System Security and maybe others

Hazzah, I finally got a log lol.

Just a reminder: everything is back and running except a couple programs still don't run and search engines don't work. I had system security and then antivirus system pro, and who knows what else.

Here is was I got from Silent Runners:

"Silent Runners.vbs", revision 59, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [** WMI GetObject error **]
"\\TOMSDESK\EPSON Stylus CX7800 Series" = "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAFA.EXE /P37 "\\TOMSDESK\EPSON Stylus CX7800 Series" /M "Stylus CX7800" /EF "HKCU"" [** WMI GetObject error **]
"swg" = "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [** WMI GetObject error **]
"Aim6" = "(empty string)" [file not found]
"H/PC Connection Agent" = ""C:\Program Files\Microsoft ActiveSync\wcescomm.exe"" [** WMI GetObject error **]
"msnmsgr" = ""C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background" [** WMI GetObject error **]
"hsf7husjnfg98gi498aejhiugjkdg4" = "C:\WINDOWS\TEMP\az8vld.exe" [file not found]
"inkgdp2j1r3cx9mlaowxse" = "C:\WINDOWS\TEMP\az8vld.exe" [file not found]
"Windows System Recover!" = "C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\debug.exe" [file not found]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"ehTray" = "C:\WINDOWS\ehome\ehtray.exe" [** WMI GetObject error **]
"RTHDCPL" = "RTHDCPL.EXE" [** WMI GetObject error **]
"igfxhkcmd" = "C:\WINDOWS\system32\hkcmd.exe" [** WMI GetObject error **]
"igfxpers" = "C:\WINDOWS\system32\igfxpers.exe" [** WMI GetObject error **]
"IAAnotif" = "C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [** WMI GetObject error **]
"HPHUPD08" = "c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [** WMI GetObject error **]
"DMAScheduler" = ""c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"" [** WMI GetObject error **]
"Recguard" = "C:\WINDOWS\SMINST\RECGUARD.EXE" [** WMI GetObject error **]
"(Default)" = "(empty string)" [file not found]
"PCDrProfiler" = "(empty string)" [file not found]
"HPBootOp" = ""C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run" [** WMI GetObject error **]
"HostManager" = "C:\Program Files\Common Files\AOL\1157346037\ee\AOLSoftware.exe" [** WMI GetObject error **]
"AOLDialer" = "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [** WMI GetObject error **]
"QuickTime Task" = ""C:\Program Files\QuickTime\QTTask.exe" -atboottime" [** WMI GetObject error **]
"HP Software Update" = "C:\Program Files\HP\HP Software Update\HPwuSchd2.exe"
"SunJavaUpdateSched" = ""C:\Program Files\Java\jre6\bin\jusched.exe"" [** WMI GetObject error **]
"\\TOMSDESK\EPSON Stylus CX7800 Series" = "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAFA.EXE /P37 "\\TOMSDESK\EPSON Stylus CX7800 Series" /O6 "USB002" /M "Stylus CX7800"" [** WMI GetObject error **]
"TkBellExe" = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot" [** WMI GetObject error **]
"Lexmark X74-X75" = ""C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"" [** WMI GetObject error **]
"sscRun" = "C:\Program Files\Common Files\AOL\1157346037\ee\SSCRun.exe" [** WMI GetObject error **]
"OASClnt" = "C:\Program Files\mcafee.com\antivirus\oasclnt.exe" [** WMI GetObject error **]
"EmailScan" = "C:\Program Files\mcafee.com\antivirus\mcvsescn.exe" [** WMI GetObject error **]
"atwtusb" = "atwtusb.exe beta" [** WMI GetObject error **]
"DISCover" = "C:\Program Files\DISC\DISCover.exe nogui" [** WMI GetObject error **]
"Babylon Client" = "C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart" [** WMI GetObject error **]
"Auto EPSON Stylus CX7800 Series on GSLDESKTOP" = "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAFA.EXE /P45 "Auto EPSON Stylus CX7800 Series on GSLDESKTOP" /O25 "\\GSLDESKTOP\EPSONScx7800" /M "Stylus CX7800"" [** WMI GetObject error **]
"SemanticInsight" = "C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe" [file not found]
"KernelFaultCheck" = "%systemroot%\system32\dumprep 0 -k" [** WMI GetObject error **]
"DAEMON Tools" = ""C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033" [** WMI GetObject error **]
"AOLSPScheduler" = "C:\Program Files\Common Files\AOL\1157346037\ee\services\safetyCore\ver210_5_4_1\AOLSP Scheduler.exe" [** WMI GetObject error **]
"Auto EPSON Stylus CX7800 Series on TOMDELLDESK" = "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAFA.EXE /P46 "Auto EPSON Stylus CX7800 Series on TOMDELLDESK" /O21 "\\TOMDELLDESK\Printer" /M "Stylus CX7800"" [** WMI GetObject error **]
"googletalk" = "C:\Program Files\Google\Google Talk\googletalk.exe /autostart" [** WMI GetObject error **]
"11038904" = "C:\Documents and Settings\All Users\Application Data\11038904\11038904.exe" [file not found]
"91048896" = "C:\Documents and Settings\All Users\Application Data\91048896\91048896.exe" [file not found]
"HW Upgrade" = "C:\WINDOWS\hwupgrade.exe" [file not found]
"MSN" = "C:\WINDOWS\msncom.exe" [** WMI GetObject error **]
"UnlockerAssistant" = ""C:\Program Files\Unlocker\UnlockerAssistant.exe"" [** WMI GetObject error **]
"Ad-Watch" = "C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe" [** WMI GetObject error **]
"AVG8_TRAY" = "C:\PROGRA~1\AVG\AVG8\avgtray.exe" [** WMI GetObject error **]
"winsmb" = "C:\WINDOWS\system32\winsmb.exe" [file not found]
"rswav" = "C:\WINDOWS\system32\rswav.exe" [** WMI GetObject error **]
"ntvbn" = "C:\WINDOWS\system32\ntvbn.exe" [** WMI GetObject error **]

HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\
>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\(Default) = "Microsoft Windows Media Player"
\StubPath = "C:\WINDOWS\inf\unregmp2.exe /ShowWMP" [** WMI GetObject error **]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{B2C7B2A1-00F3-42BD-F434-00AABA2C8952}\(Default) = (no title provided)
-> {HKLM...CLSID} = "C:\WINDOWS\system32\gsf83iujid.dll"
\InProcServer32\(Default) = "C:\WINDOWS\system32\gsf83iujid.dll" [file not found]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{00022613-0000-0000-C000-000000000046}" = "Multimedia File Property Sheet"
-> {HKLM...CLSID} = "Multimedia File Property Sheet"
\InProcServer32\(Default) = "mmsys.cpl" [** WMI GetObject error **]
"{176d6597-26d3-11d1-b350-080036a75b03}" = "ICM Scanner Management"
-> {HKLM...CLSID} = "ICM Scanner Management"
\InProcServer32\(Default) = "icmui.dll" [** WMI GetObject error **]
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}" = "NTFS Security Page"
-> {HKLM...CLSID} = "Security Shell Extension"
\InProcServer32\(Default) = "rshx32.dll" [** WMI GetObject error **]
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}" = "OLE Docfile Property Page"
-> {HKLM...CLSID} = "OLE Docfile Property Page"
\InProcServer32\(Default) = "docprop.dll" [** WMI GetObject error **]
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}" = "Shell extensions for sharing"
-> {HKLM...CLSID} = "Shell extensions for sharing"
\InProcServer32\(Default) = "ntshrui.dll" [** WMI GetObject error **]
"{41E300E0-78B6-11ce-849B-444553540000}" = "PlusPack CPL Extension"
-> {HKLM...CLSID} = "PlusPack CPL Extension"
\InProcServer32\(Default) = "C:\WINDOWS\system32\themeui.dll" [** WMI GetObject error **]
"{42071712-76d4-11d1-8b24-00a0c9068ff3}" = "Display Adapter CPL Extension"
-> {HKLM...CLSID} = "Display Adapter CPL Extension"
\InProcServer32\(Default) = "deskadp.dll" [** WMI GetObject error **]
"{42071713-76d4-11d1-8b24-00a0c9068ff3}" = "Display Monitor CPL Extension"
-> {HKLM...CLSID} = "Display Monitor CPL Extension"
\InProcServer32\(Default) = "deskmon.dll" [** WMI GetObject error **]
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {HKLM...CLSID} = "Display Panning CPL Extension"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{4E40F770-369C-11d0-8922-00A024AB2DBB}" = "DS Security Page"
-> {HKLM...CLSID} = "Security Shell Extension"
\InProcServer32\(Default) = "dssec.dll" [** WMI GetObject error **]
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}" = "Compatibility Page"
-> {HKLM...CLSID} = "Compatibility Page"
\InProcServer32\(Default) = "SlayerXP.dll" [** WMI GetObject error **]
"{56117100-C0CD-101B-81E2-00AA004AE837}" = "Shell Scrap DataHandler"
-> {HKLM...CLSID} = "Shell Scrap DataHandler"
\InProcServer32\(Default) = "shscrap.dll" [** WMI GetObject error **]
"{59099400-57FF-11CE-BD94-0020AF85B590}" = "Disk Copy Extension"
-> {HKLM...CLSID} = "Disk Copy Extension"
\InProcServer32\(Default) = "diskcopy.dll" [** WMI GetObject error **]
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}" = "Shell extensions for Microsoft Windows Network objects"
-> {HKLM...CLSID} = "Shell extensions for Microsoft Windows Network objects"
\InProcServer32\(Default) = "ntlanui2.dll" [** WMI GetObject error **]
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}" = "ICM Monitor Management"
-> {HKLM...CLSID} = "ICM Monitor Management"
\InProcServer32\(Default) = "C:\WINDOWS\System32\icmui.dll" [** WMI GetObject error **]
"{675F097E-4C4D-11D0-B6C1-0800091AA605}" = "ICM Printer Management"
-> {HKLM...CLSID} = "ICM Printer Management"
\InProcServer32\(Default) = "C:\WINDOWS\system32\icmui.dll" [** WMI GetObject error **]
"{77597368-7b15-11d0-a0c2-080036af3f03}" = "Web Printer Shell Extension"
-> {HKLM...CLSID} = "Web Printer Shell Extension"
\InProcServer32\(Default) = "printui.dll" [** WMI GetObject error **]
"{7988B573-EC89-11cf-9C00-00AA00A14F56}" = "Disk Quota UI"
-> {HKLM...CLSID} = "Microsoft Disk Quota UI"
\InProcServer32\(Default) = "dskquoui.dll" [** WMI GetObject error **]
"{85BBD920-42A0-1069-A2E4-08002B30309D}" = "Briefcase"
-> {HKLM...CLSID} = "Briefcase"
\InProcServer32\(Default) = "syncui.dll" [** WMI GetObject error **]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" [** WMI GetObject error **]
"{BD84B380-8CA2-1069-AB1D-08000948F534}" = "Fonts"
-> {HKLM...CLSID} = "Fonts"
\InProcServer32\(Default) = "fontext.dll" [** WMI GetObject error **]
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}" = "ICC Profile"
-> {HKLM...CLSID} = "ICC Profile"
\InProcServer32\(Default) = "C:\WINDOWS\system32\icmui.dll" [** WMI GetObject error **]
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}" = "Printers Security Page"
-> {HKLM...CLSID} = "Security Shell Extension"
\InProcServer32\(Default) = "rshx32.dll" [** WMI GetObject error **]
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}" = "Shell extensions for sharing"
-> {HKLM...CLSID} = "Shell extensions for sharing"
\InProcServer32\(Default) = "ntshrui.dll" [** WMI GetObject error **]
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}" = "Display TroubleShoot CPL Extension"
-> {HKLM...CLSID} = "Display TroubleShoot CPL Extension"
\InProcServer32\(Default) = "deskperf.dll" [** WMI GetObject error **]
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}" = "Crypto PKO Extension"
-> {HKLM...CLSID} = "CryptPKO Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\cryptext.dll" [** WMI GetObject error **]
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}" = "Crypto Sign Extension"
-> {HKLM...CLSID} = "CryptSig Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\cryptext.dll" [** WMI GetObject error **]
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}" = "Network Connections"
-> {HKLM...CLSID} = "Network Connections"
\InProcServer32\(Default) = "C:\WINDOWS\system32\NETSHELL.dll" [** WMI GetObject error **]
"{992CFFA0-F557-101A-88EC-00DD010CCC48}" = "Network Connections"
-> {HKLM...CLSID} = "Network Connections"
\InProcServer32\(Default) = "C:\WINDOWS\system32\NETSHELL.dll" [** WMI GetObject error **]
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}" = "Scanners & Cameras"
-> {HKLM...CLSID} = "Scanners & Cameras"
\InProcServer32\(Default) = "wiashext.dll" [** WMI GetObject error **]
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}" = "Scanners & Cameras"
-> {HKLM...CLSID} = "Scanners & Cameras"
\InProcServer32\(Default) = "wiashext.dll" [** WMI GetObject error **]
"{905667aa-acd6-11d2-8080-00805f6596d2}" = "Scanners & Cameras"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "wiashext.dll" [** WMI GetObject error **]
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}" = "Scanners & Cameras"
-> {HKLM...CLSID} = "Scanners & Cameras"
\InProcServer32\(Default) = "wiashext.dll" [** WMI GetObject error **]
"{83bbcbf3-b28a-4919-a5aa-73027445d672}" = "Scanners & Cameras"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "wiashext.dll" [** WMI GetObject error **]
"{F0152790-D56E-4445-850E-4F3117DB740C}" = "Remote Sessions CPL Extension"
-> {HKLM...CLSID} = "Remote Sessions CPL Extension"
\InProcServer32\(Default) = "C:\WINDOWS\system32\remotepg.dll" [** WMI GetObject error **]
"{1D2680C9-0E2A-469d-B787-065558BC7D43}" = "Fusion Cache"
-> {HKLM...CLSID} = "Fusion Cache"
\InProcServer32\(Default) = "c:\WINDOWS\system32\mscoree.dll" [** WMI GetObject error **]
"{60254CA5-953B-11CF-8C96-00AA00B8708C}" = "Shell extensions for Windows Script Host"
-> {HKLM...CLSID} = "Shell Extension For Windows Script Host"
\InProcServer32\(Default) = "C:\WINDOWS\system32\wshext.dll" [** WMI GetObject error **]
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}" = "Microsoft Data Link"
-> {HKLM...CLSID} = "Microsoft OLE DB Service Component Data Links"
\InProcServer32\(Default) = "C:\Program Files\Common Files\System\Ole DB\oledb32.dll" [** WMI

GetObject error **]
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}" = "Tasks Folder Icon Handler"
-> {HKLM...CLSID} = "Scheduling UI icon handler"
\InProcServer32\(Default) = "C:\WINDOWS\system32\mstask.dll" [** WMI GetObject error **]
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}" = "Tasks Folder Shell Extension"
-> {HKLM...CLSID} = "Scheduling UI property sheet handler"
\InProcServer32\(Default) = "C:\WINDOWS\system32\mstask.dll" [** WMI GetObject error **]
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}" = "Scheduled Tasks"
-> {HKLM...CLSID} = "Scheduled Tasks"
\InProcServer32\(Default) = "C:\WINDOWS\system32\mstask.dll" [** WMI GetObject error **]
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}" = "Set Program Access and Defaults"
-> {HKLM...CLSID} = "Set Program Access and Defaults"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [** WMI GetObject error **]
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}" = "Auto Update Property Sheet Extension"
-> {HKLM...CLSID} = "Auto Update Property Sheet Extension"
\InProcServer32\(Default) = "C:\WINDOWS\system32\wuaucpl.cpl" [** WMI GetObject error **]
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}" = "Search"
-> {HKLM...CLSID} = "Search"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [** WMI GetObject error **]
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}" = "Help and Support"
-> {HKLM...CLSID} = "Help and Support"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [** WMI GetObject error **]
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}" = "Help and Support"
-> {HKLM...CLSID} = "Windows Security"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [** WMI GetObject error **]
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}" = "Run..."
-> {HKLM...CLSID} = "Run..."
\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [** WMI GetObject error **]
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}" = "Internet"
-> {HKLM...CLSID} = "Internet"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [** WMI GetObject error **]
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}" = "E-mail"
-> {HKLM...CLSID} = "E-mail"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [** WMI GetObject error **]
"{D20EA4E1-3957-11d2-A40B-0C5020524152}" = "Fonts"
-> {HKLM...CLSID} = "Fonts"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [** WMI GetObject error **]
"{D20EA4E1-3957-11d2-A40B-0C5020524153}" = "Administrative Tools"
-> {HKLM...CLSID} = "Administrative Tools"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [** WMI GetObject error **]
"{596AB062-B4D2-4215-9F74-E9109B0A8153}" = "Previous Versions Property Page"
-> {HKLM...CLSID} = "Previous Versions Property Page"
\InProcServer32\(Default) = "C:\WINDOWS\system32\twext.dll" [** WMI GetObject error **]
"{9DB7A13C-F208-4981-8353-73CC61AE2783}" = "Previous Versions"
-> {HKLM...CLSID} = "Previous Versions"
\InProcServer32\(Default) = "C:\WINDOWS\system32\twext.dll" [** WMI GetObject error **]
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}" = "Audio Media Properties Handler"
-> {HKLM...CLSID} = "Audio Media Properties Handler"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shmedia.dll" [** WMI GetObject error **]
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}" = "Video Media Properties Handler"
-> {HKLM...CLSID} = "Video Media Properties Handler"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shmedia.dll" [** WMI GetObject error **]
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}" = "Wav Properties Handler"
-> {HKLM...CLSID} = "Wav Properties Handler"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shmedia.dll" [** WMI GetObject error **]
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}" = "Avi Properties Handler"
-> {HKLM...CLSID} = "Avi Properties Handler"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shmedia.dll" [** WMI GetObject error **]
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}" = "Midi Properties Handler"
-> {HKLM...CLSID} = "Midi Properties Handler"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shmedia.dll" [** WMI GetObject error **]
"{c5a40261-cd64-4ccf-84cb-c394da41d590}" = "Video Thumbnail Extractor"
-> {HKLM...CLSID} = "Video Thumbnail Extractor"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shmedia.dll" [** WMI GetObject error **]
"{5E6AB780-7743-11CF-A12B-00AA004AE837}" = "Microsoft Internet Toolbar"
-> {HKLM...CLSID} = "Microsoft Internet Toolbar"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [** WMI GetObject error **]
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}" = "Download Status"
-> {HKLM...CLSID} = "Download Status"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [** WMI GetObject error **]
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}" = "Augmented Shell Folder"
-> {HKLM...CLSID} = "Augmented Shell Folder"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [** WMI GetObject error **]
"{6413BA2C-B461-11d1-A18A-080036B11A03}" = "Augmented Shell Folder 2"
-> {HKLM...CLSID} = "Augmented Shell Folder 2"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [** WMI GetObject error **]
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}" = "BandProxy"
-> {HKLM...CLSID} = "BandProxy"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [** WMI GetObject error **]
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}" = "Microsoft BrowserBand"
-> {HKLM...CLSID} = "Microsoft BrowserBand"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [** WMI GetObject error **]
"{30D02401-6A81-11d0-8274-00C04FD5AE38}" = "Search Band"
-> {HKLM...CLSID} = "Search Band"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [** WMI GetObject error **]
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}" = "In-pane search"
-> {HKLM...CLSID} = "In-pane search"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [** WMI GetObject error **]
"{07798131-AF23-11d1-9111-00A0C98BA67D}" = "Web Search"
-> {HKLM...CLSID} = "Web Search"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [** WMI GetObject error **]
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}" = "Registry Tree Options Utility"



Thanks again

Please download the current version of HijackThis from HERE

• Double click and run the installer.
  
• It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  
• After installing, you should get the user agreement, press accept and Hijack This will run.
  
• Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.
  

Yay it works.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:48:51 PM, on 6/13/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\AOL\1157346037\ee\services\safetyCore\ver210_5_4_1\aolavupd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\E_S00RP1.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\mcafee.com\ANTIVI~1\OasClnt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\AOL\1157346037\ee\AOLSoftware.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
C:\WINDOWS\system32\atwtusb.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAFA.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\AOL\1157346037\ee\services\safetyCore\ver210_5_4_1\AOLSP Scheduler.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAFA.EXE
C:\WINDOWS\msncom.exe
C:\Program Files\Common Files\AOL\1157346037\EE\aolsoftware.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\rswav.exe
C:\WINDOWS\system32\ntvbn.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\AOL\1157346037\ee\SSCEvtHdlr.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\Wscript.exe
C:\WINDOWS\System32\Wscript.exe
c:\program files\aol\aim toolbar 5.0\AolTbServer.exe
C:\WINDOWS\System32\Wscript.exe
C:\WINDOWS\System32\Wscript.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PAVILION&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PAVILION&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PAVILION&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PAVILION&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,
O2 - BHO: C:\WINDOWS\system32\gsf83iujid.dll - {B2C7B2A1-00F3-42BD-F434-00AABA2C8952} - C:\WINDOWS\system32\gsf83iujid.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Babylon - {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - C:\Program Files\Babylon\Babylon Toolbar\BabylonIEToolBar.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1157346037\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [\\TOMSDESK\EPSON Stylus CX7800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAFA.EXE /P37 "\\TOMSDESK\EPSON Stylus CX7800 Series" /O6 "USB002" /M "Stylus CX7800"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1157346037\ee\SSCRun.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe
O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta
O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe nogui
O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [Auto EPSON Stylus CX7800 Series on GSLDESKTOP] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAFA.EXE /P45 "Auto EPSON Stylus CX7800 Series on GSLDESKTOP" /O25 "\\GSLDESKTOP\EPSONScx7800" /M "Stylus CX7800"
O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1157346037\ee\services\safetyCore\ver210_5_4_1\AOLSP Scheduler.exe
O4 - HKLM\..\Run: [Auto EPSON Stylus CX7800 Series on TOMDELLDESK] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAFA.EXE /P46 "Auto EPSON Stylus CX7800 Series on TOMDELLDESK" /O21 "\\TOMDELLDESK\Printer" /M "Stylus CX7800"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [11038904] C:\Documents and Settings\All Users\Application Data\11038904\11038904.exe
O4 - HKLM\..\Run: [91048896] C:\Documents and Settings\All Users\Application Data\91048896\91048896.exe
O4 - HKLM\..\Run: [HW Upgrade] C:\WINDOWS\hwupgrade.exe
O4 - HKLM\..\Run: [MSN] C:\WINDOWS\msncom.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [winsmb] C:\WINDOWS\system32\winsmb.exe
O4 - HKLM\..\Run: [rswav] C:\WINDOWS\system32\rswav.exe
O4 - HKLM\..\Run: [ntvbn] C:\WINDOWS\system32\ntvbn.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [\\TOMSDESK\EPSON Stylus CX7800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAFA.EXE /P37 "\\TOMSDESK\EPSON Stylus CX7800 Series" /M "Stylus CX7800" /EF "HKCU"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [hsf7husjnfg98gi498aejhiugjkdg4] C:\WINDOWS\TEMP\az8vld.exe
O4 - HKCU\..\Run: [inkgdp2j1r3cx9mlaowxse] C:\WINDOWS\TEMP\az8vld.exe
O4 - HKCU\..\Run: [Windows System Recover!] C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\debug.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: palmOne Registration.lnk = C:\Program Files\palmOne\register.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm

O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {5AA5A569-F96F-4628-A528-8B3698F558BB} (HS_live Control) - http://install.homestead.com/~site/InstallFiles/SIFiles/lpxlive/HS_live.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} (ZPA_SHVL Object) - http://zone.msn.com/bingame/zpagames/zpa_shvl.cab55579.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {BE319D04-18BD-4B34-AECC-EE7CB610FCA9} (BewitchedGameClass Control) - http://aolsvc.aol.com/onlinegames/sonybewitched/main.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: __c00C1B58 - C:\WINDOWS\system32\__c00C1B58.dat (file missing)
O22 - SharedTaskScheduler: hs837hiudjgfo9s8gjio4gfd - {B2C7B2A1-00F3-42BD-F434-00AABA2C8952} - C:\WINDOWS\system32\gsf83iujid.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Antivirus Update Service (aolavupd) - AOL LLC - C:\Program Files\Common Files\AOL\1157346037\ee\services\safetyCore\ver210_5_4_1\aolavupd.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Intel Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\E_S00RP1.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\

--
End of file - 19298 bytes

Hello.

Your system is severly infected. Problem with these infections nowadays is, it causes a lot of damage. Even if we clean the malware off your system, I can't guarantee that your system will be clean afterwards, because these infections/bundles leave a lot of leftovers behind that most scanners won't even recognise and logs won't show.
Also, I can't promise you we can repair all the damage it caused... Even after cleaning the malware, you can still get errors afterwards because of the damage. Solving these is not always possible since it will be searching for a needle in a haystack to find the right cause and solution.
So, we can try to clean this up and do what we can, but keep in mind that we can't solve ALL problems this malware already caused.

In light of this it would be wise for you to back up any files and folders that you don't want to lose before we start. Reason I am telling this is because when a system is so terribly infected and we try to clean this up manually, the damage that is already present may interfere with our removal attempts.

• Open HijackThis
  
• Choose "Do a system scan only"
  
• Check the boxes in front of these lines:
  
  
  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;
  F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,
  O2 - BHO: C:\WINDOWS\system32\gsf83iujid.dll - {B2C7B2A1-00F3-42BD-F434-00AABA2C8952} - C:\WINDOWS\system32\gsf83iujid.dll (file missing)
  O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta
  O4 - HKLM\..\Run: [11038904] C:\Documents and Settings\All Users\Application Data\11038904\11038904.exe
  O4 - HKLM\..\Run: [91048896] C:\Documents and Settings\All Users\Application Data\91048896\91048896.exe
  O4 - HKLM\..\Run: [HW Upgrade] C:\WINDOWS\hwupgrade.exe
  O4 - HKLM\..\Run: [MSN] C:\WINDOWS\msncom.exe
  O4 - HKLM\..\Run: [winsmb] C:\WINDOWS\system32\winsmb.exe
  O4 - HKLM\..\Run: [rswav] C:\WINDOWS\system32\rswav.exe
  O4 - HKLM\..\Run: [ntvbn] C:\WINDOWS\system32\ntvbn.exe
  O4 - HKCU\..\Run: [hsf7husjnfg98gi498aejhiugjkdg4] C:\WINDOWS\TEMP\az8vld.exe
  O4 - HKCU\..\Run: [inkgdp2j1r3cx9mlaowxse] C:\WINDOWS\TEMP\az8vld.exe
  O4 - HKCU\..\Run: [Windows System Recover!] C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\debug.exeO4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
  O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
  O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
  O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
  O15 - Trusted Zone: http://*.trymedia.com (HKLM)
  O20 - Winlogon Notify: __c00C1B58 - C:\WINDOWS\system32\__c00C1B58.dat (file missing)
  O22 - SharedTaskScheduler: hs837hiudjgfo9s8gjio4gfd - {B2C7B2A1-00F3-42BD-F434-00AABA2C8952} - C:\WINDOWS\system32\gsf83iujid.dll (file missing)
  
  
  
• Press "Fix Checked"
  
• Close Hijack This.
  

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

Did Fix Checked and got about three messages saying that registry editing was not permitted by administrator

• Now open a new notepad file.
  
• Input this into the notepad file:
  

  
  [Version]
  Signature=$CHICAGO$
  
  [DefaultInstall]
  AddReg=Add.Settings
  
  [Add.Settings]
  HKCU,SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System,DisableRegistryTools,0x00000000
  
  

  
  
• Save this as fixreg.inf, save it to your desktop.
  
• Right click fixreg.inf and select install.
  

Now try it again, the inf file will remove the dword value from the policy.

Ok. But Malwarebytes installs but won't open.

Hello.

• Download combofix from here
  Link 1
  Link 2
  
  1. If you are using Firefox, make sure that your download settings are as follows:
  
  * Tools->Options->Main tab
  * Set to "Always ask me where to Save the files".
  
  2. During the download, rename Combofix to Combo-Fix as follows:
  
  
  
  
  
  3. It is important you rename Combofix during the download, but not after.
  4. Please do not rename Combofix to other names, but only to the one indicated.
  5. Close any open browsers.
  6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  
  
• We need to disable your local AV (Anti-virus) before running Combofix.
  
• See HERE for how to disable your AV. (Mcafee)
  
• Double click on ComboFix.exe.
  
• Follow the prompts. NOTE:
  
• ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
  ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
  
  **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
  
  
  
• The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
  
  
  
  
• Allow ComboFix to download the Recovery Console.
  
• Accept the End-User License Agreement.
  
• The Recovery Console will be installed.
  
• You will then get this next prompt that asks if you want to continue the malware scan, select yes
  
  
  
  
• Allow combofix to run
  
• Post C:\combofix.txt back here.
  
  Note:
  Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  

ComboFix 09-06-15.05 - HP_Administrator 06/15/2009 22:17.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2038.1540 [GMT -7:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\Combo-Fix.exe
AV: AOL Antivirus *On-access scanning disabled* (Outdated) {164FF91F-F5BD-4B74-A9DC-932CECB1603B}
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\HP_Administrator\Start Menu\Programs\System Security
c:\program files\Microsoft Common
c:\windows\cdmxtras
c:\windows\Fonts\acrsecI.fon
c:\windows\system32\6b4de455-a1db-ba2f-d8f5-4125efc81e7e.exe
c:\windows\system32\cache329
c:\windows\system32\drivers\UACbwtnipjistiqpfu.sys
c:\windows\system32\lowsec
c:\windows\system32\lowsec\local.ds
c:\windows\system32\lowsec\user.ds
c:\windows\system32\sdra64.exe
c:\windows\system32\sysloc
c:\windows\system32\UACakxyfgqlrxylatd.log
c:\windows\system32\UACipxdltehqcmppif.dll
c:\windows\system32\UACjlqbwosejwbtbop.dll
c:\windows\system32\UACkltjqncovqvuyxe.dat
c:\windows\system32\UAClrmwpkerwbitept.dll
c:\windows\system32\UACsltfpljovvtrlop.log
c:\windows\system32\UACvbknbanlkccofmb.log
c:\windows\system32\UACwgoxvimrgioexym.dll
c:\windows\system32\UACwtgqjtumoirfity.dll
c:\documents and settings\HP_Administrator\Start Menu\Programs\System Security\System Security 2009 Support.lnk
c:\documents and settings\HP_Administrator\Start Menu\Programs\System Security\System Security 2009.lnk
c:\windows\Fonts\acrsecB.fon
c:\windows\IE4 Error Log.txt
c:\windows\kb913800.exe
c:\windows\syssvc.exe
c:\windows\system32\bnjrxkfaottiqatc.dll-uninst.exe
c:\windows\system32\cache329\B_329_0_0_106800.htm
c:\windows\system32\cache329\B_329_0_0_107400.htm
c:\windows\system32\cache329\B_329_1_0_449200.gif
c:\windows\system32\cache329\B_329_1_0_449600.gif
c:\windows\system32\cache329\B_329_1_0_454300.gif
c:\windows\system32\cache329\B_329_2_0_106800.htm
c:\windows\system32\cache329\B_329_2_0_107400.htm
c:\windows\system32\cache329\B_329_3_0_106800.htm
c:\windows\system32\cache329\B_329_3_0_107400.htm
c:\windows\system32\cache329\B_329_4_0_111600.htm
c:\windows\system32\cache329\B_329_4_0_152400.htm
c:\windows\system32\cache329\B_329_4_0_155300.htm
c:\windows\system32\cache329\B_329_4_0_164100.htm
c:\windows\system32\cache329\t_B_329_0_0_106800.htm
c:\windows\system32\cache329\t_B_329_0_0_107400.htm
c:\windows\system32\cache329\t_B_329_2_0_106800.htm
c:\windows\system32\cache329\t_B_329_2_0_107400.htm
c:\windows\system32\cache329\t_B_329_3_0_106800.htm
c:\windows\system32\cache329\t_B_329_3_0_107400.htm
c:\windows\system32\cache329\t_B_329_4_0_111600.htm
c:\windows\system32\cache329\t_B_329_4_0_152400.htm
c:\windows\system32\cache329\t_B_329_4_0_155300.htm
c:\windows\system32\cache329\t_B_329_4_0_164100.htm
c:\windows\system32\drivers\str.sys
c:\windows\system32\drivers\UACbwtnipjistiqpfu.sys
c:\windows\system32\fhpatch.dll
c:\windows\system32\fiplock.dll
c:\windows\system32\iphy.dll
c:\windows\system32\lowsec\user.ds.lll
c:\windows\system32\lsp.dll
c:\windows\system32\tcpcon.dll
c:\windows\system32\tcpd.dll
c:\windows\system32\UACakxyfgqlrxylatd.log
c:\windows\system32\uacinit.dll
c:\windows\system32\UACipxdltehqcmppif.dll
c:\windows\system32\UACjlqbwosejwbtbop.dll
c:\windows\system32\UACkltjqncovqvuyxe.dat
c:\windows\system32\UAClrmwpkerwbitept.dll
c:\windows\system32\UACsltfpljovvtrlop.log
c:\windows\system32\UACvbknbanlkccofmb.log
c:\windows\system32\UACwgoxvimrgioexym.dll
c:\windows\system32\UACwtgqjtumoirfity.dll
c:\windows\system32\wbem\proquota.exe
D:\Autorun.inf
D:\Desktop.ini

c:\windows\system32\proquota.exe . . . is missing!!

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_UACd.sys


((((((((((((((((((((((((( Files Created from 2009-05-16 to 2009-06-16 )))))))))))))))))))))))))))))))
.

2009-06-15 23:42 . 2009-06-15 23:41 102664 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-06-15 23:41 . 2009-06-16 05:03 -------- d-----w- c:\documents and settings\HP_Administrator\.housecall6.6
2009-06-15 23:23 . 2009-05-26 20:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-15 23:22 . 2009-06-15 23:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-15 23:22 . 2009-06-15 23:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-15 23:22 . 2009-05-26 20:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-15 04:15 . 2009-06-15 08:20 20548115975 --sha-w- c:\windows\hwupgrade.exe
2009-06-14 01:48 . 2009-06-14 01:48 -------- d-----w- c:\program files\Trend Micro
2009-06-12 16:01 . 2008-06-20 00:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-06-12 16:01 . 2009-06-12 16:01 -------- d-----w- c:\program files\Panda Security
2009-06-11 22:30 . 2009-06-11 22:30 678 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_79C9AAA04D47EC740B98B041E73F55C3.dll
2009-06-11 22:17 . 2009-03-09 19:06 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-06-11 22:14 . 2009-06-15 19:17 -------- d--h--w- C:\$AVG8.VAULT$
2009-06-11 22:06 . 2009-06-11 22:06 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-11 22:06 . 2009-06-11 22:06 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-06-11 22:06 . 2009-06-11 22:06 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-06-11 22:06 . 2009-06-15 16:09 -------- d-----w- c:\windows\system32\drivers\Avg
2009-06-11 22:06 . 2009-06-12 17:00 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-06-11 22:06 . 2009-06-11 22:06 -------- d-----w- c:\program files\AVG
2009-06-11 22:01 . 2006-12-07 18:55 401408 ----a-w- c:\documents and settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\ppclean\vete.dll
2009-06-11 22:01 . 2007-02-05 20:38 245760 ----a-w- c:\documents and settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\ppclean\pcodelauncher.exe
2009-06-11 21:59 . 2009-06-11 21:59 627536 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-06-11 21:59 . 2009-06-11 21:59 518488 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-06-11 21:59 . 2009-06-11 21:59 1005904 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-06-11 21:57 . 2009-06-11 21:57 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-06-11 21:57 . 2009-03-12 08:17 2902048 -c--a-w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
2009-06-11 21:56 . 2009-06-11 21:56 -------- d-----w- c:\program files\Lavasoft
2009-06-11 21:41 . 2009-06-11 21:41 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-11 21:40 . 2009-06-11 21:40 152576 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-06-11 21:36 . 2009-06-12 18:02 -------- d-----w- c:\program files\Unlocker
2009-06-11 20:54 . 2009-06-11 20:54 4096 ----a-w- c:\windows\system32\drivers\hwdrv.sys
2009-06-11 18:10 . 2009-06-11 18:10 7168 ----a-w- c:\windows\system32\mpa.dll
2009-06-11 18:00 . 2009-06-11 18:00 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2009-06-11 16:38 . 2009-06-11 20:53 9216 ----a-w- C:\sonfj.exe
2009-06-11 16:34 . 2009-06-11 16:34 123 ----a-w- C:\d45.bat
2009-06-11 16:34 . 2009-06-11 22:37 41472 --sha-w- c:\windows\system32\rswav.exe
2009-06-11 16:28 . 2009-06-11 16:34 46 ----a-w- C:\p2hhr.bat
2009-06-11 16:28 . 2009-06-11 22:50 42496 --sha-w- c:\windows\system32\ntvbn.exe
2009-06-11 16:27 . 2009-06-11 16:28 66560 ----a-w- c:\windows\system32\UACjsheqwwphbvypuy.dll
2009-06-11 16:27 . 2009-06-11 16:33 13824 --sha-w- c:\windows\msncom.exe
2009-06-11 16:27 . 2009-06-11 16:27 19456 ----a-w- c:\windows\system32\UACnylqjkdatleticv.dll
2009-06-11 16:27 . 2009-06-11 16:27 17408 ----a-w- c:\windows\system32\UACkvvrjwqbglmijor.dll
2009-06-11 16:27 . 2009-06-11 16:27 19968 ----a-w- c:\windows\system32\UACcfqxdokkbbgrqrd.dll
2009-06-11 16:27 . 2009-06-11 16:33 25600 ----a-w- C:\rbej.exe
2009-06-11 16:27 . 2009-06-11 16:33 9216 ----a-w- C:\xggbhsgb.exe
2009-06-09 03:09 . 2009-06-11 21:30 48282 ----a-w- c:\windows\system32\mifsalupcp.exe
2009-06-01 10:03 . 2009-06-01 10:03 448000 ----a-w- c:\windows\system32\bnjrxkfaottiqatc.dll
2009-05-27 02:48 . 2009-06-16 05:32 -------- d-----w- c:\documents and settings\HP_Administrator\Tracing
2009-05-27 02:46 . 2009-05-27 02:46 -------- d-----w- c:\program files\Microsoft
2009-05-27 02:46 . 2009-05-27 02:46 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-05-27 02:43 . 2009-05-27 02:43 -------- d-----w- c:\program files\Common Files\Windows Live

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-16 05:31 . 2008-02-10 21:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Babylon
2009-06-16 05:06 . 2006-06-02 01:48 -------- d-----w- c:\program files\DISC
2009-06-14 16:54 . 2008-03-23 21:53 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\LimeWire
2009-06-12 02:34 . 2009-06-11 22:30 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
2009-06-11 23:51 . 2006-09-20 23:59 -------- d-----w- c:\program files\Kazaa
2009-06-11 23:08 . 2006-12-22 04:39 -------- d-----w- c:\program files\Ares
2009-06-11 22:30 . 2009-06-11 22:30 251 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_7475C687330100005BE8000000000010.dll
2009-06-11 22:06 . 2008-02-09 05:55 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-11 21:56 . 2008-02-09 06:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-06-11 21:51 . 2007-02-22 00:12 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-11 21:41 . 2006-06-02 01:19 -------- d-----w- c:\program files\Java
2009-06-11 21:40 . 2006-09-04 05:00 -------- d-----w- c:\program files\Common Files\AOL
2009-06-10 06:08 . 2008-02-10 21:50 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Babylon
2009-06-09 23:54 . 2006-06-02 01:33 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-27 02:48 . 2006-06-02 01:48 71856 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-27 02:48 . 2008-03-16 22:54 -------- d-----w- c:\program files\Windows Live
2009-05-23 18:06 . 2006-06-02 02:11 -------- d-----w- c:\program files\Google
2009-05-22 02:44 . 2006-10-28 23:15 -------- d-----w- c:\program files\Lexmark X74-X75
2009-05-18 00:28 . 2006-09-04 05:00 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
2008-02-28 21:30 . 2007-06-10 05:09 8784 ----a-w- c:\program files\mozilla firefox\plugins\ractrlkeyhook.dll
2008-02-28 21:33 . 2007-06-10 05:09 245408 ----a-w- c:\program files\mozilla firefox\plugins\unicows.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-09 15360]
"\\TOMSDESK\EPSON Stylus CX7800 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAFA.EXE" [2005-04-07 98304]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-24 68856]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-07 3885408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-02-07 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-02-07 118784]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-10-12 139264]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-01 49152]
"DMAScheduler"="c:\program files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-03-20 90112]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856]
"HostManager"="c:\program files\Common Files\AOL\1157346037\ee\AOLSoftware.exe" [2008-06-24 41824]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 71216]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-06-29 286720]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-12-15 49152]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-11 148888]
"\\TOMSDESK\EPSON Stylus CX7800 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAFA.EXE" [2005-04-07 98304]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-06-02 180269]
"Lexmark X74-X75"="c:\program files\Lexmark X74-X75\lxbbbmgr.exe" [2002-10-14 57344]
"sscRun"="c:\program files\Common Files\AOL\1157346037\ee\SSCRun.exe" [2007-01-25 153168]
"OASClnt"="c:\program files\mcafee.com\antivirus\oasclnt.exe" [2006-07-28 116272]
"EmailScan"="c:\program files\mcafee.com\antivirus\mcvsescn.exe" [2006-07-28 460336]
"DISCover"="c:\program files\DISC\DISCover.exe" [2007-10-31 1095256]
"Babylon Client"="c:\program files\Babylon\Babylon-Pro\Babylon.exe" [2008-02-17 3166432]
"Auto EPSON Stylus CX7800 Series on GSLDESKTOP"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAFA.EXE" [2005-04-07 98304]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2005-12-10 133016]
"AOLSPScheduler"="c:\program files\Common Files\AOL\1157346037\ee\services\safetyCore\ver210_5_4_1\AOLSP Scheduler.exe" [2007-01-25 8784]
"Auto EPSON Stylus CX7800 Series on TOMDELLDESK"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAFA.EXE" [2005-04-07 98304]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-06-11 518488]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-11 1948440]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2006-03-08 16010240]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 443968]

c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 110592]
palmOne Registration.lnk - c:\program files\palmOne\register.exe [2005-9-19 2367488]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 110592]
HOTSYNCSHORTCUTNAME.lnk - c:\program files\palmOne\Hotsync.exe [2004-6-9 471040]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-11 22:06 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1157346037\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"c:\\Program Files\\AnalogX\\Proxy\\proxy.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\AOL\\1157346037\\EE\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1157346037\\EE\\aim6.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
"c:\\Program Files\\Kazaa\\kazaa.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6588:TCP"= 6588:TCP:5.65.74.105/255.255.255.255:Enabled:Christian Proxy
"6588:UDP"= 6588:UDP:5.65.74.105/255.255.255.255:Enabled:Christian Proxy
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [6/11/2009 3:00 PM 64160]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [6/12/2009 9:01 AM 28544]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/11/2009 3:06 PM 327688]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [6/11/2009 3:06 PM 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [6/11/2009 3:06 PM 298776]
S1 1aa1af8;1aa1af8;c:\windows\system32\drivers\1aa1af8.sys --> c:\windows\system32\drivers\1aa1af8.sys [?]
S1 aiptektp;HyperPen;c:\windows\system32\drivers\aiptektp.sys [3/2/2007 12:01 PM 22272]
S2 fxprnqpze;fxprnqpze;\??\c:\windows\system32\drivers\uajbkc.sys --> c:\windows\system32\drivers\uajbkc.sys [?]
S3 hwdrv;hwdrv;c:\windows\system32\drivers\hwdrv.sys [6/11/2009 1:54 PM 4096]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 12:06 PM 1005904]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - ATWPKT2
*Deregistered* - ATWPKT2
.
Contents of the 'Scheduled Tasks' folder

2009-06-15 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 22:00]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Aim6 - (no file)
HKLM-Run-PCDrProfiler - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PAVILION&pf=desktop
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PAVILION&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Translate with &Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
Trusted Zone: trymedia.com
DPF: {BE319D04-18BD-4B34-AECC-EE7CB610FCA9} - hxxp://aolsvc.aol.com/onlinegames/sonybewitched/main.cab
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-15 22:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\system32\netcfgx.dll:Zone.Identifier 49152 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3576)
c:\program files\mcafee.com\antivirus\McVSSkt.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Common Files\aolshare\aolshcpy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Common Files\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\program files\Common Files\AOL\1157346037\EE\services\safetyCore\ver210_5_4_1\aolavupd.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\windows\system32\E_S00RP1.EXE
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\CA\PPRT\bin\ITMRTSVC.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\progra~1\mcafee.com\ANTIVI~1\McShield.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Viewpoint\Common\ViewpointService.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
c:\program files\Lexmark X74-X75\lxbbbmon.exe
c:\progra~1\COMMON~1\AOL\115734~1\EE\SSCEVT~1.EXE
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\program files\Windows Live\Contacts\wlcomm.exe
c:\windows\system32\dllhost.exe
c:\windows\ehome\ehmsas.exe
.
**************************************************************************
.
Completion time: 2009-06-16 22:40 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-16 05:39

Pre-Run: 131,073,773,568 bytes free
Post-Run: 132,632,322,048 bytes free

370 --- E O F --- 2008-08-23 05:45

Also, did a little test, Malwarebytes is now running, and searches online are working!

PS- I did Malwarebytes and it found the HWupgrade.exe (which supposedly was "fixed" on hijackthis) and deleted on reboot. Did another scan and it found no infections

Hello.
Do you have your XP disc?

Now open a new notepad file.
Input this into the notepad file:

KILLALL::

Driver::
1aa1af8
fxprnqpze

File::
c:\windows\hwupgrade.exe
C:\sonfj.exe
C:\d45.bat
c:\windows\system32\rswav.exe
C:\p2hhr.bat
c:\windows\system32\ntvbn.exe
c:\windows\system32\UACjsheqwwphbvypuy.dll
c:\windows\msncom.exe
c:\windows\system32\UACnylqjkdatleticv.dll
c:\windows\system32\UACkvvrjwqbglmijor.dll
c:\windows\system32\UACcfqxdokkbbgrqrd.dll
C:\rbej.exe
C:\xggbhsgb.exe
c:\windows\system32\mifsalupcp.exe
c:\windows\system32\bnjrxkfaottiqatc.dll

Folder::
c:\documents and settings\HP_Administrator\Application Data\LimeWire
c:\Program Files\Kazaa
c:\Program Files\Ares
c:\Program Files\LimeWire

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=-
"UpdatesDisableNotify"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Kazaa\\kazaa.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=

ADS::
c:\windows\system32\netcfgx.dll

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.

ComboFix 09-06-15.05 - HP_Administrator 06/16/2009 9:51.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2038.1293 [GMT -7:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\HP_Administrator\Desktop\CFScript.txt
AV: AOL Antivirus *On-access scanning disabled* (Outdated) {164FF91F-F5BD-4B74-A9DC-932CECB1603B}
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FILE ::
"C:\d45.bat"
"C:\p2hhr.bat"
"C:\rbej.exe"
"C:\sonfj.exe"
"c:\windows\hwupgrade.exe"
"c:\windows\msncom.exe"
"c:\windows\system32\bnjrxkfaottiqatc.dll"
"c:\windows\system32\mifsalupcp.exe"
"c:\windows\system32\ntvbn.exe"
"c:\windows\system32\rswav.exe"
"c:\windows\system32\UACcfqxdokkbbgrqrd.dll"
"c:\windows\system32\UACjsheqwwphbvypuy.dll"
"c:\windows\system32\UACkvvrjwqbglmijor.dll"
"c:\windows\system32\UACnylqjkdatleticv.dll"
"C:\xggbhsgb.exe"
.
ADS - netcfgx.dll: deleted 49152 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\HP_Administrator\Application Data\LimeWire
c:\program files\Ares
c:\program files\Kazaa
c:\program files\LimeWire
C:\d45.bat
c:\documents and settings\HP_Administrator\Application Data\LimeWire\.AppSpecialShare\Case For Faith.mp3.torrent.bak
c:\documents and settings\HP_Administrator\Application Data\LimeWire\.AppSpecialShare\Katie & Peter The Next Chapter Stateside - S04E07 (4th June 2009) [PDTV (XviD)] WatchTheBox.avi.torrent
c:\documents and settings\HP_Administrator\Application Data\LimeWire\.AppSpecialShare\The Apprentice - The Final Five - S05.avi.torrent
c:\documents and settings\HP_Administrator\Application Data\LimeWire\.AppSpecialShare\The Apprentice - You're Fired - S05E11.avi.torrent
c:\documents and settings\HP_Administrator\Application Data\LimeWire\.AppSpecialShare\The Apprentice S05 Ep 10 You're Fired [jay44kay].avi.torrent.bak
c:\documents and settings\HP_Administrator\Application Data\LimeWire\.AppSpecialShare\The Apprentice S05 Ep 11 [jay44kay].avi.torrent
c:\documents and settings\HP_Administrator\Application Data\LimeWire\.AppSpecialShare\The Apprentice s05e09 .thebox.hannibal.avi.torrent
c:\documents and settings\HP_Administrator\Application Data\LimeWire\.AppSpecialShare\The Apprentice s05e11.thebox.hannibal.avi.torrent
c:\documents and settings\HP_Administrator\Application Data\LimeWire\.AppSpecialShare\The Apprentice s05e11.thebox.hannibal.avi.torrent.bak
c:\documents and settings\HP_Administrator\Application Data\LimeWire\.AppSpecialShare\The Case For A Creator.avi.torrent.bak
c:\documents and settings\HP_Administrator\Application Data\LimeWire\.AppSpecialShare\The Sims 2 IKEA Home Stuff-RELOADED.torrent.bak
c:\documents and settings\HP_Administrator\Application Data\LimeWire\.AppSpecialShare\The Sims 3 - Razor1911 Final MAXSPEED.torrent
c:\documents and settings\HP_Administrator\Application Data\LimeWire\.AppSpecialShare\The Sims3 patches Rld to Rzr atc.. by nOwAsToRm.torrent
c:\documents and settings\HP_Administrator\Application Data\LimeWire\.AppSpecialShare\The.Apprentice.UK.S05E09.WS.PDTV.XviD-ANGELiC.avi.torrent.bak
c:\documents and settings\HP_Administrator\Application Data\LimeWire\.AppSpecialShare\The.Apprentice.UK.S05E10.WS.PDTV.XviD-BARGE.avi.torrent.bak
c:\documents and settings\HP_Administrator\Application Data\LimeWire\.AppSpecialShare\The.Apprentice.UK.S05E12.REAL.WS.PDTV.XviD-WATERS.avi.torrent
c:\documents and settings\HP_Administrator\Application Data\LimeWire\.AppSpecialShare\The.Apprentice.UK.S05E12.REAL.WS.PDTV.XviD-WATERS.avi.torrent.bak
c:\documents and settings\HP_Administrator\Application Data\LimeWire\.AppSpecialShare\The.Apprentice.UK.S05E12.WS.PDTV.XviD-BARGE.avi.torrent.bak
c:\documents and settings\HP_Administrator\Application Data\LimeWire\active.mojito
c:\documents and settings\HP_Administrator\Application Data\LimeWire\createtimes.cache
c:\documents and settings\HP_Administrator\Application Data\LimeWire\fileurns.bak
c:\documents and settings\HP_Administrator\Application Data\LimeWire\fileurns.cache
c:\documents and settings\HP_Administrator\Application Data\LimeWire\filters.props
c:\documents and settings\HP_Administrator\Application Data\LimeWire\gnutella.net
c:\documents and settings\HP_Administrator\Application Data\LimeWire\installation.props
c:\documents and settings\HP_Administrator\Application Data\LimeWire\library.dat
c:\documents and settings\HP_Administrator\Application Data\LimeWire\limewire.props
c:\documents and settings\HP_Administrator\Application Data\LimeWire\mojito.props
c:\documents and settings\HP_Administrator\Application Data\LimeWire\passive.mojito
c:\documents and settings\HP_Administrator\Application Data\LimeWire\questions.props
c:\documents and settings\HP_Administrator\Application Data\LimeWire\responses.cache
c:\documents and settings\HP_Administrator\Application Data\LimeWire\simpp.xml
c:\documents and settings\HP_Administrator\Application Data\LimeWire\spam.dat
c:\documents and settings\HP_Administrator\Application Data\LimeWire\tables.props
c:\documents and settings\HP_Administrator\Application Data\LimeWire\themes\windows_theme.lwtp
c:\documents and settings\HP_Administrator\Application Data\LimeWire\themes\windows_theme\01_star.gif
c:\documents and settings\HP_Administrator\Application Data\LimeWire\themes\windows_theme\02_star.gif
c:\documents and settings\HP_Administrator\Application Data\LimeWire\themes\windows_theme\03_star.gif
c:\documents and settings\HP_Administrator\Application Data\LimeWire\themes\windows_theme\04_star.gif
c:\documents and settings\HP_Administrator\Application Data\LimeWire\themes\windows_theme\05_star.gif
c:\documents and settings\HP_Administrator\Application Data\LimeWire\themes\windows_theme\chat.gif
c:\documents and settings\HP_Administrator\Application Data\LimeWire\themes\windows_theme\forward_dn.gif
c:\documents and settings\HP_Administrator\Application Data\LimeWire\themes\windows_theme\forward_up.gif
c:\documents and settings\HP_Administrator\Application Data\LimeWire\themes\windows_theme\kill.gif
c:\documents and settings\HP_Administrator\Application Data\LimeWire\themes\windows_theme\kill_on.gif
c:\documents and settings\HP_Administrator\Application Data\LimeWire\themes\windows_theme\logo.png
c:\documents and settings\HP_Administrator\Application Data\LimeWire\themes\windows_theme\notsearching.png
c:\documents and settings\HP_Administrator\Application Data\LimeWire\themes\windows_theme\pause_dn.gif
c:\documents and settings\HP_Administrator\Application Data\LimeWire\themes\windows_theme\pause_up.gif
c:\documents and settings\HP_Administrator\Application Data\LimeWire\themes\windows_theme\play_dn.gif
c:\documents and settings\HP_Administrator\Application Data\LimeWire\themes\windows_theme\play_up.gif
c:\documents and settings\HP_Administrator\Application Data\LimeWire\themes\windows_theme\question.gif
c:\documents and settings\HP_Administrator\Application Data\LimeWire\themes\windows_theme\rewind_dn.gif
c:\documents and settings\HP_Administrator\Application Data\LimeWire\themes\windows_theme\rewind_up.gif
c:\documents and settings\HP_Administrator\Application Data\LimeWire\themes\windows_theme\searching.gif
c:\documents and settings\HP_Administrator\Application Data\LimeWire\themes\windows_theme\stop_dn.gif
c:\documents and settings\HP_Administrator\Application Data\LimeWire\themes\windows_theme\stop_up.gif
c:\documents and settings\HP_Administrator\Application Data\LimeWire\themes\windows_theme\theme.txt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\themes\windows_theme\version.txt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\themes\windows_theme\warning.gif
c:\documents and settings\HP_Administrator\Application Data\LimeWire\ttrees.cache
c:\documents and settings\HP_Administrator\Application Data\LimeWire\ttroot.cache
c:\documents and settings\HP_Administrator\Application Data\LimeWire\version.xml
c:\documents and settings\HP_Administrator\Application Data\LimeWire\xml\data\audio.sxml
c:\documents and settings\HP_Administrator\Application Data\LimeWire\xml\data\video.sxml
C:\p2hhr.bat
c:\program files\Ares\Adobe InDesign CS v3.0\Abcpy.ini
c:\program files\Ares\Adobe InDesign CS v3.0\autorun.inf
c:\program files\Ares\Adobe InDesign CS v3.0\data1.cab
c:\program files\Ares\Adobe InDesign CS v3.0\data1.hdr
c:\program files\Ares\Adobe InDesign CS v3.0\data2.cab
c:\program files\Ares\Adobe InDesign CS v3.0\engine32.cab
c:\program files\Ares\Adobe InDesign CS v3.0\layout.bin
c:\program files\Ares\Adobe InDesign CS v3.0\OEM_\Plug-Ins\InCopyWorkflow\InCopyImport.apln
c:\program files\Ares\Adobe InDesign CS v3.0\Paradox.nfo
c:\program files\Ares\Adobe InDesign CS v3.0\ReadMe.pdf
c:\program files\Ares\Adobe InDesign CS v3.0\Setup.bmp
c:\program files\Ares\Adobe InDesign CS v3.0\setup.boot
c:\program files\Ares\Adobe InDesign CS v3.0\Setup.exe
c:\program files\Ares\Adobe InDesign CS v3.0\setup.ini
c:\program files\Ares\Adobe InDesign CS v3.0\setup.inx
c:\program files\Ares\Adobe InDesign CS v3.0\setup.iss
c:\program files\Ares\Adobe InDesign CS v3.0\setup.skin
c:\program files\Ares\Adobe InDesign CS v3.0\sn.txt
c:\program files\Ares\Adobe InDesign CS v3.0\zidxp.exe
c:\program files\Ares\Ares.exe
c:\program files\Ares\AsyncEx.ax
c:\program files\Ares\bass.dll
c:\program files\Ares\chatServer.exe
c:\program files\Ares\data\anonproxies.txt.sample
c:\program files\Ares\data\Blocked.txt.sample
c:\program files\Ares\data\Blocked_Keywords.txt.sample
c:\program files\Ares\data\ChanListFilter.txt
c:\program files\Ares\data\ChatConf.txt
c:\program files\Ares\data\ChatLang.txt.sample
c:\program files\Ares\data\flvplayer.swf
c:\program files\Ares\data\GUI\General\buttonsbitmap.bmp
c:\program files\Ares\data\GUI\General\chat.bmp
c:\program files\Ares\data\GUI\General\emotic.bmp
c:\program files\Ares\data\GUI\General\libbig.bmp
c:\program files\Ares\data\GUI\General\listviewbitmap.bmp
c:\program files\Ares\data\GUI\General\logo.bmp
c:\program files\Ares\data\GUI\General\mainbitmap.bmp
c:\program files\Ares\data\GUI\General\mimesmall.bmp
c:\program files\Ares\data\GUI\General\mplayer.bmp
c:\program files\Ares\data\GUI\General\mshareset.bmp
c:\program files\Ares\data\GUI\General\player.bmp
c:\program files\Ares\data\GUI\General\playlistbtns.bmp
c:\program files\Ares\data\GUI\General\prefs.txt
c:\program files\Ares\data\GUI\General\searchpnl.bmp
c:\program files\Ares\data\GUI\General\searchstars.bmp
c:\program files\Ares\data\GUI\General\smalltabsbitmap.bmp
c:\program files\Ares\data\GUI\General\tabsbig.bmp
c:\program files\Ares\data\GUI\General\tabsBitmap.bmp
c:\program files\Ares\data\GUI\General\tabssmall.bmp
c:\program files\Ares\data\GUI\General\Thumbs.db
c:\program files\Ares\data\GUI\General\trackbar.bmp
c:\program files\Ares\data\GUI\General\transfer.bmp
c:\program files\Ares\data\GUI\General\webanim.bmp
c:\program files\Ares\data\GUI\OsThemes\chat.bmp
c:\program files\Ares\data\GUI\OsThemes\emotic.bmp
c:\program files\Ares\data\GUI\OsThemes\libbig.bmp
c:\program files\Ares\data\GUI\OsThemes\logo.bmp
c:\program files\Ares\data\GUI\OsThemes\mimesmall.bmp
c:\program files\Ares\data\GUI\OsThemes\mshareset.bmp
c:\program files\Ares\data\GUI\OsThemes\prefs.txt
c:\program files\Ares\data\GUI\OsThemes\searchpnl.bmp
c:\program files\Ares\data\GUI\OsThemes\searchstars.bmp
c:\program files\Ares\data\GUI\OsThemes\smalltabsbitmap.bmp
c:\program files\Ares\data\GUI\OsThemes\tabsbig.bmp
c:\program files\Ares\data\GUI\OsThemes\tabssmall.bmp
c:\program files\Ares\data\GUI\OsThemes\transfer.bmp
c:\program files\Ares\data\HomePage.dat
c:\program files\Ares\data\Homepage.url
c:\program files\Ares\data\P2PFilter.txt
c:\program files\Ares\lang\Arabic.txt
c:\program files\Ares\lang\Chinese.txt
c:\program files\Ares\lang\chinese_cn.txt
c:\program files\Ares\lang\chinese_tw.txt
c:\program files\Ares\lang\czech.txt
c:\program files\Ares\lang\Danish.txt
c:\program files\Ares\lang\dutch.txt
c:\program files\Ares\lang\finland.txt
c:\program files\Ares\lang\Finnish.txt
c:\program files\Ares\lang\french.txt
c:\program files\Ares\lang\german.txt
c:\program files\Ares\lang\italian.txt
c:\program files\Ares\lang\japanese.txt
c:\program files\Ares\lang\Kirghiz.txt
c:\program files\Ares\lang\kurdish.txt
c:\program files\Ares\lang\kyrgyz.txt
c:\program files\Ares\lang\polish.txt
c:\program files\Ares\lang\portugues.txt
c:\program files\Ares\lang\Portuguese.txt
c:\program files\Ares\lang\slovak.txt
c:\program files\Ares\lang\spanish.txt
c:\program files\Ares\lang\spanishLA.txt
c:\program files\Ares\lang\swedish.txt
c:\program files\Ares\lang\turkish.txt
c:\program files\Ares\libfaad2.dll
c:\program files\Ares\MP3Source.ax
c:\program files\Ares\tcpip_patcher.sys
c:\program files\Ares\Uninstall.exe
c:\program files\Kazaa\ammp3.dll
c:\program files\Kazaa\bdupd.dll
c:\program files\Kazaa\BGP2P\bdcore.dll
c:\program files\Kazaa\BGP2P\bdupd.dll
c:\program files\Kazaa\BGP2P\libfn.dll
c:\program files\Kazaa\BGP2P\plugins.htm
c:\program files\Kazaa\BGP2P\plugins\7zip.xmd
c:\program files\Kazaa\BGP2P\plugins\ace.xmd

c:\program files\Kazaa\BGP2P\plugins\adsntfs.xmd
c:\program files\Kazaa\BGP2P\plugins\alz.xmd
c:\program files\Kazaa\BGP2P\plugins\arc.xmd
c:\program files\Kazaa\BGP2P\plugins\arj.xmd
c:\program files\Kazaa\BGP2P\plugins\bach.xmd
c:\program files\Kazaa\BGP2P\plugins\boot.xmd
c:\program files\Kazaa\BGP2P\plugins\bzip2.xmd
c:\program files\Kazaa\BGP2P\plugins\cab.xmd
c:\program files\Kazaa\BGP2P\plugins\ceva_dll.cvd
c:\program files\Kazaa\BGP2P\plugins\ceva_emu.cvd
c:\program files\Kazaa\BGP2P\plugins\ceva_vfs.cvd
c:\program files\Kazaa\BGP2P\plugins\cevakrnl.cvd
c:\program files\Kazaa\BGP2P\plugins\cevakrnl.ivd
c:\program files\Kazaa\BGP2P\plugins\cevakrnl.rvd
c:\program files\Kazaa\BGP2P\plugins\cevakrnl.xmd
c:\program files\Kazaa\BGP2P\plugins\chm.xmd
c:\program files\Kazaa\BGP2P\plugins\cpio.xmd
c:\program files\Kazaa\BGP2P\plugins\cran.cvd
c:\program files\Kazaa\BGP2P\plugins\cran.ivd
c:\program files\Kazaa\BGP2P\plugins\cran.xmd
c:\program files\Kazaa\BGP2P\plugins\dbx.xmd
c:\program files\Kazaa\BGP2P\plugins\docfile.xmd
c:\program files\Kazaa\BGP2P\plugins\e_spyw.ivd
c:\program files\Kazaa\BGP2P\plugins\emalware.cvd
c:\program files\Kazaa\BGP2P\plugins\emalware.i01
c:\program files\Kazaa\BGP2P\plugins\emalware.i02
c:\program files\Kazaa\BGP2P\plugins\emalware.i03
c:\program files\Kazaa\BGP2P\plugins\emalware.i04
c:\program files\Kazaa\BGP2P\plugins\emalware.i05
c:\program files\Kazaa\BGP2P\plugins\emalware.i06
c:\program files\Kazaa\BGP2P\plugins\emalware.i07
c:\program files\Kazaa\BGP2P\plugins\emalware.i08
c:\program files\Kazaa\BGP2P\plugins\emalware.i09
c:\program files\Kazaa\BGP2P\plugins\emalware.ivd
c:\program files\Kazaa\BGP2P\plugins\emalware.xmd
c:\program files\Kazaa\BGP2P\plugins\epoc.xmd
c:\program files\Kazaa\BGP2P\plugins\gzip.xmd
c:\program files\Kazaa\BGP2P\plugins\ha.xmd
c:\program files\Kazaa\BGP2P\plugins\hlp.xmd
c:\program files\Kazaa\BGP2P\plugins\hpe.cvd
c:\program files\Kazaa\BGP2P\plugins\hpe.xmd
c:\program files\Kazaa\BGP2P\plugins\hqx.xmd
c:\program files\Kazaa\BGP2P\plugins\html.xmd
c:\program files\Kazaa\BGP2P\plugins\imp.xmd
c:\program files\Kazaa\BGP2P\plugins\inno.xmd
c:\program files\Kazaa\BGP2P\plugins\instyler.xmd
c:\program files\Kazaa\BGP2P\plugins\iso.xmd
c:\program files\Kazaa\BGP2P\plugins\java.cvd
c:\program files\Kazaa\BGP2P\plugins\java.xmd
c:\program files\Kazaa\BGP2P\plugins\jpeg.xmd
c:\program files\Kazaa\BGP2P\plugins\lha.xmd
c:\program files\Kazaa\BGP2P\plugins\lnk.xmd
c:\program files\Kazaa\BGP2P\plugins\mbox.xmd
c:\program files\Kazaa\BGP2P\plugins\mbx.xmd
c:\program files\Kazaa\BGP2P\plugins\mdx.xmd
c:\program files\Kazaa\BGP2P\plugins\mdx_97.cvd
c:\program files\Kazaa\BGP2P\plugins\mdx_97.ivd
c:\program files\Kazaa\BGP2P\plugins\mdx_w95.cvd
c:\program files\Kazaa\BGP2P\plugins\mdx_x95.cvd
c:\program files\Kazaa\BGP2P\plugins\mdx_xf.cvd
c:\program files\Kazaa\BGP2P\plugins\mime.xmd
c:\program files\Kazaa\BGP2P\plugins\mso.xmd
c:\program files\Kazaa\BGP2P\plugins\na.cvd
c:\program files\Kazaa\BGP2P\plugins\na.xmd
c:\program files\Kazaa\BGP2P\plugins\nelf.cvd
c:\program files\Kazaa\BGP2P\plugins\nelf.xmd
c:\program files\Kazaa\BGP2P\plugins\nsis.xmd
c:\program files\Kazaa\BGP2P\plugins\objd.xmd
c:\program files\Kazaa\BGP2P\plugins\pdf.xmd
c:\program files\Kazaa\BGP2P\plugins\pst.xmd
c:\program files\Kazaa\BGP2P\plugins\rar.xmd
c:\program files\Kazaa\BGP2P\plugins\regscan.cvd
c:\program files\Kazaa\BGP2P\plugins\rpm.xmd
c:\program files\Kazaa\BGP2P\plugins\rtf.xmd
c:\program files\Kazaa\BGP2P\plugins\rup.cvd
c:\program files\Kazaa\BGP2P\plugins\rup.xmd
c:\program files\Kazaa\BGP2P\plugins\sdx.cvd
c:\program files\Kazaa\BGP2P\plugins\sdx.ivd
c:\program files\Kazaa\BGP2P\plugins\sdx.xmd
c:\program files\Kazaa\BGP2P\plugins\sfx.xmd
c:\program files\Kazaa\BGP2P\plugins\swf.xmd
c:\program files\Kazaa\BGP2P\plugins\tar.xmd
c:\program files\Kazaa\BGP2P\plugins\td0.xmd
c:\program files\Kazaa\BGP2P\plugins\thebat.xmd
c:\program files\Kazaa\BGP2P\plugins\tnef.xmd
c:\program files\Kazaa\BGP2P\plugins\unpack.cvd
c:\program files\Kazaa\BGP2P\plugins\unpack.ivd
c:\program files\Kazaa\BGP2P\plugins\unpack.xmd
c:\program files\Kazaa\BGP2P\plugins\update.txt
c:\program files\Kazaa\BGP2P\plugins\uudecode.xmd
c:\program files\Kazaa\BGP2P\plugins\ve.cvd
c:\program files\Kazaa\BGP2P\plugins\ve.ivd
c:\program files\Kazaa\BGP2P\plugins\ve.xmd
c:\program files\Kazaa\BGP2P\plugins\vedata.cvd
c:\program files\Kazaa\BGP2P\plugins\viza.xmd
c:\program files\Kazaa\BGP2P\plugins\wise.xmd
c:\program files\Kazaa\BGP2P\plugins\xishield.xmd
c:\program files\Kazaa\BGP2P\plugins\z.xmd
c:\program files\Kazaa\BGP2P\plugins\zip.xmd
c:\program files\Kazaa\BGP2P\plugins\zoo.xmd
c:\program files\Kazaa\BGP2P\versions.dat
c:\program files\Kazaa\CKGFRs.dll
c:\program files\Kazaa\Db\config.cab
c:\program files\Kazaa\Db\ctx4-060630.cab
c:\program files\Kazaa\Db\d01.cab
c:\program files\Kazaa\Db\d02.cab
c:\program files\Kazaa\Db\data1024.dbb
c:\program files\Kazaa\Db\data256.dbb
c:\program files\Kazaa\Db\k7tqkgkk_tssv125.dat
c:\program files\Kazaa\Db\np.tmp
c:\program files\Kazaa\Db\ova4-060412.cab
c:\program files\Kazaa\Db\tsi4-060404a.cab
c:\program files\Kazaa\Db\tsi4-060602b.cab
c:\program files\Kazaa\Db\tss5.cab
c:\program files\Kazaa\Help\arrow.gif
c:\program files\Kazaa\Help\arrow_sml.gif
c:\program files\Kazaa\Help\background.gif
c:\program files\Kazaa\Help\h_mykazaa.gif
c:\program files\Kazaa\Help\h_myMedia.gif
c:\program files\Kazaa\Help\h_myplaylists.gif
c:\program files\Kazaa\Help\icon_gold_kap.gif
c:\program files\Kazaa\Help\myKapsules.gif
c:\program files\Kazaa\Help\mykapsules.htm
c:\program files\Kazaa\Help\mykazaa.css
c:\program files\Kazaa\Help\mykazaa.htm
c:\program files\Kazaa\Help\mymedia.htm
c:\program files\Kazaa\Help\myplaylists.htm
c:\program files\Kazaa\Help\spacer.gif
c:\program files\Kazaa\kazaa.exe
c:\program files\Kazaa\Kazaa.url
c:\program files\Kazaa\kzscan.dll
c:\program files\Kazaa\libcurl.dll
c:\program files\Kazaa\libeay32.dll
c:\program files\Kazaa\libssl32.dll
c:\program files\Kazaa\My Channels\Bin\crazyplaygames.kcd
c:\program files\Kazaa\My Channels\Bin\dating.kcd
c:\program files\Kazaa\My Channels\Bin\emerging_artists.kcd
c:\program files\Kazaa\My Channels\Bin\g_spot.kcd
c:\program files\Kazaa\My Channels\Bin\onelove_browse.kcd
c:\program files\Kazaa\My Channels\Bin\ringtonechannel.kcd
c:\program files\Kazaa\My Channels\Bin\rshiphop.kcd
c:\program files\Kazaa\My Channels\Bin\skilledgames.kcd
c:\program files\Kazaa\My Channels\Images\crazyplaygames.bmp
c:\program files\Kazaa\My Channels\Images\dating.bmp
c:\program files\Kazaa\My Channels\Images\emerging_artists.bmp
c:\program files\Kazaa\My Channels\Images\g_spot.bmp
c:\program files\Kazaa\My Channels\Images\onelove_browse.bmp
c:\program files\Kazaa\My Channels\Images\ringtonechannel.bmp
c:\program files\Kazaa\My Channels\Images\rshiphop_browse.bmp
c:\program files\Kazaa\My Channels\Images\skilledgames.bmp
c:\program files\Kazaa\My Shared Folder\Audio - Alternative Rock.kpl
c:\program files\Kazaa\My Shared Folder\Audio - Barrington Levy.kpl
c:\program files\Kazaa\My Shared Folder\Audio - Electronica.kpl
c:\program files\Kazaa\My Shared Folder\Audio - Fine Arts Militia Album.kpl
c:\program files\Kazaa\My Shared Folder\Audio - Folk.kpl
c:\program files\Kazaa\My Shared Folder\Audio - Funk.kpl
c:\program files\Kazaa\My Shared Folder\Audio - Hip Hop.kpl
c:\program files\Kazaa\My Shared Folder\Audio - Jazz.kpl
c:\program files\Kazaa\My Shared Folder\Audio - Pop Rock.kpl
c:\program files\Kazaa\My Shared Folder\Audio - Public Enemy Revolverlution Album.kpl
c:\program files\Kazaa\My Shared Folder\Audio - R&B.kpl
c:\program files\Kazaa\My Shared Folder\Audio - Reggae.kpl
c:\program files\Kazaa\My Shared Folder\Audio - The Honey Palace Album.kpl
c:\program files\Kazaa\myshare.ico
c:\program files\Kazaa\Promotions\Play Poker Now.ico
c:\program files\Kazaa\Promotions\Play Poker Now.url
c:\program files\Kazaa\Promotions\Your Free Casino Chips.ico
c:\program files\Kazaa\Promotions\Your Free Casino Chips.url
c:\program files\Kazaa\rjn.a92
c:\program files\Kazaa\Skins\Black Glass\License.txt

c:\program files\Kazaa\Skins\Black Glass\mainbar_mykazaa.bmp
c:\program files\Kazaa\Skins\Black Glass\mainbar_mykazaa_dis.bmp
c:\program files\Kazaa\Skins\Black Glass\mainbar_mykazaa_over.bmp
c:\program files\Kazaa\Skins\Black Glass\mainbar_mykazaa_sel.bmp
c:\program files\Kazaa\Skins\Black Glass\mainbar_peer.bmp
c:\program files\Kazaa\Skins\Black Glass\mainbar_peer_dis.bmp
c:\program files\Kazaa\Skins\Black Glass\mainbar_peer_over.bmp
c:\program files\Kazaa\Skins\Black Glass\mainbar_peer_sel.bmp
c:\program files\Kazaa\Skins\Black Glass\mainbar_search.bmp
c:\program files\Kazaa\Skins\Black Glass\mainbar_search_dis.bmp
c:\program files\Kazaa\Skins\Black Glass\mainbar_search_over.bmp
c:\program files\Kazaa\Skins\Black Glass\mainbar_search_sel.bmp
c:\program files\Kazaa\Skins\Black Glass\mainbar_shop.bmp
c:\program files\Kazaa\Skins\Black Glass\mainbar_shop_dis.bmp
c:\program files\Kazaa\Skins\Black Glass\mainbar_shop_over.bmp
c:\program files\Kazaa\Skins\Black Glass\mainbar_shop_sel.bmp
c:\program files\Kazaa\Skins\Black Glass\mainbar_start.bmp
c:\program files\Kazaa\Skins\Black Glass\mainbar_start_dis.bmp
c:\program files\Kazaa\Skins\Black Glass\mainbar_start_over.bmp
c:\program files\Kazaa\Skins\Black Glass\mainbar_start_sel.bmp
c:\program files\Kazaa\Skins\Black Glass\mainbar_tell.bmp
c:\program files\Kazaa\Skins\Black Glass\mainbar_tell_dis.bmp
c:\program files\Kazaa\Skins\Black Glass\mainbar_tell_over.bmp
c:\program files\Kazaa\Skins\Black Glass\mainbar_tell_sel.bmp
c:\program files\Kazaa\Skins\Black Glass\mainbar_theatre.bmp
c:\program files\Kazaa\Skins\Black Glass\mainbar_theatre_dis.bmp
c:\program files\Kazaa\Skins\Black Glass\mainbar_theatre_over.bmp
c:\program files\Kazaa\Skins\Black Glass\mainbar_theatre_sel.bmp
c:\program files\Kazaa\Skins\Black Glass\mainbar_traffic.bmp
c:\program files\Kazaa\Skins\Black Glass\mainbar_traffic_dis.bmp
c:\program files\Kazaa\Skins\Black Glass\mainbar_traffic_over.bmp
c:\program files\Kazaa\Skins\Black Glass\mainbar_traffic_sel.bmp
c:\program files\Kazaa\Skins\Black Glass\mediabar_addtoplay.bmp
c:\program files\Kazaa\Skins\Black Glass\mediabar_addtoplay_dis.bmp
c:\program files\Kazaa\Skins\Black Glass\mediabar_addtoplay_over.bmp
c:\program files\Kazaa\Skins\Black Glass\mediabar_addtoplay_sel.bmp
c:\program files\Kazaa\Skins\Black Glass\mediabar_next.bmp
c:\program files\Kazaa\Skins\Black Glass\mediabar_next_dis.bmp
c:\program files\Kazaa\Skins\Black Glass\mediabar_next_over.bmp
c:\program files\Kazaa\Skins\Black Glass\mediabar_next_sel.bmp
c:\program files\Kazaa\Skins\Black Glass\mediabar_pause.bmp
c:\program files\Kazaa\Skins\Black Glass\mediabar_pause_dis.bmp
c:\program files\Kazaa\Skins\Black Glass\mediabar_pause_over.bmp
c:\program files\Kazaa\Skins\Black Glass\mediabar_pause_sel.bmp
c:\program files\Kazaa\Skins\Black Glass\mediabar_play.bmp
c:\program files\Kazaa\Skins\Black Glass\mediabar_play_dis.bmp
c:\program files\Kazaa\Skins\Black Glass\mediabar_play_over.bmp
c:\program files\Kazaa\Skins\Black Glass\mediabar_play_sel.bmp
c:\program files\Kazaa\Skins\Black Glass\mediabar_prev.bmp
c:\program files\Kazaa\Skins\Black Glass\mediabar_prev_dis.bmp
c:\program files\Kazaa\Skins\Black Glass\mediabar_prev_over.bmp
c:\program files\Kazaa\Skins\Black Glass\mediabar_prev_sel.bmp
c:\program files\Kazaa\Skins\Black Glass\mediabar_slider.bmp
c:\program files\Kazaa\Skins\Black Glass\mediabar_sliderThumb.bmp
c:\program files\Kazaa\Skins\Black Glass\mediabar_sliderThumb_over.bmp
c:\program files\Kazaa\Skins\Black Glass\mediabar_stop.bmp
c:\program files\Kazaa\Skins\Black Glass\mediabar_stop_dis.bmp
c:\program files\Kazaa\Skins\Black Glass\mediabar_stop_over.bmp
c:\program files\Kazaa\Skins\Black Glass\mediabar_stop_sel.bmp
c:\program files\Kazaa\Skins\Black Glass\mediabar_volume.bmp
c:\program files\Kazaa\Skins\Black Glass\mediabar_volume_dis.bmp
c:\program files\Kazaa\Skins\Black Glass\mediabar_volume_over.bmp
c:\program files\Kazaa\Skins\Black Glass\mediabar_volume_sel.bmp
c:\program files\Kazaa\Skins\Black Glass\mykazaabar_delete.bmp
c:\program files\Kazaa\Skins\Black Glass\mykazaabar_delete_dis.bmp
c:\program files\Kazaa\Skins\Black Glass\mykazaabar_delete_over.bmp
c:\program files\Kazaa\Skins\Black Glass\mykazaabar_delete_sel.bmp
c:\program files\Kazaa\Skins\Black Glass\mykazaabar_folders.bmp
c:\program files\Kazaa\Skins\Black Glass\mykazaabar_folders_dis.bmp
c:\program files\Kazaa\Skins\Black Glass\mykazaabar_folders_over.bmp
c:\program files\Kazaa\Skins\Black Glass\mykazaabar_folders_sel.bmp
c:\program files\Kazaa\Skins\Black Glass\mykazaabar_moreinfo.bmp
c:\program files\Kazaa\Skins\Black Glass\mykazaabar_moreinfo_dis.bmp
c:\program files\Kazaa\Skins\Black Glass\mykazaabar_moreinfo_over.bmp
c:\program files\Kazaa\Skins\Black Glass\mykazaabar_moreinfo_sel.bmp
c:\program files\Kazaa\Skins\Black Glass\mykazaabar_share.bmp
c:\program files\Kazaa\Skins\Black Glass\mykazaabar_share_dis.bmp
c:\program files\Kazaa\Skins\Black Glass\mykazaabar_share_over.bmp
c:\program files\Kazaa\Skins\Black Glass\mykazaabar_share_sel.bmp
c:\program files\Kazaa\Skins\Black Glass\skin.xml
c:\program files\Kazaa\Skins\Black Glass\startbar_back.bmp
c:\program files\Kazaa\Skins\Black Glass\startbar_back_dis.bmp
c:\program files\Kazaa\Skins\Black Glass\startbar_back_over.bmp
c:\program files\Kazaa\Skins\Black Glass\startbar_back_sel.bmp
c:\program files\Kazaa\Skins\Black Glass\startbar_fwd.bmp
c:\program files\Kazaa\Skins\Black Glass\startbar_fwd_dis.bmp
c:\program files\Kazaa\Skins\Black Glass\startbar_fwd_over.bmp
c:\program files\Kazaa\Skins\Black Glass\startbar_fwd_sel.bmp
c:\program files\Kazaa\Skins\Black Glass\startbar_home.bmp
c:\program files\Kazaa\Skins\Black Glass\startbar_home_dis.bmp
c:\program files\Kazaa\Skins\Black Glass\startbar_home_over.bmp
c:\program files\Kazaa\Skins\Black Glass\startbar_home_sel.bmp
c:\program files\Kazaa\Skins\Black Glass\startbar_refresh.bmp
c:\program files\Kazaa\Skins\Black Glass\startbar_refresh_dis.bmp
c:\program files\Kazaa\Skins\Black Glass\startbar_refresh_over.bmp
c:\program files\Kazaa\Skins\Black Glass\startbar_refresh_sel.bmp
c:\program files\Kazaa\Skins\Black Glass\startbar_stop.bmp
c:\program files\Kazaa\Skins\Black Glass\startbar_stop_dis.bmp
c:\program files\Kazaa\Skins\Black Glass\startbar_stop_over.bmp
c:\program files\Kazaa\Skins\Black Glass\startbar_stop_sel.bmp

c:\program files\Kazaa\Skins\Black Glass\theatrebar_fullscreen.bmp
c:\program files\Kazaa\Skins\Black Glass\theatrebar_fullscreen_dis.bmp
c:\program files\Kazaa\Skins\Black Glass\theatrebar_fullscreen_over.bmp
c:\program files\Kazaa\Skins\Black Glass\theatrebar_fullscreen_sel.bmp
c:\program files\Kazaa\Skins\Black Glass\trafficbar_cancel.bmp
c:\program files\Kazaa\Skins\Black Glass\trafficbar_cancel_dis.bmp
c:\program files\Kazaa\Skins\Black Glass\trafficbar_cancel_over.bmp
c:\program files\Kazaa\Skins\Black Glass\trafficbar_cancel_sel.bmp
c:\program files\Kazaa\Skins\Black Glass\trafficbar_pause.bmp
c:\program files\Kazaa\Skins\Black Glass\trafficbar_pause_dis.bmp
c:\program files\Kazaa\Skins\Black Glass\trafficbar_pause_over.bmp
c:\program files\Kazaa\Skins\Black Glass\trafficbar_pause_sel.bmp
c:\program files\Kazaa\Skins\Black Glass\window_btm.bmp
c:\program files\Kazaa\Skins\Black Glass\window_btmLeft.bmp
c:\program files\Kazaa\Skins\Black Glass\window_btmright.bmp
c:\program files\Kazaa\Skins\Black Glass\window_left.bmp
c:\program files\Kazaa\Skins\Black Glass\window_right.bmp
c:\program files\Kazaa\Skins\Black Glass\window_top.bmp
c:\program files\Kazaa\Skins\Black Glass\window_topleft.bmp
c:\program files\Kazaa\Skins\Black Glass\window_topright.bmp
c:\program files\Kazaa\Skins\Black Glass\windowbar_close.bmp
c:\program files\Kazaa\Skins\Black Glass\windowbar_close_dis.bmp
c:\program files\Kazaa\Skins\Black Glass\windowbar_close_over.bmp
c:\program files\Kazaa\Skins\Black Glass\windowbar_close_sel.bmp
c:\program files\Kazaa\Skins\Black Glass\windowbar_maximise.bmp
c:\program files\Kazaa\Skins\Black Glass\windowbar_maximise_dis.bmp
c:\program files\Kazaa\Skins\Black Glass\windowbar_maximise_over.bmp
c:\program files\Kazaa\Skins\Black Glass\windowbar_maximise_sel.bmp
c:\program files\Kazaa\Skins\Black Glass\windowbar_minimise.bmp
c:\program files\Kazaa\Skins\Black Glass\windowbar_minimise_dis.bmp
c:\program files\Kazaa\Skins\Black Glass\windowbar_minimise_over.bmp
c:\program files\Kazaa\Skins\Black Glass\windowbar_minimise_sel.bmp
c:\program files\Kazaa\Skins\Black Glass\windowbar_restore.bmp
c:\program files\Kazaa\Skins\Black Glass\windowbar_restore_dis.bmp
c:\program files\Kazaa\Skins\Black Glass\windowbar_restore_over.bmp
c:\program files\Kazaa\Skins\Black Glass\windowbar_restore_sel.bmp
c:\program files\Kazaa\ssleay32.dll
c:\program files\LimeWire\.NetworkShare\LimeWireWin4.16.6.exe
c:\program files\LimeWire\COPYING
c:\program files\LimeWire\data.ser
c:\program files\LimeWire\inspection.props
c:\program files\LimeWire\install.log
c:\program files\LimeWire\language.prop
c:\program files\LimeWire\lib\aopalliance.jar
c:\program files\LimeWire\lib\clink.jar
c:\program files\LimeWire\lib\commons-httpclient.jar
c:\program files\LimeWire\lib\commons-logging.jar
c:\program files\LimeWire\lib\commons-net.jar
c:\program files\LimeWire\lib\commons-pool.jar
c:\program files\LimeWire\lib\daap.jar
c:\program files\LimeWire\lib\forms.jar
c:\program files\LimeWire\lib\foxtrot.jar
c:\program files\LimeWire\lib\gettext-commons.jar
c:\program files\LimeWire\lib\guice-1.0.jar
c:\program files\LimeWire\lib\hashes

c:\program files\LimeWire\lib\httpcore-nio.jar
c:\program files\LimeWire\lib\httpcore.jar
c:\program files\LimeWire\lib\icu4j.jar
c:\program files\LimeWire\lib\id3v2.jar
c:\program files\LimeWire\lib\jcraft.jar
c:\program files\LimeWire\lib\jdic.dll
c:\program files\LimeWire\lib\jdic.jar
c:\program files\LimeWire\lib\jdic_stub.jar
c:\program files\LimeWire\lib\jflac.jar
c:\program files\LimeWire\lib\jl.jar
c:\program files\LimeWire\lib\jmdns.jar
c:\program files\LimeWire\lib\jogg.jar
c:\program files\LimeWire\lib\jorbis.jar
c:\program files\LimeWire\lib\LimeWire.ico
c:\program files\LimeWire\lib\LimeWire.jar
c:\program files\LimeWire\lib\log4j.jar
c:\program files\LimeWire\lib\log4j.properties
c:\program files\LimeWire\lib\looks.jar
c:\program files\LimeWire\lib\messages.jar
c:\program files\LimeWire\lib\mp3spi.jar
c:\program files\LimeWire\lib\ProgressTabs.jar
c:\program files\LimeWire\lib\swt.jar
c:\program files\LimeWire\lib\SystemUtilities.dll
c:\program files\LimeWire\lib\SystemUtilitiesA.dll
c:\program files\LimeWire\lib\themes.jar
c:\program files\LimeWire\lib\tray.dll
c:\program files\LimeWire\lib\tritonus.jar
c:\program files\LimeWire\lib\vorbisspi.jar
c:\program files\LimeWire\LimeWire On Startup.lnk
c:\program files\LimeWire\LimeWire.exe
c:\program files\LimeWire\LimeWire.ico
c:\program files\LimeWire\pmf.ico
c:\program files\LimeWire\root\magnet10\badge.img
c:\program files\LimeWire\root\magnet10\canHandle.img
c:\program files\LimeWire\root\magnet10\limewire.gif
c:\program files\LimeWire\root\magnet10\options.js
c:\program files\LimeWire\root\magnet10\silentdetect.js
c:\program files\LimeWire\SOURCE
c:\program files\LimeWire\spacer.gif
c:\program files\LimeWire\uninstall.exe
c:\program files\LimeWire\unpack.log
C:\rbej.exe
C:\sonfj.exe
c:\windows\system32\bnjrxkfaottiqatc.dll
c:\windows\system32\mifsalupcp.exe
c:\windows\system32\rswav.exe
C:\xggbhsgb.exe

c:\windows\system32\proquota.exe . . . is missing!!

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_FXPRNQPZE
-------\Service_1aa1af8
-------\Service_fxprnqpze
-------\Service_AresChatServer


((((((((((((((((((((((((( Files Created from 2009-05-16 to 2009-06-16 )))))))))))))))))))))))))))))))
.

2009-06-15 23:42 . 2009-06-15 23:41 102664 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-06-15 23:41 . 2009-06-16 05:03 -------- d-----w- c:\documents and settings\HP_Administrator\.housecall6.6
2009-06-15 23:23 . 2009-05-26 20:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-15 23:22 . 2009-06-15 23:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-15 23:22 . 2009-06-15 23:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-15 23:22 . 2009-05-26 20:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-14 01:48 . 2009-06-14 01:48 -------- d-----w- c:\program files\Trend Micro
2009-06-12 16:01 . 2008-06-20 00:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-06-12 16:01 . 2009-06-12 16:01 -------- d-----w- c:\program files\Panda Security
2009-06-11 22:30 . 2009-06-11 22:30 678 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_79C9AAA04D47EC740B98B041E73F55C3.dll
2009-06-11 22:17 . 2009-03-09 19:06 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-06-11 22:14 . 2009-06-15 19:17 -------- d--h--w- C:\$AVG8.VAULT$
2009-06-11 22:06 . 2009-06-11 22:06 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-11 22:06 . 2009-06-11 22:06 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-06-11 22:06 . 2009-06-11 22:06 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-06-11 22:06 . 2009-06-16 16:45 -------- d-----w- c:\windows\system32\drivers\Avg
2009-06-11 22:06 . 2009-06-12 17:00 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-06-11 22:06 . 2009-06-11 22:06 -------- d-----w- c:\program files\AVG
2009-06-11 22:01 . 2006-12-07 18:55 401408 ----a-w- c:\documents and settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\ppclean\vete.dll
2009-06-11 22:01 . 2007-02-05 20:38 245760 ----a-w- c:\documents and settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\ppclean\pcodelauncher.exe
2009-06-11 21:59 . 2009-06-11 21:59 627536 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-06-11 21:59 . 2009-06-11 21:59 518488 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-06-11 21:59 . 2009-06-11 21:59 1005904 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-06-11 21:57 . 2009-06-11 21:57 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-06-11 21:57 . 2009-03-12 08:17 2902048 -c--a-w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
2009-06-11 21:56 . 2009-06-11 21:56 -------- d-----w- c:\program files\Lavasoft
2009-06-11 21:41 . 2009-06-11 21:41 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-11 21:40 . 2009-06-11 21:40 152576 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-06-11 21:36 . 2009-06-12 18:02 -------- d-----w- c:\program files\Unlocker
2009-06-11 20:54 . 2009-06-11 20:54 4096 ----a-w- c:\windows\system32\drivers\hwdrv.sys
2009-06-11 18:10 . 2009-06-11 18:10 7168 ----a-w- c:\windows\system32\mpa.dll
2009-06-11 18:00 . 2009-06-11 18:00 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2009-05-27 02:48 . 2009-06-16 16:59 -------- d-----w- c:\documents and settings\HP_Administrator\Tracing
2009-05-27 02:46 . 2009-05-27 02:46 -------- d-----w- c:\program files\Microsoft
2009-05-27 02:46 . 2009-05-27 02:46 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-05-27 02:43 . 2009-05-27 02:43 -------- d-----w- c:\program files\Common Files\Windows Live

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-16 16:59 . 2008-02-10 21:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Babylon
2009-06-16 05:46 . 2009-06-16 05:46 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Malwarebytes
2009-06-16 05:06 . 2006-06-02 01:48 -------- d-----w- c:\program files\DISC
2009-06-12 02:34 . 2009-06-11 22:30 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
2009-06-11 22:30 . 2009-06-11 22:30 251 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_7475C687330100005BE8000000000010.dll
2009-06-11 22:06 . 2008-02-09 05:55 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-11 21:56 . 2008-02-09 06:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-06-11 21:51 . 2007-02-22 00:12 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-11 21:41 . 2006-06-02 01:19 -------- d-----w- c:\program files\Java
2009-06-11 21:40 . 2006-09-04 05:00 -------- d-----w- c:\program files\Common Files\AOL
2009-06-10 06:08 . 2008-02-10 21:50 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Babylon
2009-06-09 23:54 . 2006-06-02 01:33 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-27 02:48 . 2006-06-02 01:48 71856 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-27 02:48 . 2008-03-16 22:54 -------- d-----w- c:\program files\Windows Live
2009-05-23 18:06 . 2006-06-02 02:11 -------- d-----w- c:\program files\Google
2009-05-22 02:44 . 2006-10-28 23:15 -------- d-----w- c:\program files\Lexmark X74-X75
2009-05-18 00:28 . 2006-09-04 05:00 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
2008-02-28 21:30 . 2007-06-10 05:09 8784 ----a-w- c:\program files\mozilla firefox\plugins\ractrlkeyhook.dll
2008-02-28 21:33 . 2007-06-10 05:09 245408 ----a-w- c:\program files\mozilla firefox\plugins\unicows.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-06-16_05.33.58 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-16 16:59 . 2009-06-16 16:59 40960 c:\windows\temp\rtdrvmon.exe
- 2009-06-16 05:31 . 2009-06-16 05:31 40960 c:\windows\Temp\rtdrvmon.exe
+ 2009-06-16 16:59 . 2009-06-16 16:59 16384 c:\windows\temp\Perflib_Perfdata_1fc.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-09 15360]
"\\TOMSDESK\EPSON Stylus CX7800 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAFA.EXE" [2005-04-07 98304]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-24 68856]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-07 3885408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-02-07 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-02-07 118784]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-10-12 139264]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-01 49152]
"DMAScheduler"="c:\program files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-03-20 90112]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856]
"HostManager"="c:\program files\Common Files\AOL\1157346037\ee\AOLSoftware.exe" [2008-06-24 41824]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 71216]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-06-29 286720]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-12-15 49152]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-11 148888]
"\\TOMSDESK\EPSON Stylus CX7800 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAFA.EXE" [2005-04-07 98304]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-06-02 180269]
"Lexmark X74-X75"="c:\program files\Lexmark X74-X75\lxbbbmgr.exe" [2002-10-14 57344]
"sscRun"="c:\program files\Common Files\AOL\1157346037\ee\SSCRun.exe" [2007-01-25 153168]
"OASClnt"="c:\program files\mcafee.com\antivirus\oasclnt.exe" [2006-07-28 116272]
"EmailScan"="c:\program files\mcafee.com\antivirus\mcvsescn.exe" [2006-07-28 460336]
"DISCover"="c:\program files\DISC\DISCover.exe" [2007-10-31 1095256]
"Babylon Client"="c:\program files\Babylon\Babylon-Pro\Babylon.exe" [2008-02-17 3166432]
"Auto EPSON Stylus CX7800 Series on GSLDESKTOP"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAFA.EXE" [2005-04-07 98304]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2005-12-10 133016]
"AOLSPScheduler"="c:\program files\Common Files\AOL\1157346037\ee\services\safetyCore\ver210_5_4_1\AOLSP Scheduler.exe" [2007-01-25 8784]
"Auto EPSON Stylus CX7800 Series on TOMDELLDESK"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAFA.EXE" [2005-04-07 98304]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-06-11 518488]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-11 1948440]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2006-03-08 16010240]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 443968]

c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 110592]
palmOne Registration.lnk - c:\program files\palmOne\register.exe [2005-9-19 2367488]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 110592]
HOTSYNCSHORTCUTNAME.lnk - c:\program files\palmOne\Hotsync.exe [2004-6-9 471040]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-11 22:06 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1157346037\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"c:\\Program Files\\AnalogX\\Proxy\\proxy.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\AOL\\1157346037\\EE\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1157346037\\EE\\aim6.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6588:TCP"= 6588:TCP:5.65.74.105/255.255.255.255:Enabled:Christian Proxy
"6588:UDP"= 6588:UDP:5.65.74.105/255.255.255.255:Enabled:Christian Proxy
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [6/11/2009 3:00 PM 64160]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [6/12/2009 9:01 AM 28544]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/11/2009 3:06 PM 327688]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [6/11/2009 3:06 PM 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [6/11/2009 3:06 PM 298776]
S1 aiptektp;HyperPen;c:\windows\system32\drivers\aiptektp.sys [3/2/2007 12:01 PM 22272]
S3 hwdrv;hwdrv;c:\windows\system32\drivers\hwdrv.sys [6/11/2009 1:54 PM 4096]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 12:06 PM 1005904]

--- Other Services/Drivers In Memory ---

*Deregistered* - ATWPKT2
.
Contents of the 'Scheduled Tasks' folder

2009-06-15 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 22:00]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PAVILION&pf=desktop
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PAVILION&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Translate with &Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
Trusted Zone: trymedia.com
DPF: {BE319D04-18BD-4B34-AECC-EE7CB610FCA9} - hxxp://aolsvc.aol.com/onlinegames/sonybewitched/main.cab
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-16 10:01
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(4172)
c:\program files\Common Files\AOL\ACS\WLHook.dll
c:\program files\mcafee.com\antivirus\McVSSkt.dll
c:\program files\Babylon\Babylon-Pro\Captlib.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Common Files\aolshare\aolshcpy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Common Files\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\program files\Common Files\AOL\1157346037\EE\services\safetyCore\ver210_5_4_1\aolavupd.exe
c:\windows\ehome\ehrecvr.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
c:\windows\ehome\ehSched.exe
c:\windows\system32\E_S00RP1.EXE
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\CA\PPRT\bin\ITMRTSVC.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\progra~1\mcafee.com\ANTIVI~1\McShield.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Viewpoint\Common\ViewpointService.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
c:\program files\Lexmark X74-X75\lxbbbmon.exe
c:\progra~1\COMMON~1\AOL\115734~1\EE\SSCEVT~1.EXE
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\Windows Live\Contacts\wlcomm.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\ehome\ehmsas.exe
.
**************************************************************************
.
Completion time: 2009-06-16 10:06 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-16 17:06
ComboFix2.txt 2009-06-16 05:40

Pre-Run: 132,654,317,568 bytes free
Post-Run: 132,535,644,160 bytes free

846 --- E O F --- 2008-08-23 05:45

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u



This will also reset your restore points.

How is the machine running now?

Its running great No complaints

Mine isn't letting the silent runners run either. I get the same thing as on the others it flashes on the screen for half a second and is gone before I can do anything.

"Silent Runners.vbs", revision 59, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"


This is all I got both times I run Silent runners. I thought maybe I could get something to open on another computer so I attached the files and sent them to my work computer but that is really all they contain.