Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Integrity Spyware Infection?


  • This topic is locked This topic is locked
3 replies to this topic

#1 stellablues

stellablues

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:30 PM

Posted 06 May 2008 - 09:41 AM

I hope I've done this right. If I haven't, please forgive me and point me in the right direction. Thanks!

I'm fixing a friends computer and she has a spyware infection. I keep getting various popups saying there is a problem with spyware on the computer. I think she probably clicked on one. One that keeps popping up says system integrity and I also have a caution icon in the toolbar that advertises an infection. Another says security system protection control panel. Please help!!


Deckard's System Scanner v20071014.68
Run by Heather on 2008-05-06 08:59:40
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 3 Restore Point(s) --
3: 2008-05-06 14:02:49 UTC - RP3 - Deckard's System Scanner Restore Point
2: 2008-05-06 01:55:59 UTC - RP2 - Removed Get High Speed Internet!
1: 2008-05-06 00:41:56 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 86% (more than 75%).
Total Physical Memory: 248 MiB (512 MiB recommended).
System Drive C: has 1.61 GiB (less than 15%) free.


-- HijackThis (run as Heather.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:10:51 AM, on 5/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\winself.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\All Users\Application Data\krspingx\ubeharij.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\regsvr32.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe
C:\Program Files\?asks\j?vaw.exe
C:\WINDOWS\system32\ovkxyfmn.exe
C:\PROGRA~1\WNSXS~1\notepad.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\COMMON~1\MICROS~1\Msinfo\OFFPROV.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\Rundll32.exe
C:\Documents and Settings\Heather\Desktop\dss.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\DOCUME~1\Heather\Desktop\Heather.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.webshots.com/r/internal/start/client/RAND
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: (no name) - {00C4345B-F8F9-41D9-A9DC-2E56E548D566} - C:\WINDOWS\system32\awtrRLCs.dll (file missing)
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
O2 - BHO: (no name) - {24E9519B-3F70-429B-99BC-4B2B49B96F66} - C:\WINDOWS\system32\nnnoMCRk.dll (file missing)
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: nextads browser optimizer - {6672c40a-f0d7-a691-77be-b932a2e2c36e} - C:\WINDOWS\system32\{2c77ce0c-bfbe-fdea-af7d-6318ee30faa1}.dll
O2 - BHO: StFlex IE Helper - {8334A30C-49E5-489a-B63D-5B927C1EF46E} - C:\Program Files\QdrDrive\QdrDrive15.dll (file missing)
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
O2 - BHO: (no name) - {CDFB4485-F362-F0E3-1592-D38F757D2CE0} - C:\WINDOWS\system32\bozw.dll
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [PRONoMgrWired] "C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Dell QuickSet] "C:\Program Files\Dell\QuickSet\quickset.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [RealTray] "C:\Program Files\Real\RealPlayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [xgvmlqxw] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\xgvmlqxw.dll"
O4 - HKLM\..\Run: [spa_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{2c77ce0c-bfbe-fdea-af7d-6318ee30faa1}.dll" DllInit
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellTransferAgent] "C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe"
O4 - HKCU\..\Run: [QdrModule15] "C:\Program Files\QdrModule\QdrModule15.exe"
O4 - HKCU\..\Run: [QdrPack15] "C:\Program Files\QdrPack\QdrPack15.exe"
O4 - HKCU\..\Run: [Osqh] "C:\Program Files\?asks\j?vaw.exe"
O4 - HKCU\..\Run: [wdbbifgj] C:\WINDOWS\system32\ovkxyfmn.exe
O4 - HKCU\..\Run: [Sen] "C:\PROGRA~1\WNSXS~1\notepad.exe" -vt ndrv
O4 - HKLM\..\Policies\Explorer\Run: [FiDiJQt1Sl] C:\Documents and Settings\All Users\Application Data\krspingx\ubeharij.exe
O4 - Startup: DW_Start.lnk = ?
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._1/axofupld.cab
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._2/axofupld.cab
O20 - Winlogon Notify: nnnoMCRk - nnnoMCRk.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MSSysInterv (MSSysInterv1) - Unknown owner - C:\WINDOWS\winself.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 9350 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 APPDRV - c:\windows\system32\drivers\appdrv.sys <Not Verified; Dell Inc; Application Driver>
R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Inc; OMCI Driver>
R1 rdbsss - c:\windows\system32\drivers\rdbsss.sys
R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R2 MDC8021X (AEGIS Protocol (IEEE 802.1x) v2.3.1.7) - c:\windows\system32\drivers\mdc8021x.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 2.3.1.7>
R3 DSproct - c:\program files\dellsupport\gtaction\triggers\dsproct.sys <Not Verified; Gteko Ltd.; processt>

S0 cercsr6 - c:\windows\system32\drivers\cercsr6.sys <Not Verified; Adaptec, Inc.; Dell RAID Controller>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 MSSysInterv1 (MSSysInterv) - c:\windows\winself.exe service
R2 NICCONFIGSVC - c:\program files\dell\nicconfigsvc\nicconfigsvc.exe <Not Verified; Dell Inc.; NicConfigSvc>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-04-14 19:57:17 440 --a------ C:\WINDOWS\Tasks\EasyShare Registration Task.job
2008-03-17 12:59:05 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-04-06 and 2008-05-06 -----------------------------

2008-05-05 22:10:03 1160 --a------ C:\WINDOWS\mozver.dat
2008-05-05 21:59:32 0 d-------- C:\Documents and Settings\Heather\Application Data\Mozilla
2008-05-05 20:39:16 82944 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-05-05 20:39:12 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-05-05 20:39:11 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-05-05 20:39:09 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-05-05 20:39:06 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-05-05 20:38:29 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-05-05 20:30:30 0 d-------- C:\Documents and Settings\Heather Villa\Application Data\Apple Computer
2008-05-05 20:27:05 0 d---s---- C:\Documents and Settings\Heather Villa\UserData
2008-05-05 19:56:09 4078 --a------ C:\WINDOWS\system32\tmp.reg
2008-05-05 19:55:22 82944 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-05-05 19:55:21 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-05-05 19:43:56 0 d-------- C:\Documents and Settings\Heather Villa\Application Data\Macromedia
2008-05-05 19:43:33 0 d-------- C:\Documents and Settings\Heather Villa\Application Data\Adobe
2008-05-05 19:42:19 0 d-------- C:\Documents and Settings\Heather Villa\Application Data\Webroot
2008-05-05 19:41:17 4096 --a------ C:\WINDOWS\userconfig9x.dll
2008-05-05 19:41:17 4096 --a------ C:\WINDOWS\system32\winlogonpc.exe
2008-05-05 19:41:17 4096 --a------ C:\WINDOWS\FVProtect.exe
2008-05-05 19:41:16 4096 --a------ C:\WINDOWS\system32\hoproxy.dll
2008-05-05 19:41:14 4096 --a------ C:\WINDOWS\system32\mwin32.exe
2008-05-05 19:41:14 4096 --a------ C:\WINDOWS\a.bat
2008-05-05 19:41:13 4096 --a------ C:\WINDOWS\system32\taack.exe
2008-05-05 19:41:13 4096 --a------ C:\WINDOWS\system32\taack.dat
2008-05-05 19:41:13 4096 --a------ C:\WINDOWS\system32\sncntr.exe
2008-05-05 19:41:13 4096 --a------ C:\WINDOWS\system32\hxiwlgpm.exe
2008-05-05 19:41:13 4096 --a------ C:\WINDOWS\system32\hxiwlgpm.dat
2008-05-05 19:41:12 4096 --a------ C:\WINDOWS\system32\psoft1.exe
2008-05-05 19:41:12 4096 --a------ C:\WINDOWS\system32\psof1.exe
2008-05-05 19:41:12 4096 --a------ C:\WINDOWS\iTunesMusic.exe
2008-05-05 19:41:11 4096 --a------ C:\WINDOWS\system32\ps1.exe
2008-05-05 19:41:11 4096 --a------ C:\WINDOWS\system32\bsva-egihsg52.exe
2008-05-05 19:41:10 4096 --a------ C:\WINDOWS\system32\msnbho.dll
2008-05-05 19:41:09 4096 --a------ C:\WINDOWS\system32\ssurf022.dll
2008-05-05 19:41:09 4096 --a------ C:\WINDOWS\system32\medup020.dll
2008-05-05 19:41:09 4096 --a------ C:\WINDOWS\system32\medup012.dll
2008-05-05 19:41:08 0 d-------- C:\WINDOWS\system32\smp
2008-05-05 19:41:06 4096 --a------ C:\WINDOWS\system32\netode.exe
2008-05-05 19:41:06 4096 --a------ C:\WINDOWS\system32\mtr2.exe
2008-05-05 19:41:06 4096 --a------ C:\WINDOWS\system32\msgp.exe
2008-05-05 19:41:04 4096 --a------ C:\WINDOWS\system32\temp#01.exe
2008-05-05 19:41:04 4096 --a------ C:\WINDOWS\system32\h@tkeysh@@k.dll
2008-05-05 19:41:04 0 d-------- C:\Program Files\Inet Delivery
2008-05-05 19:41:03 4096 --a------ C:\WINDOWS\system32\dpcproxy.exe
2008-05-05 19:41:02 4096 --a------ C:\WINDOWS\system32\ssvchost.exe
2008-05-05 19:41:02 4096 --a------ C:\WINDOWS\system32\ssvchost.com
2008-05-05 19:41:02 4096 --a------ C:\WINDOWS\system32\regm64.dll
2008-05-05 19:41:02 4096 --a------ C:\WINDOWS\system32\regc64.dll
2008-05-05 19:41:02 4096 --a------ C:\WINDOWS\system32\msvchost.exe
2008-05-05 19:41:00 4096 --a------ C:\WINDOWS\system32\thun32.dll
2008-05-05 19:41:00 4096 --a------ C:\WINDOWS\system32\thun.dll
2008-05-05 19:41:00 4096 --a------ C:\WINDOWS\system32\Rundl1.exe
2008-05-05 19:40:59 4096 --a------ C:\WINDOWS\winsystem.exe
2008-05-05 19:40:59 4096 --a------ C:\WINDOWS\system32\WINWGPX.EXE
2008-05-05 19:40:59 4096 --a------ C:\WINDOWS\system32\winsystem.exe
2008-05-05 19:40:59 4096 --a------ C:\WINDOWS\system32\vcatchpi.dll
2008-05-05 19:40:59 4096 --a------ C:\WINDOWS\system32\sysreq.exe
2008-05-05 19:40:59 4096 --a------ C:\WINDOWS\system32\newsd32.exe
2008-05-05 19:40:59 4096 --a------ C:\WINDOWS\system32\mssecu.exe
2008-05-05 19:40:59 4096 --a------ C:\WINDOWS\system32\emesx.dll
2008-05-05 19:40:59 4096 --a------ C:\WINDOWS\system32\bdn.com
2008-05-05 19:40:59 4096 --a------ C:\WINDOWS\system32\anticipator.dll
2008-05-05 19:40:59 4096 --a------ C:\WINDOWS\system32\akttzn.exe
2008-05-05 19:40:59 4096 --a------ C:\WINDOWS\mssecu.exe
2008-05-05 19:40:59 4096 --a------ C:\WINDOWS\bdn.com
2008-05-05 19:40:58 4096 --a------ C:\WINDOWS\system32\awtoolb.dll
2008-05-05 19:40:56 0 d-------- C:\WINDOWS\mslagent
2008-05-05 19:40:55 4096 --a------ C:\WINDOWS\system32\vbsys2.dll
2008-05-05 19:40:19 106496 --a------ C:\WINDOWS\system32\elijmdqt.exe
2008-05-05 19:38:14 0 dr-h----- C:\Documents and Settings\Heather Villa\SendTo
2008-05-05 19:38:14 0 dr-h----- C:\Documents and Settings\Heather Villa\Recent
2008-05-05 19:38:14 0 d--h----- C:\Documents and Settings\Heather Villa\PrintHood
2008-05-05 19:38:14 0 d--h----- C:\Documents and Settings\Heather Villa\NetHood
2008-05-05 19:38:14 0 dr------- C:\Documents and Settings\Heather Villa\My Documents
2008-05-05 19:38:14 0 d--h----- C:\Documents and Settings\Heather Villa\Local Settings
2008-05-05 19:38:14 0 dr------- C:\Documents and Settings\Heather Villa\Favorites
2008-05-05 19:38:14 0 d-------- C:\Documents and Settings\Heather Villa\Desktop
2008-05-05 19:38:14 0 d---s---- C:\Documents and Settings\Heather Villa\Cookies
2008-05-05 19:38:14 0 dr-h----- C:\Documents and Settings\Heather Villa\Application Data
2008-05-05 19:38:14 0 d-------- C:\Documents and Settings\Heather Villa\Application Data\Sun
2008-05-05 19:38:14 0 d-------- C:\Documents and Settings\Heather Villa\Application Data\Sonic
2008-05-05 19:38:14 0 d---s---- C:\Documents and Settings\Heather Villa\Application Data\Microsoft
2008-05-05 19:38:14 0 d-------- C:\Documents and Settings\Heather Villa\Application Data\Jasc Software Inc
2008-05-05 19:38:14 0 d-------- C:\Documents and Settings\Heather Villa\Application Data\Identities
2008-05-05 19:38:13 0 d--h----- C:\Documents and Settings\Heather Villa\Templates
2008-05-05 19:38:13 0 dr------- C:\Documents and Settings\Heather Villa\Start Menu
2008-05-05 19:38:13 1048576 --ah----- C:\Documents and Settings\Heather Villa\NTUSER.DAT
2008-05-05 19:35:31 0 d-------- C:\WINDOWS\Prefetch
2008-05-05 17:23:43 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-05-05 17:23:43 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-05-05 17:23:43 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-05-05 17:23:43 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-05-05 17:23:43 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-05-05 17:23:43 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-05-05 17:23:43 0 dr------- C:\Documents and Settings\Administrator\My Documents
2008-05-05 17:23:43 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-05-05 17:23:43 0 dr------- C:\Documents and Settings\Administrator\Favorites
2008-05-05 17:23:43 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-05-05 17:23:43 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-05-05 17:23:43 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-05-05 17:23:43 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun
2008-05-05 17:23:43 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sonic
2008-05-05 17:23:43 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-05-05 17:23:43 0 d-------- C:\Documents and Settings\Administrator\Application Data\Jasc Software Inc
2008-05-05 17:23:43 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-05-05 17:23:41 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-05-05 17:23:38 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2008-05-05 13:55:23 0 d-------- C:\WINDOWS\dell
2008-04-25 09:56:46 330752 --a------ C:\WINDOWS\system32\{2c77ce0c-bfbe-fdea-af7d-6318ee30faa1}.dll
2008-04-15 21:19:55 0 d-------- C:\Documents and Settings\LocalService\Application Data\Identities
2008-04-15 21:16:11 0 d--h----- C:\Documents and Settings\LocalService\NetHood
2008-04-15 21:16:11 0 dr------- C:\Documents and Settings\LocalService\My Documents
2008-04-15 21:15:19 0 d-------- C:\Documents and Settings\LocalService\Start Menu
2008-04-15 21:15:19 0 dr-h----- C:\Documents and Settings\LocalService\Recent
2008-04-15 21:15:18 0 d-------- C:\Documents and Settings\LocalService\Desktop
2008-04-15 18:31:49 0 d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-04-15 18:31:05 164 --a------ C:\install.dat
2008-04-15 17:51:04 0 d-------- C:\WINDOWS\system32\??curity
2008-04-15 17:50:42 60928 --a------ C:\WINDOWS\system32\bozw.dll
2008-04-14 22:32:22 3648 --a------ C:\WINDOWS\system32\bevoqese.dll
2008-04-14 21:03:57 0 d-------- C:\Program Files\PC-Cleaner
2008-04-13 22:30:50 3648 --a------ C:\WINDOWS\system32\xmqpalws.dll
2008-04-13 22:27:51 292695 --ahs---- C:\WINDOWS\system32\sCLRrtwa.ini2
2008-04-13 22:16:17 23552 --a------ C:\WINDOWS\voiceip.dll
2008-04-13 22:16:17 25856 --a------ C:\WINDOWS\swin32.dll
2008-04-13 22:16:16 16384 --a------ C:\WINDOWS\cdsm32.dll
2008-04-13 22:16:16 11264 --a------ C:\WINDOWS\bokja.exe
2008-04-13 22:16:14 15104 --a------ C:\WINDOWS\mssvr.exe
2008-04-13 22:16:14 30208 --a------ C:\WINDOWS\mspphe.dll
2008-04-13 22:16:13 11776 --a------ C:\WINDOWS\2020search2.dll
2008-04-13 22:16:13 18944 --a------ C:\WINDOWS\2020search.dll
2008-04-13 22:15:51 29440 --a------ C:\WINDOWS\saiemod.dll
2008-04-13 22:15:49 14080 --a------ C:\WINDOWS\msapasrc.dll
2008-04-13 22:15:48 18944 --a------ C:\WINDOWS\msa64chk.dll
2008-04-13 22:15:46 16640 --a------ C:\WINDOWS\shdocpl.dll
2008-04-13 22:15:44 22016 --a------ C:\WINDOWS\shdocpe.dll
2008-04-13 22:15:44 18432 --a------ C:\WINDOWS\ntnut.exe
2008-04-13 22:15:41 20736 --a------ C:\WINDOWS\winsb.dll
2008-04-13 22:15:39 14848 --a------ C:\WINDOWS\browserad.dll
2008-04-13 22:15:38 22016 --a------ C:\WINDOWS\aviwrap32.dll
2008-04-13 22:15:38 21760 --a------ C:\WINDOWS\avisynthex32.dll
2008-04-13 22:15:37 20480 --a------ C:\WINDOWS\avifile32.dll
2008-04-13 22:15:36 29696 --a------ C:\WINDOWS\autodisc32.dll
2008-04-13 22:15:36 16384 --a------ C:\WINDOWS\audiosrv32.dll
2008-04-13 22:15:35 27904 --a------ C:\WINDOWS\ati2dvag32.dll
2008-04-13 22:15:34 28672 --a------ C:\WINDOWS\ati2dvaa32.dll
2008-04-13 22:15:34 24320 --a------ C:\WINDOWS\athprxy32.dll
2008-04-13 22:15:33 24832 --a------ C:\WINDOWS\asycfilt32.dll
2008-04-13 22:15:33 25344 --a------ C:\WINDOWS\asferror32.dll
2008-04-13 22:15:32 11264 --a------ C:\WINDOWS\apphelp32.dll
2008-04-13 22:15:31 27392 --a------ C:\WINDOWS\changeurl_30.dll
2008-04-13 22:03:30 86144 --a------ C:\WINDOWS\system32\drivers\rdbsss.sys
2008-04-13 22:03:28 0 d-------- C:\Program Files\??pPatch
2008-04-13 22:01:59 0 d-------- C:\WINDOWS\system32\pinz1
2008-04-13 22:01:59 0 d-------- C:\WINDOWS\system32\iFi
2008-04-13 22:01:59 0 d-------- C:\WINDOWS\system32\IDE2
2008-04-13 22:01:59 0 d-------- C:\WINDOWS\system32\ExTmp
2008-04-13 22:01:34 0 d-------- C:\WINDOWS\system32\bharebio01
2008-04-13 22:01:34 0 d-------- C:\Temp
2008-04-13 21:43:37 70144 --a------ C:\Documents and Settings\All Users\Application Data\xgvmlqxw.dll
2008-04-13 21:43:34 0 d-------- C:\Documents and Settings\All Users\Application Data\krspingx
2008-04-13 21:43:32 94208 --a------ C:\WINDOWS\system32\ovkxyfmn.exe
2008-04-13 21:43:23 0 d-------- C:\Program Files\?asks
2008-04-13 21:43:21 0 d-------- C:\WINDOWS\PerfInfo
2008-04-13 21:43:21 0 d-------- C:\WINDOWS\cuawsppw
2008-04-13 21:43:18 196096 --a------ C:\WINDOWS\dubinenq.dll
2008-04-13 21:43:16 70144 --a------ C:\WINDOWS\tkbqpupe.dll
2008-04-13 21:41:55 0 d-------- C:\Program Files\Bat
2008-04-13 21:41:38 28160 --a------ C:\WINDOWS\winself.exe
2008-04-13 21:40:27 0 d-------- C:\Program Files\W?nSxS
2008-04-13 21:39:38 6656 --a------ C:\WINDOWS\estrictions.dll
2008-04-11 22:22:28 6656 --a------ C:\WINDOWS\system32\000060.exe
2008-04-11 13:44:58 229526 --a------ C:\WINDOWS\system32\000080.exe


-- Find3M Report ---------------------------------------------------------------

2008-05-06 07:52:02 0 d-------- C:\Program Files\ComcastToolbar
2008-05-05 21:26:51 80929 --a------ C:\logfile
2008-05-05 21:20:39 0 d-------- C:\Program Files\W?nSxS
2008-05-05 19:25:28 23444 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-04-15 21:11:59 0 d-------- C:\Program Files\Common Files
2008-04-15 17:51:04 0 d-------- C:\Program Files\?asks
2008-04-13 22:03:28 0 d-------- C:\Program Files\??pPatch
2008-04-05 00:29:14 270694 --a------ C:\WINDOWS\system32\000090.exe
2008-03-30 13:04:28 0 d-------- C:\Documents and Settings\Heather\Application Data\AdobeUM


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00C4345B-F8F9-41D9-A9DC-2E56E548D566}]
C:\WINDOWS\system32\awtrRLCs.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{13197ace-6851-45c3-a7ff-c281324d5489}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{15651c7c-e812-44a2-a9ac-b467a2233e7d}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{24E9519B-3F70-429B-99BC-4B2B49B96F66}]
C:\WINDOWS\system32\nnnoMCRk.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4e1075f4-eec4-4a86-add7-cd5f52858c31}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6672c40a-f0d7-a691-77be-b932a2e2c36e}]
04/25/2008 09:56 AM 330752 --a------ C:\WINDOWS\system32\{2c77ce0c-bfbe-fdea-af7d-6318ee30faa1}.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8334A30C-49E5-489a-B63D-5B927C1EF46E}]
C:\Program Files\QdrDrive\QdrDrive15.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8674aea0-9d3d-11d9-99dc-00600f9a01f1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{965a592f-8efa-4250-8630-7960230792f1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CDFB4485-F362-F0E3-1592-D38F757D2CE0}]
04/11/2008 12:51 PM 60928 --a------ C:\WINDOWS\system32\bozw.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fc3a74e5-f281-4f10-ae1e-733078684f3c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ffff0001-0002-101a-a3c9-08002b2f49fb}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [11/03/2004 12:03 AM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [11/02/2004 11:59 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [11/19/2003 06:48 PM]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [05/13/2004 11:23 AM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [05/14/2004 01:35 AM]
"PRONoMgrWired"="C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe" [12/09/2004 02:58 PM]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [04/11/2004 12:43 PM]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [11/10/2004 12:54 PM]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [01/07/2004 02:01 AM]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [08/13/2004 02:05 AM]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [01/28/2005 07:08 PM]
"ddoctorv2"="C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [04/19/2007 02:21 PM]
"@"="" []
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [10/19/2007 09:16 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [11/02/2007 07:36 PM]
"xgvmlqxw"="regsvr32 /u C:\Documents and Settings\All Users\Application Data\xgvmlqxw.dll" []
"spa_start"="C:\WINDOWS\system32\{2c77ce0c-bfbe-fdea-af7d-6318ee30faa1}.dll" [04/25/2008 09:56 AM]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [08/04/2004 06:00 AM]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [08/04/2004 06:00 AM]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [01/04/2008 08:56 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [03/15/2007 11:09 AM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 11:24 AM]
"DellTransferAgent"="C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe" [11/13/2007 04:46 PM]
"QdrModule15"="C:\Program Files\QdrModule\QdrModule15.exe" []
"QdrPack15"="C:\Program Files\QdrPack\QdrPack15.exe" []
"Osqh"="C:\Program Files\?asks\j?vaw.exe" [04/11/2008 12:52 PM]
"wdbbifgj"="C:\WINDOWS\system32\ovkxyfmn.exe" [04/13/2008 09:43 PM]
"Sen"="C:\PROGRA~1\WNSXS~1\notepad.exe" [05/05/2008 09:20 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"FiDiJQt1Sl"=C:\Documents and Settings\All Users\Application Data\krspingx\ubeharij.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{24E9519B-3F70-429B-99BC-4B2B49B96F66}"= C:\WINDOWS\system32\nnnoMCRk.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnoMCRk]
nnnoMCRk.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\awtrRLCs

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\svcWRSSSDK]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"




-- End of Deckard's System Scanner: finished at 2008-05-06 09:16:02 ------------

Deckard's System Scanner v20071014.68
Run by Heather on 2008-05-06 08:59:40
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 3 Restore Point(s) --
3: 2008-05-06 14:02:49 UTC - RP3 - Deckard's System Scanner Restore Point
2: 2008-05-06 01:55:59 UTC - RP2 - Removed Get High Speed Internet!
1: 2008-05-06 00:41:56 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 86% (more than 75%).
Total Physical Memory: 248 MiB (512 MiB recommended).
System Drive C: has 1.61 GiB (less than 15%) free.


-- HijackThis (run as Heather.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:10:51 AM, on 5/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\winself.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\All Users\Application Data\krspingx\ubeharij.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\regsvr32.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe
C:\Program Files\?asks\j?vaw.exe
C:\WINDOWS\system32\ovkxyfmn.exe
C:\PROGRA~1\WNSXS~1\notepad.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\COMMON~1\MICROS~1\Msinfo\OFFPROV.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\Rundll32.exe
C:\Documents and Settings\Heather\Desktop\dss.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\DOCUME~1\Heather\Desktop\Heather.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.webshots.com/r/internal/start/client/RAND
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: (no name) - {00C4345B-F8F9-41D9-A9DC-2E56E548D566} - C:\WINDOWS\system32\awtrRLCs.dll (file missing)
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
O2 - BHO: (no name) - {24E9519B-3F70-429B-99BC-4B2B49B96F66} - C:\WINDOWS\system32\nnnoMCRk.dll (file missing)
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: nextads browser optimizer - {6672c40a-f0d7-a691-77be-b932a2e2c36e} - C:\WINDOWS\system32\{2c77ce0c-bfbe-fdea-af7d-6318ee30faa1}.dll
O2 - BHO: StFlex IE Helper - {8334A30C-49E5-489a-B63D-5B927C1EF46E} - C:\Program Files\QdrDrive\QdrDrive15.dll (file missing)
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
O2 - BHO: (no name) - {CDFB4485-F362-F0E3-1592-D38F757D2CE0} - C:\WINDOWS\system32\bozw.dll
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [PRONoMgrWired] "C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Dell QuickSet] "C:\Program Files\Dell\QuickSet\quickset.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [RealTray] "C:\Program Files\Real\RealPlayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [xgvmlqxw] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\xgvmlqxw.dll"
O4 - HKLM\..\Run: [spa_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{2c77ce0c-bfbe-fdea-af7d-6318ee30faa1}.dll" DllInit
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellTransferAgent] "C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe"
O4 - HKCU\..\Run: [QdrModule15] "C:\Program Files\QdrModule\QdrModule15.exe"
O4 - HKCU\..\Run: [QdrPack15] "C:\Program Files\QdrPack\QdrPack15.exe"
O4 - HKCU\..\Run: [Osqh] "C:\Program Files\?asks\j?vaw.exe"
O4 - HKCU\..\Run: [wdbbifgj] C:\WINDOWS\system32\ovkxyfmn.exe
O4 - HKCU\..\Run: [Sen] "C:\PROGRA~1\WNSXS~1\notepad.exe" -vt ndrv
O4 - HKLM\..\Policies\Explorer\Run: [FiDiJQt1Sl] C:\Documents and Settings\All Users\Application Data\krspingx\ubeharij.exe
O4 - Startup: DW_Start.lnk = ?
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._1/axofupld.cab
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._2/axofupld.cab
O20 - Winlogon Notify: nnnoMCRk - nnnoMCRk.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MSSysInterv (MSSysInterv1) - Unknown owner - C:\WINDOWS\winself.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 9350 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 APPDRV - c:\windows\system32\drivers\appdrv.sys <Not Verified; Dell Inc; Application Driver>
R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Inc; OMCI Driver>
R1 rdbsss - c:\windows\system32\drivers\rdbsss.sys
R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R2 MDC8021X (AEGIS Protocol (IEEE 802.1x) v2.3.1.7) - c:\windows\system32\drivers\mdc8021x.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 2.3.1.7>
R3 DSproct - c:\program files\dellsupport\gtaction\triggers\dsproct.sys <Not Verified; Gteko Ltd.; processt>

S0 cercsr6 - c:\windows\system32\drivers\cercsr6.sys <Not Verified; Adaptec, Inc.; Dell RAID Controller>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 MSSysInterv1 (MSSysInterv) - c:\windows\winself.exe service
R2 NICCONFIGSVC - c:\program files\dell\nicconfigsvc\nicconfigsvc.exe <Not Verified; Dell Inc.; NicConfigSvc>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-04-14 19:57:17 440 --a------ C:\WINDOWS\Tasks\EasyShare Registration Task.job
2008-03-17 12:59:05 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-04-06 and 2008-05-06 -----------------------------

2008-05-05 22:10:03 1160 --a------ C:\WINDOWS\mozver.dat
2008-05-05 21:59:32 0 d-------- C:\Documents and Settings\Heather\Application Data\Mozilla
2008-05-05 20:39:16 82944 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-05-05 20:39:12 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-05-05 20:39:11 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-05-05 20:39:09 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-05-05 20:39:06 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-05-05 20:38:29 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-05-05 20:30:30 0 d-------- C:\Documents and Settings\Heather Villa\Application Data\Apple Computer
2008-05-05 20:27:05 0 d---s---- C:\Documents and Settings\Heather Villa\UserData
2008-05-05 19:56:09 4078 --a------ C:\WINDOWS\system32\tmp.reg
2008-05-05 19:55:22 82944 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-05-05 19:55:21 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-05-05 19:43:56 0 d-------- C:\Documents and Settings\Heather Villa\Application Data\Macromedia
2008-05-05 19:43:33 0 d-------- C:\Documents and Settings\Heather Villa\Application Data\Adobe
2008-05-05 19:42:19 0 d-------- C:\Documents and Settings\Heather Villa\Application Data\Webroot
2008-05-05 19:41:17 4096 --a------ C:\WINDOWS\userconfig9x.dll
2008-05-05 19:41:17 4096 --a------ C:\WINDOWS\system32\winlogonpc.exe
2008-05-05 19:41:17 4096 --a------ C:\WINDOWS\FVProtect.exe
2008-05-05 19:41:16 4096 --a------ C:\WINDOWS\system32\hoproxy.dll
2008-05-05 19:41:14 4096 --a------ C:\WINDOWS\system32\mwin32.exe
2008-05-05 19:41:14 4096 --a------ C:\WINDOWS\a.bat
2008-05-05 19:41:13 4096 --a------ C:\WINDOWS\system32\taack.exe
2008-05-05 19:41:13 4096 --a------ C:\WINDOWS\system32\taack.dat
2008-05-05 19:41:13 4096 --a------ C:\WINDOWS\system32\sncntr.exe
2008-05-05 19:41:13 4096 --a------ C:\WINDOWS\system32\hxiwlgpm.exe
2008-05-05 19:41:13 4096 --a------ C:\WINDOWS\system32\hxiwlgpm.dat
2008-05-05 19:41:12 4096 --a------ C:\WINDOWS\system32\psoft1.exe
2008-05-05 19:41:12 4096 --a------ C:\WINDOWS\system32\psof1.exe
2008-05-05 19:41:12 4096 --a------ C:\WINDOWS\iTunesMusic.exe
2008-05-05 19:41:11 4096 --a------ C:\WINDOWS\system32\ps1.exe
2008-05-05 19:41:11 4096 --a------ C:\WINDOWS\system32\bsva-egihsg52.exe
2008-05-05 19:41:10 4096 --a------ C:\WINDOWS\system32\msnbho.dll
2008-05-05 19:41:09 4096 --a------ C:\WINDOWS\system32\ssurf022.dll
2008-05-05 19:41:09 4096 --a------ C:\WINDOWS\system32\medup020.dll
2008-05-05 19:41:09 4096 --a------ C:\WINDOWS\system32\medup012.dll
2008-05-05 19:41:08 0 d-------- C:\WINDOWS\system32\smp
2008-05-05 19:41:06 4096 --a------ C:\WINDOWS\system32\netode.exe
2008-05-05 19:41:06 4096 --a------ C:\WINDOWS\system32\mtr2.exe
2008-05-05 19:41:06 4096 --a------ C:\WINDOWS\system32\msgp.exe
2008-05-05 19:41:04 4096 --a------ C:\WINDOWS\system32\temp#01.exe
2008-05-05 19:41:04 4096 --a------ C:\WINDOWS\system32\h@tkeysh@@k.dll
2008-05-05 19:41:04 0 d-------- C:\Program Files\Inet Delivery
2008-05-05 19:41:03 4096 --a------ C:\WINDOWS\system32\dpcproxy.exe
2008-05-05 19:41:02 4096 --a------ C:\WINDOWS\system32\ssvchost.exe
2008-05-05 19:41:02 4096 --a------ C:\WINDOWS\system32\ssvchost.com
2008-05-05 19:41:02 4096 --a------ C:\WINDOWS\system32\regm64.dll
2008-05-05 19:41:02 4096 --a------ C:\WINDOWS\system32\regc64.dll
2008-05-05 19:41:02 4096 --a------ C:\WINDOWS\system32\msvchost.exe
2008-05-05 19:41:00 4096 --a------ C:\WINDOWS\system32\thun32.dll
2008-05-05 19:41:00 4096 --a------ C:\WINDOWS\system32\thun.dll
2008-05-05 19:41:00 4096 --a------ C:\WINDOWS\system32\Rundl1.exe
2008-05-05 19:40:59 4096 --a------ C:\WINDOWS\winsystem.exe
2008-05-05 19:40:59 4096 --a------ C:\WINDOWS\system32\WINWGPX.EXE
2008-05-05 19:40:59 4096 --a------ C:\WINDOWS\system32\winsystem.exe
2008-05-05 19:40:59 4096 --a------ C:\WINDOWS\system32\vcatchpi.dll
2008-05-05 19:40:59 4096 --a------ C:\WINDOWS\system32\sysreq.exe
2008-05-05 19:40:59 4096 --a------ C:\WINDOWS\system32\newsd32.exe
2008-05-05 19:40:59 4096 --a------ C:\WINDOWS\system32\mssecu.exe
2008-05-05 19:40:59 4096 --a------ C:\WINDOWS\system32\emesx.dll
2008-05-05 19:40:59 4096 --a------ C:\WINDOWS\system32\bdn.com
2008-05-05 19:40:59 4096 --a------ C:\WINDOWS\system32\anticipator.dll
2008-05-05 19:40:59 4096 --a------ C:\WINDOWS\system32\akttzn.exe
2008-05-05 19:40:59 4096 --a------ C:\WINDOWS\mssecu.exe
2008-05-05 19:40:59 4096 --a------ C:\WINDOWS\bdn.com
2008-05-05 19:40:58 4096 --a------ C:\WINDOWS\system32\awtoolb.dll
2008-05-05 19:40:56 0 d-------- C:\WINDOWS\mslagent
2008-05-05 19:40:55 4096 --a------ C:\WINDOWS\system32\vbsys2.dll
2008-05-05 19:40:19 106496 --a------ C:\WINDOWS\system32\elijmdqt.exe
2008-05-05 19:38:14 0 dr-h----- C:\Documents and Settings\Heather Villa\SendTo
2008-05-05 19:38:14 0 dr-h----- C:\Documents and Settings\Heather Villa\Recent
2008-05-05 19:38:14 0 d--h----- C:\Documents and Settings\Heather Villa\PrintHood
2008-05-05 19:38:14 0 d--h----- C:\Documents and Settings\Heather Villa\NetHood
2008-05-05 19:38:14 0 dr------- C:\Documents and Settings\Heather Villa\My Documents
2008-05-05 19:38:14 0 d--h----- C:\Documents and Settings\Heather Villa\Local Settings
2008-05-05 19:38:14 0 dr------- C:\Documents and Settings\Heather Villa\Favorites
2008-05-05 19:38:14 0 d-------- C:\Documents and Settings\Heather Villa\Desktop
2008-05-05 19:38:14 0 d---s---- C:\Documents and Settings\Heather Villa\Cookies
2008-05-05 19:38:14 0 dr-h----- C:\Documents and Settings\Heather Villa\Application Data
2008-05-05 19:38:14 0 d-------- C:\Documents and Settings\Heather Villa\Application Data\Sun
2008-05-05 19:38:14 0 d-------- C:\Documents and Settings\Heather Villa\Application Data\Sonic
2008-05-05 19:38:14 0 d---s---- C:\Documents and Settings\Heather Villa\Application Data\Microsoft
2008-05-05 19:38:14 0 d-------- C:\Documents and Settings\Heather Villa\Application Data\Jasc Software Inc
2008-05-05 19:38:14 0 d-------- C:\Documents and Settings\Heather Villa\Application Data\Identities
2008-05-05 19:38:13 0 d--h----- C:\Documents and Settings\Heather Villa\Templates
2008-05-05 19:38:13 0 dr------- C:\Documents and Settings\Heather Villa\Start Menu
2008-05-05 19:38:13 1048576 --ah----- C:\Documents and Settings\Heather Villa\NTUSER.DAT
2008-05-05 19:35:31 0 d-------- C:\WINDOWS\Prefetch
2008-05-05 17:23:43 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-05-05 17:23:43 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-05-05 17:23:43 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-05-05 17:23:43 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-05-05 17:23:43 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-05-05 17:23:43 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-05-05 17:23:43 0 dr------- C:\Documents and Settings\Administrator\My Documents
2008-05-05 17:23:43 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-05-05 17:23:43 0 dr------- C:\Documents and Settings\Administrator\Favorites
2008-05-05 17:23:43 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-05-05 17:23:43 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-05-05 17:23:43 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-05-05 17:23:43 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun
2008-05-05 17:23:43 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sonic
2008-05-05 17:23:43 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-05-05 17:23:43 0 d-------- C:\Documents and Settings\Administrator\Application Data\Jasc Software Inc
2008-05-05 17:23:43 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-05-05 17:23:41 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-05-05 17:23:38 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2008-05-05 13:55:23 0 d-------- C:\WINDOWS\dell
2008-04-25 09:56:46 330752 --a------ C:\WINDOWS\system32\{2c77ce0c-bfbe-fdea-af7d-6318ee30faa1}.dll
2008-04-15 21:19:55 0 d-------- C:\Documents and Settings\LocalService\Application Data\Identities
2008-04-15 21:16:11 0 d--h----- C:\Documents and Settings\LocalService\NetHood
2008-04-15 21:16:11 0 dr------- C:\Documents and Settings\LocalService\My Documents
2008-04-15 21:15:19 0 d-------- C:\Documents and Settings\LocalService\Start Menu
2008-04-15 21:15:19 0 dr-h----- C:\Documents and Settings\LocalService\Recent
2008-04-15 21:15:18 0 d-------- C:\Documents and Settings\LocalService\Desktop
2008-04-15 18:31:49 0 d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-04-15 18:31:05 164 --a------ C:\install.dat
2008-04-15 17:51:04 0 d-------- C:\WINDOWS\system32\??curity
2008-04-15 17:50:42 60928 --a------ C:\WINDOWS\system32\bozw.dll
2008-04-14 22:32:22 3648 --a------ C:\WINDOWS\system32\bevoqese.dll
2008-04-14 21:03:57 0 d-------- C:\Program Files\PC-Cleaner
2008-04-13 22:30:50 3648 --a------ C:\WINDOWS\system32\xmqpalws.dll
2008-04-13 22:27:51 292695 --ahs---- C:\WINDOWS\system32\sCLRrtwa.ini2
2008-04-13 22:16:17 23552 --a------ C:\WINDOWS\voiceip.dll
2008-04-13 22:16:17 25856 --a------ C:\WINDOWS\swin32.dll
2008-04-13 22:16:16 16384 --a------ C:\WINDOWS\cdsm32.dll
2008-04-13 22:16:16 11264 --a------ C:\WINDOWS\bokja.exe
2008-04-13 22:16:14 15104 --a------ C:\WINDOWS\mssvr.exe
2008-04-13 22:16:14 30208 --a------ C:\WINDOWS\mspphe.dll
2008-04-13 22:16:13 11776 --a------ C:\WINDOWS\2020search2.dll
2008-04-13 22:16:13 18944 --a------ C:\WINDOWS\2020search.dll
2008-04-13 22:15:51 29440 --a------ C:\WINDOWS\saiemod.dll
2008-04-13 22:15:49 14080 --a------ C:\WINDOWS\msapasrc.dll
2008-04-13 22:15:48 18944 --a------ C:\WINDOWS\msa64chk.dll
2008-04-13 22:15:46 16640 --a------ C:\WINDOWS\shdocpl.dll
2008-04-13 22:15:44 22016 --a------ C:\WINDOWS\shdocpe.dll
2008-04-13 22:15:44 18432 --a------ C:\WINDOWS\ntnut.exe
2008-04-13 22:15:41 20736 --a------ C:\WINDOWS\winsb.dll
2008-04-13 22:15:39 14848 --a------ C:\WINDOWS\browserad.dll
2008-04-13 22:15:38 22016 --a------ C:\WINDOWS\aviwrap32.dll
2008-04-13 22:15:38 21760 --a------ C:\WINDOWS\avisynthex32.dll
2008-04-13 22:15:37 20480 --a------ C:\WINDOWS\avifile32.dll
2008-04-13 22:15:36 29696 --a------ C:\WINDOWS\autodisc32.dll
2008-04-13 22:15:36 16384 --a------ C:\WINDOWS\audiosrv32.dll
2008-04-13 22:15:35 27904 --a------ C:\WINDOWS\ati2dvag32.dll
2008-04-13 22:15:34 28672 --a------ C:\WINDOWS\ati2dvaa32.dll
2008-04-13 22:15:34 24320 --a------ C:\WINDOWS\athprxy32.dll
2008-04-13 22:15:33 24832 --a------ C:\WINDOWS\asycfilt32.dll
2008-04-13 22:15:33 25344 --a------ C:\WINDOWS\asferror32.dll
2008-04-13 22:15:32 11264 --a------ C:\WINDOWS\apphelp32.dll
2008-04-13 22:15:31 27392 --a------ C:\WINDOWS\changeurl_30.dll
2008-04-13 22:03:30 86144 --a------ C:\WINDOWS\system32\drivers\rdbsss.sys
2008-04-13 22:03:28 0 d-------- C:\Program Files\??pPatch
2008-04-13 22:01:59 0 d-------- C:\WINDOWS\system32\pinz1
2008-04-13 22:01:59 0 d-------- C:\WINDOWS\system32\iFi
2008-04-13 22:01:59 0 d-------- C:\WINDOWS\system32\IDE2
2008-04-13 22:01:59 0 d-------- C:\WINDOWS\system32\ExTmp
2008-04-13 22:01:34 0 d-------- C:\WINDOWS\system32\bharebio01
2008-04-13 22:01:34 0 d-------- C:\Temp
2008-04-13 21:43:37 70144 --a------ C:\Documents and Settings\All Users\Application Data\xgvmlqxw.dll
2008-04-13 21:43:34 0 d-------- C:\Documents and Settings\All Users\Application Data\krspingx
2008-04-13 21:43:32 94208 --a------ C:\WINDOWS\system32\ovkxyfmn.exe
2008-04-13 21:43:23 0 d-------- C:\Program Files\?asks
2008-04-13 21:43:21 0 d-------- C:\WINDOWS\PerfInfo
2008-04-13 21:43:21 0 d-------- C:\WINDOWS\cuawsppw
2008-04-13 21:43:18 196096 --a------ C:\WINDOWS\dubinenq.dll
2008-04-13 21:43:16 70144 --a------ C:\WINDOWS\tkbqpupe.dll
2008-04-13 21:41:55 0 d-------- C:\Program Files\Bat
2008-04-13 21:41:38 28160 --a------ C:\WINDOWS\winself.exe
2008-04-13 21:40:27 0 d-------- C:\Program Files\W?nSxS
2008-04-13 21:39:38 6656 --a------ C:\WINDOWS\estrictions.dll
2008-04-11 22:22:28 6656 --a------ C:\WINDOWS\system32\000060.exe
2008-04-11 13:44:58 229526 --a------ C:\WINDOWS\system32\000080.exe


-- Find3M Report ---------------------------------------------------------------

2008-05-06 07:52:02 0 d-------- C:\Program Files\ComcastToolbar
2008-05-05 21:26:51 80929 --a------ C:\logfile
2008-05-05 21:20:39 0 d-------- C:\Program Files\W?nSxS
2008-05-05 19:25:28 23444 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-04-15 21:11:59 0 d-------- C:\Program Files\Common Files
2008-04-15 17:51:04 0 d-------- C:\Program Files\?asks
2008-04-13 22:03:28 0 d-------- C:\Program Files\??pPatch
2008-04-05 00:29:14 270694 --a------ C:\WINDOWS\system32\000090.exe
2008-03-30 13:04:28 0 d-------- C:\Documents and Settings\Heather\Application Data\AdobeUM


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00C4345B-F8F9-41D9-A9DC-2E56E548D566}]
C:\WINDOWS\system32\awtrRLCs.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{13197ace-6851-45c3-a7ff-c281324d5489}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{15651c7c-e812-44a2-a9ac-b467a2233e7d}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{24E9519B-3F70-429B-99BC-4B2B49B96F66}]
C:\WINDOWS\system32\nnnoMCRk.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4e1075f4-eec4-4a86-add7-cd5f52858c31}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6672c40a-f0d7-a691-77be-b932a2e2c36e}]
04/25/2008 09:56 AM 330752 --a------ C:\WINDOWS\system32\{2c77ce0c-bfbe-fdea-af7d-6318ee30faa1}.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8334A30C-49E5-489a-B63D-5B927C1EF46E}]
C:\Program Files\QdrDrive\QdrDrive15.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8674aea0-9d3d-11d9-99dc-00600f9a01f1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{965a592f-8efa-4250-8630-7960230792f1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CDFB4485-F362-F0E3-1592-D38F757D2CE0}]
04/11/2008 12:51 PM 60928 --a------ C:\WINDOWS\system32\bozw.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fc3a74e5-f281-4f10-ae1e-733078684f3c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ffff0001-0002-101a-a3c9-08002b2f49fb}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [11/03/2004 12:03 AM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [11/02/2004 11:59 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [11/19/2003 06:48 PM]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [05/13/2004 11:23 AM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [05/14/2004 01:35 AM]
"PRONoMgrWired"="C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe" [12/09/2004 02:58 PM]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [04/11/2004 12:43 PM]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [11/10/2004 12:54 PM]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [01/07/2004 02:01 AM]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [08/13/2004 02:05 AM]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [01/28/2005 07:08 PM]
"ddoctorv2"="C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [04/19/2007 02:21 PM]
"@"="" []
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [10/19/2007 09:16 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [11/02/2007 07:36 PM]
"xgvmlqxw"="regsvr32 /u C:\Documents and Settings\All Users\Application Data\xgvmlqxw.dll" []
"spa_start"="C:\WINDOWS\system32\{2c77ce0c-bfbe-fdea-af7d-6318ee30faa1}.dll" [04/25/2008 09:56 AM]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [08/04/2004 06:00 AM]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [08/04/2004 06:00 AM]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [01/04/2008 08:56 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [03/15/2007 11:09 AM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 11:24 AM]
"DellTransferAgent"="C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe" [11/13/2007 04:46 PM]
"QdrModule15"="C:\Program Files\QdrModule\QdrModule15.exe" []
"QdrPack15"="C:\Program Files\QdrPack\QdrPack15.exe" []
"Osqh"="C:\Program Files\?asks\j?vaw.exe" [04/11/2008 12:52 PM]
"wdbbifgj"="C:\WINDOWS\system32\ovkxyfmn.exe" [04/13/2008 09:43 PM]
"Sen"="C:\PROGRA~1\WNSXS~1\notepad.exe" [05/05/2008 09:20 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"FiDiJQt1Sl"=C:\Documents and Settings\All Users\Application Data\krspingx\ubeharij.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{24E9519B-3F70-429B-99BC-4B2B49B96F66}"= C:\WINDOWS\system32\nnnoMCRk.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnoMCRk]
nnnoMCRk.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\awtrRLCs

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\svcWRSSSDK]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"




-- End of Deckard's System Scanner: finished at 2008-05-06 09:16:02 ------------

Edited by stellablues, 06 May 2008 - 09:49 AM.


BC AdBot (Login to Remove)

 


m

#2 stellablues

stellablues
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:30 PM

Posted 07 May 2008 - 02:31 PM

I also have awola saying it is installed on the computer with an icon on the taskbar. Don't know if that changes things. Please help!!!!!!

#3 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:03:30 PM

Posted 16 May 2008 - 10:01 PM

Hello stellablues,

Before we start, you need to realize that you are missing one important program on that computer: An antivirus.

This is somewhat suicidal in today's digital world!

You need to install an antivirus program as soon as you can and run a complete scan of the computer.

I recommend you download the free

Avast or
AntiVir or
AVG antivirus

Products from all three vendors received the Virus Bulletin's VB100% award and certification for virus detection from ICSA Labs.

Never install more than one antivirus scanner or firewall on your system! Several together can give you problems and decrease the reliability of it seriously!

After you run the antivirus program, please post a fresh Deckard's System Scanner (DSS) log.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#4 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:03:30 PM

Posted 23 May 2008 - 04:06 PM

Due to inactivity, this thread will now be closed. If you need this topic reopened, please contact me or a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users