12-19 12:51 2182016 cef243f6defd20be4adde26c7ecacb54 C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe
2007-02-28 05:55 2182144 5a5c8db4aa962c714c8371fbdf189fc9 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
2002-08-29 02:03 2042240 b9080d97dbd631aadf9128f7316958d2 C:\WINDOWS\$NtServicePackUninstall$\ntoskrnl.exe
2004-08-03 23:20 2180992 ce218bc7088681faa06633e218596ca7 C:\WINDOWS\$NtUninstallKB890859$\ntoskrnl.exe
2005-03-01 20:59 2179328 4d4cf2c14550a4b7718e94a6e581856e C:\WINDOWS\$NtUninstallKB929338$\ntoskrnl.exe
2006-12-19 10:17 2180352 8f0deab1f81fb83f9c5995853ce48b9f C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe
2007-02-28 05:10 2180352 582a8dbaa58c3b1f176eb2817daee77c C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
2004-08-03 23:20 2180992 ce218bc7088681faa06633e218596ca7 C:\WINDOWS\ServicePackFiles\i386\ntoskrnl.exe
2007-02-28 05:10 2180352 582a8dbaa58c3b1f176eb2817daee77c C:\WINDOWS\system32\ntoskrnl.exe
2007-02-28 05:10 2180352 582a8dbaa58c3b1f176eb2817daee77c C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2007-06-13 06:23 1033216 97bd6515465659ff8f3b7be375b2ea87 C:\WINDOWS\explorer.exe
2007-06-13 07:26 1033216 7712df0cdde3a5ac89843e61cd5b3658 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2002-08-29 03:41 1004032 a82b28bfc2e4455fe43022a498c0ef0a C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
2004-08-04 00:56 1032192 a0732187050030ae399b241436565e64 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2004-08-04 00:56 1032192 a0732187050030ae399b241436565e64 C:\WINDOWS\ServicePackFiles\i386\explorer.exe
2007-06-13 06:23 1033216 97bd6515465659ff8f3b7be375b2ea87 C:\WINDOWS\system32\dllcache\explorer.exe
2001-08-23 08:00 101376 e3df4a0252d287c44606ee55355e1623 C:\WINDOWS\$NtServicePackUninstall$\services.exe
2004-08-04 00:56 108032 c6ce6eec82f187615d1002bb3bb50ed4 C:\WINDOWS\ServicePackFiles\i386\services.exe
2004-08-04 00:56 108032 c6ce6eec82f187615d1002bb3bb50ed4 C:\WINDOWS\system32\services.exe
2002-08-29 03:41 11776 b2b6ba905d0e3f8a32a0eb3b4051807b C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
2004-08-04 00:56 13312 84885f9b82f4d55c6146ebf6065d75d2 C:\WINDOWS\ServicePackFiles\i386\lsass.exe
2004-08-04 00:56 13312 84885f9b82f4d55c6146ebf6065d75d2 C:\WINDOWS\system32\lsass.exe
2002-08-29 03:41 13312 414de7cf9d3f19c3ea902f1bb38ec116 C:\WINDOWS\$NtServicePackUninstall$\ctfmon.exe
2004-08-04 00:56 15360 24232996a38c0b0cf151c2140ae29fc8 C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe
2004-08-04 00:56 15360 24232996a38c0b0cf151c2140ae29fc8 C:\WINDOWS\system32\ctfmon.exe
2004-08-04 00:56 15360 24232996a38c0b0cf151c2140ae29fc8 C:\WINDOWS\system32\dllcache\ctfmon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7894F903-283E-4EF2-A49D-B4110CA0D1B5}]
C:\WINDOWS\system32\opnoljHB.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a1e20d56-a2d0-4ded-b3a1-313044f1df18}]
C:\WINDOWS\system32\kyoddwov.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C8E90BC3-0839-40C9-8006-6C183F2D41DB}]
C:\WINDOWS\system32\jkkjIYOE.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45 313472]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-05-31 12:06 1177368]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-04-01 16:16 5562368]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-04-02 20:11 185896]
"3c4d632d"="C:\WINDOWS\system32\cjijqmus.dll" [ ]
"BM3f7e50b1"="C:\WINDOWS\system32\dxtitqkt.dll" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"hin06fYdJw"= C:\Documents and Settings\All Users\Application Data\hwzorejo\xinivcfo.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"msghlp"= {139F4717-9BD5-E24A-50FD-07D29F848116} - C:\Program Files\egkjeke\msghlp.dll [2008-05-25 11:25 126976]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c007B2B8]
C:\WINDOWS\system32\__c007B2B8.dat 2008-06-14 14:12 24576 C:\WINDOWS\system32\__c007B2B8.dat
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.yv12"= C:\PROGRA~1\ACEMEG~1\SystemS\ATI\atiyuv12.DLL
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Symantec Fax Starter Edition Port.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Symantec Fax Starter Edition Port.lnk
backup=C:\WINDOWS\pss\Symantec Fax Starter Edition Port.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Wireless Configuration Utility HW.51.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless Configuration Utility HW.51.lnk
backup=C:\WINDOWS\pss\Wireless Configuration Utility HW.51.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Dan^Start Menu^Programs^Startup^Picture Motion Browser Media Check Tool.lnk]
path=C:\Documents and Settings\Dan\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk
backup=C:\WINDOWS\pss\Picture Motion Browser Media Check Tool.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\3c4d632d]
C:\WINDOWS\system32\ybmlhmxg.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\amva]
C:\WINDOWS\system32\amvo.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
--a------ 2008-03-19 09:09 1739712 C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM3f7e50b1]
C:\WINDOWS\system32\fxmrsqvr.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CreativeTaskScheduler]
C:\Program Files\Creative\Shared Files\CTSched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]
--a------ 2007-03-05 13:57 1103480 C:\Program Files\IGN\Download Manager\DLM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
-ra------ 2004-06-22 05:34 1409136 C:\Program Files\Ahead\InCD\InCD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
--a------ 2007-05-17 17:45 279912 C:\Program Files\Microsoft LifeCam\LifeExp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Windows Installer]
C:\Documents and Settings\Dan\Application Data\Microsoft\dtsc\27030.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 12:24 1694208 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a--c--- 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nlnivaoo]
C:\WINDOWS\system32\dqtwnmny.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2005-04-01 16:16 5562368 C:\WINDOWS\system32\NvCpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a--c--- 2005-04-01 16:16 86016 C:\WINDOWS\System32\NvMcTray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a--c--- 2005-04-01 16:16 1495040 C:\WINDOWS\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ptipbmf]
-ra--c--- 2003-06-20 03:06 118784 C:\WINDOWS\system32\ptipbmf.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a--c--- 2003-10-31 20:42 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a--c--- 2004-02-26 04:53 65024 C:\WINDOWS\SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-01-28 11:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a--c--- 2006-12-15 04:23 75520 C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-04-02 20:11 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX6000]
-ra------ 2007-04-10 17:46 996712 C:\WINDOWS\vVX6000.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 18:43 4670704 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\EA GAMES\\MOHAA\\MOHAA.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\Program Files\\Visicom Media\\AceFTP 3 freeware\\aceftp3free.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Microsoft Office\\Office\\1033\\WFXMSRVR.EXE"=
"C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"C:\\Program Files\\ACE Mega CoDecS Pack\\UtilitieS\\3ivxconfig.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-05-31 12:06]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-05-31 12:06]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 17:38]
R3 RLDesignVirtualAudioCableWdm;Live! Cam Virtual;C:\WINDOWS\system32\DRIVERS\livecamv.sys [2007-01-15 18:57]
R3 VX6000;Microsoft LifeCam VX-6000;C:\WINDOWS\system32\DRIVERS\VX6000Xp.sys [2007-04-10 17:46]
S3 axvscsi;axvscsi;C:\WINDOWS\system32\DRIVERS\axvscsi.sys [2003-01-31 22:43]
S3 PIXMCV;JVC Communication PIX-MCV Driver;C:\WINDOWS\system32\Drivers\pixmcvc.sys [2002-09-28 10:08]
S3 PIXMCVA;JVC PIX-MCV Audio Capture;C:\WINDOWS\system32\Drivers\pixmcva.sys [2002-10-04 00:53]
S3 PIXMCVV;JVC PIX-MCV Video Capture;C:\WINDOWS\system32\Drivers\pixmcvv.sys [2002-11-28 06:16]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{917bd7a4-ddc4-11d9-8a35-806d6172696f}]
\Shell\AutoRun\command - E:\SETUP.EXE
.
Contents of the 'Scheduled Tasks' folder
"2008-06-12 03:20:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-19 04:19:11 C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_setup_exe.job"
- D:\setup.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-06-14 16:04:12
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\__c007B2B8.dat
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
.
**************************************************************************
.
Completion time: 2008-06-14 16:13:40 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-14 20:13:31
Pre-Run: 12,574,031,872 bytes free
Post-Run: 12,940,070,912 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
473 --- E O F --- 2007-12-13 02:02:04
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:15:51 PM, on 6/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Dan\Desktop\HiJackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.hotmail.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.hotmail.com/O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7894F903-283E-4EF2-A49D-B4110CA0D1B5} - C:\WINDOWS\system32\opnoljHB.dll (file missing)
O2 - BHO: {81fd1f44-0313-1a3b-ded4-0d2a65d02e1a} - {a1e20d56-a2d0-4ded-b3a1-313044f1df18} - C:\WINDOWS\system32\kyoddwov.dll (file missing)
O2 - BHO: (no name) - {C8E90BC3-0839-40C9-8006-6C183F2D41DB} - C:\WINDOWS\system32\jkkjIYOE.dll (file missing)
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [3c4d632d] rundll32.exe "C:\WINDOWS\system32\cjijqmus.dll",b
O4 - HKLM\..\Run: [BM3f7e50b1] Rundll32.exe "C:\WINDOWS\system32\dxtitqkt.dll",s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKLM\..\Policies\Explorer\Run: [hin06fYdJw] C:\Documents and Settings\All Users\Application Data\hwzorejo\xinivcfo.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {230C3D02-DA27-11D2-8612-00A0C93EEA3C} (SAXFile FileUpload ActiveX Control) -
http://www.winkflash.com/photo/loaders/SAXFile.cabO16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) -
http://www.fileplanet.com/fpdlmgr/cabs/ ... .2.100.cabO16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) -
http://lads.myspace.com/upload/MySpaceUploader1006.cabO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://gfx1.mail.live.com/mail/w1/resou ... NPUpld.cabO16 - DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} -
http://www.tvkoo.com/update/KooPlayer.ocxO16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) -
http://upload.facebook.com/controls/Fac ... loader.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://www.update.microsoft.com/microso ... 4839501375O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) -
http://picture.vzw.com/activex/VerizonW ... ontrol.cabO16 - DPF: {A30FBBDC-FA29-4606-8565-14AADCCA6708} (Rite Aid One Hour Photo Online Control) -
https://photos.riteaid.com/control/Rite ... Online.cabO16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) -
http://www.crucial.com/controls/cpcScanner.cabO16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) -
http://www.creative.com/su2/CTL_V02002/ ... /CTPID.cabO18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: __c007B2B8 - C:\WINDOWS\system32\__c007B2B8.dat (file missing)
O21 - SSODL: msghlp - {139F4717-9BD5-E24A-50FD-07D29F848116} - C:\Program Files\egkjeke\msghlp.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 6869 bytes