Website downloaded System Security onto my other computer

Hey,

An hour ago, I visited a malicious website that downloaded a program called System Security onto my pc. I do not profess any prowess with computers, but any normal virus is easy to remove with add/remove programs or sometimes the vundo removal program. The problem with this one, however, is that it is a "rootkit" virus (I did a little research of my own), and that it is difficult to remove. The problem being that I cannot access anything on my computer leaves me without a way to use it. The only way I can get my computer to work properly is running "Safe Mode with Networking" in the f8 boot menu and from there I am trying to system restore but I cannot. I am humbly asking that I receive help for this problem, and if all goes well I will do my best to contribute to your website.

Time is a factor here,
Distressed_User

I looked around on your website and saw that you like to see logfiles from hijackthis, so I downloaded the program onto my flash drive and put the Hijackthis program onto my other computer, which is sitting in safe mode at the moment, and got a log file. Does this change the outcome of the log file at all, that is, being in "Safe Mode with Networking?" I sure hope not, because I don't think I can manage to get the logfile running in Normal mode.

Well, I can email the logfile if you would like, my email is italianwjaq@hotmail.com

Please help, I am desperate.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:15:53 PM, on 6/19/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Mom\Application Data\U3\0981B96012D2EA1A\LaunchPad.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Documents and Settings\Mom\Desktop\hijackgpthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.imesh.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1FD79A59-37B1-459B-9097-09F9FAB8A523} - (no file)
O2 - BHO: (no name) - {376892AE-1825-4E5F-9F85-23F9640051CC} - (no file)
O2 - BHO: UrlHelper Class - {474597C5-AB09-49d6-A4D5-2E8D7341384E} - C:\Program Files\iMesh Applications\iMesh MediaBar\iMeshIEHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O2 - BHO: BDEX System - {D3464F94-A3FE-4675-8D96-49B008E12CD3} - C:\WINDOWS\dnqdlpmsom.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: The epxonwo - {D94D49D7-31D6-42E1-A5FE-438C7BFD6498} - C:\WINDOWS\epxonwo.dll (file missing)
O3 - Toolbar: (no name) - {B7D3E479-CC68-42B5-A338-938ECE35F419} - (no file)
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [net] "C:\WINDOWS\system32\net.net"
O4 - HKLM\..\Run: [16973434] C:\Documents and Settings\All Users\Application Data\16973434\16973434.exe
O4 - HKLM\..\Run: [96983426] C:\Documents and Settings\All Users\Application Data\96983426\96983426.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [kell] C:\Program Files\Manson\liser.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.antimalwareguard.com (HKLM)
O15 - Trusted Zone: *.gomyhit.com (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/framework/control/en-US/activex/TmHcmsX.CAB
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - https://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O20 - AppInit_DLLs: c:\progra~1\Manson\liser.dll
O20 - Winlogon Notify: pmkhh - C:\WINDOWS\System32\pmkhh.dll (file missing)
O21 - SSODL: gaonic - {f31aee4a-1530-4fef-8537-79c6973bff9a} - (no file)
O22 - SharedTaskScheduler: gaonic - {f31aee4a-1530-4fef-8537-79c6973bff9a} - (no file)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: jsr468ijdfghfjsw3rw3i6tjag80 - Unknown owner - C:\WINDOWS\jsr468ijdfghfjsw3rw3i6tjag81.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 9505 bytes

Update: Using the "Safe Mode with Networking" mode, I have uploaded the hijackthis, mbam-setup, and icesword. Hijackthis works (though I don't know if the logfile was altered by Safe Mode with Networking), but I cant get IceSword to open. I open the file, and the IceSword program gives me a:

Open device failed, error code: 1073741762
[ ok ]

then I get a:

Initialize Failed
[ ok ]

Not sure what that means, but I'll do some experimenting in Normal mode to see if I can get IceSword to open. Also, in Normal mode and Safe Mode with Networking, I'm unable to open up the Malwarebytes Anti Malware setup (mbam-setup) while in Safe Mode with Networking, not sure what the problem is there but I think the more you know about what's going on the better you can help.

Hello.

• Open HijackThis
  
• Choose "Do a system scan only"
  
• Check the boxes in front of these lines:
  
  
  O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
  O2 - BHO: (no name) - {1FD79A59-37B1-459B-9097-09F9FAB8A523} - (no file)
  O2 - BHO: (no name) - {376892AE-1825-4E5F-9F85-23F9640051CC} - (no file)
  O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
  O2 - BHO: BDEX System - {D3464F94-A3FE-4675-8D96-49B008E12CD3} - C:\WINDOWS\dnqdlpmsom.dll (file missing)
  O3 - Toolbar: The epxonwo - {D94D49D7-31D6-42E1-A5FE-438C7BFD6498} - C:\WINDOWS\epxonwo.dll (file missing)
  O3 - Toolbar: (no name) - {B7D3E479-CC68-42B5-A338-938ECE35F419} - (no file)
  O4 - HKLM\..\Run: [net] "C:\WINDOWS\system32\net.net"
  O4 - HKLM\..\Run: [16973434] C:\Documents and Settings\All Users\Application Data\16973434\16973434.exe
  O4 - HKLM\..\Run: [96983426] C:\Documents and Settings\All Users\Application Data\96983426\96983426.exe
  O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
  O4 - HKUS\S-1-5-18\..\Run: [kell] C:\Program Files\Manson\liser.exe (User 'SYSTEM')
  O15 - Trusted Zone: *.antimalwareguard.com (HKLM)
  O15 - Trusted Zone: *.gomyhit.com (HKLM)
  O18 - Filter hijack: text/html - (no CLSID) - (no file)
  O20 - AppInit_DLLs: c:\progra~1\Manson\liser.dll
  O20 - Winlogon Notify: pmkhh - C:\WINDOWS\System32\pmkhh.dll (file missing)
  O21 - SSODL: gaonic - {f31aee4a-1530-4fef-8537-79c6973bff9a} - (no file)
  O22 - SharedTaskScheduler: gaonic - {f31aee4a-1530-4fef-8537-79c6973bff9a} - (no file)
  
  
  
• Press "Fix Checked"
  
• Close Hijack This.
  

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

I used hijackthis to remove all of the selected files, and I am no longer getting those System Security pop ups and have access to my programs. Having a bit of trouble downloading the MBAM program though, computer freezes after a minute or two (my computer is a really nice one, so just being an sub-par computer is out of the question)

I'll update as my situation changes.

You don't even have an Antivirus installed!
This is somewhat suicidal in today's digital world.
That's why I want you to install one first!!

* Please install Avira Antivirus: http://www.free-av.com/
This is a free Antivirus.

Perform a full scan with Avira and let it delete everything it is finding.
Then reboot.
After reboot, open your Avira and select "reports".
There doubleclick the report from the Full scan you have done. Click the "Report File" button and copy and paste this report in your next reply.
Then we'll start from there, because it really makes no sense otherwise that we clean this up manually if an Antivirusscan is not present which should be able to deal with most and prevent further reinfection.

Installed Avira, but I can't seem to get a full scan finished. Everytime I set it to go, it stops at 53.6% while scanning the NTuser.DAT file. I downloaded all of the updates before scanning

ComboFix 09-06-20.01 - Mom 06/20/2009 14:12.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2714 [GMT -6:00]
Running from: c:\documents and settings\Mom\Desktop\Combo-Fix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\16973434
c:\documents and settings\All Users\Application Data\96983426
c:\program files\Manson
c:\temp\1cb
c:\temp\fse
c:\documents and settings\All Users\Application Data\16973434\16973434.exe
c:\documents and settings\All Users\Application Data\16973434\16973434.glu
c:\documents and settings\All Users\Application Data\16973434\pc16973434cnf
c:\documents and settings\All Users\Application Data\16973434\pc16973434ins
c:\documents and settings\All Users\Application Data\96983426\96983426.exe
c:\documents and settings\Antonio\Application Data\Install.dat
c:\program files\Manson\liser.dll
c:\temp\fse\tmpZTF.log
c:\windows\dat.txt
c:\windows\search_res.txt
c:\windows\system32\drivers\SKYNETquievoty.sys
c:\windows\system32\drivers\UACjroyennixocomuh.sys
c:\windows\SYSTEM32\hhkmp.bak2
c:\windows\system32\hhkmp.ini
c:\windows\system32\hhkmp.ini2
c:\windows\SYSTEM32\hhkmp.tmp
c:\windows\system32\open.ico
c:\windows\SYSTEM32\oqstv.bak1
c:\windows\SYSTEM32\oqstv.bak2
c:\windows\system32\SKYNETeilrixqb.dll
c:\windows\system32\SKYNETmqhxwokk.dat
c:\windows\system32\SKYNETorxxocui.dll
c:\windows\system32\UACahguhrwgkvbdtre.db
c:\windows\system32\UACavrvlyfexmbhqmecb.log
c:\windows\system32\UACcjnuusfcabrnndm.dll
c:\windows\system32\UACdltgcfjwokerrtx.dll
c:\windows\system32\UACgkyhtmtgrpjsfsn.dll
c:\windows\system32\UAChgqeaiidpqpqfpk.dat
c:\windows\system32\UAChosspulqsppufagvr.log
c:\windows\system32\uacinit.dll
c:\windows\system32\UACivkfbpnjrxqxwcj.dll
c:\windows\system32\UACnydnugudduxihrq.dll
c:\windows\system32\UACqyowlfunokyswlx.dll
c:\windows\system32\uactmp.db
c:\windows\system32\UACxueorcnvnpfjxdiky.log
D:\install.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SKYNETbgxtatxm
-------\Service_UACd.sys


((((((((((((((((((((((((( Files Created from 2009-05-20 to 2009-06-20 )))))))))))))))))))))))))))))))
.

2009-06-20 17:18 . 2009-06-20 17:18 404225 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\update.exe
2009-06-20 17:18 . 2009-06-20 17:18 345345 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\update.dll
2009-06-20 17:18 . 2009-04-09 16:20 79105 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\updaterc.dll
2009-06-20 17:18 . 2009-02-27 17:59 8961 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\updguirc.dll
2009-06-20 17:18 . 2009-02-24 19:16 117505 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\updgui.dll
2009-06-20 17:18 . 2009-02-13 22:01 79105 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\updext.dll
2009-06-20 17:18 . 2008-12-05 17:32 126721 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\scewxmlw.dll
2009-06-20 02:13 . 2009-03-30 16:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-06-20 02:13 . 2009-03-24 22:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-06-20 02:13 . 2009-02-13 18:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-06-20 02:13 . 2009-02-13 18:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-06-20 02:13 . 2009-06-20 02:13 -------- d-----w- c:\program files\Avira
2009-06-20 02:13 . 2009-06-20 02:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-06-20 01:04 . 2009-06-17 17:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-20 01:04 . 2009-06-20 01:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malwar
2009-06-20 01:02 . 2009-06-20 01:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-20 01:02 . 2009-06-17 17:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-20 00:28 . 2009-06-20 01:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-20 00:25 . 2009-06-20 00:25 -------- d-----w- c:\documents and settings\Mom\Application Data\MSN6
2009-06-20 00:25 . 2009-06-20 00:25 -------- d-----w- c:\documents and settings\All Users\Application Data\MSN6
2009-06-19 22:57 . 2009-06-19 22:57 -------- d-----w- c:\documents and settings\Mom\Application Data\BitZipper
2009-06-19 22:16 . 2006-05-24 00:04 110592 ----a-w- c:\documents and settings\Mom\Application Data\U3\temp\cleanup.exe
2009-06-19 22:00 . 2009-06-19 22:16 -------- d-----w- c:\documents and settings\Mom\Application Data\U3
2009-06-19 21:18 . 2009-06-19 21:18 -------- d-----w- c:\documents and settings\Mom\Local Settings\Application Data\AIM Toolbar
2009-06-19 20:13 . 2009-06-19 20:13 -------- d-----w- c:\documents and settings\Antonio\Local Settings\Application Data\AIM Toolbar
2009-06-19 20:13 . 2009-06-19 20:13 12288 ----a-w- c:\windows\jsr468ijdfghfjsw3rw3i6tjag81.exe
2009-06-18 19:39 . 2009-06-18 19:39 -------- d-----w- c:\program files\Common Files\Software Update Utility
2009-06-18 19:39 . 2009-06-18 19:39 -------- d-----w- c:\program files\AIM Toolbar
2009-06-18 19:39 . 2009-06-18 19:39 -------- d-----w- c:\documents and settings\All Users\Application Data\AIM Toolbar
2009-06-18 19:39 . 2009-06-18 19:39 -------- d-----w- c:\documents and settings\All Users\Application Data\acccore
2009-06-16 14:33 . 2009-06-16 14:33 -------- d-----w- c:\windows\system32\Adobe
2009-06-16 14:30 . 2009-06-16 14:30 -------- d-----w- c:\documents and settings\Antonio\Application Data\BitZipper
2009-06-16 14:30 . 2009-06-16 14:30 -------- d-----w- c:\program files\BitZipper

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-20 19:54 . 2004-09-12 21:19 288 ----a-w- c:\windows\system32\DVCStateBkp-{00000004-00000000-00000001-00001102-00000004-10031102}.dat
2009-06-20 19:54 . 2004-09-12 21:19 288 ----a-w- c:\windows\system32\DVCState-{00000004-00000000-00000001-00001102-00000004-10031102}.dat
2009-06-19 21:58 . 2007-04-19 08:02 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2009-06-19 20:29 . 2007-02-04 04:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-06-19 17:39 . 2004-10-30 19:38 -------- d-----w- c:\program files\Warcraft III
2009-06-18 19:39 . 2006-12-16 23:17 -------- d-----w- c:\program files\AIM6
2009-06-18 19:39 . 2004-10-12 02:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-05-17 00:25 . 2008-03-07 05:50 -------- d-----w- c:\program files\Steam
2009-05-17 00:12 . 2009-05-17 00:10 -------- d-----w- c:\documents and settings\Antonio\Application Data\dota_allstars
2009-05-17 00:10 . 2009-05-17 00:10 -------- d-----w- c:\documents and settings\Antonio\Application Data\dota-allstars.71E01812711E1682B196CE418CDA466F24682743.1
2009-05-17 00:07 . 2009-05-17 00:07 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-05-17 00:07 . 2009-05-17 00:10 38208 ----a-w- c:\documents and settings\Antonio\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-05-13 12:03 . 2009-05-13 12:03 -------- d-----w- c:\program files\Microsoft
2009-05-13 12:02 . 2004-09-12 21:12 -------- d-----w- c:\program files\Java
2009-05-13 12:00 . 2009-05-13 12:00 152576 ----a-w- c:\documents and settings\Antonio\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-05-12 01:52 . 2008-03-29 02:30 -------- d-----w- c:\documents and settings\Antonio\Application Data\LimeWire
2009-05-10 17:59 . 2009-05-10 17:59 -------- d-----w- c:\program files\uTorrent
2009-05-07 15:32 . 2004-03-19 22:38 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-07 03:15 . 2009-05-07 03:06 -------- d-----w- c:\program files\Coupons
2009-05-06 18:11 . 2009-05-06 18:11 69120 ----a-w- c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\aimtbres.dll
2009-04-30 02:27 . 2008-05-07 12:59 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-04-29 04:56 . 2005-06-18 05:49 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2005-12-10 01:21 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-22 23:48 . 2004-10-30 20:11 69025 ----a-w- c:\windows\War3Unin.dat
2009-04-19 11:54 . 2004-03-20 17:57 88611 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2009-04-17 12:26 . 2003-09-25 14:35 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-03-06 02:16 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-09 06:45 . 2009-04-19 13:26 2602736 -c--a-w- c:\documents and settings\All Users\Application Data\{1E77E486-38CF-4688-B1E4-B86D08856D09}\Impulse_setup.exe
2009-04-07 16:48 . 2009-04-19 13:25 9728 -c--a-w- c:\documents and settings\All Users\Application Data\{1E77E486-38CF-4688-B1E4-B86D08856D09}\OFFLINE\86D01CB6\597810BF\DeElevator64.dll
2009-04-07 16:48 . 2009-04-19 13:25 323584 -c--a-w- c:\documents and settings\All Users\Application Data\{1E77E486-38CF-4688-B1E4-B86D08856D09}\OFFLINE\86D01CB6\757C30BC\ImpulseNow.exe
2009-04-06 22:19 . 2009-04-19 13:25 587120 -c--a-w- c:\documents and settings\All Users\Application Data\{1E77E486-38CF-4688-B1E4-B86D08856D09}\OFFLINE\86D01CB6\12FD35EB\SDC.dll
2009-04-06 22:19 . 2009-04-19 13:25 9072 -c--a-w- c:\documents and settings\All Users\Application Data\{1E77E486-38CF-4688-B1E4-B86D08856D09}\OFFLINE\86D01CB6\7A63466D\Sd.Irc.resources.dll
2009-03-27 14:20 . 2009-04-19 13:25 616696 -c--a-w- c:\documents and settings\All Users\Application Data\{1E77E486-38CF-4688-B1E4-B86D08856D09}\OFFLINE\86D01CB6\597810BF\7z.dll
2007-04-13 20:58 . 2004-12-06 02:33 848 --sha-w- c:\windows\SYSTEM32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{474597C5-AB09-49d6-A4D5-2E8D7341384E}]
2008-02-07 10:54 398768 ----a-w- c:\program files\iMesh Applications\iMesh MediaBar\iMeshIEHelper.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"mmtask"="c:\program files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe" [2004-04-19 53248]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-04 111936]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 86016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"nwiz"="nwiz.exe" - c:\windows\SYSTEM32\nwiz.exe [2008-09-17 1657376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Symantec NetDriver Warning"="c:\progra~1\SYMNET~1\SNDWarn.exe" [2004-10-29 218232]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\windows\SYSTEM32\narrator.exe [2008-04-14 53760]

c:\documents and settings\Antonio\Start Menu\Programs\Startup\
ImpulseNow.lnk - c:\program files\Stardock\Impulse\Now\ImpulseNow.exe [2009-4-7 356352]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=c:\windows\pss\Google Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Warcraft III\\Frozen Throne.exe"=
"c:\\WINDOWS\\SYSTEM32\\dpvsetup.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Documents and Settings\\Antonio\\Local Settings\\Application Data\\Octoshape\\Octoshape Streaming Services\\OctoshapeClient.exe"=
"c:\\Documents and Settings\\Antonio\\Desktop\\list checker\\pickup.listchecker.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Stardock Games\\Sins of a Solar Empire\\Sins of a Solar Empire.exe"=
"c:\\Program Files\\Stardock Games\\Sins of a Solar Empire\\Sins of a Solar Empire Entrenchment.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Games\\DotA Allstars\\DotA Allstars.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader
"6112:TCP"= 6112:TCP:Blizzard Downloader
"6112:UDP"= 6112:UDP:war3
"6881:TCP"= 6881:TCP:Bliz DL
"6882:TCP"= 6882:TCP:Bliz DL
"6883:TCP"= 6883:TCP:Bliz DL
"6884:TCP"= 6884:TCP:Bliz DL
"6885:TCP"= 6885:TCP:Bliz DL
"6886:TCP"= 6886:TCP:Bliz DL
"6887:TCP"= 6887:TCP:Bliz DL
"6888:TCP"= 6888:TCP:Bliz DL
"6889:TCP"= 6889:TCP:Bliz DL
"6890:TCP"= 6890:TCP:Bliz DL
"6891:TCP"= 6891:TCP:Bliz DL
"6892:TCP"= 6892:TCP:Bliz DL
"6893:TCP"= 6893:TCP:Bliz DL
"6894:TCP"= 6894:TCP:Bliz DL
"6895:TCP"= 6895:TCP:Bliz DL
"6896:TCP"= 6896:TCP:Bliz DL
"6897:TCP"= 6897:TCP:Bliz DL
"6898:TCP"= 6898:TCP:Bliz DL
"6899:TCP"= 6899:TCP:Bliz DL
"6900:TCP"= 6900:TCP:Bliz DL
"6901:TCP"= 6901:TCP:Bliz DL
"6902:TCP"= 6902:TCP:Bliz DL
"6903:TCP"= 6903:TCP:Bliz DL
"6904:TCP"= 6904:TCP:Bliz DL
"6905:TCP"= 6905:TCP:Bliz DL
"6906:TCP"= 6906:TCP:Bliz DL
"6907:TCP"= 6907:TCP:Bliz DL
"6908:TCP"= 6908:TCP:Bliz DL
"6909:TCP"= 6909:TCP:Bliz DL
"6910:TCP"= 6910:TCP:Bliz DL
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [6/19/2009 8:13 PM 108289]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [7/27/2008 11:47 AM 24652]
S2 jsr468ijdfghfjsw3rw3i6tjag80;jsr468ijdfghfjsw3rw3i6tjag80;c:\windows\jsr468ijdfghfjsw3rw3i6tjag81.exe [6/19/2009 2:13 PM 12288]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\SYSTEM32\DRIVERS\npf.sys [11/6/2007 2:22 PM 34064]
.
Contents of the 'Scheduled Tasks' folder

2009-06-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

2009-06-20 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-04 04:07]

2009-06-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3266804482-31885879-1419466287-1005.job
- c:\documents and settings\Antonio\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-06 15:58]

2009-06-17 c:\windows\Tasks\HP DArC Task 2003-06-26 13:16ewlett-Packard2003-06-26 13:16p psc 1300 seriesA3652443A372B157BFD83129692C2C2475483DE7100662946.job
- c:\program files\HP\hpcoretech\comp\hpdarc.exe [2003-06-27 00:50]

2009-06-20 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2004-09-12 22:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.dell4me.com/myway
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-20 14:22
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-06-20 14:24
ComboFix-quarantined-files.txt 2009-06-20 20:24

Pre-Run: 171,743,096,832 bytes free
Post-Run: 174,842,875,904 bytes free

262 --- E O F --- 2009-06-19 20:36

Now open a new notepad file.
Input this into the notepad file:

KILLALL::

File::
c:\windows\jsr468ijdfghfjsw3rw3i6tjag81.exe

Driver::
jsr468ijdfghfjsw3rw3i6tjag80

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.

ComboFix 09-06-20.02 - Mom 06/20/2009 15:07.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2610 [GMT -6:00]
Running from: c:\documents and settings\Mom\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Mom\Desktop\CFScript.txt.txt
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}

FILE ::
"c:\windows\jsr468ijdfghfjsw3rw3i6tjag81.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\jsr468ijdfghfjsw3rw3i6tjag81.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_JSR468IJDFGHFJSW3RW3I6TJAG80
-------\Service_jsr468ijdfghfjsw3rw3i6tjag80


((((((((((((((((((((((((( Files Created from 2009-05-20 to 2009-06-20 )))))))))))))))))))))))))))))))
.

2009-06-20 17:18 . 2009-06-20 17:18 404225 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\update.exe
2009-06-20 17:18 . 2009-06-20 17:18 345345 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\update.dll
2009-06-20 17:18 . 2009-04-09 16:20 79105 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\updaterc.dll
2009-06-20 17:18 . 2009-02-27 17:59 8961 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\updguirc.dll
2009-06-20 17:18 . 2009-02-24 19:16 117505 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\updgui.dll
2009-06-20 17:18 . 2009-02-13 22:01 79105 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\updext.dll
2009-06-20 17:18 . 2008-12-05 17:32 126721 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\scewxmlw.dll
2009-06-20 02:13 . 2009-03-30 16:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-06-20 02:13 . 2009-03-24 22:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-06-20 02:13 . 2009-02-13 18:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-06-20 02:13 . 2009-02-13 18:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-06-20 02:13 . 2009-06-20 02:13 -------- d-----w- c:\program files\Avira
2009-06-20 02:13 . 2009-06-20 02:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-06-20 01:04 . 2009-06-17 17:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-20 01:04 . 2009-06-20 01:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malwar
2009-06-20 01:02 . 2009-06-20 01:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-20 01:02 . 2009-06-17 17:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-20 00:28 . 2009-06-20 01:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-20 00:25 . 2009-06-20 00:25 -------- d-----w- c:\documents and settings\Mom\Application Data\MSN6
2009-06-20 00:25 . 2009-06-20 00:25 -------- d-----w- c:\documents and settings\All Users\Application Data\MSN6
2009-06-19 22:57 . 2009-06-19 22:57 -------- d-----w- c:\documents and settings\Mom\Application Data\BitZipper
2009-06-19 22:16 . 2006-05-24 00:04 110592 ----a-w- c:\documents and settings\Mom\Application Data\U3\temp\cleanup.exe
2009-06-19 22:00 . 2009-06-19 22:16 -------- d-----w- c:\documents and settings\Mom\Application Data\U3
2009-06-19 21:18 . 2009-06-19 21:18 -------- d-----w- c:\documents and settings\Mom\Local Settings\Application Data\AIM Toolbar
2009-06-19 20:13 . 2009-06-19 20:13 -------- d-----w- c:\documents and settings\Antonio\Local Settings\Application Data\AIM Toolbar
2009-06-18 19:39 . 2009-06-18 19:39 -------- d-----w- c:\program files\Common Files\Software Update Utility
2009-06-18 19:39 . 2009-06-18 19:39 -------- d-----w- c:\program files\AIM Toolbar
2009-06-18 19:39 . 2009-06-18 19:39 -------- d-----w- c:\documents and settings\All Users\Application Data\AIM Toolbar
2009-06-18 19:39 . 2009-06-18 19:39 -------- d-----w- c:\documents and settings\All Users\Application Data\acccore
2009-06-16 14:33 . 2009-06-16 14:33 -------- d-----w- c:\windows\system32\Adobe
2009-06-16 14:30 . 2009-06-16 14:30 -------- d-----w- c:\documents and settings\Antonio\Application Data\BitZipper
2009-06-16 14:30 . 2009-06-16 14:30 -------- d-----w- c:\program files\BitZipper

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-20 21:09 . 2004-09-12 21:19 288 ----a-w- c:\windows\system32\DVCStateBkp-{00000004-00000000-00000001-00001102-00000004-10031102}.dat
2009-06-20 21:09 . 2004-09-12 21:19 288 ----a-w- c:\windows\system32\DVCState-{00000004-00000000-00000001-00001102-00000004-10031102}.dat
2009-06-19 21:58 . 2007-04-19 08:02 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2009-06-19 20:29 . 2007-02-04 04:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-06-19 17:39 . 2004-10-30 19:38 -------- d-----w- c:\program files\Warcraft III
2009-06-18 19:39 . 2006-12-16 23:17 -------- d-----w- c:\program files\AIM6
2009-06-18 19:39 . 2004-10-12 02:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-05-17 00:25 . 2008-03-07 05:50 -------- d-----w- c:\program files\Steam
2009-05-17 00:12 . 2009-05-17 00:10 -------- d-----w- c:\documents and settings\Antonio\Application Data\dota_allstars
2009-05-17 00:10 . 2009-05-17 00:10 -------- d-----w- c:\documents and settings\Antonio\Application Data\dota-allstars.71E01812711E1682B196CE418CDA466F24682743.1
2009-05-17 00:07 . 2009-05-17 00:07 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-05-17 00:07 . 2009-05-17 00:10 38208 ----a-w- c:\documents and settings\Antonio\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-05-13 12:03 . 2009-05-13 12:03 -------- d-----w- c:\program files\Microsoft
2009-05-13 12:02 . 2004-09-12 21:12 -------- d-----w- c:\program files\Java
2009-05-13 12:00 . 2009-05-13 12:00 152576 ----a-w- c:\documents and settings\Antonio\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-05-12 01:52 . 2008-03-29 02:30 -------- d-----w- c:\documents and settings\Antonio\Application Data\LimeWire
2009-05-10 17:59 . 2009-05-10 17:59 -------- d-----w- c:\program files\uTorrent
2009-05-07 15:32 . 2004-03-19 22:38 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-07 03:15 . 2009-05-07 03:06 -------- d-----w- c:\program files\Coupons
2009-05-06 18:11 . 2009-05-06 18:11 69120 ----a-w- c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\aimtbres.dll
2009-04-30 02:27 . 2008-05-07 12:59 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-04-29 04:56 . 2005-06-18 05:49 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2005-12-10 01:21 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-22 23:48 . 2004-10-30 20:11 69025 ----a-w- c:\windows\War3Unin.dat
2009-04-19 11:54 . 2004-03-20 17:57 88611 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2009-04-17 12:26 . 2003-09-25 14:35 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-03-06 02:16 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-09 06:45 . 2009-04-19 13:26 2602736 -c--a-w- c:\documents and settings\All Users\Application Data\{1E77E486-38CF-4688-B1E4-B86D08856D09}\Impulse_setup.exe
2009-04-07 16:48 . 2009-04-19 13:25 9728 -c--a-w- c:\documents and settings\All Users\Application Data\{1E77E486-38CF-4688-B1E4-B86D08856D09}\OFFLINE\86D01CB6\597810BF\DeElevator64.dll
2009-04-07 16:48 . 2009-04-19 13:25 323584 -c--a-w- c:\documents and settings\All Users\Application Data\{1E77E486-38CF-4688-B1E4-B86D08856D09}\OFFLINE\86D01CB6\757C30BC\ImpulseNow.exe
2009-04-06 22:19 . 2009-04-19 13:25 587120 -c--a-w- c:\documents and settings\All Users\Application Data\{1E77E486-38CF-4688-B1E4-B86D08856D09}\OFFLINE\86D01CB6\12FD35EB\SDC.dll
2009-04-06 22:19 . 2009-04-19 13:25 9072 -c--a-w- c:\documents and settings\All Users\Application Data\{1E77E486-38CF-4688-B1E4-B86D08856D09}\OFFLINE\86D01CB6\7A63466D\Sd.Irc.resources.dll
2009-03-27 14:20 . 2009-04-19 13:25 616696 -c--a-w- c:\documents and settings\All Users\Application Data\{1E77E486-38CF-4688-B1E4-B86D08856D09}\OFFLINE\86D01CB6\597810BF\7z.dll
2007-04-13 20:58 . 2004-12-06 02:33 848 --sha-w- c:\windows\SYSTEM32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-06-20_20.22.56 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-20 21:10 . 2009-06-20 21:10 16384 c:\windows\temp\Perflib_Perfdata_250.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{474597C5-AB09-49d6-A4D5-2E8D7341384E}]
2008-02-07 10:54 398768 ----a-w- c:\program files\iMesh Applications\iMesh MediaBar\iMeshIEHelper.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"mmtask"="c:\program files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe" [2004-04-19 53248]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-04 111936]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 86016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"nwiz"="nwiz.exe" - c:\windows\SYSTEM32\nwiz.exe [2008-09-17 1657376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Symantec NetDriver Warning"="c:\progra~1\SYMNET~1\SNDWarn.exe" [2004-10-29 218232]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\windows\SYSTEM32\narrator.exe [2008-04-14 53760]

c:\documents and settings\Antonio\Start Menu\Programs\Startup\
ImpulseNow.lnk - c:\program files\Stardock\Impulse\Now\ImpulseNow.exe [2009-4-7 356352]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=c:\windows\pss\Google Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Warcraft III\\Frozen Throne.exe"=
"c:\\WINDOWS\\SYSTEM32\\dpvsetup.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Documents and Settings\\Antonio\\Local Settings\\Application Data\\Octoshape\\Octoshape Streaming Services\\OctoshapeClient.exe"=
"c:\\Documents and Settings\\Antonio\\Desktop\\list checker\\pickup.listchecker.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Stardock Games\\Sins of a Solar Empire\\Sins of a Solar Empire.exe"=
"c:\\Program Files\\Stardock Games\\Sins of a Solar Empire\\Sins of a Solar Empire Entrenchment.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Games\\DotA Allstars\\DotA Allstars.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader
"6112:TCP"= 6112:TCP:Blizzard Downloader
"6112:UDP"= 6112:UDP:war3
"6881:TCP"= 6881:TCP:Bliz DL
"6882:TCP"= 6882:TCP:Bliz DL
"6883:TCP"= 6883:TCP:Bliz DL
"6884:TCP"= 6884:TCP:Bliz DL
"6885:TCP"= 6885:TCP:Bliz DL
"6886:TCP"= 6886:TCP:Bliz DL
"6887:TCP"= 6887:TCP:Bliz DL
"6888:TCP"= 6888:TCP:Bliz DL
"6889:TCP"= 6889:TCP:Bliz DL
"6890:TCP"= 6890:TCP:Bliz DL
"6891:TCP"= 6891:TCP:Bliz DL
"6892:TCP"= 6892:TCP:Bliz DL
"6893:TCP"= 6893:TCP:Bliz DL
"6894:TCP"= 6894:TCP:Bliz DL
"6895:TCP"= 6895:TCP:Bliz DL
"6896:TCP"= 6896:TCP:Bliz DL
"6897:TCP"= 6897:TCP:Bliz DL
"6898:TCP"= 6898:TCP:Bliz DL
"6899:TCP"= 6899:TCP:Bliz DL
"6900:TCP"= 6900:TCP:Bliz DL
"6901:TCP"= 6901:TCP:Bliz DL
"6902:TCP"= 6902:TCP:Bliz DL
"6903:TCP"= 6903:TCP:Bliz DL
"6904:TCP"= 6904:TCP:Bliz DL
"6905:TCP"= 6905:TCP:Bliz DL
"6906:TCP"= 6906:TCP:Bliz DL
"6907:TCP"= 6907:TCP:Bliz DL
"6908:TCP"= 6908:TCP:Bliz DL
"6909:TCP"= 6909:TCP:Bliz DL
"6910:TCP"= 6910:TCP:Bliz DL
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [6/19/2009 8:13 PM 108289]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [7/27/2008 11:47 AM 24652]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\SYSTEM32\DRIVERS\npf.sys [11/6/2007 2:22 PM 34064]
.
Contents of the 'Scheduled Tasks' folder

2009-06-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

2009-06-20 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-04 04:07]

2009-06-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3266804482-31885879-1419466287-1005.job
- c:\documents and settings\Antonio\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-06 15:58]

2009-06-17 c:\windows\Tasks\HP DArC Task 2003-06-26 13:16ewlett-Packard2003-06-26 13:16p psc 1300 seriesA3652443A372B157BFD83129692C2C2475483DE7100662946.job
- c:\program files\HP\hpcoretech\comp\hpdarc.exe [2003-06-27 00:50]

2009-06-20 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2004-09-12 22:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.dell4me.com/myway
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-20 15:10
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(316)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Application Accelerator\IAANTmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\SYSTEM32\nvsvc32.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\SYSTEM32\MsPMSPSv.exe
c:\windows\SYSTEM32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Java\jre6\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2009-06-20 15:16 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-20 21:16
ComboFix2.txt 2009-06-20 20:24

Pre-Run: 174,861,766,656 bytes free
Post-Run: 174,761,775,104 bytes free

250 --- E O F --- 2009-06-19 20:36

Update:
Computer function has returned as far as I can tell. I have ran Avira and found 22 Detections and quarantined them then deleted them from quarantine. Not sure if there is anything else you want me to do, but im all ears.

Hello.
Good to hear, nearly done now though.

• Open HijackThis.
  
• When Hijack This opens, click "Open the Misc Tools section"
  
• Then select "Open Uninstall Manager"
  
• Click on "Save List..." (generates uninstall_list.txt)
  
• Click Save, copy and paste the results in your next post.
  

Acrobat.com
Acrobat.com
Ad-Aware SE Personal
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9
Adobe Shockwave Player 11.5
Advertisement Service
AIM 6
AIM Toolbar
Apple Mobile Device Support
Apple Software Update
ATI Control Panel
ATI Display Driver
ATI HYDRAVISION
AVI Movie Player
Avira AntiVir Personal - Free Antivirus
BitComet 0.60
BitZipper 2009
Bonjour
Broadcom Advanced Control Suite 2
Coupon Printer for Windows
Creative MediaSource
Critical Update for Windows Media Player 11 (KB959772)
Debugging Tools for Windows
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Solution Center
DivX Web Player
DotA Allstars Launcher
Download Updater (AOL LLC)
Fraps
Google Updater
Higher Score on the ACT
HijackThis 1.99.1
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
HP Photo & Imaging 3.1
HP PSC & OfficeJet 3.0
HP Software Update
HTC PPC6800 User Manual
Impulse
Impulse
InstallMgr
Intel Application Accelerator
Interactive Precalculus Sixth Edition
Internet Explorer Default Page
iPod for Windows 2005-03-23
iTunes
J2SE Runtime Environment 5.0 Update 8
Jasc Paint Shop Photo Album
Jasc Paint Shop Pro 8 Dell Edition
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 13
LiveUpdate 2.5 (Symantec Corporation)
Macromedia Shockwave Player
Malwarebytes' Anti-Malware
Matrix3DSetup.exe
MediaBar 2.0 (iMesh)
Memories Disc Creator 2.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft ActiveSync
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Default Manager
Microsoft Encarta Encyclopedia Standard 2004
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office PowerPoint Viewer 2003
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
MobileMe Control Panel
MSN Toolbar
MSN Toolbar
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6 Service Pack 2 (KB954459)
MUSICMATCH Jukebox
NVIDIA Drivers
NVIDIA PhysX v8.09.04
OpenOffice.org Installer 1.0
PeerGuardian 2.0
Power Audio Cutter 1.3
PowerDVD 5.1
QuickTime
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Shockwave
Sins of a Solar Empire
Sins of a Solar Empire
Sins of a Solar Empire - Entrenchment
Sonic MyDVD
Sonic Update Manager
Sound Blaster Audigy 2
SpeechRedist
Total Annihilation - Core Contingency
UltimateBet
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Ventrilo Client
VeohTV BETA
VideoLAN VLC media player 0.8.2
Viewpoint Media Player
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Media Player 9 Hotfix [See KB885492 for more information]
Windows XP Service Pack 3
WinPcap 4.0.2
WinRAR archiver
WordPerfect Office 12

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

BitComet 0.60
J2SE Runtime Environment 5.0 Update 8
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 13
LiveUpdate 2.5 (Symantec Corporation)
Viewpoint Media Player

How is the machine running now?