Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Cyber-x-log Logs Posted


  • This topic is locked This topic is locked
3 replies to this topic

#1 tman2020

tman2020

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:38 AM

Posted 04 December 2007 - 10:15 PM

Looks like I'm infected with at least Cyber-X-log

Ran Smit fraud first

Then ran NoLop (It found nothing)

Then ran DSS. DSS ran an emulated HijackThis

Will post below in order as was listed.


SmitFraudFix v2.258

Scan done at 18:11:20.68, Tue 12/04/2007
Run from C:\Documents and Settings\Jeff\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\SmVmZg\command.exe
C:\Program Files\ProcessGuard\dcsuserprot.exe
C:\WINDOWS\system32\hwhgpgwv.exe
C:\Program Files\Network Monitor\netmon.exe
C:\WINDOWS\System32\msmng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ProcessGuard\pgaccount.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\mrofinu72.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\XEROX\horydytak77798.exe
C:\WINDOWS\SYSTEM32\MUI\0009\iexplore.exe
C:\Program Files\ProcessGuard\procguard.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\PROGRA~1\ICROSO~1.NET\lsass.exe
C:\Program Files\QdrModule\QdrModule10.exe
C:\Program Files\WinAble\winable.exe
C:\Program Files\Insider\Insider.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Jeff\Application Data\Microsoft\Windows\igxqras.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

C:\WINDOWS\inetloader.dll FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Jeff


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Jeff\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Jeff\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\TrustIn Contextual\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Broadcom 440x 10/100 Integrated Controller - Packet Scheduler Miniport
DNS Server Search Order: 216.110.195.2
DNS Server Search Order: 216.110.195.3

HKLM\SYSTEM\CCS\Services\Tcpip\..\{32417CDB-A755-48B9-8319-AC594480A4BD}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{32417CDB-A755-48B9-8319-AC594480A4BD}: NameServer=216.110.195.2,216.110.195.3
HKLM\SYSTEM\CS1\Services\Tcpip\..\{32417CDB-A755-48B9-8319-AC594480A4BD}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{32417CDB-A755-48B9-8319-AC594480A4BD}: NameServer=216.110.195.2,216.110.195.3
HKLM\SYSTEM\CS2\Services\Tcpip\..\{32417CDB-A755-48B9-8319-AC594480A4BD}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{32417CDB-A755-48B9-8319-AC594480A4BD}: NameServer=216.110.195.2,216.110.195.3
HKLM\SYSTEM\CS3\Services\Tcpip\..\{32417CDB-A755-48B9-8319-AC594480A4BD}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{32417CDB-A755-48B9-8319-AC594480A4BD}: NameServer=216.110.195.2,216.110.195.3
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End







Now DSS main





Deckard's System Scanner v20071014.68
Run by Jeff on 2007-12-04 18:34:39
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
93: 2007-12-05 02:34:47 UTC - RP753 - Deckard's System Scanner Restore Point
92: 2007-12-02 23:13:56 UTC - RP752 - Last known good configuration
91: 2007-12-02 23:13:48 UTC - RP751 - System Checkpoint
90: 2007-12-02 23:13:48 UTC - RP750 - System Checkpoint
89: 2007-12-02 23:13:48 UTC - RP749 - System Checkpoint


-- First Restore Point --
1: 2007-12-02 23:13:10 UTC - RP661 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2007-12-04 18:38:32
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\SYSTEM32\smss.exe
C:\WINDOWS\SYSTEM32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\SYSTEM32\services.exe
C:\WINDOWS\SYSTEM32\lsass.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\WINDOWS\SYSTEM32\LEXBCES.EXE
C:\WINDOWS\SYSTEM32\spoolsv.exe
C:\WINDOWS\SYSTEM32\LEXPPS.EXE
C:\WINDOWS\SmVmZg\command.exe
C:\Program Files\ProcessGuard\DCSUserProt.exe
C:\WINDOWS\SYSTEM32\hwhgpgwv.exe
C:\Program Files\Network Monitor\netmon.exe
C:\WINDOWS\SYSTEM32\msmng.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\WINDOWS\SYSTEM32\alg.exe
C:\WINDOWS\SYSTEM32\wscntfy.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\SYSTEM32\dla\tfswctrl.exe
C:\WINDOWS\SYSTEM32\ctfmon.exe
C:\Program Files\ProcessGuard\pgaccount.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\mrofinu72.exe
C:\WINDOWS\SYSTEM32\cmd.exe
C:\Program Files\XEROX\horydytak77798.exe
C:\WINDOWS\SYSTEM32\MUI\0009\iexplore.exe
C:\Program Files\ProcessGuard\procguard.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\?icrosoft.NET\lsass.exe
C:\Program Files\QdrModule\QdrModule10.exe
C:\Program Files\WinAble\winable.exe
C:\Program Files\Insider\Insider.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Jeff\Application Data\Microsoft\Windows\igxqras.exe
C:\Documents and Settings\Jeff\My Documents\s?stem32\u?erinit.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\WINDOWS\SYSTEM32\wuauclt.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Jeff\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://minisearch.startnow.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: ChangerBHO Class - {0edc6c20-a31c-11db-8ab9-0800200c9a66} - C:\WINDOWS\SYSTEM32\AdmDllsb.dll
O2 - BHO: ContextualAds Class - {3AAC4C68-AFC8-11DB-80EF-8AF955D89593} - C:\Program Files\TrustIn Contextual\trustincontext.dll
O2 - BHO: ChangerBHO Class - {4c03732f-43bb-4d80-ba45-66fd05db11df} - C:\WINDOWS\SYSTEM32\advpacka.dll
O2 - BHO: {ca60849e-bc9e-9c39-0a04-fc557a8af485} - {584fa8a7-55cf-40a0-93c9-e9cbe94806ac} - C:\WINDOWS\SYSTEM32\wnaxmkpt.dll
O2 - BHO: (no name) - {5C13FDF3-0D22-48E2-A919-3E51E27A6FE9} - C:\WINDOWS\SYSTEM32\gebyx.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll
O2 - BHO: KontekstualAds Class - {72217827-914b-46c6-a6ee-c00c70842ebf} - C:\Program Files\TrustIn Kontekstual\InTru.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: BndShell3 BHO Class - {875A1348-7674-42aa-ADAC-B4F36A004A2D} - C:\Program Files\QdrDrive\QdrDrive8.dll
O2 - BHO: Mirar - {9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\SYSTEM32\WinNB58.dll
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\SYSTEM32\wqqoegqr.dll
O2 - BHO: (no name) - {BBB05D9E-0297-404D-A6BF-D8F2876B84A6} - C:\WINDOWS\SYSTEM32\urqnmkj.dll
O2 - BHO: (no name) - {C7AAFC35-10D8-3259-8B2B-3AE604800C9F} - C:\WINDOWS\SYSTEM32\enslkega.dll
O2 - BHO: WeeklyExecuter Class - {f015f320-ab08-11db-abbd-0800200c9a66} - C:\WINDOWS\inetloader.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Crack Find Search - {A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB} - C:\WINDOWS\SrchPlug.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\SYSTEM32\wqqoegqr.dll
O3 - Toolbar: Mirar - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\SYSTEM32\WinNB58.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Microsoft Kernel32] kernel32.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [!1_pgaccount] "C:\Program Files\ProcessGuard\pgaccount.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu72.exe 61A847B5BBF72815308B2B27128065E9C084320161C4661227A755E9C2933154389A
O4 - HKLM\..\Run: [horydytak] C:\Program Files\XEROX\horydytak77798.exe
O4 - HKLM\..\Run: [b48b3a47] rundll32.exe "C:\WINDOWS\system32\ycahqvcm.dll",b
O4 - HKCU\..\Run: [!1_ProcessGuard_Startup] "C:\Program Files\ProcessGuard\procguard.exe" -minimize
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [Preu] "C:\PROGRA~1\ICROSO~1.NET\lsass.exe" -vt yazb
O4 - HKCU\..\Run: [QdrModule10] "C:\Program Files\QdrModule\QdrModule10.exe"
O4 - HKCU\..\Run: [Fpfhtt] C:\WINDOWS\s?stem32\?ervices.exe
O4 - HKCU\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe
O4 - HKCU\..\Run: [Insider] C:\Program Files\Insider\Insider.exe
O4 - HKCU\..\Run: [WinTouch] C:\Documents and Settings\Jeff\Application Data\WinTouch\WinTouch.exe
O4 - HKCU\..\Run: [SfKg6w] C:\Documents and Settings\Jeff\Application Data\Microsoft\Windows\igxqras.exe
O4 - HKCU\..\Run: [Klgsix] "C:\Documents and Settings\Jeff\My Documents\s?stem32\u?erinit.exe"
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Loadout Manager.lnk = C:\Program Files\Belkin\Nostromo\nost_LM.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - (no file)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - (no file)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: C:\WINDOWS\SYSTEM32\nwprovau.dll
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: https://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: https://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: https://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O15 - Trusted Zone: https://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab28578.cab
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/minibug/tri...Transporter.cab?
O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://zone.msn.com/bingame/trix/default/T...nx.1.0.0.67.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} () - http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} () - http://bin.mcafee.com/molbin/shared/mcinsc...76/mcinsctl.cab
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://zone.msn.com/bingame/dsh2/default/D...h2.1.0.0.55.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1099876428015
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/chnz/default/mjolauncher.cab
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nucleus.com/FIX/WinATS.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab28578.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab53083.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} () - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} () - http://bin.mcafee.com/molbin/shared/mcgdmg...,16/mcgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://zone.msn.com/bingame/dash/default/D...sh.1.0.0.89.cab
O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} (SAIX) - http://static.zangocash.com/cab/Zango/ie/b...e55e39bbcd1b030
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {FB89EE36-B008-4AA0-ABAE-B75B0A2EDAC6} (ActiveFind1CPG Control) -
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{32417CDB-A755-48B9-8319-AC594480A4BD}: NameServer = 216.110.195.2,216.110.195.3
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} - C:\Program Files\Microsoft ActiveSync\AATP.DLL
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O20 - Winlogon Notify: urqnmkj - C:\WINDOWS\system32\urqnmkj.dll
O20 - Winlogon Notify: wqqoegqr - C:\WINDOWS\system32\wqqoegqr.dll
O21 - SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\SmVmZg\command.exe
O23 - Service: DiamondCS ProcessGuard Service v3.405 (DCSPGSRV) - DiamondCS - C:\Program Files\ProcessGuard\DCSUserProt.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\SYSTEM32\hwhgpgwv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\SYSTEM32\LEXBCES.EXE
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\SYSTEM32\msmng.exe
O23 - Service: SymWMI Service (SymWSC) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe


--
End of file - 14917 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 d343bus - c:\windows\system32\drivers\d343bus.sys
R0 d343port - c:\windows\system32\drivers\d343port.sys
R1 FileDisk - c:\windows\system32\drivers\filedisk.sys <Not Verified; iolo technologies, LLC (based on original work by Bo Brantén); filedisk (based on original work by Bo Brantén)>
R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R2 procguard - c:\windows\system32\drivers\procguard.sys <Not Verified; DiamondCS; DiamondCS ProcessGuard>
R3 SaiMini - c:\windows\system32\drivers\saimini.sys <Not Verified; Saitek; Configuration Software>
R3 SaiNtBus - c:\windows\system32\drivers\saintbus.sys <Not Verified; Saitek; Configuration Software>

S1 nltdi - c:\windows\system32\drivers\nltdi.sys (file missing)
S3 bcgbus (Nostromo USB Device Driver) - c:\windows\system32\drivers\bcgbus.sys (file missing)
S3 iAimTV2 - c:\windows\system32\drivers\watv03nt.sys (file missing)
S3 P2k (Motorola USB Device) - c:\windows\system32\drivers\p2k.sys <Not Verified; Motorola Inc; P2k Driver>
S3 Pcouffin (Low level access layer for CD devices) - c:\windows\system32\drivers\pcouffin.sys (file missing)
S3 SaiH0463 - c:\windows\system32\drivers\saih0463.sys <Not Verified; Saitek; Configuration Software>
S3 SQTECH905C (ViviCam 35) - c:\windows\system32\drivers\capt905c.sys <Not Verified; Service & Quality Technology.; SQ905c>
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 cmdService (Command Service) - c:\windows\smvmzg\command.exe
R2 DCSPGSRV (DiamondCS ProcessGuard Service v3.405) - "c:\program files\processguard\dcsuserprot.exe" <Not Verified; DiamondCS; DiamondCS Usermode Aspect>
R2 DomainService - c:\windows\system32\hwhgpgwv.exe /service <Not Verified; ; DDC>
R2 Network Monitor - c:\program files\network monitor\netmon.exe service
R2 r_server (Remote Administrator Service) - "c:\windows\system32\msmng.exe" /service

S2 nlsvc (NetLimiter) - "c:\program files\netlimiter 2 pro\nlsvc.exe" <Not Verified; Locktime Software; NetLimiter 2 Pro>
S2 SymWSC (SymWMI Service) - "c:\program files\common files\symantec shared\security center\symwsc.exe" (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E968-E325-11CE-BFC1-08002BE10318}
Description: Intel® 82845G/GL/GE/PE/GV Graphics Controller
Device ID: PCI\VEN_8086&DEV_2562&SUBSYS_01601028&REV_01\3&172E68DD&0&10
Manufacturer: Intel Corporation
Name: Intel® 82845G/GL/GE/PE/GV Graphics Controller
PNP Device ID: PCI\VEN_8086&DEV_2562&SUBSYS_01601028&REV_01\3&172E68DD&0&10
Service: ialm


-- Scheduled Tasks -------------------------------------------------------------

2007-11-30 17:57:00 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2007-11-30 17:43:44 406 --a------ C:\WINDOWS\Tasks\Norton Security Scan.job


-- Files created between 2007-11-04 and 2007-12-04 -----------------------------

2007-12-04 18:32:04 106 --a------ C:\delete.bat
2007-12-04 18:11:51 3934 --a------ C:\WINDOWS\system32\tmp.reg
2007-12-04 18:09:24 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-12-04 18:09:24 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2007-12-04 18:09:24 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2007-12-04 18:09:24 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2007-12-04 18:09:24 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-12-04 18:01:09 79424 --a------ C:\WINDOWS\system32\wnaxmkpt.dll
2007-12-04 17:42:34 85568 --a------ C:\WINDOWS\system32\ycahqvcm.dll
2007-12-03 21:54:49 380928 --a------ C:\WINDOWS\system32\WinNB58.dll <Not Verified; ; NN_Bar IES>
2007-12-03 21:43:02 80960 --a------ C:\WINDOWS\system32\feyxphko.dll
2007-12-03 15:38:51 60928 --a------ C:\WINDOWS\system32\enslkega.dll
2007-12-03 15:38:11 687592 --a------ C:\WINDOWS\system32\atmtd.dll
2007-12-03 15:38:03 0 d-------- C:\Documents and Settings\LocalService\Application Data\NetMon
2007-12-03 15:37:57 1989 --a------ C:\WINDOWS\uninstall_nmon.vbs
2007-12-03 15:37:57 0 d--hs---- C:\WINDOWS\SmVmZg
2007-12-03 15:37:57 0 d-------- C:\Program Files\Network Monitor
2007-12-03 15:27:38 0 d-------- C:\Documents and Settings\Jeff\Application Data\WinTouch
2007-12-03 15:19:32 0 d-------- C:\Program Files\Insider
2007-12-03 15:19:31 0 d-------- C:\Program Files\InetGet2
2007-12-03 15:13:23 145984 --a------ C:\WINDOWS\system32\wqqoegqr.dll
2007-12-03 15:13:00 145984 --a------ C:\WINDOWS\system32\irosqodx.dll
2007-12-03 15:12:57 71232 --a------ C:\WINDOWS\system32\hwhgpgwv.exe <Not Verified; ; DDC>
2007-12-02 15:59:35 0 d-------- C:\Documents and Settings\Jeff\Shared
2007-12-02 15:59:32 0 d-------- C:\Documents and Settings\Jeff\Incomplete
2007-12-02 15:59:00 0 d-------- C:\Documents and Settings\Jeff\Application Data\LimeWire
2007-12-02 15:58:37 0 d-------- C:\Program Files\LimeWire
2007-12-02 15:12:56 441550 --ahs---- C:\WINDOWS\system32\xybeg.ini2
2007-12-02 15:12:43 336480 --a------ C:\WINDOWS\system32\gebyx.dll
2007-12-02 15:11:25 0 d-------- C:\Program Files\WinAble
2007-12-02 15:11:25 0 d-------- C:\Program Files\Temporary
2007-12-02 15:07:56 2 --a------ C:\WINDOWS\system32\wnscpsv32.exe
2007-12-02 15:07:52 0 d-------- C:\WINDOWS\s?stem32
2007-12-02 15:07:52 0 d-------- C:\Program Files\Outerinfo
2007-12-02 15:07:43 35840 --a------ C:\WINDOWS\mrofinu72.exe
2007-12-02 15:07:38 36352 --a------ C:\WINDOWS\system32\urqnmkj.dll
2007-12-02 15:07:36 0 d-------- C:\Program Files\QdrModule
2007-12-02 15:07:35 0 d-------- C:\Program Files\QdrDrive
2007-12-02 15:07:35 0 d-------- C:\Program Files\ISM
2007-12-02 15:07:25 0 d-------- C:\Program Files\?icrosoft.NET
2007-12-02 15:07:25 40183 ---hs---- C:\Program Files\Common Files\Yazzle1552OinUninstaller.exe
2007-11-20 14:14:56 22016 --a------ C:\WINDOWS\system32\advpacka.dll <Not Verified; ; URL Changer Module>
2007-11-20 14:14:55 0 d-------- C:\Program Files\TrustIn Kontekstual
2007-11-18 23:04:08 21504 --a------ C:\WINDOWS\system32\BCMSM168a.dll <Not Verified; ; URL Changer Module>
2007-11-16 17:13:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2007-11-16 17:02:16 0 d-------- C:\Program Files\Windows Media Connect 2
2007-11-16 17:00:32 0 d-------- C:\WINDOWS\system32\LogFiles
2007-11-16 17:00:32 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2007-11-15 12:48:35 21504 --a------ C:\WINDOWS\system32\basesrvbv.dll <Not Verified; ; URL Changer Module>
2007-11-14 04:02:10 21504 --a------ C:\WINDOWS\system32\browsewma.dll <Not Verified; ; URL Changer Module>
2007-11-09 23:15:13 21504 --a------ C:\WINDOWS\system32\asferrorva.dll <Not Verified; ; URL Changer Module>
2007-11-08 12:30:34 21504 --a------ C:\WINDOWS\system32\bthcib.dll <Not Verified; ; URL Changer Module>
2007-11-07 06:22:26 21504 --a------ C:\WINDOWS\system32\BASSMODb.dll <Not Verified; ; URL Changer Module>
2007-11-05 16:41:24 21504 --a------ C:\WINDOWS\system32\asfsipcas.dll <Not Verified; ; URL Changer Module>
2007-11-04 15:28:35 21504 --a------ C:\WINDOWS\system32\cardss.dll <Not Verified; ; URL Changer Module>


-- Find3M Report ---------------------------------------------------------------

2007-12-04 17:59:56 0 d-------- C:\Program Files\Microsoft Works
2007-12-02 16:15:20 0 d-------- C:\Program Files\mIRC
2007-12-02 15:07:25 0 d-------- C:\Program Files\?icrosoft.NET
2007-12-02 15:07:25 0 d-------- C:\Program Files\Common Files
2007-11-30 15:00:56 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-11-30 15:00:00 0 d-------- C:\Program Files\Norton Security Scan
2007-11-16 16:56:01 21504 --a------ C:\WINDOWS\system32\AdmDllsb.dll <Not Verified; ; URL Changer Module>
2007-11-03 13:45:34 21504 --a------ C:\WINDOWS\system32\bootvidv.dll <Not Verified; ; URL Changer Module>
2007-11-02 10:46:49 21504 --a------ C:\WINDOWS\system32\alrsvca.dll <Not Verified; ; URL Changer Module>
2007-11-01 01:23:59 229376 --a------ C:\WINDOWS\b128.exe
2007-10-31 21:53:14 21504 --a------ C:\WINDOWS\system32\avisynthbs.dll <Not Verified; ; URL Changer Module>
2007-10-30 08:53:31 97280 --a------ C:\WINDOWS\b147.exe
2007-10-29 09:42:42 21504 --a------ C:\WINDOWS\system32\avisynthb.dll <Not Verified; ; URL Changer Module>
2007-10-28 08:41:48 0 d-------- C:\Documents and Settings\Jeff\Application Data\U3
2007-10-27 23:25:20 21504 --a------ C:\WINDOWS\system32\asfsipca.dll <Not Verified; ; URL Changer Module>
2007-10-26 22:39:08 21504 --a------ C:\WINDOWS\system32\bootvids.dll <Not Verified; ; URL Changer Module>
2007-10-25 22:31:00 21504 --a------ C:\WINDOWS\system32\authzsa.dll <Not Verified; ; URL Changer Module>
2007-10-25 05:24:20 53760 --a------ C:\WINDOWS\b122.exe
2007-10-24 19:35:42 0 d-------- C:\Program Files\Project64 1.6
2007-10-24 19:34:43 21504 --a------ C:\WINDOWS\system32\ATRACEbb.dll <Not Verified; ; URL Changer Module>
2007-10-24 18:20:53 67064 --a------ C:\Documents and Settings\Jeff\Application Data\GDIPFONTCACHEV1.DAT
2007-10-23 19:29:22 21504 --a------ C:\WINDOWS\system32\catsrvpsv.dll <Not Verified; ; URL Changer Module>
2007-10-22 11:42:24 21504 --a------ C:\WINDOWS\system32\bgcpsp2b.dll <Not Verified; ; URL Changer Module>
2007-10-20 22:28:46 21504 --a------ C:\WINDOWS\system32\acledits.dll <Not Verified; ; URL Changer Module>
2007-10-19 17:48:11 21504 --a------ C:\WINDOWS\system32\bgcpgpdaa.dll <Not Verified; ; URL Changer Module>
2007-10-18 17:32:42 21504 --a------ C:\WINDOWS\system32\cdmv.dll <Not Verified; ; URL Changer Module>
2007-10-17 16:43:42 21504 --a------ C:\WINDOWS\system32\bgcpgpa.dll <Not Verified; ; URL Changer Module>
2007-10-16 16:25:25 21504 --a------ C:\WINDOWS\system32\audiosrvv.dll <Not Verified; ; URL Changer Module>
2007-10-15 12:06:24 21504 --a------ C:\WINDOWS\system32\asferrorv.dll <Not Verified; ; URL Changer Module>
2007-10-14 10:17:02 0 d-------- C:\Documents and Settings\Jeff\Application Data\MySpace
2007-10-14 10:16:59 0 d-------- C:\Program Files\MySpace
2007-10-12 23:18:47 21504 --a------ C:\WINDOWS\system32\asycfilts.dll <Not Verified; ; URL Changer Module>
2007-10-11 09:39:51 21504 --a------ C:\WINDOWS\system32\AdmDlls.dll <Not Verified; ; URL Changer Module>
2007-10-10 05:53:54 184320 --a------ C:\WINDOWS\b111.exe
2007-10-09 06:35:01 21504 --a------ C:\WINDOWS\system32\certmgra.dll <Not Verified; ; URL Changer Module>
2007-10-07 17:23:31 21504 --a------ C:\WINDOWS\system32\basesrvb.dll <Not Verified; ; URL Changer Module>
2007-10-05 22:09:26 21504 --a------ C:\WINDOWS\system32\chsbrkra.dll <Not Verified; ; URL Changer Module>
2007-10-04 02:12:05 21504 --a------ C:\WINDOWS\system32\ATRACEb.dll <Not Verified; ; URL Changer Module>
2007-10-03 01:38:03 21504 --a------ C:\WINDOWS\system32\atmpvcnoa.dll <Not Verified; ; URL Changer Module>
2007-10-01 18:46:50 21504 --a------ C:\WINDOWS\system32\browserb.dll <Not Verified; ; URL Changer Module>
2007-09-28 01:18:47 21504 --a------ C:\WINDOWS\system32\bgcpgps.dll <Not Verified; ; URL Changer Module>
2007-09-24 08:06:51 21504 --a------ C:\WINDOWS\system32\a3db.dll <Not Verified; ; URL Changer Module>
2007-09-22 22:40:23 21504 --a------ C:\WINDOWS\system32\catsrvutb.dll <Not Verified; ; URL Changer Module>
2007-09-21 11:43:54 21504 --a------ C:\WINDOWS\system32\cfgbkends.dll <Not Verified; ; URL Changer Module>
2007-09-20 11:42:07 21504 --a------ C:\WINDOWS\system32\authzs.dll <Not Verified; ; URL Changer Module>
2007-09-17 11:30:35 16896 --a------ C:\WINDOWS\inetloader.dll <Not Verified; ; InetLoader Module>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0edc6c20-a31c-11db-8ab9-0800200c9a66}]
11/16/2007 04:56 PM 21504 --a------ C:\WINDOWS\system32\AdmDllsb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3AAC4C68-AFC8-11DB-80EF-8AF955D89593}]
09/19/2007 07:16 AM 23040 --a------ C:\Program Files\TrustIn Contextual\trustincontext.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4c03732f-43bb-4d80-ba45-66fd05db11df}]
11/20/2007 02:14 PM 22016 --a------ C:\WINDOWS\system32\advpacka.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{584fa8a7-55cf-40a0-93c9-e9cbe94806ac}]
12/04/2007 06:01 PM 79424 --a------ C:\WINDOWS\system32\wnaxmkpt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5C13FDF3-0D22-48E2-A919-3E51E27A6FE9}]
12/02/2007 03:12 PM 336480 --a------ C:\WINDOWS\system32\gebyx.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{72217827-914b-46c6-a6ee-c00c70842ebf}]
11/20/2007 02:14 PM 23552 --a------ C:\Program Files\TrustIn Kontekstual\InTru.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{875A1348-7674-42aa-ADAC-B4F36A004A2D}]
10/27/2007 11:37 AM 192512 --a------ C:\Program Files\QdrDrive\QdrDrive8.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E}]
12/03/2007 09:54 PM 380928 --a------ C:\WINDOWS\system32\WinNB58.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
12/03/2007 03:13 PM 145984 --a------ C:\WINDOWS\system32\wqqoegqr.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BBB05D9E-0297-404D-A6BF-D8F2876B84A6}]
12/02/2007 03:07 PM 36352 --a------ C:\WINDOWS\system32\urqnmkj.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C7AAFC35-10D8-3259-8B2B-3AE604800C9F}]
11/01/2007 05:44 AM 60928 --a------ C:\WINDOWS\system32\enslkega.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f015f320-ab08-11db-abbd-0800200c9a66}]
09/17/2007 11:30 AM 16896 --a------ C:\WINDOWS\inetloader.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\wqqoegqr.dll [12/03/2007 03:13 PM 145984]
"{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}"= C:\WINDOWS\system32\WinNB58.dll [12/03/2007 09:54 PM 380928]

[-HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]

[-HKEY_CLASSES_ROOT\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}]
[HKEY_CLASSES_ROOT\TypeLib\{566DEDE9-9ED8-45DA-9BE6-9B2EEAB17F49}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [04/06/2003 10:19 PM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [04/06/2003 10:07 PM]
"BCMSMMSG"="BCMSMMSG.exe" [08/29/2003 03:59 AM C:\WINDOWS\BCMSMMSG.exe]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [08/05/2003 11:04 PM]
"Microsoft Kernel32"="kernel32.exe" [02/10/2004 12:53 AM C:\WINDOWS\SYSTEM32\kernel32.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [07/15/2004 10:42 AM]
"Logitech Utility"="Logi_MwX.Exe" [11/07/2003 01:50 AM C:\WINDOWS\LOGI_MWX.EXE]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [08/03/2004 12:32 PM]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [08/03/2004 12:31 PM]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/03/2004 12:32 PM]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/03/2004 12:32 PM]
"!1_pgaccount"="C:\Program Files\ProcessGuard\pgaccount.exe" [07/12/2006 09:39 AM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [07/31/2006 12:41 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [11/10/2005 12:03 PM]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [12/15/2003 05:56 PM]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [09/14/2006 12:09 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [04/27/2007 08:41 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [04/27/2007 10:25 AM]
"runner1"="C:\WINDOWS\mrofinu72.exe" [12/02/2007 03:07 PM]
"horydytak"="C:\Program Files\XEROX\horydytak77798.exe" [08/07/2007 12:30 PM]
"b48b3a47"="C:\WINDOWS\system32\ycahqvcm.dll" [12/04/2007 05:42 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!1_ProcessGuard_Startup"="C:\Program Files\ProcessGuard\procguard.exe" [07/12/2006 09:43 AM]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [02/03/2004 01:42 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/03/2004 02:56 PM]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [08/13/2007 04:04 PM]
"Preu"="C:\PROGRA~1\ICROSO~1.NET\lsass.exe" [12/02/2007 03:07 PM]
"QdrModule10"="C:\Program Files\QdrModule\QdrModule10.exe" [11/30/2007 04:33 AM]
"Fpfhtt"="C:\WINDOWS\s?stem32\?ervices.exe" [08/03/2004 02:56 PM]
"WinAble"="C:\Program Files\WinAble\winable.exe" [12/02/2007 03:11 PM]
"Insider"="C:\Program Files\Insider\Insider.exe" [12/03/2007 03:19 PM]
"WinTouch"="C:\Documents and Settings\Jeff\Application Data\WinTouch\WinTouch.exe" [12/03/2007 03:29 PM]
"SfKg6w"="C:\Documents and Settings\Jeff\Application Data\Microsoft\Windows\igxqras.exe" [12/03/2007 03:29 PM]
"Klgsix"="C:\Documents and Settings\Jeff\My Documents\s?stem32\u?erinit.exe" [11/01/2007 05:45 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

C:\Documents and Settings\Jeff\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [3/16/2005 7:16:50 PM]
DESKTOP.INI [9/3/2002 7:00:00 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
DESKTOP.INI [11/7/2004 4:15:29 PM]
Loadout Manager.lnk - C:\Program Files\Belkin\Nostromo\nost_LM.exe [4/6/2004 2:49:02 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"=01000000
"NoRecentDocsMenu"=0 (0x0)
"ClearRecentDocsOnExit"=01000000
"NoRecentDocsHistory"=01000000
"NoRecentDocsNetHood"=01000000
"NoLowDiskSpaceChecks"=1 (0x1)
"NoStartBanner"=01000000
"NoSaveSettings"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{BBB05D9E-0297-404D-A6BF-D8F2876B84A6}"= C:\WINDOWS\system32\urqnmkj.dll [12/02/2007 03:07 PM 36352]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqnmkj]
urqnmkj.dll 12/02/2007 03:07 PM 36352 C:\WINDOWS\SYSTEM32\urqnmkj.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wqqoegqr]
wqqoegqr.dll 12/03/2007 03:13 PM 145984 C:\WINDOWS\SYSTEM32\wqqoegqr.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\gebyx.dll
"Notification Packages"= :\WINDOWS\syste scecli

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a89c425b-7a81-11dc-8e2e-000d5653e684}]
AutoRun\command- G:\LaunchU3.exe




-- End of Deckard's System Scanner: finished at 2007-12-04 18:42:44 ------------


Now DSS extra

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 2.53GHz
Percentage of Memory in Use: 50%
Physical Memory (total/avail): 1022 MiB / 501.1 MiB
Pagefile Memory (total/avail): 2462.03 MiB / 2067.55 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1924.13 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 74.47 GiB total, 30.58 GiB free.
D: is CDROM (No Media)
E: is CDROM (CDFS)
F: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - Maxtor 6Y080L0 - 74.5 GiB - 2 partitions
\PARTITION0 - Unknown - 31.35 MiB
\PARTITION1 (bootable) - Installable File System - 74.47 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is set to notify before download.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.
UpdatesDisableNotify is set.


[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Messenger"
"C:\\Program Files\\GameSpy Arcade\\Aphex.exe"="C:\\Program Files\\GameSpy Arcade\\Aphex.exe:*:Enabled:GameSpy Arcade"
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Documents and Settings\\Jeff\\My Documents\\Jeff\\Trillian\\trillian.exe"="C:\\Documents and Settings\\Jeff\\My Documents\\Jeff\\Trillian\\trillian.exe:*:Enabled:Trillian"
"C:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942.exe"="C:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942.exe:*:Enabled:BF1942"
"C:\\Program Files\\BitTorrent\\btdownloadgui.exe"="C:\\Program Files\\BitTorrent\\btdownloadgui.exe:*:Enabled:btdownloadgui"
"C:\\Program Files\\Trillian\\trillian.exe"="C:\\Program Files\\Trillian\\trillian.exe:*:Enabled:Trillian"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe"="C:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe:*:Enabled:LaunchPad"
"C:\\Program Files\\Sony\\Station\\LaunchPad\\_aunchPad.exe"="C:\\Program Files\\Sony\\Station\\LaunchPad\\_aunchPad.exe:*:Enabled:_aunchPad"
"C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"C:\\Program Files\\Sierra On-Line\\SIGSPat.exe"="C:\\Program Files\\Sierra On-Line\\SIGSPat.exe:*:Enabled:SIGSPat"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe:*:Disabled:Logitech Desktop Messenger"
"C:\\Program Files\\World of Warcraft\\WoW-1.11.0-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.11.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\World of Warcraft\\WoW-1.11.1.5462-to-1.11.2.5464-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.11.1.5462-to-1.11.2.5464-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Documents and Settings\\Jeff\\Desktop\\Downloads\\KMap_r9_RC2\\AIM.exe"="C:\\Documents and Settings\\Jeff\\Desktop\\Downloads\\KMap_r9_RC2\\AIM.exe:*:Enabled: "
"C:\\WINDOWS\\SYSTEM32\\dpvsetup.exe"="C:\\WINDOWS\\SYSTEM32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\SYSTEM32\\rundll32.exe"="C:\\WINDOWS\\SYSTEM32\\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\\Documents and Settings\\Jeff\\Desktop\\Downloads\\KMap_r9_RC2\\firefox.exe"="C:\\Documents and Settings\\Jeff\\Desktop\\Downloads\\KMap_r9_RC2\\firefox.exe:*:Enabled: "
"C:\\Program Files\\World of Warcraft\\WoW-1.11.2.5464-to-1.12.0.5595-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.11.2.5464-to-1.12.0.5595-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\BitTornado\\btdownloadgui.exe"="C:\\Program Files\\BitTornado\\btdownloadgui.exe:*:Enabled:btdownloadgui"
"C:\\Program Files\\World of Warcraft\\WoW-1.12.0.5595-to-1.12.1.5875-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.12.0.5595-to-1.12.1.5875-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Documents and Settings\\Jeff\\Desktop\\Downloads\\utorrent.exe"="C:\\Documents and Settings\\Jeff\\Desktop\\Downloads\\utorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\WINDOWS\\system32\\hwhgpgwv.exe"="C:\\WINDOWS\\system32\\hwh"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Jeff\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=GAMEPC
ComSpec=C:\WINDOWS\system32\cmd.exe
DEVMGR_SHOW_DETAILS=1
DEVMGR_SHOW_NONPRESENT_DEVICES=1
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Jeff
LOGONSERVER=\\GAMEPC
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\WBEM;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Jeff\LOCALS~1\Temp
TMP=C:\DOCUME~1\Jeff\LOCALS~1\Temp
USERDOMAIN=GAMEPC
USERNAME=Jeff
USERPROFILE=C:\Documents and Settings\Jeff
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Jeff (admin)
Guest (guest)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\System32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\System32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ABBYY FineReader 5.0 Sprint --> MsiExec.exe /X{D1696920-9794-4BBC-8A30-7A88763DE5A2}
Actiontec Gateway --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9692FD03-6662-4E62-B08C-30DFF51651E1}\setup.exe" -l0x9
Adobe Acrobat - Reader 6.0.2 Update --> MsiExec.exe /I{AC76BA86-0000-0000-0000-6028747ADE01}
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Atmosphere Player for Acrobat and Adobe Reader --> C:\WINDOWS\atmoUn.exe
Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Download Manager 1.2 (Remove Only) --> "C:\Program Files\Common Files\Adobe\ESD\uninst.exe"
Adobe Flash Player 9 --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop Album 2.0 Starter Edition --> MsiExec.exe /I{11B569C2-4BF6-4ED0-9D17-A4273943CB24}
Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 6.0.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
Adobe Shockwave Player --> C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~2\Install.log
Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Apple Software Update --> MsiExec.exe /I{A260B422-70E1-41E2-957D-F76FA21266D5}
AutoIt v3.2.2.0 --> C:\Program Files\AutoIt3\Uninstall.exe
AviSynth 2.5 --> "C:\Program Files\AviSynth 2.5\Uninstall.exe"
Battlefield Vietnam™ --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E35B3C63-E958-4E31-A178-95D22024109A}\setup.exe" -l0x9
BCM V.92 56K Modem --> C:\WINDOWS\BCMSMU.exe quiet
BitTorrent 3.4.2 --> "C:\Program Files\BitTorrent\uninstall.exe"
Broadcom Management Programs --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{89EE857B-8970-4F9F-AB58-A1C873AC72B3} /l1033
ClearView --> MsiExec.exe /I{320E7C9B-6AF0-4A70-A2E5-DD565DF367E2}
Command --> wscript "C:\WINDOWS\SmVmZg\mApAt0.vbs"
DA920EN --> MsiExec.exe /X{C1E5DF32-8248-4347-908C-E030EDAE4368}
Dell AIO Printer A920 --> C:\WINDOWS\System32\spool\drivers\w32x86\3\DLBKUN5C.EXE -dDell AIO Printer A920
Dell Digital Jukebox Driver --> C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell Media Experience --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\setup.exe" -uninstall
Dell Solution Center --> MsiExec.exe /X{11F1920A-56A2-4642-B6E0-3B31A12C9288}
Dell Support --> MsiExec.exe /X{43FCA273-9534-40DB-B7C5-D7758875616A}
DesertCombat 0.7 --> C:\WINDOWS\iun6002.exe "C:\Program Files\EA GAMES\Battlefield 1942\DesertCombat.ini"
DiamondCS ProcessGuard v3.405 --> "C:\Program Files\ProcessGuard\pg_uinstdrv.exe" c "C:\Program Files\ProcessGuard\unins000.exe"
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DownloadStudio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ECF98B44-4948-4FFD-B748-0F362F267597}\Setup.exe" -l0x9
DS21Patch --> MsiExec.exe /I{9B79DCB0-AAD7-456B-8D07-433C936FA24B}
Easy GIF Animator 3.0 --> "C:\Program Files\Easy GIF Animator\unins000.exe"
eDimensional Voice Buddy --> C:\WINDOWS\unvise32.exe C:\Program Files\eDimensional\Voice Buddy\uninstall.log
Flock (Photobucket Edition) 0.7 --> C:\Program Files\Flock\uninst.exe
Full Spectrum Warrior --> MsiExec.exe /I{0153A77C-A981-4A1F-BAA9-16A80FBC358A}
GameSpy Arcade --> C:\PROGRA~1\GAMESP~1\UNWISE.EXE C:\PROGRA~1\GAMESP~1\INSTALL.LOG
Insider --> C:\Program Files\Insider\UnInstall.exe
Intel® Extreme Graphics Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
Internet Speed Monitor --> C:\Program Files\ISM\Uninstall.exe
iolo technologies' System Mechanic 4 Professional --> C:\PROGRA~1\iolo\SYSTEM~1\UninstallSMPro.exe
iTunes --> MsiExec.exe /I{3592F5CB-B524-43AA-92F2-2377268199CC}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Jasc Paint Shop Photo Album --> MsiExec.exe /I{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}
Java 2 Runtime Environment, SE v1.4.2 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142000}
LimeWire 4.14.10 --> "C:\Program Files\LimeWire\uninstall.exe"
LiveUpdate 2.5 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Logitech Desktop Messenger --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\setup.exe" -l0x9 UNINSTALL
Logitech iTouch Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{036AA4D4-6D32-11D4-9875-00105ACE7734}\setup.exe" -l0x9 UNINSTALL
Logitech MouseWare 9.79 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5809E7CF-4DCF-11D4-9875-00105ACE7734}\setup.exe" -l0x9 -l0009 UNINSTALL
Logitech Resource Center --> C:\PROGRA~1\Logitech\RESOUR~1\rem\UNWISE.EXE C:\PROGRA~1\Logitech\RESOUR~1\rem\INSTALL.LOG
Microsoft ActiveSync 3.7 --> "C:\WINDOWS\ISUNINST.EXE" -f"C:\Program Files\Microsoft ActiveSync\DeIsL1.isu" -c"C:\Program Files\Microsoft ActiveSync\ceuninst.dll"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Speech SDK 5.1 --> MsiExec.exe /I{A403D88E-ED7D-48E3-91FD-B8C8A720EDA1}
Microsoft Streets and Trips 2002 --> MsiExec.exe /I{12BDDF23-B1DB-49C8-92D3-3E6841CCED61}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Word 2002 --> MsiExec.exe /I{911B0409-6000-11D3-8CFE-0050048383C9}
Microsoft Works 2003 Setup Launcher --> C:\Program Files\Microsoft Works Suite 2003\Setup\Launcher.exe D:\
Microsoft Works 7.0 --> MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}
Microsoft Works Suite Add-in for Microsoft Word --> MsiExec.exe /I{7EE9DE0D-9228-4C33-B80E-FDD1773600DF}
Mirar --> mshta.exe http://remove.getmirar.com/
mIRC --> "C:\Program Files\mIRC\mirc.exe" -uninstall
Modem Helper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Move Networks Media Player for Internet Explorer --> C:\Documents and Settings\Jeff\Application Data\Move Networks\ie_bin\Uninst.exe
Move Networks Player for Internet Explorer --> "C:\Documents and Settings\Jeff\Application Data\Move Networks\ie_bin\unins000.exe"
Mozilla Firefox (2.0.0.11) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSN Encarta Plus Support Files --> MsiExec.exe /I{00000000-785F-478A-BAA2-87F1A136068C}
MUSICMATCH® Jukebox --> C:\PROGRA~1\MUSICM~1\MUSICM~2\unmatch.exe
MySpaceIM --> C:\Program Files\MySpace\IM\Uninstall.exe
Nero 6 Ultra Edition --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NetLimiter 2 Pro (remove only) --> "C:\Program Files\NetLimiter 2 Pro\nl2uninst.exe"
Network Monitor --> wscript "C:\WINDOWS\uninstall_nmon.vbs"
Norton Security Scan --> MsiExec.exe /I{DA15D535-5E1D-4076-B520-8571346D6238}
Norton WMI Update --> MsiExec.exe /X{1526D87C-A955-4FAB-BF18-697BA457E352}
NVIDIA Display Driver --> C:\WINDOWS\System32\nvudisp.exe Uninstall C:\WINDOWS\System32\nvdisp.nvu,NVIDIA Display Driver
NVIDIA Drivers --> C:\WINDOWS\System32\nvudisp.exe UninstallGUI
Outerinfo --> "C:\Program Files\Common Files\Yazzle1552OinUninstaller.exe"
Project64 1.6 --> MsiExec.exe /X{9559F7CA-5E34-4237-A2D9-D856464AD727}
PunkBuster for Battlefield Vietnam --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D07643A3-CE41-4286-8C78-EB9C83E76DDB}\setup.exe" -l0x9
QuickTime --> MsiExec.exe /I{08094E03-AFE4-4853-9D31-6D0743DF5328}
RealFlight Add-ons Volume 1 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\RealFlight Add-ons Volume 1\Uninst.isu"
RealFlight G3 R/C Simulator --> C:\Program Files\Common Files\KnifeEdge\Launcher.exe REALFLIGHT3
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Registry Mechanic --> "C:\Program Files\Registry Mechanic\unins000.exe"
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Sonic DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
SST Programming Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{03ADCA1C-BCF0-4B12-AFCF-8EBF2CB3AB07}\setup.exe" AddRem
TeamSpeak 2 RC2 --> "C:\Program Files\Teamspeak2_RC2\unins000.exe"
Trillian --> C:\Program Files\Trillian\trillian.exe /uninstall
Tron 2.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\Buena Vista Interactive\Tron 2.0\Setup.EXE" -l0x9
TrustIn Contextual --> regsvr32 /u /s "C:\Program Files\TrustIn Contextual\trustincontext.dll"
TrustIn Kontekstual --> regsvr32 /u /s "C:\Program Files\TrustIn Kontekstual\InTru.dll"
Tweak UI --> "C:\WINDOWS\System32\mshta.exe" "res://C:\WINDOWS\System32\TweakUI.exe/uninstall.hta"
Valex AC3-DTS codec (remove only) --> C:\Program Files\VAC3ACM\uninstall.exe
Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Warez P2P Client 2.4 --> C:\Program Files\Warez P2P Client\Uninstall.exe
WinAble --> "C:\Program Files\WinAble\winable.exe" -uninstall
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinTouch --> C:\Documents and Settings\Jeff\Application Data\WinTouch\WTUninstaller.exe
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type876 / Error
Event Submitted/Written: 12/04/2007 06:35:55 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 6.0.2900.2180, faulting module intru.dll, version 1.0.0.1, fault address 0x000016bb.
Processing media-specific event for [iexplore.exe!ws!]

Event Record #/Type865 / Error
Event Submitted/Written: 12/03/2007 10:01:05 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application horydytak77798.exe, version 0.0.0.0, faulting module horydytak77798.exe, version 0.0.0.0, fault address 0x00002cd4.
Processing media-specific event for [horydytak77798.exe!ws!]

Event Record #/Type862 / Warning
Event Submitted/Written: 12/03/2007 09:56:32 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type861 / Error
Event Submitted/Written: 12/03/2007 03:40:22 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 6.0.2900.2180, faulting module unknown, version 0.0.0.0, fault address 0x0b9d111b.
Processing media-specific event for [iexplore.exe!ws!]

Event Record #/Type860 / Error
Event Submitted/Written: 12/03/2007 03:08:05 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application 04550065007200760069006300650073002E006500780065, version 0.0.0.0, faulting module 04550065007200760069006300650073002E006500780065, version 0.0.0.0, fault address 0x000290c0.
Processing media-specific event for [04550065007200760069006300650073002E006500780065!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type49307 / Error
Event Submitted/Written: 12/04/2007 05:57:49 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
nltdi

Event Record #/Type49306 / Error
Event Submitted/Written: 12/04/2007 05:57:48 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Portable Media Serial Number service terminated with the following error:
%%2

Event Record #/Type49305 / Error
Event Submitted/Written: 12/04/2007 05:57:48 PM
Event ID/Source: 7024 / Service Control Manager
Event Description:
The NetLimiter service terminated with service-specific error 1 (0x1).

Event Record #/Type49298 / Error
Event Submitted/Written: 12/04/2007 05:51:50 PM
Event ID/Source: 10010 / DCOM
Event Description:
The server {0002DF01-0000-0000-C000-000000000046} did not register with DCOM within the required timeout.

Event Record #/Type49281 / Error
Event Submitted/Written: 12/04/2007 05:40:47 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
nltdi



-- End of Deckard's System Scanner: finished at 2007-12-04 18:42:44 ------------


Thanks in advance.

Could I simply reformat my hard drive? (Edit: I will have to get a replacement Win XP disc from dell via postal service as I cannot find mine)

BC AdBot (Login to Remove)

 


#2 tman2020

tman2020
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:38 AM

Posted 06 December 2007 - 08:26 PM

Also... I use this computer for online banking and have made credit card purchases with it... do I need to be worried?

#3 amateur

amateur

    Malware Fighter


  • Malware Response Team
  • 2,775 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:38 AM

Posted 20 December 2007 - 06:52 PM

Hello and welcome to BC. :thumbsup:
Apologies for the long delay in response. We have a large number of HijackThis logs to handle and it’s taking us longer to catch up. If you haven’t received help elsewhere already and still require assistance please post a fresh HijackThis log and I’ll be happy to help you.

Thanks for your patience.

#4 amateur

amateur

    Malware Fighter


  • Malware Response Team
  • 2,775 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:38 AM

Posted 26 December 2007 - 06:34 PM

Due to lack of response, this thread will now be closed. If you need this topic reopened, please PM me with the address of the thread.and we will reopen it for you. This applies only to the original topic starter. Everyone else please begin a New Topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users